Forbidden authentication error with GitHub
I tried to login on Gitter through GitHub and I got an error saying Forbidden: We couldn't sign you in right now...
. I tried it multiple times but same error popped up every time. I was on Firefox desktop 65.0.1 (64-bit) running on Ubuntu 18.04.
Since this was an unusual error, I tried to sign in from my mobile Firefox and it worked fine there. I was able to sign in without any issues. Just to check where the issue is, I tried sign in from Chrome desktop browser and it worked fine there as well.
After quite some time I was able to login from my Firefox desktop as well. I had reported the issue on Gitter.
Also, as I wasn't blocked from GitHub as I was able to login without any issues there.
Possible cause
In Gitter 19.37.1, we upgraded @gitterhq/passport-github
to the latest passport-github2@0.1.11
. We also started using the state: true,
option to add some session CSRF protection.
Previously we were using the flawed TokenStateProvider
but it was probably more lenient. @andrewn mentioned the catalyst to start using it was no matter the session expiration, people were having trouble signing in. So this issue is probably the same sorta problem.