Hi everybody, we are trying to make SSO via OAuth2 Basic plugin work with our Identity Provider, but we are running back to the same issue over and over
Any help or light over this issue is super duper appreciated!
Scenario and error log are both provided below.
Overview
- Self hosted Discourse running on DigitalOcean;
- Standard Install; works like a charm (for about a year);
- Updated to the latest version [v2.0.0.beta9];
- Discourse OAuth2 Basic plugin installed and configured (screenshot can be found below);
- IDP provider fully functional and working with several other applications.
Error message from /logs
(oauth2_basic) Authentication failure! **invalid_credentials**: OAuth2::**Error, invalid_client**: The client MUST NOT use more than one authentication method in each request.
{"error_description":"The client MUST NOT use more than one authentication method in each request.","error":"invalid_client"}
We have checked the source code, but could not figure anything out of it
It seems that a callback is successfully initiated, but something else than fails.
ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:473:in `fail!'
ruby/2.4.0/gems/omniauth-oauth2-1.4.0/lib/omniauth/strategies/oauth2.rb:78:in `rescue in callback_phase'
ruby/2.4.0/gems/omniauth-oauth2-1.4.0/lib/omniauth/strategies/oauth2.rb:66:in `callback_phase'
ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:230:in `callback_call'
https://github.com/omniauth/omniauth/releases/tag/v1.6.1 can be found here.
source code file is ouath2.rb
https://github.com/omniauth/omniauth-oauth2/releases/tag/v1.5.0 can be found here
source code file is strategy.rb
Full Backtrace Error Log
/var/www/discourse/vendor/bundle/ruby/2.4.0/gems/logster-1.2.9/lib/logster/logger.rb:93:in `add_with_opts' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/logster-1.2.9/lib/logster/logger.rb:50:in `add' /usr/local/lib/ruby/2.4.0/logger.rb:543:in `error' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:161:in `log' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:473:in `fail!' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-oauth2-1.4.0/lib/omniauth/strategies/oauth2.rb:78:in `rescue in callback_phase' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-oauth2-1.4.0/lib/omniauth/strategies/oauth2.rb:66:in `callback_phase' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:230:in `callback_call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:187:in `call!' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:167:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:189:in `call!' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:167:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:189:in `call!' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:167:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:189:in `call!' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:167:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:189:in `call!' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:167:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:189:in `call!' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:167:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:189:in `call!' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/strategy.rb:167:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/omniauth-1.6.1/lib/omniauth/builder.rb:63:in `call' /var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:22:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/rack-2.0.4/lib/rack/conditional_get.rb:25:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/rack-2.0.4/lib/rack/head.rb:12:in `call' /var/www/discourse/lib/middleware/anonymous_cache.rb:198:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/rack-2.0.4/lib/rack/session/abstract/id.rb:232:in `context' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/rack-2.0.4/lib/rack/session/abstract/id.rb:226:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/cookies.rb:613:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/callbacks.rb:26:in `block in call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.4/lib/active_support/callbacks.rb:97:in `run_callbacks' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/callbacks.rb:24:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/debug_exceptions.rb:59:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/logster-1.2.9/lib/logster/middleware/reporter.rb:31:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/rack/logger.rb:36:in `call_app' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/rack/logger.rb:26:in `call' /var/www/discourse/config/initializers/100-quiet_logger.rb:16:in `call' /var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/remote_ip.rb:79:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/request_id.rb:25:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/rack-2.0.4/lib/rack/method_override.rb:22:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/executor.rb:12:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/rack-2.0.4/lib/rack/sendfile.rb:111:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/rack-mini-profiler-1.0.0/lib/mini_profiler/profiler.rb:174:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/message_bus-2.1.4/lib/message_bus/rack/middleware.rb:63:in `call' /var/www/discourse/lib/middleware/request_tracker.rb:186:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/engine.rb:522:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/railtie.rb:185:in `public_send' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/railtie.rb:185:in `method_missing' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/rack-2.0.4/lib/rack/urlmap.rb:68:in `block in call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/rack-2.0.4/lib/rack/urlmap.rb:53:in `each' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/rack-2.0.4/lib/rack/urlmap.rb:53:in `call' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/unicorn-5.4.0/lib/unicorn/http_server.rb:606:in `process_client' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/unicorn-5.4.0/lib/unicorn/http_server.rb:701:in `worker_loop' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/unicorn-5.4.0/lib/unicorn/http_server.rb:549:in `spawn_missing_workers' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/unicorn-5.4.0/lib/unicorn/http_server.rb:142:in `start' /var/www/discourse/vendor/bundle/ruby/2.4.0/gems/unicorn-5.4.0/bin/unicorn:126:in `<top (required)>' /var/www/discourse/vendor/bundle/ruby/2.4.0/bin/unicorn:23:in `load' /var/www/discourse/vendor/bundle/ruby/2.4.0/bin/unicorn:23:in `<main>'
Plugin Settings
Note: some sensitive information has been redacted
Oauth2 Authorize url set as: /as/authorization.oauth2?client_id=myclientidhere&response_type=token&redirect_uri=https://discuss.mysitehere.com/auth/oauth2_basic/callback
Oauth2 token url set as: /as/token.oauth2
Oauth2 user json url set as: /idp/userinfo.openid?schema=openid&access_token=:token