๐ : Github OAuth returns /login?error instead of logging in
amitai-devops opened this issue ยท 4 comments
Describe the bug
Github OAuth Doesn't work, Returns me to "/login?error" without an error in the logs.
To Reproduce
Steps to reproduce the behavior:
(Runs on kubernetes, see additional context)
- Configure Github Oauth using the Docs, with a private Organization as the Oath Owner.
- Click on 'github'
- Get transfered to "/login?error" without a change in the UI or logs in the container
Expected behavior
Transferred to the front page using a Github account
Desktop (please complete the following information):
- OS: MacOS
- Browser: Chrome
- Version: 97.0.4692.71 (Official Build) (x86_64) - Browser version
Additional context
I know this is not the use case yet, but I love this project and trying to make it work on private Kubernetes EKS Cluster and integrate it into my organization, and i have built a custom Helm chart to surround it which I will share when done. I am using Istio service mesh, but have disabled outbound/inbound blocks to the Gaia pod/container. I am running a private endpoint on a private DNS server on AWS, but figured this wouldn't be an issue as Github OAuth works in Localhost as well. The error could be related to the service mech networking configuration and rules, but I wanted to make sure it is not on my side first.
Hey @amitai-devops ๐
This error could be related to a bad configuration to the Github side, which results in a redirection that Gaia doesn't manages well.
Can you provide details about your github configuration ? The real important part is the Authorization callback URL you have to configure in Github. If it doesn't match the external url of Gaia with the callback URI part, I believe Github will throw an error.
You can also try to logout from Github before trying to login to Gaia. Github should ask you to login, and accept the OAuth2 scopes before redirecting. You may also need to select a Github organization at this part.
I tried to log out and it did ask my to log in, but the problem then persisted.
The Github configuration is as follows:
Homepage URL: https://gaia.int.explorium.ninja
Authorization callback URL: https://gaia.int.explorium.ninja/auth/oauth2/github/callback
(When I click on it, it brings me to the login error page)
Kubernetes/Container pod env variables:
- name: SPRING_PROFILES_ACTIVE
value: "github" - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GITHUB_CLIENT_ID
value: "4932639ed35507c44c5a" - name: SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GITHUB_CLIENT_SECRET
value: "c6c782****"
@juwit Hey, I've been able to solve it by using HTTP instead of HTTPS in the callback URL on Github side. On my side, port 80 automatically transfers to port 443, so it's not technically uses HTTP, but it can for the sake of Github.
On another note, the Github module option only shows me Public Repositories in my organization
@amitai-devops I've found you can set this to enforce HTTPS:
- SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GITHUB_REDIRECT_URI=https://[server]/auth/oauth2/github/callback