Github auth fails when using https

[pltaylor]

The following error occurs when you use https:// for both the brigade:url value and the callback value on github

500 AuthorizationError: The redirect_uri MUST match the registered callback URL for this application.

If both of those values are set to http:// and the website is accessed using only http the authorization completes no problem.

[therebelrobot]

Github auth fails with https callback

[therebelrobot]

@pltaylor will you list the following for me?

• The brigade:url value from your mongo database
• The registered callback for your application with Github
• The url you're trying to access the briadehub installation from

With these I can help narrow down what may be causing this.

[pltaylor]

brigade:url in mongo -> https://opensav.herokuapp.com
registered callback -> https://opensav.herokuapp.com/auth/github/callback
url -> https://opensav.herokuapp.com/

And now it is working..... hmmm. I did redploy 2 days ago.

[pltaylor]

We have not seen this issue again, so I'm going to close it. Thanks for the awesome work.

[jacebrowning]

@pltaylor I think we experienced an HTTPS auth failure on brigadehub/brigadehub#510 (comment)

[therebelrobot]

Yeah, I think there's a standing issue with https interacting with brigadehub oauth... not sure if it's heroku related or not.

[therebelrobot]

The work around for the time being would be to change the three points listed above to use http. As Brigadehub isn't storing sensitive data (yet) it shouldn't be as dramatic a security concern.

[therebelrobot]

Definitely something I want to fix though.

[benstaf]

same issue. i could log in the first time but now: