Comments (8)
Hey @BasMichielsen, thanks for the report!
I'm not sure I understand what's happening. Note that LastLogin has change somewhat since that demo video was made, so you probably won't be able to follow the exact steps.
What email provider are you using?
from obligator.
Hi @anderspitman I am not using any email provider, I am following the Demo section in readme.md using openidconnect.net
to test your public instance running at https://lastlogin.io . Following the instructions as stated, I registered with my email account. After a little while I received the email from your public instance and clicked on the link, and then the error appears.
from obligator.
I mean what email provider are you using for the email you give to LastLogin, ie gmail, apple, etc?
from obligator.
I have provided my University employee address, I reckon the University uses a Microsoft Exchange/Office365 subscription for all employees and students, as I can go to outlook.office.com and read my email within the outlook on the web client.
from obligator.
Hmm I also work at a University which uses outlook and it works there. Can you try a couple more things:
-
Right click on the link and copy it and make sure the copied version still looks valid.
-
Navigate to the page and make sure the link matches the one from the email (ie verify Outlook doesn't change it when you click on it).
-
Try using a gmail account and verify that works. That should rule out there being some weird problem with your device.
Thank you for your help! You've likely identified a bug that I'll need to get to the bottom of. If none of these work I'll put in some instrumentation so we can try to better track what's happening with your request.
from obligator.
FWIW I just tried using a VPN to log in from Amsterdam, switching between LastLogin server instances and it worked. That was my best guess about what was broken.
However, I also noticed that I'm deleting magic links after 2 minutes. This is likely not long enough. Do you think it might be taking longer than that before you click the link? Outlook in particular tends to have slow delivery in my tests.
Just in case, I went ahead and increased it to 5 minutes. Maybe we'll get lucky.
from obligator.
Highly likely it is that timeout. Because every time I tried, I received the email only after 10 maybe 15 minutes or so. I am unsure why, but it is possible that the university mail server works in batches or is simply being slow. In any case, given that you delete the magic links after 2 minutes, I can tell you that I never received the mail within 2 minutes, so that most likely is the issue (lex parsimoniae). As for a solution, any timeout is possibly too short, and maybe the problem is indeed on my end. I do however want to suggest that a more descriptive error message would have been appropriate, perhaps something like "your magic links was valid, but has expired, please try again" explains the issue a lot better than "invalid magic link" which makes the user think they did something wrong.
from obligator.
@BasMichielsen sorry for the super late response. 10 to 15 minutes is definitely not workable for a login system IMO. I'm hopeful that eventually we'll have better decentralized protocols than email to work with.
Going to leave this issue open since I agree this needs a better error message.
from obligator.
Related Issues (20)
- Should probably just remove the state parameter for upstream requests
- Implement dynamic client registration HOT 1
- Document that obligator intentionally violates draft-ietf-oauth-security-topics-24 4.1.3 by allowing any redirect URI that is a suffix of the client_id domain
- Implement login cookie editor
- Encrypt all cookies
- Need to properly validate URL params at token endpoint. Currently only requiring the code
- Implement copying logins when sharing via QR HOT 1
- Fix QR issues HOT 1
- Add Impersonation? HOT 2
- TLSAuth parameter for SMTP HOT 1
- Provide some sort of username in /userinfo HOT 1
- Using Obligator to protect apps HOT 7
- [feedback] Kanidm comparison table line items HOT 4
- usage with cli tools HOT 2
- Docker repo is 404 HOT 2
- suggestion for future consideration: WebAuthN FIDO2 (passkeys) HOT 1
- Add proper lifetimes to JWT cookies
- Implement scoping control for all cookies
- Add Portier to the table HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from obligator.