Describe the bug
Upon trying to log into PGAdmin using Okta, having set up the application and configuration in PGAdmin we consistenly get the following error:
To Reproduce
Steps to reproduce the behavior:
config_local.py:
AUTHENTICATION_SOURCES = ['oauth2', 'internal']
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [
{
'OAUTH2_NAME': 'okta',
'OAUTH2_DISPLAY_NAME': 'Okta',
'OAUTH2_ICON': 'fa-okta',
'OAUTH2_BUTTON_COLOR': '#FFAC1C',
'OAUTH2_CLIENT_ID': '',
'OAUTH2_CLIENT_SECRET': '',
'OAUTH2_TOKEN_URL': 'https://.okta.com/oauth2/v1/token',
'OAUTH2_AUTHORIZATION_URL': 'https://.okta.com/oauth2/v1/authorize',
'OAUTH2_API_BASE_URL': 'https://.okta.com/oauth2/default',
'OAUTH2_USERINFO_ENDPOINT': 'https://.okta.com/api/v1/users',
'OAUTH2_SCOPE': 'openid profile email',
'OAUTH2_SERVER_METADATA_URL': 'https://.okta.com/oauth2/default/.well-known/openid-configuration',
'OAUTH2_USERNAME_CLAIM': 'openid',
'OAUTH2_ADDITIONAL_CLAIMS': 'openid profile',
'OAUTH2_LOGOUT_URL': 'https://.okta.com/oauth2/default/v1/logout'
}
]
Once configured in the application the auth_obj error will occur despite trying numerous tries.
Logs show the following:
2024-10-15 15:37:41,487: ERROR pgadmin: 'auth_obj'
Traceback (most recent call last):
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 880, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 865, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return]
File "/usr/pgadmin4/web/pgadmin/authenticate/oauth2.py", line 54, in oauth_authorize
auth_obj = session['auth_obj']
KeyError: 'auth_obj'
2024-10-15 15:38:26,534: ERROR pgadmin: 'auth_obj'
Traceback (most recent call last):
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 880, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 865, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return]
File "/usr/pgadmin4/web/pgadmin/authenticate/oauth2.py", line 54, in oauth_authorize
auth_obj = session['auth_obj']
KeyError: 'auth_obj'
Further logs also indicate that there is an issue with an invalid Web Key Set
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 880, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 865, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return]
File "/usr/pgadmin4/web/pgadmin/authenticate/oauth2.py", line 56, in oauth_authorize
status, msg = auth_obj.login()
File "/usr/pgadmin4/web/pgadmin/authenticate/init.py", line 299, in login
status, msg = self.source.login(self.form)
File "/usr/pgadmin4/web/pgadmin/authenticate/oauth2.py", line 136, in login
profile = self.get_user_profile()
File "/usr/pgadmin4/web/pgadmin/authenticate/oauth2.py", line 215, in get_user_profile
session['oauth2_token'] = self.oauth2_clients[
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/integrations/flask_client/apps.py", line 105, in authorize_access_token
userinfo = self.parse_id_token(token, nonce=state_data['nonce'], claims_options=claims_options)
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/integrations/base_client/sync_openid.py", line 59, in parse_id_token
claims = _jwt.decode(
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/jose/rfc7519/jwt.py", line 96, in decode
data = self._jws.deserialize_compact(s, load_key, decode_payload)
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/jose/rfc7515/jws.py", line 101, in deserialize_compact
algorithm, key = self._prepare_algorithm_key(jws_header, payload, key)
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/jose/rfc7515/jws.py", line 254, in _prepare_algorithm_key
key = key(header, payload)
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/integrations/base_client/sync_openid.py", line 80, in load_key
return jwk_set.find_by_kid(header.get('kid'))
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/jose/rfc7517/key_set.py", line 29, in find_by_kid
raise ValueError('Invalid JSON Web Key Set')
ValueError: Invalid JSON Web Key Set
Expected behavior
Expected was to log into PGAdmin.
Error message
{
"success": 0,
"errormsg": "'auth_obj'",
"info": "",
"result": null,
"data": null
}
Screenshots
Screenshot Above
Desktop (please complete the following information):
- OS: Red Hat Enterprise Linux
- Version: 9.4
- Mode: Server
- Browser: Edge, Chrome, Firefox (tried all 3 with the same result)
- Package type: RPM
Additional context
No additional context to provide.
Describe the bug
Upon trying to log into PGAdmin using Okta, having set up the application and configuration in PGAdmin we consistenly get the following error:
To Reproduce
Steps to reproduce the behavior:
config_local.py:
AUTHENTICATION_SOURCES = ['oauth2', 'internal']
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [
{
'OAUTH2_NAME': 'okta',
'OAUTH2_DISPLAY_NAME': 'Okta',
'OAUTH2_ICON': 'fa-okta',
'OAUTH2_BUTTON_COLOR': '#FFAC1C',
'OAUTH2_CLIENT_ID': '',
'OAUTH2_CLIENT_SECRET': '',
'OAUTH2_TOKEN_URL': 'https://.okta.com/oauth2/v1/token',
'OAUTH2_AUTHORIZATION_URL': 'https://.okta.com/oauth2/v1/authorize',
'OAUTH2_API_BASE_URL': 'https://.okta.com/oauth2/default',
'OAUTH2_USERINFO_ENDPOINT': 'https://.okta.com/api/v1/users',
'OAUTH2_SCOPE': 'openid profile email',
'OAUTH2_SERVER_METADATA_URL': 'https://.okta.com/oauth2/default/.well-known/openid-configuration',
'OAUTH2_USERNAME_CLAIM': 'openid',
'OAUTH2_ADDITIONAL_CLAIMS': 'openid profile',
'OAUTH2_LOGOUT_URL': 'https://.okta.com/oauth2/default/v1/logout'
}
]
Once configured in the application the auth_obj error will occur despite trying numerous tries.
Logs show the following:
2024-10-15 15:37:41,487: ERROR pgadmin: 'auth_obj'
Traceback (most recent call last):
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 880, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 865, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return]
File "/usr/pgadmin4/web/pgadmin/authenticate/oauth2.py", line 54, in oauth_authorize
auth_obj = session['auth_obj']
KeyError: 'auth_obj'
2024-10-15 15:38:26,534: ERROR pgadmin: 'auth_obj'
Traceback (most recent call last):
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 880, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 865, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return]
File "/usr/pgadmin4/web/pgadmin/authenticate/oauth2.py", line 54, in oauth_authorize
auth_obj = session['auth_obj']
KeyError: 'auth_obj'
Further logs also indicate that there is an issue with an invalid Web Key Set
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 880, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/flask/app.py", line 865, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) # type: ignore[no-any-return]
File "/usr/pgadmin4/web/pgadmin/authenticate/oauth2.py", line 56, in oauth_authorize
status, msg = auth_obj.login()
File "/usr/pgadmin4/web/pgadmin/authenticate/init.py", line 299, in login
status, msg = self.source.login(self.form)
File "/usr/pgadmin4/web/pgadmin/authenticate/oauth2.py", line 136, in login
profile = self.get_user_profile()
File "/usr/pgadmin4/web/pgadmin/authenticate/oauth2.py", line 215, in get_user_profile
session['oauth2_token'] = self.oauth2_clients[
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/integrations/flask_client/apps.py", line 105, in authorize_access_token
userinfo = self.parse_id_token(token, nonce=state_data['nonce'], claims_options=claims_options)
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/integrations/base_client/sync_openid.py", line 59, in parse_id_token
claims = _jwt.decode(
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/jose/rfc7519/jwt.py", line 96, in decode
data = self._jws.deserialize_compact(s, load_key, decode_payload)
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/jose/rfc7515/jws.py", line 101, in deserialize_compact
algorithm, key = self._prepare_algorithm_key(jws_header, payload, key)
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/jose/rfc7515/jws.py", line 254, in _prepare_algorithm_key
key = key(header, payload)
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/integrations/base_client/sync_openid.py", line 80, in load_key
return jwk_set.find_by_kid(header.get('kid'))
File "/usr/pgadmin4/venv/lib64/python3.9/site-packages/authlib/jose/rfc7517/key_set.py", line 29, in find_by_kid
raise ValueError('Invalid JSON Web Key Set')
ValueError: Invalid JSON Web Key Set
Expected behavior
Expected was to log into PGAdmin.
Error message
{
"success": 0,
"errormsg": "'auth_obj'",
"info": "",
"result": null,
"data": null
}
Screenshots
Screenshot Above
Desktop (please complete the following information):
Additional context
No additional context to provide.