Disabling local username/password based accounts breaks oauth signup

Hi there,

I’m currently working on setting up Auth0 with Discourse and so far it’s been a blast. However, I’m running into a really specific issue and not sure what’s going wrong.

Our setup

We have a Vue.js frontend, where you can authenticate with Auth0. After you’re logged in you can press the messageboard button and you’ll be redirected to our Discourse board, where once again you’ll be authenticated with Auth0.

Installation
I followed this tutorial and after configuring it that way (except for obsolete step: Turn off: “Use Auth0 instead of the IdP to do Single Sign On”) it works perfectly fine. A user can go to the Vue.js app, be redirected to the Discourse board, fill in his details and get access to the forum.

Bug description/reproduction

However, as soon as I disable “Enable local username and password login based accounts.” under “Settings > Login” the signup flow breaks. People that have already registered with the forum before have no problem accessing it, but new signups result in the following message:

“Authorization timed out, or you have switched browsers. Please try again.”

I’ve enabled debug logs and get the following errors:

The user_json response seems fine, so no issue there:

#<Excon::Response:0x00007f0af113c718 @data={:body=>"{\"sub\":\"auth0|5dc5401e85758e0e95b0636a\",\"nickname\":\"joralf.quist\",\"name\":\"myname\",\"picture\":\"https://s.gravatar.com/avatar/23d3dc95d3b6cba0ee894df4cb46cb6b?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fjo.png\",\"updated_at\":\"2019-11-18T10:12:13.877Z\",\"email\":\"mymail\",\"email_verified\":true}", :cookies=>["did=s%3Av0%3A8d321ec0-09ee-11ea-95ea-91b52adba184.6irXCvkGZIAzkwkaukzU1W8%2B0BKoefHUhCOKf4slO08; Max-Age=157788000; Path=/; Expires=Sun, 17 Nov 2...

Am I the only one with this issue or can someone reproduce?

Hi @Joralf, are you able to share the URL of the site so I can take a look? (PM is fine if you’d rather not share it here)

Are the issues limited to a specific browser?

4 Likes

I David, I’ve send you a PM. The issue occurs in both Chrome and Safari. In Safari I get this message (which is in line with the error logs):

Thanks @Joralf for the information in the PM - I managed to identify the problem. The registration flow was being interrupted by the new ‘automatic redirect’ feature. I’ve just pushed a fix:

https://github.com/discourse/discourse/commit/46841888b7b3a2d2302ff7ecd13d445ad528febf

Please can you try updating and check if the problem is solved?

5 Likes

@david: I upgraded our Discourse and was able to go through the registration flow without any problems. Thanks so much for your quick feedback! :slight_smile:

2 Likes

This topic was automatically closed after 31 hours. New replies are no longer allowed.