<div style="display: flex; flex-wrap: wrap; white-space: pre-wrap; align-items: center; "><img height="20" width="20" style="border-radius:50%; margin-right: 4px;" decoding="async" src="https://avatars.githubusercontent.com/u/111561?s=20&v=4" /><strong>tordans</strong> created an issue <a href="https://github.com/openstreetmap/openstreetmap-website/issues/6130">(openstreetmap/openstreetmap-website#6130)</a></div>
<h3 dir="auto">URL</h3>
<p dir="auto"><em>No response</em></p>
<h3 dir="auto">How to reproduce the issue?</h3>
<p dir="auto">I am having trouble with our registration workflow. It used to redirect users back to our application. Now it returns them to the osm.org map.</p>
<p dir="auto">(Logging into an existing account using the OAuth flow works, just the registration is broken.)</p>
<ol dir="auto">
<li>
<p dir="auto">Open <a href="https://staging.tilda-geo.de/regionen/berlin" rel="nofollow">https://staging.tilda-geo.de/regionen/berlin</a>, klick "Anmelden" on the top right<br>
The URL will be (decoded) has the right <code class="notranslate">redirect_uri</code></p>
<div class="highlight highlight-source-ini" dir="auto"><pre class="notranslate">https://master.apis.dev.openstreetmap.org/login
?<span class="pl-k">referer</span>=/oauth2/authorize
?<span class="pl-k">client_id</span>=uglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4
&<span class="pl-k">scope</span>=openid%20read_prefs%20write_prefs%20write_notes
&<span class="pl-k">response_type</span>=code
&<span class="pl-k">redirect_uri</span>=https%3A%2F%2Fstaging.tilda-geo.de%2Fapi%2Fauth%2Fosm%2Fcallback
&<span class="pl-k">nextauth</span>=osm%2Clogin
&<span class="pl-k">state</span>=7aAEVSZmtmifFGXnQsbdS8lZgFxeFvGd5JvFKfx-r2s
&<span class="pl-k">code_challenge</span>=fsijUEaNJ4UFBdXM4yuBK0PhiosI6H5LFsuvhZBdR14
&<span class="pl-k">code_challenge_method</span>=S256</pre></div>
<p dir="auto">(Observation: The second <code class="notranslate">?</code> seems wrong)</p>
</li>
<li>
<p dir="auto">Switch to registration, the URL (decoded) still has the right <code class="notranslate">redirect_uri</code></p>
<div class="highlight highlight-source-ini" dir="auto"><pre class="notranslate">https://master.apis.dev.openstreetmap.org/user/new
?<span class="pl-k">referer</span>=/oauth2/authorize
?<span class="pl-k">client_id</span>=uglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4
&<span class="pl-k">scope</span>=openid%20read_prefs%20write_prefs%20write_notes
&<span class="pl-k">response_type</span>=code
&<span class="pl-k">redirect_uri</span>=https%3A%2F%2Fstaging.tilda-geo.de%2Fapi%2Fauth%2Fosm%2Fcallback
&<span class="pl-k">nextauth</span>=osm%2Clogin
&<span class="pl-k">state</span>=7aAEVSZmtmifFGXnQsbdS8lZgFxeFvGd5JvFKfx-r2s
&<span class="pl-k">code_challenge</span>=fsijUEaNJ4UFBdXM4yuBK0PhiosI6H5LFsuvhZBdR14
&<span class="pl-k">code_challenge_method</span>=S256</pre></div>
<p dir="auto">Which is also present in the HTML<br>
<code class="notranslate"><input type="hidden" name="referer" id="referer" value="/oauth2/authorize?client_id=uglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4&scope=openid%20read_prefs%20write_prefs%20write_notes&response_type=code&redirect_uri=https%3A%2F%2Fstaging.tilda-geo.de%2Fapi%2Fauth%2Fosm%2Fcallback&nextauth=osm%2Clogin&state=7aAEVSZmtmifFGXnQsbdS8lZgFxeFvGd5JvFKfx-r2s&code_challenge=fsijUEaNJ4UFBdXM4yuBK0PhiosI6H5LFsuvhZBdR14&code_challenge_method=S256" autocomplete="off"></code><br>
Which is also submitted when I submit the form.</p>
</li>
<li>
<p dir="auto">I then get an e-mail with this URL, which also look OK because it includes the <code class="notranslate">redirect_uri</code> param<br>
(Note to self: When testing this, not all emails had this referrer; I am not aware of a issue in my test cases so maybe there is something else going on…)</p>
<div class="highlight highlight-source-ini" dir="auto"><pre class="notranslate">https://master.apis.dev.openstreetmap.org/user/test4tobias/confirm
?<span class="pl-k">confirm_string</span>=eyJfcmFpbHMiOnsiZGF0YSI6WzIyMzQ1LCI1ZjlkNTgwNDU4NThmYTE4ZTE0MDRhNGM1OTczZWYxYTQ0NDM4NWU5ZTg5ZWIwNTMzMDJjNjBlYjQyNWIzNjY1Il0sImV4cCI6IjIwMjUtMDctMDFUMTU6MjA6NTYuNjI2WiIsInB1ciI6IlVzZXJcbm5ld191c2VyXG42MDQ4MDAifX0%3D--08aa4f4e33a3028efd12169d36b719d6097868be
<span class="pl-k">referer</span>=%2Fwelcome%3Foauth_return_url%3D%252Foauth2%252Fauthorize%253Fclient_id%253DuglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4%2526scope%253Dopenid%252520read_prefs%252520write_prefs%252520write_notes%2526response_type%253Dcode%2526redirect_uri%253Dhttps%25253A%25252F%25252Fstaging.tilda-geo.de%25252Fapi%25252Fauth%25252Fosm%25252Fcallback%2526nextauth%253Dosm%25252Clogin%2526state%253DXERbLiSBIbCdHZWJQlI0wCP48XahJhi6bHeh4dnof3A%2526code_challenge%253D5zjEUEM5ZhYNrXdclX8kVXfEyWvuWei2-ZJPt5svYj4%2526code_challenge_method%253DS256</pre></div>
</li>
<li>
<p dir="auto">ISSUE: When I open that link, I get the regular welcome page with the "Start mapping", not the OAuth welcome page:</p>
<blockquote>
<a href="https://github.com/user-attachments/assets/56508876-df3b-4d28-9913-af6ccc710235">image.png (view on web)</a>
</blockquote>
<ul dir="auto">
<li>This is where the right Button should be picked <a href="https://github.com/openstreetmap/openstreetmap-website/blob/master/app/views/site/welcome.html.erb#L81-L85">https://github.com/openstreetmap/openstreetmap-website/blob/master/app/views/site/welcome.html.erb#L81-L85</a></li>
<li>This is where the param that is used to pick the right button is set <a href="https://github.com/openstreetmap/openstreetmap-website/blob/master/app/controllers/users_controller.rb#L209">https://github.com/openstreetmap/openstreetmap-website/blob/master/app/controllers/users_controller.rb#L209</a></li>
<li>There where some updates to this a year ago … <a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/openstreetmap/openstreetmap-website/commit/74cc88fce4982777d5f78e016940159de655c817/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/commit/74cc88fce4982777d5f78e016940159de655c817"><tt>74cc88f</tt></a></li>
</ul>
</li>
</ol>
<h3 dir="auto">Screenshot(s) or anything else?</h3>
<p dir="auto"><em>No response</em></p>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/6130">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLLKK7KRXV4YCOQE3HD3FFVGLAVCNFSM6AAAAACAAWSYK6VHI2DSMVQWIX3LMV43ASLTON2WKOZTGE3TENBTGQ3TIOI">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLOHJQXEDD4ZETISVOT3FFVGLA5CNFSM6AAAAACAAWSYK6WGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHL2F4DHU.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/issues/6130</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/issues/6130",
"url": "https://github.com/openstreetmap/openstreetmap-website/issues/6130",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>