Invalid client: client is invalid

[Artem-Tsymbal]

Good day guys, I am starting Peertube with docker. When I enter the Peertube on localhost I get this error: "Error
Cannot retrieve OAuth Client credentials: . Ensure you have correctly configured PeerTube (config/ directory), in particular the "webserver" section.".

And after I registered new account, I tried to login, but I can't. I get this error: "Failed to load resource: the server responded with a status of 400 (Bad Request) main-es2015.cedac4107b66ac6727bb.js:1 Backend returned code 400, errorMessage is: Invalid client: client is invalid"

These are the backend logs: "[127.0.0.1:443] 2020-09-10 10:47:42.664 info: 172.2.0.1 - - [10/Sep/2020:10:47:42 +0000] "GET /api/v1/config/ HTTP/1.1" 304 - "http://127.0.0.1/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"

[127.0.0.1:443] 2020-09-10 10:47:42.673 info: 172.2.0.1 - - [10/Sep/2020:10:47:42 +0000] "GET /api/v1/oauth-clients/local HTTP/1.1" 304 - "http://127.0.0.1/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"

[127.0.0.1:443] 2020-09-10 10:47:42.681 info: 172.2.0.1 - - [10/Sep/2020:10:47:42 +0000] "GET /api/v1/videos/languages HTTP/1.1" 304 - "http://127.0.0.1/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"

[127.0.0.1:443] 2020-09-10 10:47:42.788 info: 172.2.0.1 - - [10/Sep/2020:10:47:42 +0000] "POST /api/v1/users/token HTTP/1.1" 400 69 "http://127.0.0.1/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
"

[Artem-Tsymbal]

When I am running manually dev version at my pc, I don't have such problems

[rigelk]

How are you running you docker image, and what docker image are you running?

[n-51]

I'm possibly experiencing the same error.

Tried logging in:

• with root (precreated) and with a manually created user
• with different browsers
• without https (nginx) reverse proxy
• with a freshly built docker image (/support/docker/production/Dockerfile.buster)

Error / config dump:

---- Error popup when opening example.tld ----

Cannot retrieve OAuth Client credentials: undefined. Ensure you have correctly configured PeerTube (config/ directory), in particular the "webserver" section.

---- error from: docker-compose logs peertube ----

peertube_1  | [example.tld:80] 2020-10-11 13:21:04.941 warn: Login error. {
peertube_1  |   "err": {
peertube_1  |     "statusCode": 400,
peertube_1  |     "status": 400,
peertube_1  |     "code": 400,
peertube_1  |     "message": "Invalid client: client is invalid",
peertube_1  |     "name": "invalid_client",
peertube_1  |     "stack": "invalid_client: Invalid client: client is invalid\n    at new InvalidClientError (/app/node_modules/oauth2-server/lib/errors/invalid-client-error.js:26:14)\n    at /app/node_modules/oauth2-server/lib/handlers/token-handler.js:141:15\n    at tryCatcher (/app/node_modules/bluebird/js/release/util.js:16:23)\n    at Promise._settlePromiseFromHandler (/app/node_modules/bluebird/js/release/promise.js:547:31)\n    at Promise._settlePromise (/app/node_modules/bluebird/js/release/promise.js:604:18)\n    at Promise._settlePromise0 (/app/node_modules/bluebird/js/release/promise.js:649:10)\n    at Promise._settlePromises (/app/node_modules/bluebird/js/release/promise.js:729:18)\n    at _drainQueueStep (/app/node_modules/bluebird/js/release/async.js:93:12)\n    at _drainQueue (/app/node_modules/bluebird/js/release/async.js:86:9)\n    at Async._drainQueues (/app/node_modules/bluebird/js/release/async.js:102:5)\n    at Immediate.Async.drainQueues [as _onImmediate] (/app/node_modules/bluebird/js/release/async.js:15:14)\n    at runCallback (timers.js:705:18)\n    at tryOnImmediate (timers.js:676:5)\n    at processImmediate (timers.js:658:5)"
peertube_1  |   }
peertube_1  | }
peertube_1  | [example.tld:80] 2020-10-11 13:21:04.943 info: 172.18.0.0 - - [11/Oct/2020:13:21:04 +0000] "POST /api/v1/users/token HTTP/1.0" 400 69 "https://example.tld/login" "Firefox"

---- .env -----

# Database / Postgres service configuration
POSTGRES_USER=peertube
POSTGRES_PASSWORD="MWg+gJIZIqMbeGvr5p0xznWtM2/Lp7kU2MOtx/C96yg="
# Postgres database name "peertube"
POSTGRES_DB=peertube
# Editable only with a suffix :
#POSTGRES_DB=peertube_prod
#PEERTUBE_DB_SUFFIX=_prod
PEERTUBE_DB_USERNAME=peertube
PEERTUBE_DB_PASSWORD="MWg+gJIZIqMbeGvr5p0xznWtM2/Lp7kU2MOtx/C96yg="
# Default to Postgres service name "postgres" in docker-compose.yml
PEERTUBE_DB_HOSTNAME=postgres

# Server configuration
PEERTUBE_WEBSERVER_HOSTNAME=example.tld
# If you do not use https and a reverse-proxy in docker-compose.yml
PEERTUBE_WEBSERVER_PORT=80
PEERTUBE_WEBSERVER_HTTPS=false
# If you need more than one IP as trust_proxy
# pass them as a comma separated array:
PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"]

# E-mail configuration
# If you use a Custom SMTP server
#PEERTUBE_SMTP_USERNAME=
#PEERTUBE_SMTP_PASSWORD=
# Default to Postfix service name "postfix" in docker-compose.yml
# May be the hostname of your Custom SMTP server
PEERTUBE_SMTP_HOSTNAME=postfix
PEERTUBE_SMTP_PORT=25
PEERTUBE_SMTP_FROM=noreply@example.tld
PEERTUBE_SMTP_TLS=false
PEERTUBE_SMTP_DISABLE_STARTTLS=false
PEERTUBE_ADMIN_EMAIL=admin@example.tld

# Postfix service configuration
POSTFIX_myhostname=example.tld
# If you need to generate a list of sub/DOMAIN keys
# pass them as a whitespace separated string <DOMAIN>=<selector>
OPENDKIM_DOMAINS=example.tld=peertube
# see https://github.com/wader/postfix-relay/pull/18
OPENDKIM_RequireSafeKeys=no

# Let's Encrypt service configuration
#TRAEFIK_ACME_EMAIL=<MY EMAIL ADDRESS>
# If you need to obtain ACME certificates for more than one DOMAIN
# pass them as a comma separated string
#TRAEFIK_ACME_DOMAINS=<MY DOMAIN>

# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\
PEERTUBE_SIGNUP_ENABLED=true
PEERTUBE_TRANSCODING_ENABLED=true
PEERTUBE_CONTACT_FORM_ENABLED=true

---- docker-compose.yml ----

version: "3.3"

services:

  peertube:
    # If you don't want to use the official image and build one from sources
    # build:
    #   context: .
    #   dockerfile: ./support/docker/production/Dockerfile.buster
    image: chocobozzz/peertube:production-buster
    env_file:
      - .env
    # If you don't want to use a reverse proxy (not suitable for production!)
    ports:
      - "3003:9000"
    volumes:
      - ./docker-volume/data:/data
      - ./docker-volume/config:/config
    depends_on:
      - postgres
      - redis
      - postfix
    restart: "always"

  postgres:
    image: postgres:10-alpine
    env_file:
      - .env
    volumes:
      - ./docker-volume/db:/var/lib/postgresql/data
    restart: "always"
    labels:
      traefik.enable: "false"

  redis:
    image: redis:4-alpine
    volumes:
      - ./docker-volume/redis:/data
    restart: "always"
    labels:
      traefik.enable: "false"

  postfix:
    image: mwader/postfix-relay
    env_file:
      - .env
    volumes:
      - ./docker-volume/opendkim/keys:/etc/opendkim/keys
    labels:
      traefik.enable: "false"
    restart: "always"

networks:
  default:
    ipam:
      driver: default
      config:
      - subnet:  172.18.0.0/16

(Setup/configuration is based on: https://docs.joinpeertube.org/#/install-docker)

[n-51]

#3155 contains TsymalArtem's configuration.

[n-51]

Update

Login works on http (+ the oauth error popup went away)

Because docker was proxying to port 3003 (docker-compose.yml):

  ports:
      - "3003:9000" 

But the webserver was configured for port 80 (.env):

PEERTUBE_WEBSERVER_PORT=80

fix is to change to:
PEERTUBE_WEBSERVER_PORT=3003

Solution for port 443 + https reverse proxy

.env

PEERTUBE_WEBSERVER_PORT=443
PEERTUBE_WEBSERVER_HTTPS=true

and the correct nginx reverse proxy config from https://github.com/Chocobozzz/PeerTube/blob/develop/support/nginx/peertube
(Currently I get a white blank screen everywhere, and I suspect something is wrong with the nginx config. update: disable all caching, removing "Can be removed" entries, solved the issue)

[Zir0h]

I had this error because I passed the wrong Host header in my reverse proxy config.

proxy_set_header Host $host;