Requesting the 'OAuth2.0/OIDC' auth module a second time directly after the first request results in the AM "Unable to Login" page being shown with the "Authentication Failed" pop-up message.
1. Go to https://console.developers.google.com
2. Create a project and set the redirect uri to be http://am.fqdn:port/oauth2c/OAuthProxy.jsp
3. Find the project's client ID and client secret
4. In AM create an OAuth 2/OIDC authentication module using information from step 3.
- client id and secret
- authn: https://accounts.google.com/o/oauth2/v2/auth
- token endpoint url:https://www.googleapis.com/oauth2/v4/token
- userprofile service url: https://www.googleapis.com/oauth2/v3/userinfo
- Scope: openid email profile
- discovery https://accounts.google.com/.well-known/openid-configuration
- Proxy URL: same as used for redirect URL when creating the Google project eg .../OAuthProxy.jsp
- Account mapper config: email=mail
- Attribute mapper: email=mail
- OpenID connect validation config type: https://accounts.google.com/.well-known/openid-configuration
- Name of OpenIDConnect ID Token Issuer: https://accounts.google.com
1. Request http://am.example.com:port/am/XUI/#login/&module=oauth2 (or simply set the module to be the default for the organisation)
The redirect to Google will take place as expected.
2. Request http://am.example.com:port/am/XUI/#login/&module=oauth2 for a second time - the AM 'Unable to Login' page will be displayed and the user will not be sent to Google.
The user should be sent back to Google as occurs in the first request.
The user is shown the AM "Unable to Login" page with the "Authentication Failed" pop-up message.
This is an undesirable user experience.
Send the request a third time.