Utilisateur (patron) recevant un message d'erreur d'autorisation

Soutien
28

Hi @caduspa,

Run the below commands in SSH console and try the login again. Let me know if the problem persist.

./launcher enter app
rails c
SiteSetting.patreon_login_ignore_state = true
30

You are most kind. Sadly, that is above from my level of knowledge. (I’m a classic “tell me which button to push”). I’ll see if I can patch together the know how from a few searches.

44

I’m having this issue on our community and just made the changes above. I’ll ask for more testing, and let you know what I find out.

45

I run into this issue, but not with patreon as sign in provider. Everything else seems exactly alike though, the issue is only on mobile devices.

I’m using the OIDC plugin to authenticate through, see: Discourse OpenID Connect (OIDC), to authenticate with Okta.

From the discourse error logs that I can visit at https://discourse.example.com/logs/, I find an error that is logged whenever I reproduce our issue.

I read the following article about it: Web Security Basics - An Introduction to the Essential Concepts Behind a Secure Website

I’m currently not confident about what goes on, but I guess that we are loosing a CSRF token at some point using the mobile auth flow.

This also makes me suspect that SiteSetting.patreon_login_ignore_state = true is an insecure way to bypass the issue we are having.

Error message

(oidc) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

Note that CSRF stands for Cross-Site Request Forgery. And from googling I learned that:

CSRF attacks target functionality that causes a state change on the server, such as changing the victim’s email address or password, or purchasing something.

Error stack trace

/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/logster-2.0.1/lib/logster/logger.rb:101:in `add_with_opts'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/logster-2.0.1/lib/logster/logger.rb:52:in `add'
/usr/local/lib/ruby/2.5.0/logger.rb:545:in `error'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:163:in `log'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:486:in `fail!'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-oauth2-1.6.0/lib/omniauth/strategies/oauth2.rb:71:in `callback_phase'
/var/www/discourse/plugins/discourse-openid-connect/lib/omniauth_open_id_connect.rb:97:in `callback_phase'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:238:in `callback_call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:189:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/builder.rb:64:in `call'
/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:30:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/tempfile_reaper.rb:15:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:25:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/head.rb:12:in `call'
/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'
/var/www/discourse/lib/middleware/anonymous_cache.rb:214:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:232:in `context'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/cookies.rb:670:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:98:in `run_callbacks'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/logster-2.0.1/lib/logster/middleware/reporter.rb:30:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:38:in `call_app'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:28:in `call'
/var/www/discourse/config/initializers/100-quiet_logger.rb:16:in `call'
/var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/request_id.rb:27:in `call'
/var/www/discourse/lib/middleware/enforce_hostname.rb:17:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/executor.rb:14:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-mini-profiler-1.0.2/lib/mini_profiler/profiler.rb:171:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/message_bus-2.2.0/lib/message_bus/rack/middleware.rb:57:in `call'
/var/www/discourse/lib/middleware/request_tracker.rb:182:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/railties-5.2.2/lib/rails/engine.rb:524:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/railties-5.2.2/lib/rails/railtie.rb:190:in `public_send'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/railties-5.2.2/lib/rails/railtie.rb:190:in `method_missing'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/urlmap.rb:68:in `block in call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/urlmap.rb:53:in `each'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/urlmap.rb:53:in `call'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:606:in `process_client'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:701:in `worker_loop'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:549:in `spawn_missing_workers'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:142:in `start'
/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/unicorn-5.4.1/bin/unicorn:126:in `<top (required)>'
/var/www/discourse/vendor/bundle/ruby/2.5.0/bin/unicorn:23:in `load'
/var/www/discourse/vendor/bundle/ruby/2.5.0/bin/unicorn:23:in `<main>'
46

Can confirm we’re seeing very similar things too without using patreon to authenticate - we just use the standard oauth plugin. Only mobile users see this.

47

Here’s a brief outline of how the “state” token is used. It’s part of the OAuth2 specification, so is used for all Discourse’s social login methods, including Patreon, OIDC and OAuth2.

  1. User clicks “login” on Discourse

  2. Discourse generates a random string (a “state token”), and stores it against the user’s browser session

  3. Discourse redirects the user to the auth provider, passing along a copy of the state token

  4. User logs in, and is redirected back to Discourse. The provider passes back the state token

  5. Discourse checks that the received state token matches the one it stored against the user’s browser session earlier. If they do not match, this is considered an CSRF attack.

So, the most likely way this can break in practice, is if the user starts/ends the process in a different browser session. On a desktop this is pretty much impossible, but mobile operating systems tend to have different browser sessions for PWAs vs. browsers vs. native apps, which could be causing this issue.

Do you know whether these users are using the Discourse app, or an ‘installed’ PWA?

48

Thank you for writing down the steps regarding the state @david!

I’m experiencing this with the OIDC plugin, that in turn auths with Okta as IdP, that in turns delegates auth to Azure AD v2.0 OpenID Connect. And it only happens on IPhone as compared to Android devices I think (but this needs to be confirmed further, I have not tested it myself on Android).

It also happens on IPhone no matter if I utilize Safari och Chrome. I have not installed an Discourse app, and I have not utilized discourse on my mobile as an webpage-application (PWA?) but instead simply utilized my Chrome app and opened up my deployed discourse.

49

I’d love to get to the bottom of this, but so far I haven’t managed to reproduce the issue. It’s certainly interesting that you’re seeing this problem with OAuth2 and OIDC, which suggests this issue is not specific to patreon.

@simonv3 and @consideRatio do you have a consistent way to reproduce the issue? And if so, would it be possible for me to access the site in question? (Feel free to PM me if you’d rather not make it public)

50

I have a feeling that this issue could be related to this Safari bug

Fixed Same-Site Lax cookies to be sent with cross-site redirect from a client-initiated load

It was fixed in release 77 of their technology preview, so hopefully it will be part of the next iOS/macOS release.

51

I’ll keep an eye out for similar problems being reported. It hasn’t been reported in a while, but that doesn’t mean it’s not being experienced - probably just that most people know their way around it by now.

52

Heh, just had it reported today. I’ll let them know that maybe it’s a bug in iOS, and ask them if it still happens if/when they upgrade.

53

@simonv3 and @consideRatio, are you still seeing this error? I am hoping that it has been mostly solved by iOS 12.2, but there may still be some outstanding issues.

54

I had two issues, one with my OIDC provider, and one resolved with iOS 12.2 :wink:

55

Salut à tous,

Nous venons de rencontrer ce problème avec un utilisateur, et apparemment, il s’est produit sur tous ses navigateurs mobiles. Ensuite, lorsqu’il a actualisé la page, tout semblait fonctionner correctement.

Nous utilisons Auth0, et voici son rapport :

Bon, le comportement devient vraiment étrange ici ! Je venais de réussir à me connecter au forum sur mon ordinateur portable, avec n’importe quel navigateur – Firefox, Chrome et Safari ont tous fonctionné parfaitement. Ensuite, sur mon appareil mobile – aucun d’entre eux ne fonctionnait. Impossible de me connecter avec Firefox, ni Chrome, ni Safari. Il devrait y avoir une série de requêtes échouées à partir de 9h57 EST aujourd’hui.

Le message d’erreur que j’ai reçu pour chaque navigateur était : « Désolé, une erreur s’est produite lors de l’autorisation de votre compte. Peut-être n’avez-vous pas approuvé l’autorisation ? »

ET ENSUITE, je suis retourné sur chaque navigateur et j’ai essayé de me connecter à nouveau. Lorsque j’ai cliqué sur « Connexion », la fenêtre de dialogue Auth0 qui s’est affichée était en fait différente. Comme je venais de me connecter via Auth0 il y a quelques minutes, elle m’a reconnu et a demandé : « Voulez-vous vous connecter avec à nouveau ? ». J’ai simplement cliqué pour continuer, et ensuite j’ai accédé au forum ! Cela s’est produit sur les 3 navigateurs mobiles ! Je suis donc maintenant connecté sur mon téléphone, donc techniquement, mon problème est résolu pour le moment.

Cependant, je pense que la connexion Discourse-Auth0 est légèrement défaillante sur mobile. Sur mon ordinateur portable, Auth0 s’ouvre dans une fenêtre séparée et fonctionne toujours. Sur mobile, Auth0 ne s’ouvre pas dans une nouvelle fenêtre ; la même fenêtre est simplement redirigée vers Auth0 puis revient – il y a donc un flux distinct pour mobile avec Auth0. La première fois que j’essaie Auth0, cela ne semble jamais fonctionner sur mobile. Mais si j’essaie à nouveau et qu’Auth0 sait déjà qui je suis, alors la transition fonctionne parfaitement !

Si vous cherchez à déboguer cela, je vous conseillerais de consulter les journaux pour le timestamp ci-dessus afin de voir quelles erreurs apparaissent. Mais peut-être existe-t-il aussi un moyen de configurer Discourse/Auth0 pour que Auth0 utilise le même flux sur mobile que sur le web ? Ou quelque chose comme ça. Mais après tout, si je suis le seul à rencontrer ce problème, alors c’était peut-être aussi un problème bizarre de cookies !

Nous avons bien un message d’erreur à ce moment exact, qui est le suivant :

(oauth2_basic) Échec de l'authentification ! csrf_detected : OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF détecté

(oauth2_basic) Échec de l'authentification ! unauthorized : OmniAuth::Strategies::OAuth2::CallbackError, unauthorized | Extension d'autorisation : Boucle d'événements bloquée
12 juil. 16:19
25
Exception de tâche : post_id
12 juil. 22:23
56
(oauth2_basic) Échec de l'authentification ! unauthorized : OmniAuth::Strategies::OAuth2::CallbackError, unauthorized | utilisateur bloqué
13 juil. 22:31
13
(oauth2_basic) Échec de l'authentification ! csrf_detected : OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF détecté
Dim. 8:59
31
(oauth2_basic) Échec de l'authentification ! csrf_detected : OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF détecté
6:57

/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/logster-2.3.0/lib/logster/logger.rb:110:in `report_to_store'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/logster-2.3.0/lib/logster/logger.rb:101:in `add_with_opts'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/logster-2.3.0/lib/logster/logger.rb:52:in `add'
/usr/local/lib/ruby/2.6.0/logger.rb:543:in `error'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:163:in `log'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:486:in `fail!'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-oauth2-1.6.0/lib/omniauth/strategies/oauth2.rb:71:in `callback_phase'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:238:in `callback_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:189:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.0/lib/omniauth/builder.rb:64:in `call'
/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:30:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.6/lib/rack/tempfile_reaper.rb:15:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:25:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.6/lib/rack/head.rb:12:in `call'
/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'
/var/www/discourse/lib/middleware/anonymous_cache.rb:214:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:232:in `context'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/cookies.rb:670:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.3/lib/active_support/callbacks.rb:98:in `run_callbacks'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/logster-2.3.0/lib/logster/middleware/reporter.rb:30:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/railties-5.2.3/lib/rails/rack/logger.rb:38:in `call_app'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/railties-5.2.3/lib/rails/rack/logger.rb:28:in `call'
/var/www/discourse/config/initializers/100-quiet_logger.rb:16:in `call'
/var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/request_id.rb:27:in `call'
/var/www/discourse/lib/middleware/enforce_hostname.rb:17:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/executor.rb:14:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-mini-profiler-1.0.2/lib/mini_profiler/profiler.rb:171:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/message_bus-2.2.0/lib/message_bus/rack/middleware.rb:57:in `call'
/var/www/discourse/lib/middleware/request_tracker.rb:163:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/railties-5.2.3/lib/rails/engine.rb:524:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/railties-5.2.3/lib/rails/railtie.rb:190:in `public_send'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/railties-5.2.3/lib/rails/railtie.rb:190:in `method_missing'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.6/lib/rack/urlmap.rb:68:in `block in call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.6/lib/rack/urlmap.rb:53:in `each'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/rack-2.0.6/lib/rack/urlmap.rb:53:in `call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:606:in `process_client'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:701:in `worker_loop'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:549:in `spawn_missing_workers'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:563:in `maintain_worker_count'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:293:in `join'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/unicorn-5.4.1/bin/unicorn:126:in `<top (required)>'
/var/www/discourse/vendor/bundle/ruby/2.6.0/bin/unicorn:23:in `load'
/var/www/discourse/vendor/bundle/ruby/2.6.0/bin/unicorn:23:in `<main>'

    info
    backtrace
    env

Debug
Info
Avertissement
Erreur
Fatal

Pour nous, cela ressemble probablement à une combinaison de bogues OmniAuth / Auth0 ? Je vais essayer de le signaler à Auth0 également pour voir s’ils ont des éclaircissements, car cela semble être déclenché par un état différent de la combinaison Auth0 / Discourse uniquement sur mobile.

Je n’ai pas demandé à l’utilisateur quelle version d’iOS il exécute.

56

Salut Simon, merci pour les infos.

Il est important de noter que, sur iOS, tous ces navigateurs sont en réalité les mêmes. Apple n’autorise pas les moteurs de navigateur tiers, donc Chrome et Firefox ne sont que des habillages autour de Safari.

Si vous pouvez le vérifier, cela serait utile. Si la version est antérieure à iOS 12.2, il est possible qu’ils rencontrent le bug connu des versions antérieures d’iOS.

57

En effet, il s’avère qu’ils sont sur la version 12.1. Je vais voir si je peux les amener à mettre à jour et vérifier s’ils peuvent reproduire le problème.

58

Peux-tu expliquer comment tu as résolu le problème avec le fournisseur ? Je rencontre le même problème et la même erreur.