-
Notifications
You must be signed in to change notification settings - Fork 84
Looping redirect on fresh bootstrapped project #873
Comments
Should also mention I'm not using a load balancer or custom domain |
Can you share the logs (either copy-paste or screenshot) from around that time? If you can enable debug logs (set |
Sorry not sure if I closed this prematurely. Could you try redeploying with #874 and verify that the scenario succeeds? |
Yes - done. The problem is still there, but I think I found the issue. |
I think the problem is occurring because an admin is logging in without having verified the email, and with 0 realms present yet. Here is the redirect flow: POST /session GET /login/select-realm (this first GET is from the login js script) Redirect to “/admin”
Redirect to “/login/manage-account?mode=verifyEmail”
GET /login/select-realm (subsequent GETs to this endpoint are from MissingRealm) |
I ran through the scenario with an unverified super user - the scenario should be good to go! |
Works for me too! Obviously one can't verify the "super@example.com" email address, so might be good to update the production.md bootstrapping instructions. I'll raise a PR if I get a chance. |
We can verify that email. We do it in |
Ah cool - didn't see that tool. Thanks! |
TL;DR
After provisioning ENVS for the first time using the "production" setup, logging in with the default user "super@example.com" results in looping redirects through several endpoints.
@whaught
Expected behavior
Successful login
Observed behavior
Seemed to get 303 redirected through these endpoints until hitting rate limits (somewhere around 100 requests):
/admin
/login/manage-account?mode=verifyEmail
/login/select-realm
Before finally getting redirected to /logout
I can see these in the logs:
"realm does not exist in session"
"user email not verified"
In chrome, ERR_TOO_MANY_REDIRECTS also shows. Clearing cookies did not resolve the problem, nor did testing from mobile or a new ip.
Reproduction
Start with a fresh gcp project and follow the steps outlined in docs/production.md.
As stated, enter super@example.com into Firebase and enable Identity Platform.
Behavior can be seen at my server URL:
https://server-dyjepj3nfa-uc.a.run.app/
User: super@example.com
Pw: asdfasdf
Environment
The text was updated successfully, but these errors were encountered: