Make app compatible with applications that use json instead of text
Closed this issue · 6 comments
Many applications nowdays expect json. I tried to integrate with several services and some of them worked just fine. Other services throw errors like this one:
{"errorCode":"INTERNAL_ERROR","errorMessage":"The HTTP Content-Type header must be application/json, received text/html","traceId":"923977b4d610cbc385fe42d7b289b5f5a7667f59"}
Could you please a bit more precise for which response (based on which request) you would expect another header?
I checked all endpoints that return json. For all those the Nextcloud JSONResponse is used. In this case Nextcloud core does set the type to application/json.
Please provide a detailed description under which conditions text/html is provided when json is in response body.
Could you please provide further feedback as requested in previous post? Otherwise I will close this issue.
I am afraid I do not have the technical skills to provide the information you'd need to debug since I'm not a developer... What kind of information would you need for investigating the issue. Is there a tool that would allow me to track the response of my service during Auth? I am trying to connect the service Webuntis which is currently the most used student information system in Germany and Austria. I'm sorry for responding late.
You do not have to be a developer, but you should be able to provide some more information to get a clue what might have happened.
I am not able to do any tests with your client application WebUntis. For me it currently seems to be either a configuration issue or some incompatibility which might lead to responses produced by Nextcloud Core which are not of type application/json.
When did this error occur? Have you been redirected to the Nextcloud login screen, when trying to login to WebUntis? Was the login to Nextcloud successful and redirect back to WebUntis was not working? Or occurred the problem even before any user login attempt?
How did you configure the OpenID Connect Client in WebUntis (no secrets please)? Are the authorization, token or even discovery endpoints configured correctly and are they accessible from WebUntis? Also in this case Nextcloud itself (not the oidc app) will provide an error page of type text/html.
To analyze the issue in more detail it would also be very helpful to provide log data from both WebUntis and Nextcloud. The log level of Nextcloud should be set to debug level (How to do this can be found here: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html). Only with the log level of debug some further information might be contained.
Some further log information from WebUntis might also be helpful. I do not know WebUntis so I can not tell you how to retrieve the log information.
Thanks for your patience, I had some time for investigating and I think you are right and it might be a configuration issue.
The error message as posted above appears immidiatly after login. The redirect to the loginPage works as expected. After logging in I am not presented with the LandingPage of the application but with this error message. I could not see the exact content of the data coming back from the Application Webuntis (only this error message).
I also tried to switch to debug mode in NC without any success since there were no errors addressing the OIDC App.
I then tried a phpScript to communicate with my setup and experience a strange behavior. When I try to authenticate (call the authorize endpoint) I can see that a code is provided in the addressfield and the redirectURL is set correctly… but then the browser states: Too Many redirects…
So i used google and found out that other OIDC Systems show the same behavior when put behind a reverse proxy. This is also the case in our setup. The infinity redirects could be related to the fact that i am using HTTP instead of HTTPS behind the reverse proxy. Therefore the cookie might not be set correctly?
The setup is as follows: NC 25 in a php-fpm:Docker >> NGINX as Webserver >> HAProxy as ReverseProxy- handling the SSL offloading for all Webservices.
Do you know if there is a setting within nextcloud forcing the cookies to be set with the HTTPS scheme? - Furthermore- why are nextcloud‘s own cookies are working as expected?
Does this make sense to you? - Is there anything else I need to know when I try to use you App in a „reverseProxy>>HTTP“-scenario?
I will try to solve this problem with these redirects first - And if I succeed and it is something that can be solved by using a certain configuration I‘ll come to you again. In the meantime you can close this issue if you like. If you have some Ideas or a starting point I‘d be glad if you‘d let me know. So far I have set up the reverseProxy settings in config.php as described in the documentation. Thanks a lot for your great work!
I personally use this app with an Nextcloud instance behind a Reverse Proxy (in my case Apache) without any trouble. The oidc app itself has nothing to do with the proxy communication itself. All communication is passed from the Nextcloud core framework to the app. So at first sight your Nextcloud Instance must be configured correctly to work with the Reverse Proxy.
As hint could have a look at: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html
Have you configured your trusted_proxies in Nextclouds config.php?
Have you set the configuration overwriteprotocol to https in Nextclouds config.php (In my case I have to set 'overwriteprotocol' => 'https',)?
Additionally the oidc app requires that some endpoints are reachable at the well known paths. This cannot done by the app itself and depends on the specific setup (e.g. proxy, web server, ...). So this should als be ensured. More details can be found https://github.com/H2CK/oidc#endpoints