Internal error when authenticating
panosru opened this issue · 2 comments
Hi, I have an issue with authentication, these are the environment variables in my compose yml file:
environment:
- PORT=4000
- MIX_ENV=prod
- FORCE_SSL=true
- DATABASE_URL=postgres://postgres@postgresql:5432/accent_development
- WEBAPP_SKIP_SUBRESOURCE_INTEGRITY=true
- CANONICAL_URL=accent.<my-domain>
- WEBAPP_AUTH_PROVIDERS=github
- GITHUB_CLIENT_ID=$GITHUB_CLIENT_ID
- GITHUB_CLIENT_SECRET=$GITHUB_CLIENT_SECRET
- RESTRICTED_PROJECT_CREATOR_EMAIL_DOMAIN=<my-domain>
- MAILER_FROM=accent@<my-domain>I have tried with and without FORCE_SSL=true and MIX_ENV=prod environment variables.
When I authenticate I'm redirected back to: https://accent.<my-domain>/auth/github/callback?code=***&state=*** and I'm getting:
{
"error": "Internal error",
"message": "An error occured, someone as been notified"
}And the logs are:
11:42:11.215 request_id=F4DDmzHZ_a6irnkAAACi [info] GET /auth/github/callback
11:42:11.216 [warning] Description: 'Authenticity is not established by certificate path validation'
Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'
11:42:11.903 [warning] Description: 'Authenticity is not established by certificate path validation'
Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'
11:42:12.564 request_id=F4DDmzHZ_a6irnkAAACi [info] Sent 500 in 1349ms
11:42:12.564 [error] #PID<0.3700.0> running Accent.Endpoint (connection #PID<0.3698.0>, stream id 1) terminated
Server: accent.<my-domain>:80 (http)
Request: GET /auth/github/callback?code=***&state=***
** (exit) an exception was raised:
** (FunctionClauseError) no function clause matching in String.downcase/2
(elixir 1.14.3) lib/string.ex:899: String.downcase(nil, :default)
(accent 1.18.3) lib/accent/auth/user_remote/authenticator.ex:30: Accent.UserRemote.Authenticator.map_user/2
(accent 1.18.3) lib/accent/auth/user_remote/authenticator.ex:10: Accent.UserRemote.Authenticator.authenticate/1
(accent 1.18.3) lib/web/controllers/auth_controller.ex:14: Accent.AuthController.callback/2
(accent 1.18.3) lib/web/controllers/auth_controller.ex:1: Accent.AuthController.action/2
(accent 1.18.3) lib/web/controllers/auth_controller.ex:1: Accent.AuthController.phoenix_controller_pipeline/2
(phoenix 1.7.7) lib/phoenix/router.ex:430: Phoenix.Router.__call__/5
(accent 1.18.3) lib/web/router.ex:1: Accent.Router.call/2
11:46:01.176 request_id=F4DD0Lyh7bxfNhwAAAPB [info] GET /apple-touch-icon.png
11:46:01.176 request_id=F4DD0LykIuqVRzQAAADC [info] GET /apple-touch-icon-precomposed.png
11:46:01.177 request_id=F4DD0Lyh7bxfNhwAAAPB [info] Sent 404 in 210µs
11:46:01.177 request_id=F4DD0LykIuqVRzQAAADC [info] Sent 404 in 172µs
11:46:01.372 request_id=F4DD0MhPcvTCH4IAAAPh [info] GET /auth/github/callback
11:46:01.374 request_id=F4DD0MhPcvTCH4IAAAPh [info] Sent 302 in 1ms
11:46:01.381 request_id=F4DD0MjYhpd2jUwAAADi [info] GET /
11:46:01.382 request_id=F4DD0MjYhpd2jUwAAADi [info] Sent 200 in 1ms
I run the app behind Nginx Reverse Proxy like so:
And this is the setting in my GitHub App:
I have tried with and without checking the Request user authorization (OAuth) during installation.
Thanks!
We assume that the external provider (GitHub in your case) expose the email in the callback.
Do you have control over what permission you are granted in GitHub?
I'm checking in GitHub Apps settings and I saw that the app was not "installed" in my account, so I installed it and now it looks like so:
But that did not help. In Permission & events there are these settings though:
Once I changed the Email addresses from No access to Read-only, it worked.
So, it's not a bug of accent, but when you create a GitHub app you have to give at least read-only access for the authentication to work it seems.
If that is written in the documentation then I apologise, I must've missed it.
Thank you for pointing out the right direction to look for!
Cheers!