Page MenuHomePhabricator
Create Task
Maniphest T7302

non-admin user can't log in - OAuth Error Code: invalid_client
Closed, ResolvedPublic
Actions

Description

I set up energy.phacility.com and am the admin, with username mbaker / email mbaker@genability.com.

One of my colleagues set up an account as spharris, email sharris@genability.com

I have auth.email-domains at energy.phacility.com set to allow from genability.com

But when he goes to the instance, it gives him the following error:

OAuth: Not Authorized
You are not authorized to authenticate.
OAuth Error Code: invalid_client

He tried opening a private window and logging directly into energy.phacility.com (instead of possibly going through admin.phacility.com). No dice.

Revisions and Commits

Restricted Diffusion Commit

Related Objects

Event Timeline

mbaker created this task.Feb 17 2015, 9:43 PM
mbaker raised the priority of this task from to Needs Triage.
mbaker updated the task description. (Show Details)
mbaker added a project: Phacility Support.
mbaker added a subscriber: mbaker.
Herald added a subscriber: epriestley. · View Herald TranscriptFeb 17 2015, 9:43 PM
epriestley added a comment.EditedFeb 17 2015, 9:46 PM

You need to explicitly add him as a member of your instance. Go to Phacility HomeInstances(Your Instance)Invite Members to invite him.

There isn't currently a feature like "automatically add anyone with a verified @y.com email address", and I think we'd need some gating around it if we did build it (e.g., to prevent people from auto-adding all @gmail.com addresses), but it's something we could build. Is that something you'd want, or is inviting users explicitly good enough?

The actual error should be more useful than it is. T7173 discusses this; eventually the error message will say something like "You don't have permission to log in to this instance. An instance administrator needs to add you as a member of the instance before you can log in."

epriestley added a comment.Feb 17 2015, 9:49 PM

We could also do a better job of leading you to "Invite Members" after an instance is created. There's a lot of stuff on that first screen, but "Invite Members" is probably where almost everyone wants to go either first or second (after visiting the instance to check it out and set things up). We could probably have a hint that displayed on the instance details screen until your instance has at least 2 members without getting in anyone's way.

mbaker closed this task as Resolved.Feb 17 2015, 10:02 PM
mbaker claimed this task.

Ok, thanks, that works. That was not obvious at all, though, since some work needs to be done on the instance and some on this higher level of admin.phacility.com.

epriestley added a comment.Feb 17 2015, 10:03 PM

Yeah, we'll take a look at improving this. It's definitely not as obvious as it could be. Thanks for the feedback!

epriestley added a commit: Restricted Diffusion Commit.Feb 17 2015, 10:12 PM
Phabricator · Built by Phacility