web-bugs
web-bugs copied to clipboard
webcompat
auth0.openai.com - site is not usable
URL: https://labs.openai.com/auth/login Browser / Version: Firefox Mobile 105.0 Operating System: Android 11 Tested Another Browser: Yes Chrome
Problem type: Site is not usable Description: Unable to login Steps to Reproduce: Login doesn't work. Reports as follows: Authentication expired Your authentication token is no longer valid. This can happen if you refresh the page during authentication. Please try signing in again using the same credentials.
View the screenshot
Browser Configuration
- gfx.webrender.all: false
- gfx.webrender.blob-images: true
- gfx.webrender.enabled: false
- image.mem.shared: true
- buildID: 20220809093338
- channel: nightly
- hasTouchScreen: true
- mixed active content blocked: false
- mixed passive content blocked: false
- tracking content blocked: false
From webcompat.com with ❤️
Thanks for the report, but the I get a different behavior, when trying to sign in with valid credentials an error message is displayed. The same message is shown even after resetting the password. This happens both on Firefox and Chrome.
Tested with: Browser / Version: Firefox Nightly 105.0a1 (🦎 105.0a1-20220816095503), Chrome 104.0.5112.69 Operating System: Google Pixel 5 (Android 12) - 1080 x 2340 pixels, 19.5:9 ratio (~432 ppi density), Samsung Galaxy S8 (Android 9) - 1440 x 2960 pixels, 18.5:9 ratio (~570 ppi density)
For this project, we try to focus our effort on layouts, features, or content that works as expected in one browser but not in another. Closing the issue as Non-compat.
@Sneffel could you try clearing cache/data/cookies, disable Ad-blocker (if available), or use a clean profile, and check again both on Firefox and Chrome?
[qa_33/2022]
Using a clean profile? Do you really think anyone has got spare openai accounts? Plus the screenshots look totally unrelated to my issue
Il mer 17 ago 2022, 14:09 Arbuzov Oana @.***> ha scritto:
Thanks for the report, but the I get a different behavior, when trying to sign in with valid credentials an error message is displayed. The same message is shown even after resetting the password. This happens both on Firefox and Chrome. [image: image] https://user-images.githubusercontent.com/12184325/185114808-27aa6745-d2f4-454f-b801-fa7cbb7f0b3e.png
Tested with: Browser / Version: Firefox Nightly 105.0a1 (🦎 105.0a1-20220816095503), Chrome 104.0.5112.69 Operating System: Google Pixel 5 (Android 12) - 1080 x 2340 pixels, 19.5:9 ratio (~432 ppi density), Samsung Galaxy S8 (Android 9) - 1440 x 2960 pixels, 18.5:9 ratio (~570 ppi density)
For this project, we try to focus our effort on layouts, features, or content that works as expected in one browser but not in another. Closing the issue as Non-compat.
@Sneffel https://github.com/Sneffel could you try clearing cache/data/cookies, disable Ad-blocker (if available), or use a clean profile, and check again?
[qa_33/2022]
— Reply to this email directly, view it on GitHub https://github.com/webcompat/web-bugs/issues/109058#issuecomment-1217925145, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACGKYSH4DS3U3SOQ7BF64LTVZTJANANCNFSM56NTCGGQ . You are receiving this because you were mentioned.Message ID: @.***>
@Sneffel I was referring to browser clean profile (no addons/extensions/config changes that might interfere), not using other Openai accounts.
The screenshot is the behavior I get when using my account on mobile, and the credentials work on desktop (but I am on the waiting list).
Can you post a screenshot with the console?
[inv_33/2022]
I can confirm this issue happens to me as well (I opened #108579). In my case, I have my Google account linked. I wonder if that's relevant.
Also, I tested installing another version of Firefox (beta) without any changes and the issue remains.
I get the same error as Sneffel and Stormersh in Firefox on Windows, Mac, Android. This is only since getting access; I didn't try while I was on the waitlist so I'm not sure what the behavior was before that. I also linked my google account and thought it might be involved in some way. I've just discovered that I can log in fine works in Chrome (104.0.5112.101) on my Mac though (same mac as below).
Here's a screenshot from Firefox (91.12.0esr 64-bit) on Mac (Monterey 12.5, Intel):
Thanks @Sneffel and @ktmckean , unfortunately, I'm blocked by https://github.com/webcompat/web-bugs/issues/108579 and can't go further with the investigation.
Is there anything in the console when performing the authentication? Can you post a screenshot with it?
@denschub or @ksy36 do you happen to have an active account here?
[inv_35/2022]
I have the same error as @Sneffel, using Firefox 91.13.0esr. Chrome instead works.
@softvision-oana-arbuzov, yeah, the console is flooded with errors on the "Authentication Expired" page. I'm not sure if moz-extension refers to browser add-ons, but this screenshot is definitely not from a clean / extensionless browser (I don't have time for a clean/extensionless test right now, but I can post a screenshot from one of those later if you need). The second "Content Security Policy" error definitely appears to be related to an add-on I have installed.
The invalid state error is happening at https://openailabs-site.azureedge.net/public-assets/d/5f85c4a032/static/js/main.2fd178e2.js:2
I'd share the line 2 in question but it looks like an entire project's worth of javascript, with 1.2 million characters. (Line 1 is a comment with license info.)
(91.13.0esr, 64-bit, mac)
I'm not sure if moz-extension refers to browser add-ons
It does! But in your case, this is tampermonkey trying to inject some JS, and failing to do so. That shouldn't break the auth flow, in theory.
@denschub [...] do you happen to have an active account here?
I don't have an account, but I noticed that they're using Auth0. We should not have any trouble finding a contact at auth0, so we could reach out to them if we don't know what's going on. If @ksy36 or @wisniewskit don't have an account that's breaking here, sending them a message would probably be the best step here.
It seems that I don't have an account breaking here (I'm not on the waiting list, either).
Signed up with my google account and got on a wait list a week back and they've just sent me an invite to sign in. I can reproduce it on my phone only, on Firefox desktop on MacOS the auth is performed successfully.
The problem seems to be that during the auth flow, they save some data in sessionStorage, to later retrieve it. But at the time of retrieval, the session storage is empty.
Once I visit https://labs.openai.com/auth/login or click on "Login" after an unsuccessful sign in, the flow goes as follows:
From https://openailabs-site.azureedge.net/public-assets/d/c79a9122c1/static/js/main.072ce9f4.js
They save this data in sessionStorage with a key a0.spajs.txs.DMg91f5PCHQtc7u018WKiL0zopKdiHle:
e = {
nonce: o,
code_verifier: a,
appState: n,
scope: l.scope,
audience: l.audience || 'default',
redirect_uri: l.redirect_uri,
state: i
}
this.storage.save(this.storageKey, e, {
daysUntilExpire: 1
})
where this.storage.save is basically:
save: function (e, t) {
sessionStorage.setItem(e, JSON.stringify(t))
},
I confirmed that that is saved successfully and after that a redirect is performed (with window.location.assign) to https://auth0.openai.com/authorize?client_id=..., and later to https://auth0.openai.com/u/login/identifier?state=... where I click on "Continue with Google" and later redirected back to https://labs.openai.com/auth/callback?code=...
Once it reaches labs.openai.com, there is nothing in sessionStorage with that key:
function e(e, t) {
this.storage = e,
this.clientId = t,
this.storageKey = ''.concat('a0.spajs.txs', '.').concat(this.clientId),
this.transaction = this.storage.get(this.storageKey)
}
therefore an error is thrown:
e.prototype.get = function () {
return this.transaction
},
!(s = this.transactionManager.get())) throw new Error('Invalid state');
There doesn't seem to be any code that would clear the sessionStorage, so this looks like an issue with Firefox. I'll file a bug on bugzilla for this for further investigation.
Some more investigation here, I've tested Firefox 91.13.0esr on desktop as well, based on these comments https://github.com/webcompat/web-bugs/issues/109058#issuecomment-1223097698 https://github.com/webcompat/web-bugs/issues/109058#issuecomment-1232563435 and indeed it is broken, similar to mobile.
However since it does work on later versions, I run mozregression to find the change that fixed the auth flow and it appears to be Fission https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=383986e2f5cb835a55c47bbd6e15d81035ca0784&tochange=d6e8528f0a936df88369c71f4e390e31a4d621a1 (that would explain why it is broken on mobile but work in recent desktop versions as Fission for Firefox on Android is not enabled yet and a work in progress)
I've checked this today on 102.4.0esr on desktop, 105.2.0 on Firefox Android and Firefox Android Nightly and it's no longer reproducible. @Sneffel @Stormersh @ktmckean @alfem could you please check whether this is still an issue for you?
I still get this problem in Firefox UNLESS I log in while Firefox's developer tools are open. Looking at the JavaScript console while I log in, everything works fine.
@stephenostermiller Can you please submit a separate issue?
[inv_45/2023]