GitHub Community
bad_verification_code for specific users, sometimes #84196
Replies: 2 comments
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
I appreciate the answer. I don't think any of these apply.
We get the code in the callback handler and we use it immediately to fetch access token. So no delay there. The user with this problem tried to log in multiple times in a rapid succession and so at least some of these attempts took less than 10 minutes.
We don't store or otherwise reuse codes. As the code is received in the request it is immediately used and forgotten. If we get same code in multiple attempts we only try to redeem it once (due to problems another OAuth provider returning same code on concurrent login attempts).
If this was broken, none of the attempts would work. We only get a case like this every few months. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Bug
Body
I haven't reported this as a bug because I lack a reproduction case, but I am wondering if anyone had this experience. I have an app in production that uses GitHub OAuth App to log in users and this is working 99.9999% of the time. But every now and then some user will experience getting bug bad_verification_code error when logging in.
That user will continue being unable to log in and will always get this error, until they deauthorize our OAuth app and try to log in again (which makes them reauthorize the app). Then the login keeps working for them.
So clearly this isn't an issue with our code or configuration (app id, secret etc...) since it works for other users and it works for the users that get an error after they reauthorize the app. And as far as the code goes, we just pass it along. Does the code have any special characters?
Beta Was this translation helpful? Give feedback.
All reactions