Burp Suite User Forum

Login to post

Lab: Authentication bypass via OAuth implicit flow

Natan | Last updated: Mar 12, 2021 01:35PM UTC

Lab: Authentication bypass via OAuth implicit flow is broken :/ It gives SessionNotFound: invalid_request error when I try to login in your own "social media"

Natan | Last updated: Mar 12, 2021 02:48PM UTC

Not only this lab.In other OAuth labs your OAuth service is down too :(

Michelle, PortSwigger Agent | Last updated: Mar 12, 2021 03:36PM UTC

Thanks for your message. I've just launched the lab 'Authentication bypass via OAuth implicit flow' and was able to login with the social media credentials given in the lab description. If you're still having problems can you share a few more details on the steps you're taking when you see the issue, please?

Natan | Last updated: Mar 12, 2021 04:15PM UTC

Still dont work:( 1)Clicking 'My account' 2)After this message 'We are now redirecting you to login with social media...' and redirect 3)SessionNotFound: invalid_request at Provider.getInteraction (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/oidc-provider/lib/provider.js:50:11) at Provider.interactionDetails (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/oidc-provider/lib/provider.js:228:27) at /home/carlos/oauth/index.js:160:34 at Layer.handle [as handle_request] (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/layer.js:95:5) at next (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/route.js:137:13) at setNoCache (/home/carlos/oauth/index.js:121:5) at Layer.handle [as handle_request] (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/layer.js:95:5) at next (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/route.js:137:13) at Route.dispatch (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/route.js:112:3) at Layer.handle [as handle_request] (/usr/local/nvm/versions/node/v12.19.0/lib/node_modules/express/lib/router/layer.js:95:5) No login page 4 me

Michelle, PortSwigger Agent | Last updated: Mar 12, 2021 05:32PM UTC

I'm sorry to hear that. I've tested a few times now and I'm afraid I can't replicate the issue. Does this still happen if you let the lab timeout/log out of the Academy and go back to it? Could you email some screenshots to support@portswigger.net, please?

Natan | Last updated: Mar 13, 2021 06:06AM UTC

Still dont work. Have sent you some screenshots

Alaa | Last updated: Mar 23, 2021 02:05AM UTC

hey, I had the same problem I fixed it with changing the browser I use to solve these labs. try another browser which you hadn't logged in with wiener:peter credentials inside these labs.

Aneesh | Last updated: Mar 30, 2021 06:08PM UTC

im also having the same issue :( this is my first day in portswigger and theres an error, first impression is gone

Michelle, PortSwigger Agent | Last updated: Mar 31, 2021 11:18AM UTC

Thanks for your message.

We've just tested accessing the lab using both Chrome and Firefox and it allows us to login without any errors. Could you take a screen recording of what you are seeing and email it to support@portswigger.net so we can take a look, please?

You need to Log in to post a reply. Or register here, for free.