/auth/fusionauth-oidc/callback undefined

Question

/auth/fusionauth-oidc/callback undefined

Wunderharke opened this issue 4 years ago · 2 comments

Hi,

I am currently trying to enable OIDC login for my nodeBB instance however I did not managed to get it running with keycloak yet.

When authenticating against my keycloak OIDC endpoint I am getting following error:

Internal Error.
Oops! Looks like something went wrong!
/auth/fusionauth-oidc/callback
undefined

and log shows:

TokenError
    at PassportOIDC.OAuth2Strategy.parseErrorResponse (/home/nodebb/nodebb/node_modules/passport-oauth/lib/strategy.js:358:12)
    at PassportOIDC.OAuth2Strategy._createOAuthError (/home/nodebb/nodebb/node_modules/passport-oauth/lib/strategy.js:405:16)
    at /home/nodebb/nodebb/node_modules/passport-oauth2/lib/strategy.js:175:45
    at /home/nodebb/nodebb/node_modules/oauth/lib/oauth2.js:191:18
    at passBackControl (/home/nodebb/nodebb/node_modules/oauth/lib/oauth2.js:132:9)
    at IncomingMessage.<anonymous> (/home/nodebb/nodebb/node_modules/oauth/lib/oauth2.js:157:7)
    at IncomingMessage.emit (events.js:322:22)
    at endReadableNT (_stream_readable.js:1187:12)
    at processTicksAndRejections (internal/process/task_queues.js:84:21)

I would really appreciate any help with this.

Answer 1 · 2021-04-26T10:09:39.000Z

I second this. Trying to configure OIDC for a nodeBB instance with this plugin and failing at the callback step.

Keycloak is configured for OIDC and the Discover URL is accepted properly.
The log in button on the log in page redirects to my keycloak log in page, I log in and when the callback is called - I receive a time out error.

Please let me know if this can be fixed?

Both nodeBB and Keycloak are on https://

XXX.XXX.XXX.XXX - - [26/Apr/2021:09:44:08 +0000] "GET /auth/fusionauth-oidc/callback?session_state=ca602ac5-1b9e-44bb-b1c1-835621672d01&code=aba5121f-c449-4c04-a50a-3f3ce6d1744d.ca602ac5-1b9e-44bb-b1$
Failed to obtain access token:  Error: connect ETIMEDOUT X.XXX.XXX.XXX:443
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1144:16) {
  errno: 'ETIMEDOUT',
  code: 'ETIMEDOUT',
  syscall: 'connect',
  address: 'X.XXX.XXX.XXX',
  port: 443
}
2021-04-26T09:45:19.187Z [4567/23063] - ^[[31merror^[[39m: /auth/fusionauth-oidc/callback
InternalOAuthError: Failed to obtain access token
    at PassportOIDC.OAuth2Strategy._createOAuthError (/home/ec2-user/nodebb/node_modules/passport-oauth2/lib/strategy.js:410:17)
    at /home/ec2-user/nodebb/node_modules/passport-oauth2/lib/strategy.js:177:24
    at /home/ec2-user/nodebb/node_modules/oauth/lib/oauth2.js:191:18
    at ClientRequest.<anonymous> (/home/ec2-user/nodebb/node_modules/oauth/lib/oauth2.js:162:5)
    at ClientRequest.emit (events.js:314:20)
    at TLSSocket.socketErrorListener (_http_client.js:427:9)
    at TLSSocket.emit (events.js:314:20)
    at emitErrorNT (internal/streams/destroy.js:92:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
    at processTicksAndRejections (internal/process/task_queues.js:84:21)

Answer 2 · 2022-05-31T23:49:46.000Z

ETIMEDOUT indicates to me that there is no way for the nodebb server and the keycloak server to communicate. Have you verified that you can make HTTPS requests from the former to the latter?