[openstreetmap/openstreetmap-website] OAuth2: Newly created and email-confirmed accounts not redirected to authorization page (Issue #6699)
Ganeshdarshan Venkatraman Bhat
notifications at github.com
Tue Jan 13 03:34:29 UTC 2026
bhatganeshdarshan created an issue (openstreetmap/openstreetmap-website#6699)
### URL
https://hdyc.neis-one.org/
### How to reproduce the issue?
# OAuth2 Authorization Redirect Bug for Newly Created Users
## Prerequisites
- Local OSM instance running with OAuth2 configured
- A test OAuth2 application created with a redirect URI
---
## Detailed Reproduction Steps
### 1. Start OAuth2 Authorization Flow
Visit:
http://localhost:3000/oauth2/authorize?client_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=YOUR_REDIRECT_URI
Expected:
You should be redirected to the login page since you're not authenticated.
---
### 2. Create a New Account
1. Click **"Sign up"** on the login page.
2. Fill in the registration form:
- Display Name: Test User
- Email: any
- Password: your pass
3. Click **"Sign up"**.
Confirmation email sent to your email
---
### 3. Confirm Email
Option A :
- Check your email inbox.
- Click the confirmation link.
- Come back and login with confirmed email and password
Option B :
- No need to confirm the mail
- Just use already existing account email and password to login
---
### 4. Observe the Bug
Expected Behavior:
After Option A / Option B
- Application name requesting access
- Requested permissions/scopes
- **Authorize** and **Deny** buttons
Actual Behavior:
You are redirected to the OpenStreetMap home page (`/`) instead of the OAuth2 authorization page.
---
### 5. Verify the Workaround (Existing Accounts)
1. Go back to the login page:
http://localhost:3000/login?referer=/oauth2/authorize?client_id=...
2. Log in using an existing account (not newly created).
Result:
You are correctly redirected to the OAuth2 authorization page.
### Also you can reproduce it in https://hdyc.neis-one.org/ this also
### Screenshot(s) or anything else?
Here is more details related to this issue that i have found in https://github.com/streetcomplete/StreetComplete/ repo :
https://github.com/streetcomplete/StreetComplete/issues/6688#issuecomment-3739134513
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/6699
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/6699 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20260112/31d0831c/attachment-0001.htm>
More information about the rails-dev
mailing list