Authorising with GitHub fails / authentication / firebase

[jlweston]

Describe the bug

After entering the invite code into the application and being directed to sign up via the website, clicking 'Sign Up with GitHub' opens a blank popup which disappears after a few seconds.

The console logs for the main window show the following for each attempt:

GET https://astral-field-294621.firebaseapp.com/__/auth/iframe.js net::ERR_EMPTY_RESPONSE
iframe?apiKey=AIzaSyBdy3O3S9hrdayLJxJ7mriBR4qgUaUygAs&appName=[DEFAULT]&v=8.0.1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.2lM46t9-YIo.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOhwmvF7Fsri7fVyVVvLH1eaFC1jg%2Fm%3D__features__:8 Uncaught ReferenceError: fireauth is not defined
    at iframe?apiKey=AIzaSyBdy3O3S9hrdayLJxJ7mriBR4qgUaUygAs&appName=[DEFAULT]&v=8.0.1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.2lM46t9-YIo.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOhwmvF7Fsri7fVyVVvLH1eaFC1jg%2Fm%3D__features__:8
(anonymous) @ iframe?apiKey=AIzaSyBdy3O3S9hrdayLJxJ7mriBR4qgUaUygAs&appName=[DEFAULT]&v=8.0.1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.2lM46t9-YIo.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOhwmvF7Fsri7fVyVVvLH1eaFC1jg%2Fm%3D__features__:8
asyncToGenerator.js:6 Uncaught (in promise) T {code: 'auth/network-request-failed', message: 'A network error (such as timeout, interrupted connection or unreachable host) has occurred.', a: null}
r @ asyncToGenerator.js:6
u @ asyncToGenerator.js:29
Promise.then (async)
r @ asyncToGenerator.js:13
s @ asyncToGenerator.js:25
(anonymous) @ asyncToGenerator.js:32
(anonymous) @ asyncToGenerator.js:21
ze @ react-dom.production.min.js:52
$e @ react-dom.production.min.js:52
(anonymous) @ react-dom.production.min.js:53
Sr @ react-dom.production.min.js:100
xr @ react-dom.production.min.js:101
(anonymous) @ react-dom.production.min.js:113
Le @ react-dom.production.min.js:292
(anonymous) @ react-dom.production.min.js:50
Ar @ react-dom.production.min.js:105
Zt @ react-dom.production.min.js:75
Xt @ react-dom.production.min.js:74
t.unstable_runWithPriority @ scheduler.production.min.js:18
zi @ react-dom.production.min.js:122
Pe @ react-dom.production.min.js:292
Yt @ react-dom.production.min.js:73
auth.esm.js:271 Uncaught Error: Network Error
    at auth.esm.js:271

To Reproduce

No response

Expected behaviour

Expected to see a webpage asking me to grant consent for this application to sign in to GitHub and share my identity.

Screenshots

No response

Operating System

MacOS

OS Version

No response

Additional context

No response

[kevinyang372]

Thanks for reporting the bug! Do you mind sharing what browser are you using?

[jlweston]

I tested with both Chrome and Firefox, neither of which were running any kind of ad blocking extensions.

[alokedesai]

Hey Jamie! Sorry for the issues here. This is the first we've heard of this issue. Are you trying to login through the app? Does hitting https://warp.dev/login directly work? Would you also mind trying in an incognito window as well?

[jlweston]

Same issue in incognito. After further testing, it looks like it's possibly the proxy/DNS on my work machine. I don't have a personal Mac to test this on but I can see the expected flow when browsing to the generated link on my personal PC and get successfully redirected to https://app.warp.dev/logged_in/remote?invite_code=XXXXXXX&nolocalhost=true&scheme=warp.

This at least shows that it's probably network settings on my side but still leaves me with the problem of being unable to pass the auth token back to the application, since the same popup is presented (presumably with different parameters) for both the signup and login flows. Can you advise how I might use something I can obtain on the PC to activate the application on the Mac?

[jlweston]

Adding to this, I can curl https://astral-field-294621.firebaseapp.com/__/auth/iframe.js and get a response, I just can't use the browser to auth. Is there a command line approach I could use to activate the app?

[alokedesai]

Hey Jamie, there may be an extremely roundabout way to get this to work:

1. Hit app.warp.dev/login/remote on your local PC (that doesn't have the proxy/DNS settings). After authenticating, the URL should be forwarded to a URL that looks like localhost:8085/signin/refresh_token={XXX}.

2. Copy this refresh token, and then on your mac paste:
   security add-generic-password -a User -s dev.warp.Warp-Stable -p XXX

[jlweston]

Not sure if -a User is supposed to be entered literally or if I should use my actual username there. I tried both ways, and it successfully added an entry to my keychain for each. On opening Warp, I'm then prompted with a security dialog asking to grant permission to access my keychain, which I granted. However, I'm still taken back to the 'Enter invite code' screen.

[alokedesai]

Hey Jamie, unfortunately we made some changes with what's in the keychain that makes it next-to-impossible to active the app outside of the login flow.

That being said, I'd like to understand what network issues are preventing login from working on your work computer. Are there are more details you could share here so we can investigate further? Thanks!

[jlweston]

I'm not sure how much more detail I can provide. The Mac has various pieces of security software installed but I suspect the culprit is SentinelOne, as its extension is automatically installed on any browser I install (I've tried the common ones as well as less common browsers like Opera and Brave). I haven't been able to determine the mechanism behind the block but it seems to prevent the browser from seeing any response from the firebaseapp.com domain. cURLing the same domain works, so it's not a DNS issue.

I wonder if my employer's security team view that domain as insecure, since they have no way to determine the owner of any given application. Would a better solution be to place the app behind your own domain, as warp.dev is accessible and not blocked by the security software?

[ahabhgk]

I couldn't login either..

Hey Jamie, there may be an extremely roundabout way to get this to work:

1. Hit app.warp.dev/login/remote on your local PC (that doesn't have the proxy/DNS settings). After authenticating, the URL should be forwarded to a URL that looks like localhost:8085/signin/refresh_token={XXX}.
2. Copy this refresh token, and then on your mac paste:
   security add-generic-password -a User -s dev.warp.Warp-Stable -p XXX

Is this means the refresh_token will be added to the keychain after I login? I can't found anything about warp in my keychain after I logged in the browser and back to warp. I don't kwon is this a helpful message, but I'm very expected to try warp 😉

[elviskahoro]

[elviskahoro]

[elviskahoro]

@jlweston You're still unable to login correct? We still haven't figured out the root cause but it seems like this issue is starting to pop up more and more.

[yavathol]

I have the same issue, unable to start using warp. Any hints if this still is an issue to a broader group?

[srudolph-credera]

I'm seeing exactly what @jlweston was: when my various browsers try to load https://astral-field-294621.firebaseapp.com/__/auth/iframe.js, the requests appear to fail. Like @jlweston, I can also use cURL to download the file without issue.

I went down the rabbit hole on this and used local response overrides in Safari to change the HTML files to point to local versions of iframe.js and handler.js that I had pulled down with cURL (served via HTTPS with Caddy). I was able to finish the authentication and initialize Warp.

Interestingly, I noticed that the popup window was able to load https://astral-field-294621.firebaseapp.com/__/auth/experiments.js without issue, but refused to load handler.js at that same path (https://astral-field-294621.firebaseapp.com/__/auth/handler.js). I did see some similarities in the contents of iframe.js and handler.js, so my assumption is that some local security check is failing on our devices based on the contents of the files, not on the URL or HTTP response headers.

[yavathol]

Any updates? I admit I'm not really into doing local overrides, but this surely does not seem to work on my Mac, neither when connecting via company VPN or without it. The workaround described above suggests this isn't really the issue with local configuration, but rather than that the signup flow is failing (and will be failing) for a large group of users.

Any foreseeable future of resolving this? Or otherwise - is it possible to do the registration part via web, so that later one could just login with GitHub? (that part seems to work, as it returns information that the account is not created if I try logging in instead of registering).

[srudolph-credera]

@yavathol - that workaround is definitely more useful for debugging than for practical use! The fact that I can access the scripts via curl (and Wget) but not any browser (including Lynx!) almost guarantees that this is a local issue related to security software and not a network or other external issue. For further confirmation, I just now verified I can access the scripts from a browser inside a VM on the same machine.

Because the scripts appear to be blocked due to their content, it's going to be difficult for the Warp team to fix unless there's some bit of code that's an obvious trigger and is also easily replaced (especially if they don't have a device that can replicate the issue in the first place). Unless the issue appears to have a large enough volume to warrant the engineering investment, I'd be tempted in their shoes to put this issue on hold until the private beta is over and this specific flow could either be removed or tweaked.

[vorporeal]

@srudolph-credera When trying to fetch the file via curl, did you craft your own curl command or use the "Copy as cURL" feature of the Chrome developer tools? Wondering if the security software might be blocking due to HTTP request/response headers. (using the "Copy as cURL" option in the right-click menu within the dev tools Network tab captures headers included in the browser's request)

I'm curious whether the request would also get blocked if you include the same headers that the browser does. If it does, mind also trying with the headers but removing user-agent (to test out the "only in browsers but not curl" theory)?

[srudolph-credera]

Either approach yields identical (successful) results using cURL and I verified by piping the results and then diffing them:

curl 'https://astral-field-294621.firebaseapp.com/__/auth/iframe.js'

vs.

curl 'https://astral-field-294621.firebaseapp.com/__/auth/iframe.js' \
  -H 'Connection: keep-alive' \
  -H 'Pragma: no-cache' \
  -H 'Cache-Control: no-cache' \
  -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'Upgrade-Insecure-Requests: 1' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36' \
  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'Sec-Fetch-Site: none' \
  -H 'Sec-Fetch-Mode: navigate' \
  -H 'Sec-Fetch-User: ?1' \
  -H 'Sec-Fetch-Dest: document' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  --compressed

Because the headers don't seem to matter and because the browser issue even affects Lynx, my speculation is that the browsers are using a different system networking library that the security tools have hooks into, whereas cURL/wget/Postman may be using something lower level.

To confirm my theory, I wrote some terrible Swift code (attached, but renamed to .txt because of GitHub's content restrictions) and I can reproduce the error when using Foundation's URLSession to access the JS file:

swift ~/Desktop/test.swift
https://astral-field-294621.firebaseapp.com/__/auth/iframe.js
Response handler
Error!
Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={NSUnderlyingError=0x60000169a700 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x600003bdd8b0 [0x7ff856a4bd70]>{length = 16, capacity = 16, bytes = 0x100201bbc7249e640000000000000000}, _kCFStreamErrorCodeKey=-4, _kCFStreamErrorDomainKey=4}}, NSErrorFailingURLStringKey=https://astral-field-294621.firebaseapp.com/__/auth/iframe.js, NSErrorFailingURLKey=https://astral-field-294621.firebaseapp.com/__/auth/iframe.js, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-4, NSLocalizedDescription=The network connection was lost.}

PS We can add Postman to the list of tools that can successfully retrieve the JS files

test.txt

[warpdotdev-devx]

We have a potential lead on this issue! Will send updates as we investigate!

https://firebase.google.com/docs/auth/web/google-signin#expandable-4

[vorporeal]

@srudolph-credera When you have an opportunity, mind testing again using https://auth.staging.warp.dev/__/auth/iframe.js (custom domain instead of Firebase's astral-field-294621.firebaseapp.com)?

[srudolph-credera]

Same error I'm afraid @vorporeal, it possible that it's content based and not domain based:

https://auth.staging.warp.dev/__/auth/iframe.js
Response handler
Error!
Error Domain=NSURLErrorDomain Code=-1005 "The network connection was lost." UserInfo={NSUnderlyingError=0x600000194690 {Error Domain=kCFErrorDomainCFNetwork Code=-1005 "(null)" UserInfo={NSErrorPeerAddressKey=<CFData 0x600002ccceb0 [0x7ff85036fd70]>{length = 16, capacity = 16, bytes = 0x100201bbc7249e640000000000000000}, _kCFStreamErrorCodeKey=-4, _kCFStreamErrorDomainKey=4}}, NSErrorFailingURLStringKey=https://auth.staging.warp.dev/__/auth/iframe.js, NSErrorFailingURLKey=https://auth.staging.warp.dev/__/auth/iframe.js, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-4, NSLocalizedDescription=The network connection was lost.}

(Same error in the browser as well)

[vorporeal]

Yeah, does seem so at this point. Figured the domain was worth a try, in case it's part of a set of features used by the security software's classifier (and a custom domain is nicer than the default Firebase one anyway). Thanks for checking, though!

I'll see if I can contact Firebase folks, and if they have any ideas/leads.

[srudolph-credera]

Sounds great, and I'll be happy to retest if / when you have something new for me to try.

[vorporeal]

@srudolph-credera I got in touch with Firebase support and unfortunately they basically said "ask your client to talk to their security software administrator to whitelist the affected files". So - I'll finish up making the changes to move to a custom domain, and then you may want to talk to your IT staff about whether they can mark the domain as more trustworthy.

In case we want to reach out to the security software vendor - do you know what software is causing the issue on your machine?

[jlweston]

I appreciate you looking into this but that's a disappointing response from Firebase. Asking IT to tweak settings might be possible in smaller organisations but won't fly in large corporations (60k+ employees here, no chance they'll grant a request like that just because a couple of devs want to use a non-essential tool).

[vorporeal]

Agreed. It was first-tier (non-technical?) support; I'm trying to push a bit harder but not optimistic.

[srudolph-credera]

Regarding the vendor, I prefer not to disclose who we are using, it appears SentinelOne was already mentioned by @jlweston.

[AliasT]

If you are using vpn, try to set up your HTTP(S)_PROXY env in your current terminal, then startup warp from it:

# this is an example !
export HTTP_PROXY=http://127.0.0.1:1077
export HTTPS_PROXY=http://127.0.0.1:1077

/Applications/Warp.app/Contents/MacOS/stable

#705 #906

[srudolph-credera]

Thanks @ch41 - I am not using VPN in this case, otherwise I'd be happy to test it!

[toddbrooks]

@alokedesai I'm having the same issue. The network I'm on is currently using AdGuard DNS, so I thought one of the 65k block rules might have been blocking *.firebaseapp.com, but changing the DNS to 8.8.8.8, successfully logging into GitHub with a browser (disabling uBlock origin and Brave's Shields Up), (not on a VPN), then trying to start Warp again...same issue as the above users. Looking at the log file, I see the line "Error loading invite from server: Cannot make graphql request when logged out".

I don't think this is a network issue on my side, but I could be incorrect.

Edit: Sorry for originally tagging others...was trying to tag the correct Warp devs for visibility

[srudolph-credera]

@toddbrooks - if you're able to run the Swift code I posted (after changing the URL to https://auth.staging.warp.dev/__/auth/iframe.js), that may help determine if you're having the same issue or a new one.

[YGeorge]

The same issue, "We were unable to log you in."
And there is no other way to sign up :(

Can't use the app because of that.

[yyyy777]

i tried this, but not worked.

Failed to authenticate user error sending request for url (https://securetoken.googleapis.com/v1/token?key=AIzaSyBdy3O3S9hrdayLJxJ7mriBR4qgUaUygAs): error trying to connect: tcp connect error: Connection refused (os error 61)

[elviskahoro]

The recent update has some changes that should help, can people try this:
https://docs.warp.dev/help/troubleshooting-login-issues

[yavathol]

It's still not working after the update. Cannot reproduce now, and don't have time to fiddle with this more, but the initial message in the popup window was different. It mentioned issues with local storage AND mentioned it was not able to progress due to misssing initial state. Maybe this will give you a clue where the issue is.

[Exodus]

The recent update has some changes that should help, can people try this: https://docs.warp.dev/help/troubleshooting-login-issues

I have downloaded the latest version as of this message. Cleared the browser cache for warp. Attempted to auth through the app, browser opens, went through the auth flow, but get the "Oops! Sign In failed. Please try again later."

Going directly to: https://app.warp.dev/signup/ with developer settings network, and attempting to sign up, I see a 500 on the following graphql call:

Request URL: https://app.warp.dev/graphql
with graphql response: {"error":"interface conversion: interface {} is nil, not []interface {}"}

I can help troubleshoot this issue, reach out via discord, I'm happy to help @elviskahoro

[reecem7]

Hi there! Still having an issue authenticating with Github and have tried following the sign up link from a referrer @srudolph-credera as well as using the application splash screen signup button.
Both result in an error when loading this file "https://auth.app.warp.dev/__/auth/iframe.js"

[alokedesai]

@reecem7 Sorry for the troubles! What errors are you seeing when the auth.app.warp.dev endpoint doesn't load? Are you located in China by chance?

[reecem7]

@alokedesai so I see the following in the console for https://app.warp.dev/signup/remote?scheme=warp&public_beta=true

And nope, in the U.S. but this is a corporate machine (Mac OS - intel chip), with SentinelOne and Netskope

Hope this helps!

[ghost]

04:16:21 [ERROR] Failed to authenticate user error sending request for url (https://app.warp.dev/proxy/token?key=AIzaSyBdy3O3S9hrdayLJxJ7mriBR4qgUaUygAs): error trying to connect: tcp connect error: Connection refused (os error 61)

Caused by:
0: error trying to connect: tcp connect error: Connection refused (os error 61)
1: tcp connect error: Connection refused (os error 61)
2: Connection refused (os error 61)

[vorporeal]

@hlbbt Which country are you located in? Are you using a network proxy? Is this error is occurring when you attempt to log in, preventing you from using Warp?

[elviskahoro]

I think all of these have been addressed for the most part so gonna close this out. Please reach out if you're still having trouble logging in. Either comment or open a new issue