Google Login Stopped Working after manual update

Hello, I tried to update Discourse using /admin/upgrade but had an issue where the page stayed without any new status for a long time. I refreshed and got the “You are running an old version of the Discourse image…” page.

So I went to the machine and ran git pull and ./launcher rebuild app and after some minutes I got the message that my discourse were up do date and everything were up and running.

I’m now running v2.3.0.beta3 +81.

However when I try to login with google oauth2 I get an 500 error with this generic output:

Google oauth was working since before the installation (as almost everyone from the company uses it to login), but I double checked current configuration values and actually recreated then. On log pages I got this issue:

Issue details

Message (37 copies reported)

JWT::InvalidIatError (Invalid iat) /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/jwt-2.1.0/lib/jwt/verify.rb:48:in `verify_iat’

Backtrace

/var/www/discourse/vendor/bundle/ruby/2.5.0/gems/jwt-2.1.0/lib/jwt/verify.rb:48:in verify_iat' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/jwt-2.1.0/lib/jwt/verify.rb:15:inblock (2 levels) in singleton class’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/jwt-2.1.0/lib/jwt/verify.rb:22:in block in verify_claims' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/jwt-2.1.0/lib/jwt/verify.rb:20:ineach’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/jwt-2.1.0/lib/jwt/verify.rb:20:in verify_claims' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-google-oauth2-0.6.0/lib/omniauth/strategies/google_oauth2.rb:67:inblock in <class:GoogleOauth2>’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:109:in instance_eval' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:109:inblock in compile_stack’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:108:in each' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:108:ininject’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:108:in compile_stack' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:102:inextra_stack’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:344:in extra' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:351:inauth_hash’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:372:in callback_phase' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-oauth2-1.6.0/lib/omniauth/strategies/oauth2.rb:75:incallback_phase’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:238:in callback_call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:189:incall!’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:incall!’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/omniauth-1.9.0/lib/omniauth/builder.rb:64:incall’ /var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:30:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/tempfile_reaper.rb:15:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:25:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/head.rb:12:incall’ /var/www/discourse/lib/content_security_policy/middleware.rb:12:in call' /var/www/discourse/lib/middleware/anonymous_cache.rb:214:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:232:in context' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/cookies.rb:670:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/callbacks.rb:28:inblock in call’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:98:in run_callbacks' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/callbacks.rb:26:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:61:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/show_exceptions.rb:33:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/logster-2.1.2/lib/logster/middleware/reporter.rb:30:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:38:incall_app’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:28:in call' /var/www/discourse/config/initializers/100-quiet_logger.rb:16:incall’ /var/www/discourse/config/initializers/100-silence_logger.rb:29:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/remote_ip.rb:81:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/request_id.rb:27:in call' /var/www/discourse/lib/middleware/enforce_hostname.rb:17:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/executor.rb:14:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-mini-profiler-1.0.2/lib/mini_profiler/profiler.rb:171:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/message_bus-2.2.0/lib/message_bus/rack/middleware.rb:57:in call' /var/www/discourse/lib/middleware/request_tracker.rb:163:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/railties-5.2.2/lib/rails/engine.rb:524:in call' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/railties-5.2.2/lib/rails/railtie.rb:190:inpublic_send’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/railties-5.2.2/lib/rails/railtie.rb:190:in method_missing' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/urlmap.rb:68:inblock in call’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/urlmap.rb:53:in each' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/rack-2.0.6/lib/rack/urlmap.rb:53:incall’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:606:in process_client' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:701:inworker_loop’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:549:in spawn_missing_workers' /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/unicorn-5.4.1/lib/unicorn/http_server.rb:142:instart’ /var/www/discourse/vendor/bundle/ruby/2.5.0/gems/unicorn-5.4.1/bin/unicorn:126:in &lt;top (required)&gt;' /var/www/discourse/vendor/bundle/ruby/2.5.0/bin/unicorn:23:inload’ /var/www/discourse/vendor/bundle/ruby/2.5.0/bin/unicorn:23:in `<main>’

Env

1/37

hostname discourse-app
process_id 239
application_version ad87b0d6624ce7b9bc97d7d7f2db361789ad3779
HTTP_HOST discourse.fbiz.com.br
REQUEST_URI /auth/google_oauth2/callback?state=75ea471945c40b2988f68e267650549b5c1aa949d0385aa1&code=4/BgHEtvHUJwAkq6WMJKE18cQKWIl7zI3nWoESiPUKlAnBaqqmoO5yxRWlq44Ib_fK30uuOXs6mvAXO2-xWbTc8ls&scope=email+profile+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email
REQUEST_METHOD GET
HTTP_USER_AGENT Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
HTTP_REFERER https://discourse.fbiz.com.br/
HTTP_X_FORWARDED_FOR 187.75.42.150, 172.16.128.120
HTTP_X_REAL_IP 172.16.128.120
params state 75ea471945c40b2988f68e267650549b5c1aa949d0385aa1



code 4/BgHEtvHUJwAkq6WMJKE18cQKWIl7zI3nWoESiPUKlAnBaqqmoO5yxRWlq44Ib_fK30uuOXs6mvAXO2-xWbTc8ls
scope email profile https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userin

Any idea what coult be causing it? I spend almost all day investigating it (from topics here to source code) but couldn’t find. Tried to rebuild app and create new oauth project, but i’m always getting this error.

I was thinking that “invalid iat” could be something related to machine timezone. But literally nothing changed since our last upgrade.

Can the you log here on Meta (or on try.discourse.org) with the same account?

Tried it here and it worked correctly.

Just to complement, just rebuilt the app and here is the output (although I think it’s not related):

put in google docs as it has high volume of text

There are a bunch of Too Many Requests from rubygems in there.

I thought that perhaps adding a git pull would help, but he did a git pull first.

3 Likes

Solved it. Don’t think it was related to the upgrade, maybe it was just a coincidence. After reading this issue I got certain it was clock related. Went to the machine to double check and noticed it was 2.5 minutes behind. So the issue was with our environment ntp sync.

Just ran a sudo timedatectl set-ntp true and everything is fine :slight_smile:

7 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.