I'm having problems logging in

Question

I'm having problems logging in

zimme opened this issue 9 years ago · comments

Simon Fridlund commented 9 years ago

Don't know why. Tried to Revoke the apps access with Github and added it again but that didn't fix the login problem.

Luca Mussi · Answer 1 · Tue Apr 14 2015 21:06:41 GMT+0800 (China Standard Time)

Do you see any errors in the console or somewhere?

Simon Fridlund · Answer 2 · Tue Apr 14 2015 22:18:32 GMT+0800 (China Standard Time)

It has to do with http vs https in the console error, protocols must match

Luca Mussi · Answer 3 · Tue Apr 14 2015 22:21:18 GMT+0800 (China Standard Time)

I've registered http://autopublish.meteor.com/_oauth/github?close as authorized callback url...
There's no https involved!

Luca Mussi · Answer 4 · Tue Apr 14 2015 22:21:27 GMT+0800 (China Standard Time)

What do you get as error, precisely?

Simon Fridlund · Answer 5 · Tue Apr 14 2015 22:24:13 GMT+0800 (China Standard Time)

Aah, the problem was I was accessing autopublish from https://autopublish.meteor.com

and then you had http://autopublish.meteor.com registered as a callback url.

maybe you can use //autopublish.meteor.com to support both protocols?

Simon Fridlund · Answer 6 · Tue Apr 14 2015 22:24:47 GMT+0800 (China Standard Time)

It works fine on http://autopublish.meteor.com

Simon Fridlund · Answer 7 · Tue Apr 14 2015 22:30:29 GMT+0800 (China Standard Time)

Uncaught SecurityError: Blocked a frame with origin "http://autopublish.meteor.com" from accessing a frame with origin "https://autopublish.meteor.com".
The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https".
Protocols must match.
storeAndClose github:23
onload github:44

Luca Mussi · Answer 8 · Tue Apr 14 2015 23:16:31 GMT+0800 (China Standard Time)

No, I cannot specify //autopublish.meteor.com :-(

Simon Fridlund · Answer 9 · Tue Apr 14 2015 23:19:04 GMT+0800 (China Standard Time)

Ok, is it possible to set callback url without protocol?

'autoform.meteor.com/blablabla' ?

Simon Fridlund · Answer 10 · Tue Apr 14 2015 23:19:49 GMT+0800 (China Standard Time)

Or maybe build the callback url dynamically and insert whichever protocol is currently in use?

Luca Mussi · Answer 11 · Tue Apr 14 2015 23:24:02 GMT+0800 (China Standard Time)

Answers:

No! Github asks explicitely for the protocol...
No! This is stuff internal to the oauth package from the core meteor packages...

:'(

Simon Fridlund · Answer 12 · Fri Apr 24 2015 19:29:20 GMT+0800 (China Standard Time)

How about redirecting http to https and use https for everything until a proper solution to this can be found?

Luca Mussi · Answer 13 · Fri Apr 24 2015 20:06:04 GMT+0800 (China Standard Time)

any known best practice to do so?

Simon Fridlund · Answer 14 · Fri Apr 24 2015 21:19:16 GMT+0800 (China Standard Time)

https://atmospherejs.com/meteor/force-ssl maybe?

This should force insecure connections to be redirected to https

You would also need to update the github login url thing to https so we don't get the error I got. 👍

Luca Mussi · Answer 15 · Sat Apr 25 2015 00:01:23 GMT+0800 (China Standard Time)

I'll have a look!
tnx a lot

Luca Mussi · Answer 16 · Sat Apr 25 2015 16:09:40 GMT+0800 (China Standard Time)

just re-deployed with force-ssl and it seems to work for me.
@zimme, could you confirm it's fine on your side too?

Simon Fridlund · Answer 17 · Sat Apr 25 2015 16:16:13 GMT+0800 (China Standard Time)

👍 I get redirected from http to https and login with github works as expected.

Luca Mussi · Answer 18 · Sat Apr 25 2015 16:16:50 GMT+0800 (China Standard Time)

great!
thanks a lot

Luca Mussi · Answer 19 · Mon May 11 2015 15:36:05 GMT+0800 (China Standard Time)

We had to switch back to http to keep existing hooks working!
This will need some more love in a near future... :(

Luca Mussi · Answer 20 · Mon May 11 2015 15:37:27 GMT+0800 (China Standard Time)