OIDC plugin suddenly broken, silently fails for new users

SSO
1

We have a discourse instance running that has stopped signing in users who don’t have an account already and we’re stumped as to why! This started a couple of weeks ago after we installed the Discourse AI plugin and restarted the instance. This was only bubbled up to me after customer complaints in the last couple of days. We usually have plenty of sign ups every day.

The Setup

  • Self hosted discourse via official docker
  • https://community.enginedj.com
  • OIDC Plugin using our own OIDC Provider (:camera_flash: 1)
  • No other auth except OIDC (i.e. no email + password registration) (:camera_flash: 2)
  • Last successful new signup was Nov 22, 2023 5:23 am NZDT
  • AI plugin was installed ~ Nov 22, 2023 6:03 am NZDT (this would have caused the discourse instance to reboot)
  • No event logs for system configuration changes since Oct, and nothing relevant to auth since march (:camera_flash: 3)
  • Plenty of activity on the forum, no issues with disk space / db etc.

The Issue

  • Sign in flow works correctly but after returning users with no preexisting account are not logged in
  • No error message is display
  • No error message is in the logs (we have some CSRF errors in the logs but these are not correlated with the failed logins)
  • Verbose logging for the OIDC plugin shows it correctly queries data from the OIDC provider, gets claims etc and shows no issues (:camera_flash: 4)

What we’ve tried

  • Disabled Discourse AI plugin
  • Remove Discourse AI plugin
  • Checked cookie responses for mismatched domains
  • Updated all plugins / components to latest (:camera_flash: 5)
  • Confirmed no settings have been adjusted
  • Investigated logs on the host. Nothing stands out.

Here’s a video of the issue. First login is for a user with no existing Discourse account. Second is with my admin user.

Any ideas on what we should be looking at next?

:camera_flash: 1

image
image1074×1768 186 KB

:camera_flash: 2

image
image932×1784 191 KB

:camera_flash: 3

image
image1211×685 85.1 KB

:camera_flash: 4

image
image2207×413 98.9 KB

:camera_flash: 5

image
image1489×634 54.9 KB

1 Like
3

Hi @snikch :wave:

When I run through the login process on your site, I see this error in the javascript console. It’s coming from theme id=12, which seems to be attempting (and failing) to add some kind of extra styling for the login button?

SCR-20231207-ucuw
SCR-20231207-ucuw1734×370 89.9 KB

SCR-20231207-udbt
SCR-20231207-udbt1216×204 38.5 KB

If I use my browser’s dev tools to ‘block’ the js for that particular theme, then everything seems to work as expected.

So I think to get things working again you can either disable theme id=12, or edit it to fix/remove the problematic code.

That said, we really don’t want this kind of theme error to totally break login for sites! So I will look into whether we can improve our error handling here :eyes: (edit: PR to improve that here)

5 Likes
4

Wow, thanks @david. I had seen that error and created a card for it to be sorted but just made an assumption that this would have nothing at all to do with user login as I assumed that was all server side and happening before the JS rendered the page! Lots of assumptions there :facepalm: I now see it needs it to show the Create Account modal.

Thanks so much for the help :heart_eyes_cat:

https://imgur.com/qv7orry.gif(image larger than 4 MB)

1 Like
5

This topic was automatically closed after 21 hours. New replies are no longer allowed.