How to prevent that the login token is stored in browser favorites that end users create?
Hi community,
when user "star" the Innovator link in the browser, it can happen that the login token is part of the link. The next time they try to open Innovator it will not work, as they work with an outdated token. Typically users get a blank white screen.
Solution is simple: Use the correct link! I mention this fact in my initial user invitation email and training, manuals, etc. . But from time to time users still forget to store the correct link.
Can we somehow achieve that the browser link is stored without the secondary data? Is this behavior still a thing in Innovator 14?
What version of Innovator are you currently on? And when are your users clicking the bookmark button? Testing in Release 33 and again in 12.0, I'm not seeing an issue with the URL after I log in and get to the start page (though I understand some people are less patient than I am).
In this case it´s 12SP7, but it´s also a known issue I know from 12SP9. To what I have seen Release 29 and other recent releases show the same behavior regarding the URL, but I am not the main admin for these user groups.
I made a mistake in the description. It´s not the login token that is stored in the link, but redirection related stuff for OAuth.
This is the original screenshot from the end user. Description: "After log-in I get a white screen in both Firefox and Edge."
I think what people do looks something like this:
1. They open the official recommended link 2. They ignore all my "Important Notes" in the invitation to only store the official recommended link (important step!) 3. Login page appears. Browser redirects to the shown URL 4. People bookmark the page. 5. After login they would get the regular link again. But it´s already too late. 6. People can access Innovator with the "wrong link" for a certain amount of time without any problems, but sooner or later they will get the white page.
I don´t know the exact time frame. But I know that I had douzends of affected users so far. It´s a more a meme bug, cause people could have avoided it by just *reading* the official first invite.
I assume Innovator does nothing unusual regarding OAuth authentication. I am right now more surprised that this topic wasn´t discussed in the forum yet. In my world this one was an issue that occurred super often. How do others solve this one? Better invitation emails? Or can we use kind of automatic redirection if people show up with the wrong link?
Out of interest I just made a quick test with a Release 2023 instance and was able to reproduce the issue:
1. I opened the regular official link in Chrome. Login window appear, URL redirects to something like this: https:// ; xyz.com/2023/OAuthServer/Account/Login?ReturnUrl=%2F2023%2FOAuthServer%2Fconnect%2F.....
2. Instead of making a bookmark, I just copied this link to Firefox. I get the login screen. Side note: I never opened this specific I2023 instance in Firefox in the past.
3. After login I get the white screen and following message in the browser debugger.
4. I noticed that the URL in Firefox has changed again and now contains the state and session_state variable.
These two values are probably outdated or don´t exist in the Firefox cookies. I don´t know, I haven´t checked them yet.
After this test Innovator in Firefox works perfectly with the correct link. It's really not a big issue and I don't need a quick solution here. But let me know if somebody has an idea to improve the situation.
