[github-oauth-ui] Error: Failed requesting GitHub access token: fetch failed
zsq1234 opened this issue · 1 comments
zsq1234 commented
Bug Report
Versions
Version | |
---|---|
Verdaccio | verdaccio:5.26.3 |
This plugin | verdaccio-github-oauth-ui@6.0.3 |
Node | v18.17.0 |
Environment
Name | Version | |
---|---|---|
Package manager | helm | |
Browser | firefox, chrome | |
Operating system | Linux |
Observed behavior
docker file:
FROM verdaccio/verdaccio:5.26
ADD docker.yaml /verdaccio/conf/config.yaml
USER root
RUN apk add -f curl
RUN npm install --global verdaccio-github-oauth-ui@6
USER $VERDACCIO_USER_UID
helm values.yaml:
extraEnvVars:
- name: VERDACCIO_PORT
value: "4873"
- name: GLOBAL_AGENT_HTTP_PROXY
value: http://192.168.50.254:6152
- name: GLOBAL_AGENT_HTTPS_PROXY
value: http://192.168.50.254:6152
- name: GLOBAL_AGENT_NO_PROXY
value: localhost,127.0.0.1
- name: HTTP_PROXY
value: http://192.168.50.254:6152
- name: HTTPS_PROXY
value: http://192.168.50.254:6152
- name: NO_PROXY
value: localhost,127.0.0.1
- name: http_proxy
value: http://192.168.50.254:6152
- name: https_proxy
value: http://192.168.50.254:6152
- name: no_proxy
value: localhost,127.0.0.1
- name: GLOBAL_AGENT_ENVIRONMENT_VARIABLE_NAMESPACE
value: ""
configMap: |
# path to a directory with all packages
storage: /verdaccio/storage/data
web:
# WebUI is enabled as default, if you want disable it, just uncomment this line
#enable: false
title: Verdaccio
auth:
github-oauth-ui:
client-id: "Iv1.xxxx"
client-secret: "87d57xxxxx"
token: "ghp_xxxx"
# a list of other known repositories we can talk to
uplinks:
npmjs:
url: https://registry.npmjs.org/
agent_options:
keepAlive: true
maxSockets: 40
maxFreeSockets: 10
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
proxy: npmjs
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $all
# allow all known users to publish packages
# (anyone can register by default, remember?)
publish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
# To use `npm audit` uncomment the following section
middlewares:
github-oauth-ui:
enabled: true
# log settings
log: { type: file, path: /tmp/verdaccio.log, level: debug }
login button can open the github oauth page, but redirect to /-/oauth/callback
url will 500.
Expected behavior
expect to 200, like run by curl in the same pod:
~ $ curl -v -X POST "https://github.com/login/oauth/access_token?client_id=Iv1.xxxx&client_secret=87d57xxx&code=e909c0ea8fcc9495b997"
* Uses proxy env variable no_proxy == 'localhost,127.0.0.1'
* Uses proxy env variable https_proxy == 'http://192.168.50.254:6152'
* Trying 192.168.50.254:6152...
* Connected to 192.168.50.254 (192.168.50.254) port 6152
* CONNECT tunnel: HTTP/1.1 negotiated
* allocate connect buffer
* Establish HTTP proxy tunnel to github.com:443
> CONNECT github.com:443 HTTP/1.1
> Host: github.com:443
> User-Agent: curl/8.5.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* CONNECT phase completed
* CONNECT tunnel established, response 200
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
* start date: Feb 14 00:00:00 2023 GMT
* expire date: Mar 14 23:59:59 2024 GMT
* subjectAltName: host "github.com" matched cert's "github.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
* SSL certificate verify ok.
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha384WithRSAEncryption
* Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha1WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://github.com/login/oauth/access_token?client_id=Iv1.xxxx&client_secret=87d571b093xxxx&code=e909c0ea8fcc9495b997
* [HTTP/2] [1] [:method: POST]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: github.com]
* [HTTP/2] [1] [:path: /login/oauth/access_token?client_id=Iv1.xxxx&client_secret=87d571b0xxxx&code=e909c0ea8fcc9495b997]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> POST /login/oauth/access_token?client_id=Iv1.xxxx&client_secret=87d57xxxxxx&code=e909c0ea8fcc9495b997 HTTP/2
> Host: github.com
> User-Agent: curl/8.5.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 200
< server: GitHub.com
< date: Tue, 16 Jan 2024 12:35:12 GMT
< content-type: application/x-www-form-urlencoded; charset=utf-8
< vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame
< etag: W/"f6ae999f9d860bf0d7a02555e2c84bd5"
< cache-control: max-age=0, private, must-revalidate
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 0
< referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
< content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com support.github.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
< vary: Accept-Encoding, Accept, X-Requested-With
< x-github-request-id: D62A:7C4E:3CE4C3:3F3AA4:65A67800
<
* Connection #0 to host 192.168.50.254 left intact
access_token=ghu_xxxx&expires_in=28800&refresh_token=ghr_xxxx&refresh_token_expires_in=15724800&scope=&token_type=bearer~
n4bb12 commented
Thanks the report.
The problem likely has to do with the use of a proxy server.
I believe, proxy support might have broken when switching from manual HTTP requests to using Octokit since Octokit uses fetch
which does not respect HTTP_PROXY.