Page MenuHomePhabricator

non-admin user can't log in - OAuth Error Code: invalid_client
Closed, ResolvedPublic

Description

I set up energy.phacility.com and am the admin, with username mbaker / email mbaker@genability.com.

One of my colleagues set up an account as spharris, email sharris@genability.com

I have auth.email-domains at energy.phacility.com set to allow from genability.com

But when he goes to the instance, it gives him the following error:

OAuth: Not Authorized
You are not authorized to authenticate.
OAuth Error Code: invalid_client

He tried opening a private window and logging directly into energy.phacility.com (instead of possibly going through admin.phacility.com). No dice.

Revisions and Commits

Event Timeline

mbaker raised the priority of this task from to Needs Triage.
mbaker updated the task description. (Show Details)
mbaker added a project: Phacility Support.
mbaker added a subscriber: mbaker.

You need to explicitly add him as a member of your instance. Go to Phacility HomeInstances(Your Instance)Invite Members to invite him.

There isn't currently a feature like "automatically add anyone with a verified @y.com email address", and I think we'd need some gating around it if we did build it (e.g., to prevent people from auto-adding all @gmail.com addresses), but it's something we could build. Is that something you'd want, or is inviting users explicitly good enough?

The actual error should be more useful than it is. T7173 discusses this; eventually the error message will say something like "You don't have permission to log in to this instance. An instance administrator needs to add you as a member of the instance before you can log in."

We could also do a better job of leading you to "Invite Members" after an instance is created. There's a lot of stuff on that first screen, but "Invite Members" is probably where almost everyone wants to go either first or second (after visiting the instance to check it out and set things up). We could probably have a hint that displayed on the instance details screen until your instance has at least 2 members without getting in anyone's way.

mbaker claimed this task.

Ok, thanks, that works. That was not obvious at all, though, since some work needs to be done on the instance and some on this higher level of admin.phacility.com.

Yeah, we'll take a look at improving this. It's definitely not as obvious as it could be. Thanks for the feedback!

epriestley added a commit: Restricted Diffusion Commit.Feb 17 2015, 10:12 PM