#238 FAS login through OpenID fails when user has 2+ ssh keys
Opened 5 months ago by thunderbirdtr. Modified 4 months ago

Related issue from infra : https://pagure.io/fedora-infrastructure/issue/10567

Error is :

Bad Request

Request Line is too large (4175 > 4094)

It show very long URL after I clicked login (I can see FAS Login then It shows error, open id works but qa.fpo doesn't login)


This is due to the openid flow sending information back in a cookie, and that has limited size.

There might be a way for you not to request ssh keys?

Or better yet, move from openid to OIDC.

Thanks for explanation, @kevin. Currently we're using flask_fas_openid.py from https://github.com/fedora-infra/python-fedora . I don't see an option to avoid requesting ssh keys :-/

Is there some library that would allow our Flask app to easily connect through OIDC, do you know?

Metadata Update from @kparal:
- Issue priority set to: High
- Issue tagged with: bug

5 months ago

Issue tagged with: next

5 months ago

@kparal we're using OIDC in oraculum, the architecture of the app is very similar to bba: https://pagure.io/fedora-qa/oraculum

Metadata Update from @kparal:
- Issue assigned to kparal

4 months ago

Login to comment on this ticket.

Metadata
Boards 1
Next tasks Status: Picked