Gitlab implicit grant flow suddenly stopped working

My team has been using GitLab’s implicit grant flow to authenticate our users for our CMS (Netlify CMS) by redirecting our users to:

https://gitlab.com/oauth/authorize?client_id=<client_id>&redirect_uri=http://cms.29k.org&response_type=token&scope=api&state={"auth_type":"implicit","nonce":<nonce>}

which has been working fine until recently. Now, upon being redirected to the URL above, the user is met with the following error message:

An error has occurred: The authorization server encountered an unexpected condition which prevented it from fulfilling the request.

In addition, a second request is dispatched to GET https://gitlab.com/oauth/undefined for some reason.

As mentioned, we haven’t changed anything with regards to application configuration. In fact, users that have previously been authenticated and have an active GitLab session can authenticate just fine. Any help would be much appreciated!

1 Like

Try adjusting the scopes of your registered application again. That is what worked for me.

I am facing the very same issue: Netlify CMS stopped working when I started using my own domain and cannot restore functionality ever since. I granted all scopes to the application, but the issue persists.

Did you find a solution?

I’m having the same issue too and changing the scopes didn’t work.
Everything was working fine and suddenly it stopped working (after an upgrade maybe?).
Tested with an up to date installation.

Experiencing the same problem, any solution?

Check if the Application is not set as “Confidential”

This is the default when creating a new App, and this was the cause of this error message for me