Would you like the webtask.io experience in your own SaaS? Try

[Bug] "Something went wrong" directly after login


#1
  • Bowser - latest stable-channel Chrome
  • OS - MacOS

Original scenario

  1. Login to webtask
  2. Leave the webtask editor open for a while (in my case 1 night in suspend mode)
  3. After resuming the computer, work on a couple of other things
  4. When the webtask editor asks you to login again, close the Auth0 dialog
  5. When the webtask editor asks again, click login

I am trying to find a reproducible scenario. Will come back to that.

Video of the problem can be found here: https://youtu.be/wJMlPQKHp7E

Screenshots


[object Object] output on error page
#2

After some more testing, I can not login at all anymore.
https://youtu.be/3Gwu2YZ-NQg

I quit the browser, started it again, still the same problem.
Not even clearing the cookies helped.


#3

Hi @sdegroot,

Thanks for the detailed report. I am unable to access your second video. Do you need to make it public?

Are you able to successfully authenticate using an incognito browser?


#4

Ah, sorry, forgot to make it public indeed. You should be able to see it now.
It works in incognito mode. And you inspired me, so what I did now, is to first go to https://webtask.io and click the logout button. Unfortunately, that didn’t help either.

However, it does show that the problem only exists on https://webtask.io/make not on the root (https://webtask.io)


#5

Interesting. Let’s make sure we are clearing all the browser data:

Then try to authenticate again.


#6

This seems to have worked. However, it still feels like there is some kind of problem around.
After deleting the cookies using your links, I could successfully login.

However, the process worked like this:

  1. I went to https://webtask.io/make
  2. It redirected me to auth0 to login
  3. Was redirected back to https://webtask.io/make
  4. The auth0 popup appear again and asks to login again
  5. After the second login, it seems to work again

What is the normal workflow? Should it redirect in the tab itself or is the usual flow the popup?

Edit:
Every refresh now results into the popup appearing. And after a couple of tries I get this

The details

You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn’t find your session. Try logging in again from the application and if the problem persists please contact the administrator.
TRACKING ID: daeb69f554b45512a973


#7

Very strange behavior. Thanks for helping me track it down. I am curious; if you remove the /make from the flow, does it have the same issue?

So:

  1. Delete both cookies.
  2. Go to https://webtask.io
  3. Click login

Are you redirected to login twice again? I am trying to rule out the /make page as the source of the issue.

Also, can you verify this issue happens in another browser as well? Try in safari maybe.

Here is what the standard /make flow looks like:


#8

Here are some of my current thoughts:

  • I took a look at the auth0 webtask tenant and found that you have two accounts; one via the Google provider and one by the github provider
  • It does seem to be cookie related.
  • Works as expected in private browser window
  • Works in Safari?
  • Could be plugin related if working in Safari. Ad blocker?

#9

Hi Bobby,

Safari seems to work properly. So it is likely a problem with a plugin, I guess?
The strange thing is, it used to work properly a couple of days ago. But at a certain moment, I got a warning from Chrome that a popup was blocked. I then allowed popups for Webtask.io, but from that moment on, it always raises such a popup.

To answer your questions

  • Logging in directly at https://webtask.io works fine, the problem only exists with /make
  • Safari works normally
  • I do have two accounts, but I only use the Google account for webtasks

I will try disabling some potential suspected addons


#10

Found it…

You were right, it was a Chrome Extension: Ghostery.
Once I disabled Ghostery (or trusted the site), it worked properly.

I do find it intriguing on how Ghostery causes this behaviour. This only happens with /make and I haven’t seen this behaviour with any other Auth0 secured application. I assume there is some special logic that interfaces with some tracking system? (or at least Ghostery must flag it as tracking for some reason)


#11

Interesting, I will do some testing here with Ghostery and see if I can track down the root cause. It could be we load a dependent library slightly differently on the /make page and Ghostery sees that has something to block.

Thanks for doing the debugging process with me. I appreciate your time.


#12

I created a new Chrome profile and installed the Ghostery extension. I accepted default values for the setup. I was not able to reproduce the issue. Do you have specific blocking settings that you are using?


#13

I figured out which Ghostery feature causes this behaviour: “enhanced anti-tracking”
https://www.ghostery.com/faqs/what-are-the-new-ghostery-8-features/

Apparently webtask.io/make tracks some user data that is flagged as personal and therefore anonymised. I spent a couple of minutes trying to figure out what this data could be. The only potential thing I can see is that there is quite a bit of data sent to webtask.auth0.com and this is a “third-party” domain.

However, instead of simply blocking those requests, it analyses them for personally identifiable information and then strips out that information before the request is sent.