OpenID Login error

[osmpaws]

Hello, my OpenID login does not work again. When returning from identity provider back to osm.org site, the login form is again there with red stripe on the top saying translation missing: cs.users.auth_failure.no implicit conversion of nil into String May be it is related to issue I found in Chromium console. It says Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute From Firefox it is the same and also mobile chrome and firefox are the same. The only difference is in mobile chrome that already the OpenID provider's site complains about cookies setup. Please ask if more info is needed from me.

[tomhughes]

Unfortunately there's very little I can do to help with this because while I can debug the initial login step I have no way of actually logging in and debugging the return to the site.

Nothing has changed at our end anyway, so if it was working the other day then it ought to be working now.

What that message is basically saying is that the callback to our site reported an error with the login but it didn't give a valid error code.

You don't say which cookie that message is talking about but I'm guessing it is _osm_location which is not important and certainly has nothing to do with logging in.

[osmpaws]

I am not sure that nothing changed on osm.org since it worked just two days ago and for example login at help.openstreetmap.org still works. Anyways I'll investigate further.

[osmpaws]

I can look into request of I'd provider sent to OSM.org with values of what is asked to provide like e-mail address and so on. I think it would be helpful to know what is that nil (that can not be converted to string) to see what is wrong.

[osmpaws]

So I don't know how to help me. You are saying there is an error on callback. I see the post request full of data osm.org site requested from provider. So where is the error stated?
So there is a bunch of ideas:
is this correct??? openid.return_to "https://www.openstreetmap.org/auth/openid/callback?_method=post"
I dont know ruby but the file you corrected last time is still full of append_content_security_policy_directives(
:form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
)

Please look into users_controller.rb there is some weird stuff with openid with only google in mind.

[osmpaws]

OK I am out, maybe look at my account https://www.openstreetmap.org/user/Speirs

[tomhughes]

That's just about upgrading people that had Google's old openid setup linked to their account to the new oauth based system - it's not relevant to your case.

[mirabilos]

I’m also using OpenID (with my own website delegating to Launchpad) and cannot login any more either.

Perhaps these failures (CSP blocked script loading) are involved?

Trying to trace this a bit:

POST | https://www.openstreetmap.org/auth/openid/callback?_method=post

The request contains:

openid.response_nonce=2021-04-01T22%3A03%3A31ZLoDctO&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1&openid.signed=assoc_handle%2Cax.count.ext0%2Cax.count.ext1%2Cax.count.ext2%2Cax.count.ext3%2Cax.count.ext4%2Cax.count.ext5%2Cax.count.ext6%2Cax.count.ext7%2Cax.count.ext8%2Cax.mode%2Cax.type.ext0%2Cax.type.ext1%2Cax.type.ext2%2Cax.type.ext3%2Cax.type.ext4%2Cax.type.ext5%2Cax.type.ext6%2Cax.type.ext7%2Cax.type.ext8%2Cax.value.ext0.1%2Cax.value.ext1.1%2Cax.value.ext4.1%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cns.ax%2Cns.sreg%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.fullname%2Csreg.nickname&openid.sreg.email= my mail &openid.op_endpoint=https%3A%2F%2Flogin.launchpad.net%2F%2Bopenid&openid.ax.type.ext8=http%3A%2F%2Faxschema.org%2Fmedia%2Fimage%2Faspect11&openid.ax.type.ext4=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffriendly&openid.ax.type.ext5=http%3A%2F%2Faxschema.org%2Fcontact%2Fcity%2Fhome&openid.ax.type.ext6=http%3A%2F%2Faxschema.org%2Fcontact%2Fstate%2Fhome&openid.ax.type.ext7=http%3A%2F%2Faxschema.org%2Fcontact%2Fweb%2Fdefault&openid.ax.type.ext0=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ax.type.ext1=http%3A%2F%2Faxschema.org%2FnamePerson&openid.ax.type.ext2=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst&openid.ax.type.ext3=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast&openid.sig= some base64 &openid.ax.value.ext1.1= my name &openid.ax.value.ext4.1= my username &openid.return_to=https%3A%2F%2Fwww.openstreetmap.org%2Fauth%2Fopenid%2Fcallback%3F_method%3Dpost&openid.ax.mode=fetch_response&openid.claimed_id= my delegating site &openid.sreg.nickname= my username &openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ax.value.ext0.1= my email &openid.mode=id_res&openid.identity=https%3A%2F%2Flogin.launchpad.net%2F%2Bid%2F my ID &openid.ax.count.ext0=1&openid.ax.count.ext1=1&openid.ax.count.ext2=0&openid.ax.count.ext3=0&openid.ax.count.ext4=1&openid.ax.count.ext5=0&openid.ax.count.ext6=0&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ax.count.ext8=0&openid.ax.count.ext7=0&openid.sreg.fullname= my name &openid.assoc_handle=%7BHMAC-SHA1%7D%7B a number %7D%7B some base64 `%7D&openid.usernamesecret=

Interestingly, openid.usernamesecret is empty. Unsure if this is correct, but it’s what Launchpad provides.

The response is thus (302 Found):

Location | /auth/failure?message=no+implicit+conversion+of+nil+into+String&strategy=openid

[mirabilos]

Hm no, if I edit openid.usernamesecret to x and resend it still shows the same failure.

The error is coming from the server side, not in ECMAscript.

[mmd-osm]

I tried this with Ubuntu Launchpad, and OpenID also not working there.