-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookie "_oauth2_proxy" not present #26
Comments
Hi @loispostula, Just a couple of thoughts on this. Does the error persist when you have Have you also tried |
Hi, I know this issue is old, but I'm seeing the same thing, so thought I'd: A) Check if @loispostula got the issue resolved? And if so, can you share any details? B) Provide some details for my own set up, where I'm trying pass the JWT from my OIDC provider to my upstream system. I'm running oauth2_proxy on kubernetes, proxying requests to an Angular single-page app running in a different container based on the nginx:stable-alpine docker image. I've tried a few setups, all of which correctly intercept the initial request, present the login page, redirect out to Auth0.com and return back to my URL. However: WITHOUT AUTH HEADER, WITHOUT SECURE COOKIE
This redirects to the upstream app, but there is no auth header. Cookie exists. WITH AUTH HEADER, WITHOUT SECURE COOKIE
This generates a 502 error. No cookie. Log entries are:
WITH AUTH HEADER, WITH SECURE COOKIE
This generates a 502 error. No cookie. Log entries as above WITHOUT AUTH HEADER, WITH SECURE COOKIE
This redirects to app, but no auth header. Cookie exists. Between each test, I'm clearing all cookies, and the _csrf cookie is set when I am directed to the login page. I've also tried all the above 4 cases with --set-authorization-header=true, and they all go to 502 page. Any help would be REALLY appreciated! Regards, |
Hi @ap1969, one thing I would recommend trying is to use the browser debug console to inspect the requests/responses from a login flow. One of the responses from the OAuth2 Proxy should have in it a You can set the cookie domain explicitly using the |
Hi Joel, I can see the set-cookie in the initial load when rendering the login page:
Then on return to callback, there's an initial hit to /oauth2/callback, with a 308 redirect to what seems to the same URL, and that redirect has no set-cookie header. Then the final /oauth2/callback request returns the 502 error, also with no set-cookie header. Does that help? Andy |
Hi Joel, SaveSession() calls SetSessionCookie(), which is trying to write two cookies:
However, neither of those actually seem to be set in the browser, which is odd as the next line in SetSessionCookie is http.SetCookie(rw, c), which should work just fine as it's the core http module, if I understand correctly (I'm new to Go). And I'm definitely not able to find any set-cookie headers in the request to oauth2_proxy's /callback. Any thoughts? |
OK, I'm making some progress. I see from the nginx conf example, when using --set-authorization-header flag, some provider's cookies can exceed the 4kb, so that explains the output in the code above. However, I'm still not setting the cookie headers. |
Just to double check you mean the response here rather than the request? Do you have the Could you please also supply your complete configuration including the config file and flags? (redacting any sensitive information of course) Could you also supply a snippet of the logs you get when you are trying this? |
Could you also try running a build from the latest master please? |
@ap1969 I had almost the same issue.
I just had to increase the buffer size : https://andrewlock.net/fixing-nginx-upstream-sent-too-big-header-error-when-running-an-ingress-controller-in-kubernetes/ |
@JoelSpeed - No matter the combination of settings that I do, I keep on getting " Error loading cookied session: Cookie "_oauth2_proxy" not present" persistently with 401 in Nginx ingress logs. Configuration currently been used:
|
Edit: My issue is that I was using http but never set the OAUTH2_PROXY_COOKIE_SECURE=false. After doing this it worked. I have now deployed this properly and it's working! --- Original Same as @infinitydon above, there is NO cookie when redirected back to the OAuth2_proxy. I am working with a self hosted GitLab instance, which seems like that might be the case with @infinitydon too. I see the below in the logs:
What does that mean? |
@infinitydon why do some of the args you are passing to
According to the |
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed. |
When setting
--pass-authorization-header=true
, The proxy returns an error 502 with the following message in the logs:oauthproxy.go:764 redacted_ip:port ("redacted_ip") Cookie "_oauth2_proxy" not present
Here are the parameter pass to the proxy:
I am trying to pass the authorization header to the kubernetes dashboard
The text was updated successfully, but these errors were encountered: