Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth2 scopes bug #622

Open
CHTJonas opened this Issue Apr 6, 2019 · 4 comments

Comments

Projects
None yet
1 participant
@CHTJonas
Copy link
Member

commented Apr 6, 2019

Something is wrong with external OAuth login for certain user(s). Unfortunately the error messages aren't very forgiving...

It also seems to work fine for me, but not for the user in question below (won't mention their name here for data protection but see Sentry). I'll try and ask a few other people to test this but to help diagnose it might help if people could try navigating to https://roombooking-dev.adctheatre.com and logging in to see if you experience the same issue?

Sentry issue: CAMDRAM-WEB-8B

OAuth2\OAuth2ServerException: invalid_request
  File "web/app.php", line 28
    $response = $kernel->handle($request);
...
(8 additional frame(s) were not displayed)
@CHTJonas

This comment has been minimized.

Copy link
Member Author

commented Apr 6, 2019

Seems to be line 1115 of vendor/friendsofsymfony/oauth2-php/lib/OAuth2.php which is the issue:

throw new OAuth2ServerException(Response::HTTP_BAD_REQUEST, self::ERROR_INVALID_REQUEST, "No client id supplied");

But the POST'ed request body clearly shows the client_id is present?

@CHTJonas

This comment has been minimized.

Copy link
Member Author

commented Apr 6, 2019

I can login without issue via OAuth2 on the CUADC Wiki so I don't think it's a client application problem.

@CHTJonas

This comment has been minimized.

Copy link
Member Author

commented Apr 6, 2019

I was playing around and ran the following query to purge the stored user grants and I'm now experiencing the same issue:

DELETE FROM acts_api_authorizations;

@CHTJonas CHTJonas changed the title OAuth2 broken for certain users OAuth2 scopes bug Apr 6, 2019

@CHTJonas

This comment has been minimized.

Copy link
Member Author

commented Apr 6, 2019

After a few hours of messing around, I believe I have narrowed down the problem. The first time a user attempts to authenticate using Camdram to an external application using OAuth2, the "The app XXX would like to access your profile on Camdram" message appears on Camdram. At this point the "Allow" and "Cancel" buttons work as expected. However upon clicking said "Allow" button, the required scopes are not stored in the acts_api_authorizations table - instead the scopes field is set to be a blank string.

When attempting to log in to the app in question again at a later date, the same screen appears again. Upon clicking either the "Allow" or "Cancel" buttons an exception is thrown. If I manually set the scopes field to what I expect it to be UPDATE acts_api_authorizations SET scopes = 'user_shows,user_orgs,user_email' WHERE id=50 then everything works as expected.

This may be related to #402.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.