play-googleauth icon indicating copy to clipboard operation
play-googleauth copied to clipboard
verified publisher icon guardian

Login : failed-oauth-callback : anti-forgery-token-invalid : 'No Play session ID found' java.lang.IllegalArgumentException: No Play session ID found

Open AndrewKL opened this issue 7 years ago • 2 comments

I got the auth to work locally but when I migrate to prod I'm getting a 'No Play session ID found' exception. I suspect this is a subtle domain name related thing involving the play session but I'm stumped where to look to debug this.

[info] application - GET /login took 2ms and returned 200
[info] application - GET /loginAction took 465ms and returned 303
[warn] application - Login : failed-oauth-callback : anti-forgery-token-invalid : 'No Play session ID found'
java.lang.IllegalArgumentException: No Play session ID found
	at com.gu.googleauth.AntiForgeryChecker$$anonfun$verifyToken$1$$anonfun$apply$1.apply(auth.scala:129)
	at com.gu.googleauth.AntiForgeryChecker$$anonfun$verifyToken$1$$anonfun$apply$1.apply(auth.scala:129)
	at scala.Option.getOrElse(Option.scala:121)
	at com.gu.googleauth.AntiForgeryChecker$$anonfun$verifyToken$1.apply(auth.scala:129)
	at com.gu.googleauth.AntiForgeryChecker$$anonfun$verifyToken$1.apply(auth.scala:129)
	at scala.util.Try$.apply(Try.scala:192)
	at com.gu.googleauth.AntiForgeryChecker.verifyToken(auth.scala:129)
	at com.gu.googleauth.GoogleAuth$.validatedUserIdentity(auth.scala:210)
	at com.gu.googleauth.LoginSupport$class.checkIdentity(actions.scala:128)
	at controllers.Login.checkIdentity(Login.scala:11)
[info] application - GET /oauth2callback?state=eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1NDEyODI2MTgsInJmcCI6IjJjbDc1YWJlNG1wYTAwZWozbGZ1OWg4bGQ3In0.tSA4R8LcAV4vKzlbzK5CfUmRYDOvPb3IloX-bAjVw-g&code=4/iwDPTXxG6TnzfCatUs98t2wtd04XBoYwEnaqGs1gHrcGLg6BHbcJ0Fy6RuDUQufTgnSyj2G8YrIKu7kRa2Lg1Kc&scope=openid%20email%20profile%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/plus.me%20https://www.googleapis.com/auth/userinfo.email&authuser=0&session_state=13bfb169647df9902b42fcace7298e4e3096bfdb..e30e&prompt=none took 69ms and returned 303
[info] application - GET /login took 1ms and returned 200

AndrewKL avatar Nov 03 '18 22:11 AndrewKL

I have the same issue

0xRoch avatar Dec 06 '18 14:12 0xRoch

My latest theory is that someone the secure session state is being lost. possibly related to http/https related nonsense

AndrewKL avatar Dec 06 '18 18:12 AndrewKL