Yahoo login for Discourse


(Neil Brooks) #1

Hi,

I’ve configured many of the social networks so that users can log in using them, however the Yahoo login doesn’t seem to work. I’ve enabled yahoo logins (there is no API client ID or secret) and when I test it, I get a “502 bad gateway” error. The URL I’m redirected to is https://[domainname]/auth/yahoo

I have read in other posts that yahoo logins might be temperamental. Can you help?


#2

I’ve noticed this in my site.
Received complaints from a lot of users.

I don’t think anything can be done from Discourse end. Its a Yahoo issue. They need to fix it afaik.
Finally, I had to disable Yahoo logins.


(Jay Pfaffman) #3

Hmm. I’m going to recategorize this as a :bug:. Try redirects to https://try.discourse.org/auth/yahoo with a Bad Gateway. That doesn’t’ seem like the normal “Yahoo is broken” state of affairs.

That seems like the best solution. It works sometimes, but not others.


(Neil Brooks) #4

Do I need to do anything ie. raise a bug report?


(Michael Brown) #5

I’ll take a quick look and see if there’s anything going on.

EDIT:

I tried a whole bunch of times, and on the VERY FIRST it failed with bad gateway. Then every single time it worked, both in incognito and in my normal browser.

Haven’t been able to make it fail again.

I do see these in the logs and I’m wondering if they have anything to do with it, but I doubt it. Still, it’s noise.

ActionController::RoutingError (No route matches [HEAD] "/auth/yahoo")
/var/www/discourse/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/debug_exceptions.rb:63:in `call'
{"method":"HEAD","path":"/404","format":"html","controller":"ExceptionsController","action":"not_found","status":404,"duration":15.89,"view":0.16,"db":4.64,"params":"","database":"default","@timestamp":"2017-11-14T16:25:15.404Z","@version":"1","message":"[404] HEAD /404 (ExceptionsController#not_found)"}

Also, I’m seeing this in many places:

2017/11/14 08:40:21 [error] 10747#10747: *932261555 upstream sent too big header while reading response header from upstream, client: [proxy], server: *.discourse.org, request: "GET /auth/yahoo HTTP/2.0", upstream: "http://[internal-server]:444/auth/yahoo", host: "try.discourse.org", referrer: "https://try.discourse.org/t/testing-a-topic/892"
2017/11/14 05:43:31 [error] 2021#2021: *760816468 upstream sent too big header while reading response header from upstream, client: [proxy], server: community.[customer].com, request: "GET /auth/yahoo HTTP/2.0", upstream: "http://[internal-server]:444/auth/yahoo", host: "community.[customer].com", referrer: "https://community.[customer].com/c/tutorials"

I don’t have a smoking gun - this could just be the “usual temperment of yahoo logins” but I’ll check.

EDIT again:

Visiting https://try.discourse.org/auth/yahoo while logged in was causing the 502 errors for a while, but now it’s not.


(Matt Palmer) #6

“upstream sent too big header” doesn’t seem very healthy. Perhaps we need to bump up client_header_buffer_size, or (more likely) large_client_header_buffers. The RoutingError seems more relevant to this particular problem, though; that would emit a 5xx response.


(Michael Brown) #7

It’s for a HEAD request… which seems out of place to the flow.

$ curl -v https://try.discourse.org/auth/yahoo

wow that’s sending back an enormous cookie… that Set-Cookie header at the moment is 2153 chars… that’s big… maybe sometimes it’s bigger and tripping a limit?


(Michael Brown) #8

AHAH!

For whatever reason, when you navigate to the main page of https://try.discourse.org and go through the login process, it works.

But if you navigate to a topic, then try logging in, you get a Bad Gateway error from try.

Note that loading try already in a topic and logging in still works, it’s only after you’ve navigated that it throws an error.

This has been reproducible for me every time I try it.


(Matt Palmer) #10

Nice one. Reproducible problems ftw.


(Michael Brown) #11

@Neil_Brooks2 Can you point us at a site not hosted by us with this problem and let us know what kind of install it is?


(Neil Brooks) #12

Its a site that is hosted with you. does that make a difference?


(Jay Pfaffman) #13

I just tried on a standard install and a multisite install with caddy server reverse proxying.

Both of them worked. I’m pretty sure that neither site had been updated since this thread started.

Maybe yahoo is working today?


(Michael Brown) #15

It does make a difference, actually.

The actual problem was that in our environment the size of the headers sent back by Discourse for the request going to /auth/yahoo are very large - 3897 bytes.

BUT when navigating around before trying to login, the headers (one of which is the cookie that has some pre-login session state) gets larger, e.g. up to a size of 4142 bytes. This is larger than the buffer which nginx allocates for holding that first part of the response.

Upping the size of proxy_buffer_size to 8k was necessary for our infrastructure and has solved the problem on try.discourse.org.

@Neil_Brooks2, please let me know (in a PM) which sites are yours and I will ensure those are deployed next, we can continue testing there and then we’ll roll out the change to everyone.


Unable to login via yahoo
Users reporting : The Yahoo login isn't working
Yahoo login gives blank page
Yahoo login doesn't seem to work
(Sam Saffron) #17

Implemented in base per:

If you are running an outer nginx container be sure to also follow the change there


(Sam Saffron) #18