Bug in OAuth flow
I think we found a bug in MS OAuth Flow (it might also be in Gmail, see below).
Problem: During initial OAuth flow, my @outlook account will randomly work and not work. When it doesn't work, I get "Success. Please Close Browser" and no errors are reported. (I'm hooked in to the TppReport.OnEmailError event, and nothing fires).
From the GUI everything looks peachy, but no credentials are put in the INI or Registry.
So I used the browser network console to inspect requests during the OAuth flow and found a pattern. Every single time it "didn't work" There was a $ character at the end of the code:
BAD
GET http://localhost:65168/?code=M.C513_BAY.2.U.DlwN2k6U3asmVTJK!dREitr*EZRUM1zREMOVEDLQqsOgX4FUmcdFZG542*sxAMbGHteQ6hqNvW6VcbFEWA$
GOOD
GET http://localhost:64785/?code=M.C513_SN1.2.U.DtBnG1rBBUjTQH5lFV7LuUtHJlXblREMOVEDIj13RJ6QrVZO4*RRqFTUWqlwm5RiRULnfAZAx5tPWsoLe5LR3av96ckeScZiW
GOOD
GET http://localhost:65022/?code=M.C513_SN1.2.U.DtRCbCDVd6BC2A4G1cKWo0uZZSS1REMOVED2qe0KFYj!Qw30n6gGTZWm19925n5n37w5YRdE!gd3DAK5mAAJ*gyyvbw56GnBlO7lnd
BAD
GET M.C513_BL2.2.U.Do8UC!v!QOI3*yhrRMYVjcX!LZWZdHbuYV2kfDKrkcp8cgJ6151!isNnxREMOVED4m0vwCFbaY4uaRsewinIdVxdBv9VzDQVVGooi*zfTFDjkamTYDeEDWWuwKVgWVaJXJmTfhl1FbDY$
BAD
GET M.C513_SN1.2.U.DnM5qmutJqCzxj1Q1ZujPWINQ8LpVpGc2kI*C!iKBAt9REKxOzHzm1yCcMREMOVEDH3A2bmsEo0RdsMIXOJKIAvzq0rL0mtww6D4UlKutkdL!oO21NKLR2HOI!ZJg9pcpDF!6janz19c$
GOOD
GET http://localhost:53753/?code=M.C513_BAY.2.U.Dmvgs0UWV9FZlFufA3!v3YLWJIfCeREMOVEDGrVonjvbcTo9mhYPOlEpXntrY*HPi2qTSIW!Q8gWxaA*Sz!hpR8cag!6UVLjyOk9NG1dQ53ERxwO2J3gTXp88JmLk
GOOD
GET http://localhost:57752/?code=M.C513_SN1.2.U.DofcrT2i!niNxt*YTL2HViAf0XNQrREMOVEDs9!7wz91ERQ22fZplkEKFK*u75pvAZ2iEFltCGL7QT6UpPVI3brpAlKyrAFTF4A*ZAdo57AFh6dKANb3iF1foh8F42
BAD
GET http://localhost:57903/?code=M.C513_SN1.2.U.DpQWEhqMP*f24TnN3gCmVTKkCzOPVREMOVEDryi7DATKCZeIpwsk16oE4KgZrSGbcd0SggN6q8pH1LmN!q4dROkzAGbfSQ1N5oNuK*PWuHvphf0KprCJIA*BlIZTyI$
GOOD
GET http://localhost:58083/?code=M.C513_SN1.2.U.DjAt5p!2DtMiV5ndtOcsiX6ByqIREMOVED9K5MVqQRoX2TPr7hxxtA0xzZ3jYjB7BhDdE!aDWTA6LML4ce133EXqfJ8L5xse9i2DoTvndlqlqB!TH8j7YYnbJSGTzzbhPf0
GOOD
GET http://localhost:58289/?code=M.C513_SN1.2.U.DmMG5ssutOdKL3TRlMJ!FUZLD6Q!YREMOVED!oQ63tLEp1oMh9UCxOXN9Rd5AVnCYT6tK3yc2uoPfHNpdQ0FyenVva8xpzFCTe891VZQif*Bt8rkncagkgB!yk0X9bUJ
GOOD
GET http://localhost:62517/?code=M.C513_SN1.2.U.Dvgz!ILhtHdUGk4Y3ybO391rjtenvTREMOVEDYpKpuynhA4QB9zOhOjflYqvJr0ZDwKfXdD1TSeLNLJLM3mPe1vnrTZCBi*bpTWbvTksqs00SZXY1hxwWQbiyoE!D9RXrRDBCREMFUPohGJdVc8nkRiv*DcUSWFZ
BAD
GET http://localhost:62676/?code=M.C513_BAY.2.U.Dh6opE41qqz04LPSByvHdRzDncHjHHVREMOVED2gR8i7jl6lXQl79cMVkp8blOIcZhGra8HXl0k9an4FEFvgQwqeXMOAoDISEO5kbDZ3cUmWiuSs0GX5Uk$
I looked at the URL the browser was redirected to and it did properly encode there to %25. So there must be something up with the http server?
Other team mates couldn't get it to happen. So maybe it has something to do with my email, or it's time based, or it's just 50/50 and they got a good string.
This may be happening in Gmail, but we haven't seen it. Did not do any testing there.
Problem: During initial OAuth flow, my @outlook account will randomly work and not work. When it doesn't work, I get "Success. Please Close Browser" and no errors are reported. (I'm hooked in to the TppReport.OnEmailError event, and nothing fires).
From the GUI everything looks peachy, but no credentials are put in the INI or Registry.
So I used the browser network console to inspect requests during the OAuth flow and found a pattern. Every single time it "didn't work" There was a $ character at the end of the code:
BAD
GET http://localhost:65168/?code=M.C513_BAY.2.U.DlwN2k6U3asmVTJK!dREitr*EZRUM1zREMOVEDLQqsOgX4FUmcdFZG542*sxAMbGHteQ6hqNvW6VcbFEWA$
GOOD
GET http://localhost:64785/?code=M.C513_SN1.2.U.DtBnG1rBBUjTQH5lFV7LuUtHJlXblREMOVEDIj13RJ6QrVZO4*RRqFTUWqlwm5RiRULnfAZAx5tPWsoLe5LR3av96ckeScZiW
GOOD
GET http://localhost:65022/?code=M.C513_SN1.2.U.DtRCbCDVd6BC2A4G1cKWo0uZZSS1REMOVED2qe0KFYj!Qw30n6gGTZWm19925n5n37w5YRdE!gd3DAK5mAAJ*gyyvbw56GnBlO7lnd
BAD
GET M.C513_BL2.2.U.Do8UC!v!QOI3*yhrRMYVjcX!LZWZdHbuYV2kfDKrkcp8cgJ6151!isNnxREMOVED4m0vwCFbaY4uaRsewinIdVxdBv9VzDQVVGooi*zfTFDjkamTYDeEDWWuwKVgWVaJXJmTfhl1FbDY$
BAD
GET M.C513_SN1.2.U.DnM5qmutJqCzxj1Q1ZujPWINQ8LpVpGc2kI*C!iKBAt9REKxOzHzm1yCcMREMOVEDH3A2bmsEo0RdsMIXOJKIAvzq0rL0mtww6D4UlKutkdL!oO21NKLR2HOI!ZJg9pcpDF!6janz19c$
GOOD
GET http://localhost:53753/?code=M.C513_BAY.2.U.Dmvgs0UWV9FZlFufA3!v3YLWJIfCeREMOVEDGrVonjvbcTo9mhYPOlEpXntrY*HPi2qTSIW!Q8gWxaA*Sz!hpR8cag!6UVLjyOk9NG1dQ53ERxwO2J3gTXp88JmLk
GOOD
GET http://localhost:57752/?code=M.C513_SN1.2.U.DofcrT2i!niNxt*YTL2HViAf0XNQrREMOVEDs9!7wz91ERQ22fZplkEKFK*u75pvAZ2iEFltCGL7QT6UpPVI3brpAlKyrAFTF4A*ZAdo57AFh6dKANb3iF1foh8F42
BAD
GET http://localhost:57903/?code=M.C513_SN1.2.U.DpQWEhqMP*f24TnN3gCmVTKkCzOPVREMOVEDryi7DATKCZeIpwsk16oE4KgZrSGbcd0SggN6q8pH1LmN!q4dROkzAGbfSQ1N5oNuK*PWuHvphf0KprCJIA*BlIZTyI$
GOOD
GET http://localhost:58083/?code=M.C513_SN1.2.U.DjAt5p!2DtMiV5ndtOcsiX6ByqIREMOVED9K5MVqQRoX2TPr7hxxtA0xzZ3jYjB7BhDdE!aDWTA6LML4ce133EXqfJ8L5xse9i2DoTvndlqlqB!TH8j7YYnbJSGTzzbhPf0
GOOD
GET http://localhost:58289/?code=M.C513_SN1.2.U.DmMG5ssutOdKL3TRlMJ!FUZLD6Q!YREMOVED!oQ63tLEp1oMh9UCxOXN9Rd5AVnCYT6tK3yc2uoPfHNpdQ0FyenVva8xpzFCTe891VZQif*Bt8rkncagkgB!yk0X9bUJ
GOOD
GET http://localhost:62517/?code=M.C513_SN1.2.U.Dvgz!ILhtHdUGk4Y3ybO391rjtenvTREMOVEDYpKpuynhA4QB9zOhOjflYqvJr0ZDwKfXdD1TSeLNLJLM3mPe1vnrTZCBi*bpTWbvTksqs00SZXY1hxwWQbiyoE!D9RXrRDBCREMFUPohGJdVc8nkRiv*DcUSWFZ
BAD
GET http://localhost:62676/?code=M.C513_BAY.2.U.Dh6opE41qqz04LPSByvHdRzDncHjHHVREMOVED2gR8i7jl6lXQl79cMVkp8blOIcZhGra8HXl0k9an4FEFvgQwqeXMOAoDISEO5kbDZ3cUmWiuSs0GX5Uk$
I looked at the URL the browser was redirected to and it did properly encode there to %25. So there must be something up with the http server?
Other team mates couldn't get it to happen. So maybe it has something to do with my email, or it's time based, or it's just 50/50 and they got a good string.
This may be happening in Gmail, but we haven't seen it. Did not do any testing there.