In Copr, we occasionally get reports like these:
People are trying to log in by using their email + password instead of username + password and weird redirects are happening. We could discuss which side is to blame for the unnecessary redirects but I would say that is not what we should focus on.
IMHO the login should be properly validated and we should not get past the auth form when trying to log in with email + password. I would expect to be redirected back to Copr only when the authentication was successful or when I decide to abort it.
Maybe this is a duplicate of #713, in that case, my apologies for a redundant issue. I am submitting it separate in case you think it is more to it than what #713 is about.
Originally reported here
I did some investigation and here's what I found out.
The metadata sent from id.fp.o back to the service differ in two fields:
Logged in via email - endless loop
In server logs we'll get:
Discovery verification failure for http://firstname.lastname@example.org/
* Endpoint mismatch: local_id mismatch. Expected http://email@example.com/, got http://redhat.com.id
When I log in using my FAS username, I can see:
to comment on this ticket.