oAuth - Invalid Credentials

[NilsBaumgartner1994]

Preflight Checklist

• I have completed all Troubleshooting Steps.
• I'm on the latest version of Directus.
• There's no other issue that already describes my problem.

Describe the Bug

The last update broke the oAuth login.

On Version: 9.0.0-rc.94 everything works fine. On the latest version it throws an error: myappdirectus | 10:40:39 ⚠️ Invalid user credentials.

FAQ:

• Yes the user is created
• Yes the user is activated

I can reproduce the problem.

To Reproduce

Just simply create an own SSO service.
Used docker.

What version of Directus are you using?

directus/directus:9.0.0-rc.95

What version of Node.js are you using?

v14.15.4

What database are you using?

postges

What browser are you using?

Chrome

What operating system are you using?

macOS

How are you deploying Directus?

Docker

[mp-itconsulting]

Same problem for me. AUTH0 configured correctly but still got the reply "Invalid user credentials" and redirected to "../admin/login?reason=INVALID_USER"

Attributes are retrieved from AUTH0 but email seems not to be verified. Other apps with similar settings are working fine.
Tested also with several scope definitions: "openid email", "array:openid,email" or ["openid","email"]. But no success at all

Kr
Michael

[NilsBaumgartner1994]

Same problem for me. AUTH0 configured correctly but still got the reply "Invalid user credentials" and redirected to "../admin/login?reason=INVALID_USER"

Attributes are retrieved from AUTH0 but email seems not to be verified. Other apps with similar settings are working fine. Tested also with several scope definitions: "openid email", "array:openid,email" or ["openid","email"]. But no success at all

Kr Michael

"Fixed" this problem by using version before latest --> image: directus/directus:9.0.0-rc.94

[NilsBaumgartner1994]

But i can confirm, that i also have the problem with "INVALID_USER".

[mp-itconsulting]

Also downgraded to rc.94 and it´s working

[u12206050]

I have the same issue, but downgrading to rc.94 didn't work either.

[NilsBaumgartner1994]

I have the same issue, but downgrading to rc.94 didn't work either.

be sure to purge docker

[u12206050]

Am not using docker, but have removed package-lock.json and node_modules and it still gives me INVALID_USER.
Will try rc.93

[u12206050]

Ah nevermind, realized now in my package.json that I need to have "directus": "9.0.0-rc.94", and NOT "^directus": "9.0.0-rc.94",

[darioguarascio]

Same problem here. OAUTH is ok (tested with other software) but directus is giving INVALID_USER

[isaacnass]

@darioguarascio I struggled with this all morning myself. I have been able to monkeypatch it by adding the following to node_modules/directus/dist/services/authentication.js:58:

async login(providerName = constants_1.DEFAULT_AUTH_PROVIDER, payload, otp) {
        payload.email = payload.email || payload.identifier # <--- Added line
        var _a, _b;
        const STALL_TIME = 100;
        const timeStart = perf_hooks_1.performance.now();

As far as I can tell there is some sort of change in the way Google Oauth payloads are either returned or parsed. Since the default auth provider is used to parse the auth payload, it gets angry when there isn't an email there

[aidenfoxx]

@darioguarascio @isaacnass There is already a fix for this that will apparently be released today #8389. As you discovered the issue was that the value identifier was being sent when email was expected.