User stuck in OAuth redirect loop


I have a user that’s getting stuck in a redirect loop when trying to log in via OAuth2 to my GitHub App,

You can see a video here:

When they first get to the Authorization screen, you can already see it’s weird because it says it’s modifying permissions and there’s an HTML list (or table) that should have content in it but it’s empty (you can tell by the double-border, which is likely unintentional).

Then it just goes back and forth between (I assume) callback and authorize with a new state token. Sometimes this stops back on the Authorize screen, other times it stops back on my site with an “Invalid State Token” error.

This is the only user I have who’s having this issue. Other users on the site work fine and other sites that use the same OAuth2 library work fine…

Anyone known what I could look at to investigate/resolve this?


Hi @pbrisbin

That’s a weird screen and we can definitely investigate. Firstly though can your user go<YOUR_APPS_CLIENT_ID> and see if they have an authorization?

If so what happens if they revoke access and then go through the flow again?


Thanks for stepping in to help out. They didn’t grab a screenshot of the page before revoking access, but they confirmed revoking and going back through login has the same result.

I’m considering revoking my own access and re-logging in myself, to confirm this works for me still, but I’m just a little nervous about that action – nothing bad can happen right? Even though I author the Application in addition to having it authorized? Should I try that?


@tarebyte sorry to bug, but were you able to investigate this at all on your end?


@pbrisbin unfortunately I wasn’t able to track down what the root cause was on our end.