Google login regression, possibly after recent changes

Support
1

[image redacted]

The screenshot shows a webpage with an "oops" error message indicating that the software powering the discussion forum encountered an unexpected problem and a notification has been generated. (Captioned by AI)
The screenshot shows a webpage with an "oops" error message indicating that the software powering the discussion forum encountered an unexpected problem and a notification has been generated. (Captioned by AI)3320×724 182 KB

I think Google’s not working after the forum update.

2 Likes
2

I moved this to a new topic @Monikas. To clarify, you noticed this issue after a recent rebuild of the site?

Can you also look under justnainai.com/logs, this kind of user-facing error message usually has an accompanying log entry.

3 Likes
3

I don’t know what this error means.

The image shows the "App Store" section of a dashboard with various sections like Overview, Website, Database, Server, Runtime, Tool, Storage, and more, highlighting the installation status of "OpenResty" as "Installed" and providing options like "Install" and "Server." (Captioned by AI)
The image shows the "App Store" section of a dashboard with various sections like Overview, Website, Database, Server, Runtime, Tool, Storage, and more, highlighting the installation status of "OpenResty" as "Installed" and providing options like "Install" and "Server." (Captioned by AI)1482×828 77.6 KB

The image is a screenshot of a server management interface displaying various applications and their statuses, resource usage, and connections. (Captioned by AI)
The image is a screenshot of a server management interface displaying various applications and their statuses, resource usage, and connections. (Captioned by AI)3282×1016 211 KB

I’ve moved my forums in the last week using backups + app.yml overrides and then I switched smtp from Microsoft Mail 360 to Google Mail and then there’s also the panel I used to build it using 1Panel using the “OpenResty Web Platform based on NGINX and LuaJIT” in there and then using reverse proxies. Here’s the source code for the reverse proxy and its configuration file.

A screenshot of a website settings page with various options for domain, proxy path, target URL, and other settings. (Captioned by AI)
A screenshot of a website settings page with various options for domain, proxy path, target URL, and other settings. (Captioned by AI)3716×1840 343 KB

The image shows a screenshot of a website management interface with various settings and logs related to a running site named justnainai.com. (Captioned by AI)
The image shows a screenshot of a website management interface with various settings and logs related to a running site named justnainai.com. (Captioned by AI)1920×963 249 KB

error.txt (614.2 KB)

I also used cloudflare and followed the configuration in the forums to set up the
Search results for ‘cloudflare’ - Discourse Meta
The certificate uses the Origin Server in cloudflare

The image shows a screenshot of a web interface for a firewall configuration, indicating that no firewall service is detected on the system and advising to refer to the official documentation for installation. (Captioned by AI)
The image shows a screenshot of a web interface for a firewall configuration, indicating that no firewall service is detected on the system and advising to refer to the official documentation for installation. (Captioned by AI)3230×1366 187 KB

I don’t have any firewalls up.

Website Configuration 
server {
    listen 80 ; 
    listen 443 ssl http2 ; 
    server_name www.justnainai.com; 
    index index.php index.html index.htm default.php default.htm default.html; 
    proxy_set_header Host $host; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header X-Forwarded-Host $server_name; 
    proxy_set_header X-Real-IP $remote_addr; 
    proxy_http_version 1.1; 
    proxy_set_header Upgrade $http_upgrade; 
    proxy_set_header Connection $http_connection; 
    access_log /www/sites/www.justnainai.com/log/access.log main; 
    error_log /www/sites/www.justnainai.com/log/error.log; 
    location ^~ /.well-known/acme-challenge {
        allow all; 
        root /usr/share/nginx/html; 
    }
    include /www/sites/www.justnainai.com/proxy/*.conf; 
    if ($scheme = http) {
        return 301 https://$host$request_uri; 
    }
    ssl_certificate /www/sites/www.justnainai.com/ssl/fullchain.pem; 
    ssl_certificate_key /www/sites/www.justnainai.com/ssl/privkey.pem; 
    ssl_protocols TLSv1.3 TLSv1.2; 
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED; 
    ssl_prefer_server_ciphers on; 
    ssl_session_cache shared:SSL:10m; 
    ssl_session_timeout 10m; 
    error_page 497 https://$host$request_uri; 
    proxy_set_header X-Forwarded-Proto https; 
    add_header Strict-Transport-Security "max-age=31536000"; 
}
Reverse proxy original

location ^~ / {
proxy_pass http://127.0.0.1:50080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_ssl_server_name off;
proxy_ssl_name $proxy_host;
add_header Strict-Transport-Security “max-age=31536000”;
}

(google_oauth2) Authentication failure! access_denied: OmniAuth::Strategies::OAuth2::CallbackError, access_denied

BUG 
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:134:in `block in error' 
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `block in dispatch' 
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `each' 
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `dispatch' 
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:134:in `error' 
omniauth-1.9.2/lib/omniauth/strategy.rb:163:in `log' 
omniauth-1.9.2/lib/omniauth/strategy.rb:486:in `fail!' 
omniauth-oauth2-1.7.3/lib/omniauth/strategies/oauth2.rb:89:in `callback_phase' 
omniauth-1.9.2/lib/omniauth/strategy.rb:238:in `callback_call' 
omniauth-1.9.2/lib/omniauth/strategy.rb:189:in `call!' 
omniauth-1.9.2/lib/omniauth/strategy.rb:169:in `call' 
omniauth-1.9.2/lib/omniauth/builder.rb:45:in `call' 
/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:43:in `call' 
rack-2.2.10/lib/rack/tempfile_reaper.rb:15:in `call' 
rack-2.2.10/lib/rack/conditional_get.rb:27:in `call' 
rack-2.2.10/lib/rack/head.rb:12:in `call' 
actionpack-7.2.2/lib/action_dispatch/http/permissions_policy.rb:38:in `call' 
/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call' 
/var/www/discourse/lib/middleware/anonymous_cache.rb:397:in `call' 
/var/www/discourse/lib/middleware/csp_script_nonce_injector.rb:12:in `call' 
/var/www/discourse/config/initializers/008-rack-cors.rb:14:in `call' 
rack-2.2.10/lib/rack/session/abstract/id.rb:266:in `context' 
rack-2.2.10/lib/rack/session/abstract/id.rb:260:in `call' 
actionpack-7.2.2/lib/action_dispatch/middleware/cookies.rb:704:in `call' 
actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:31:in `block in call' 
activesupport-7.2.2/lib/active_support/callbacks.rb:101:in `run_callbacks' 
actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:30:in `call' 
actionpack-7.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call' 
actionpack-7.2.2/lib/action_dispatch/middleware/show_exceptions.rb:32:in `call' 
logster-2.20.0/lib/logster/middleware/reporter.rb:40:in `call' 
railties-7.2.2/lib/rails/rack/logger.rb:41:in `call_app' 
railties-7.2.2/lib/rails/rack/logger.rb:29:in `call' 
/var/www/discourse/config/initializers/100-quiet_logger.rb:20:in `call' 
/var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call' 
actionpack-7.2.2/lib/action_dispatch/middleware/request_id.rb:33:in `call' 
/var/www/discourse/lib/middleware/enforce_hostname.rb:24:in `call' 
rack-2.2.10/lib/rack/method_override.rb:24:in `call' 
actionpack-7.2.2/lib/action_dispatch/middleware/executor.rb:16:in `call' 
rack-2.2.10/lib/rack/sendfile.rb:110:in `call' 
rack-mini-profiler-3.3.1/lib/mini_profiler.rb:191:in `call' 
/var/www/discourse/lib/middleware/processing_request.rb:12:in `call' 
message_bus-4.3.8/lib/message_bus/rack/middleware.rb:60:in `call' 
/var/www/discourse/lib/middleware/request_tracker.rb:360:in `call' 
actionpack-7.2.2/lib/action_dispatch/middleware/remote_ip.rb:96:in `call' 
railties-7.2.2/lib/rails/engine.rb:535:in `call' 
railties-7.2.2/lib/rails/railtie.rb:226:in `public_send' 
railties-7.2.2/lib/rails/railtie.rb:226:in `method_missing' 
rack-2.2.10/lib/rack/urlmap.rb:74:in `block in call' 
rack-2.2.10/lib/rack/urlmap.rb:58:in `each' 
rack-2.2.10/lib/rack/urlmap.rb:58:in `call' 
unicorn-6.1.0/lib/unicorn/http_server.rb:634:in `process_client'
unicorn-6.1.0/lib/unicorn/http_server.rb:739:in `worker_loop'
unicorn-6.1.0/lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
unicorn-6.1.0/lib/unicorn/http_server.rb:143:in `start'
unicorn-6.1.0/bin/unicorn:128:in `<top (required)>'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load' 
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>' 


(microsoft_office365) Authentication failure! access_denied: OmniAuth::Strategies::OAuth2::CallbackError, access_denied | The user has denied access to the scope requested by the client application.
BUG2 
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:134:in `block in error'

activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `block in dispatch'

activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `each'

activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `dispatch'

activesupport-7.2.2/lib/active_support/broadcast_logger.rb:134:in `error'

omniauth-1.9.2/lib/omniauth/strategy.rb:163:in `log'

omniauth-1.9.2/lib/omniauth/strategy.rb:486:in `fail!'

omniauth-oauth2-1.7.3/lib/omniauth/strategies/oauth2.rb:89:in `callback_phase'

omniauth-1.9.2/lib/omniauth/strategy.rb:238:in `callback_call'

omniauth-1.9.2/lib/omniauth/strategy.rb:189:in `call!'

omniauth-1.9.2/lib/omniauth/strategy.rb:169:in `call'

omniauth-1.9.2/lib/omniauth/strategy.rb:192:in `call!'

omniauth-1.9.2/lib/omniauth/strategy.rb:169:in `call'

omniauth-1.9.2/lib/omniauth/builder.rb:45:in `call'

/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:43:in `call'

rack-2.2.10/lib/rack/tempfile_reaper.rb:15:in `call'

rack-2.2.10/lib/rack/conditional_get.rb:27:in `call'

rack-2.2.10/lib/rack/head.rb:12:in `call'

actionpack-7.2.2/lib/action_dispatch/http/permissions_policy.rb:38:in `call'

/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'

/var/www/discourse/lib/middleware/anonymous_cache.rb:397:in `call'

/var/www/discourse/lib/middleware/csp_script_nonce_injector.rb:12:in `call'

/var/www/discourse/config/initializers/008-rack-cors.rb:14:in `call'

rack-2.2.10/lib/rack/session/abstract/id.rb:266:in `context'

rack-2.2.10/lib/rack/session/abstract/id.rb:260:in `call'

actionpack-7.2.2/lib/action_dispatch/middleware/cookies.rb:704:in `call'

actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'

activesupport-7.2.2/lib/active_support/callbacks.rb:101:in `run_callbacks'

actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:30:in `call'

actionpack-7.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'

actionpack-7.2.2/lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'

logster-2.20.0/lib/logster/middleware/reporter.rb:40:in `call'

railties-7.2.2/lib/rails/rack/logger.rb:41:in `call_app'

railties-7.2.2/lib/rails/rack/logger.rb:29:in `call'

/var/www/discourse/config/initializers/100-quiet_logger.rb:20:in `call'

/var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call'

actionpack-7.2.2/lib/action_dispatch/middleware/request_id.rb:33:in `call'

/var/www/discourse/lib/middleware/enforce_hostname.rb:24:in `call'

rack-2.2.10/lib/rack/method_override.rb:24:in `call'

actionpack-7.2.2/lib/action_dispatch/middleware/executor.rb:16:in `call'

rack-2.2.10/lib/rack/sendfile.rb:110:in `call'

rack-mini-profiler-3.3.1/lib/mini_profiler.rb:191:in `call'

/var/www/discourse/lib/middleware/processing_request.rb:12:in `call'

message_bus-4.3.8/lib/message_bus/rack/middleware.rb:60:in `call'

/var/www/discourse/lib/middleware/request_tracker.rb:360:in `call'

actionpack-7.2.2/lib/action_dispatch/middleware/remote_ip.rb:96:in `call'

railties-7.2.2/lib/rails/engine.rb:535:in `call'

railties-7.2.2/lib/rails/railtie.rb:226:in `public_send'

railties-7.2.2/lib/rails/railtie.rb:226:in `method_missing'

rack-2.2.10/lib/rack/urlmap.rb:74:in `block in call'

rack-2.2.10/lib/rack/urlmap.rb:58:in `each'

rack-2.2.10/lib/rack/urlmap.rb:58:in `call'

unicorn-6.1.0/lib/unicorn/http_server.rb:634:in `process_client'

unicorn-6.1.0/lib/unicorn/http_server.rb:739:in `worker_loop'

unicorn-6.1.0/lib/unicorn/http_server.rb:547:in `spawn_missing_workers'

unicorn-6.1.0/lib/unicorn/http_server.rb:143:in `start'

unicorn-6.1.0/bin/unicorn:128:in `<top (required)>'

/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'

/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'
app.yml 
templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
  - "templates/cloudflare.template.yml"


expose:
  - "50080:80"  
  - "50443:443"  

params:
  db_default_text_search_config: "pg_catalog.english"


  #db_shared_buffers: "256MB"


  #db_work_mem: "40MB"


  #version: tests-passed

env:
  LC_ALL: en_US.UTF-8
  LANG: en_US.UTF-8
  LANGUAGE: en_US.UTF-8
  # DISCOURSE_DEFAULT_LOCALE: en


  #UNICORN_WORKERS: 3



  DISCOURSE_HOSTNAME: 'www.justnainai.com'



  DISCOURSE_DEVELOPER_EMAILS: ''
  DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS: 400
  DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS: 800



  DISCOURSE_SMTP_ADDRESS: smtp.gmail.com
  DISCOURSE_SMTP_PORT: 587
  DISCOURSE_SMTP_USER_NAME: ''  
  DISCOURSE_SMTP_PASSWORD: ''   
  DISCOURSE_SMTP_ENABLE_START_TLS: true
  DISCOURSE_SMTP_AUTHENTICATION: login


 

volumes:
  - volume:
      host: /var/discourse/shared/standalone
      guest: /shared
  - volume:
      host: /var/discourse/shared/standalone/log/var-log
      guest: /var/log

OAuth2::ConnectionError (FinalDestination: all resolved IPs were disallowed)

And I recently started this error on the forums and 4797 of them are not showing up in the logs at once.

The image is a screenshot of a terminal interface showing a list of error messages and notifications. (Captioned by AI)
The image is a screenshot of a terminal interface showing a list of error messages and notifications. (Captioned by AI)1920×784 158 KB

4

Just tested on my local computer.

Didn’t see google login have issue.

1 Like
5

This indicates a networking issue on your new host, I suspect the problems started happening when you moved. Something in your stack is blocking requests to the auth servers… unfortunately, I can’t help any further, but I tested on a site we host, and Google auth works correctly.

3 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.