Gitlab implicit grant flow suddenly stopped working

nam29k · January 22, 2021, 11:02am

My team has been using GitLab’s implicit grant flow to authenticate our users for our CMS (Netlify CMS) by redirecting our users to:

https://gitlab.com/oauth/authorize?client_id=<client_id>&redirect_uri=http://cms.29k.org&response_type=token&scope=api&state={"auth_type":"implicit","nonce":<nonce>}

which has been working fine until recently. Now, upon being redirected to the URL above, the user is met with the following error message:

An error has occurred: The authorization server encountered an unexpected condition which prevented it from fulfilling the request.

In addition, a second request is dispatched to GET https://gitlab.com/oauth/undefined for some reason.

As mentioned, we haven’t changed anything with regards to application configuration. In fact, users that have previously been authenticated and have an active GitLab session can authenticate just fine. Any help would be much appreciated!

chandruxp · January 24, 2021, 1:35am

Try adjusting the scopes of your registered application again. That is what worked for me.

janostalas · February 23, 2021, 7:40pm

I am facing the very same issue: Netlify CMS stopped working when I started using my own domain and cannot restore functionality ever since. I granted all scopes to the application, but the issue persists.

Did you find a solution?

maximebf · March 15, 2021, 4:54pm

I’m having the same issue too and changing the scopes didn’t work.
Everything was working fine and suddenly it stopped working (after an upgrade maybe?).
Tested with an up to date installation.

bbmm_I · June 15, 2021, 5:16pm

Experiencing the same problem, any solution?

Roneo · October 14, 2021, 11:05pm

Check if the Application is not set as “Confidential”

This is the default when creating a new App, and this was the cause of this error message for me