🐛 Bug Report: Microsoft OAuth Error

[SecureCPU]

👟 Reproduction steps

Try to login using a Microsoft account

👍 Expected behavior

Should login using the Microsoft account

👎 Actual Behavior

I get the following error: {"statusCode":500,"message":"Internal server error"}

I have set the Web Redirect URIs in the Microsoft Application as: "https://example.com/api/oauth/callback/microsoft"

🌐 Browser

Chrome

[SecureCPU]

I'm getting the same error with github, and with discord i get the error that says "Can't get email address from this Discord account."

I'm not sure what i'm doing wrong.

[stonith404]

Can you share the server logs? The Discord bug is related to #302

[SecureCPU]

This is the Log when I tried the Microsoft Login:

[Nest] 46 - 11/09/2023, 6:44:14 PM ERROR [ExceptionsHandler] Cannot read properties of null (reading 'nonce') TypeError: Cannot read properties of null (reading 'nonce') at MicrosoftProvider.getUserInfo (/opt/app/backend/dist/src/oauth/provider/genericOidc.provider.js:84:35) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async OAuthController.callback (/opt/app/backend/dist/src/oauth/oauth.controller.js:50:22)

[SecureCPU]

This is the error I got when I tried Github:

[Nest] 46 - 11/09/2023, 6:45:50 PM ERROR [ExceptionsHandler] Cannot read properties of undefined (reading 'includes') TypeError: Cannot read properties of undefined (reading 'includes') at GitHubProvider.getUserInfo (/opt/app/backend/dist/src/oauth/provider/github.provider.js:50:26) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async OAuthController.callback (/opt/app/backend/dist/src/oauth/oauth.controller.js:50:22)

[SecureCPU]

Here is the full log i download:

pingvin-file-share-pingvin-share-1_logs.txt

[chrisburkey]

Having the same issue. Here is the output of my last attempt at using microsoft authentication:
{"statusCode":500,"message":"Internal server error"}

Logs:
[Nest] 47 - 11/09/2023, 7:47:50 PM ERROR [ExceptionsHandler] Cannot read properties of undefined (reading 'password')
TypeError: Cannot read properties of undefined (reading 'password')
at UserController.getCurrentUser (/opt/app/backend/dist/src/user/user.controller.js:32:38)
at /opt/app/backend/node_modules/@nestjs/core/router/router-execution-context.js:38:29
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
[Nest] 47 - 11/09/2023, 7:47:53 PM ERROR [ExceptionsHandler] Cannot read properties of undefined (reading 'password')
TypeError: Cannot read properties of undefined (reading 'password')
at UserController.getCurrentUser (/opt/app/backend/dist/src/user/user.controller.js:32:38)
at /opt/app/backend/node_modules/@nestjs/core/router/router-execution-context.js:38:29
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
[Nest] 47 - 11/09/2023, 7:47:53 PM ERROR [ExceptionsHandler] Cannot read properties of undefined (reading 'password')
TypeError: Cannot read properties of undefined (reading 'password')
at UserController.getCurrentUser (/opt/app/backend/dist/src/user/user.controller.js:32:38)
at /opt/app/backend/node_modules/@nestjs/core/router/router-execution-context.js:38:29
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
[Nest] 47 - 11/09/2023, 7:48:07 PM ERROR [ExceptionsHandler] Cannot read properties of null (reading 'nonce')
TypeError: Cannot read properties of null (reading 'nonce')
at MicrosoftProvider.getUserInfo (/opt/app/backend/dist/src/oauth/provider/genericOidc.provider.js:84:35)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async OAuthController.callback (/opt/app/backend/dist/src/oauth/oauth.controller.js:50:22)
[Nest] 47 - 11/09/2023, 7:48:07 PM ERROR [ExceptionsHandler] Cannot read properties of undefined (reading 'password')
TypeError: Cannot read properties of undefined (reading 'password')
at UserController.getCurrentUser (/opt/app/backend/dist/src/user/user.controller.js:32:38)
at /opt/app/backend/node_modules/@nestjs/core/router/router-execution-context.js:38:29
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

[stonith404]

@zz5840 Do you have an idea why this could happen?

[zz5840]

@stonith404 I'm still finding the cause of this error:

[Nest] 46  - 11/09/2023, 5:05:11 PM   ERROR [ExceptionsHandler] Cannot read properties of undefined (reading 'password')
TypeError: Cannot read properties of undefined (reading 'password')
    at UserController.getCurrentUser (/opt/app/backend/dist/src/user/user.controller.js:32:38)
    at /opt/app/backend/node_modules/@nestjs/core/router/router-execution-context.js:38:29
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

Seems all OAuth errors are caused by this, but I don't know why user could be undefined.

pingvin-share/backend/src/user/user.controller.ts

Lines 28 to 34 in 5503e7a

	@Get("me")
	@UseGuards(JwtGuard)
	async getCurrentUser(@GetUser() user: User) {
	const userDTO = new UserDTO().from(user);
	userDTO.hasPassword = !!user.password;
	return userDTO;
	}

[zz5840]

@stonith404 Oh sorry, I think I found the cause. I was so remiss that I wrote a wrong request URL, and I even don't know how it passed my test.

[zz5840]

@SecureCPU @chrisburkey Issues in GitHub and Discord have been fixed, please test it with dev image.

And could you tell me which url this error occurs at?

{"statusCode":500,"message":"Internal server error"}

[stonith404]

@zz5840 Thank you for your help! The dev image is ready.

[zz5840]

@chrisburkey @SecureCPU I have updated the docs of Microsoft authentication, please check it and confirm your config is correct.
https://github.com/stonith404/pingvin-share/blob/af8932094a1de7862f05ea103b58207b7a5df798/docs/oauth2-guide.md#microsoft

[SecureCPU]

Its still not working, Can anyone send me screen shots of what its supposed to look like?

[zz5840]

@SecureCPU Are you using stable image or dev image?

[SecureCPU]

These are my settings:

[SecureCPU]

I'm using the stable image

[SecureCPU]

and its behind NPM proxy and cloudflare proxy, but doesn't have any rules or blocks applied

[SecureCPU]

should i try the Dev image?

[SecureCPU]

I'm trying the Dev image now.

[zz5840]

Sorry, but dev image may not solve your issue too. You can try to create a personal Microsoft accounts only app in Microsoft Entra and use consumer for tenant.

[zz5840]

Your error may be caused by this.

[SecureCPU]

So my company is a verified, and i added it to the app when i created it:

[SecureCPU]

But I still get this error:

I didn't try the consumer account type, still trying the common type

[SecureCPU]

But the Dev version fixed the github and discord for me. that worked perfectly. Thank you so much!!

[zz5840]

Ok, I have update the code to display the detail error when authentication failed, please try it again after @stonith404 updating the dev image.

[zz5840]

But I still get this error:

By the way, how did you see this error message? I think I have made all error to show on error page rather than a raw JSON.

[SecureCPU]

this is what showed on the website once i authenticated my Microsoft account.

[zz5840]

@SecureCPU Ok, the dev image has been updated, please test the dev image again.

[SecureCPU]

k. updating now

[zz5840]

this is what showed on the website once i authenticated my Microsoft account.

On which url this error shows? /api/oauth/auth/microsoft or /api/oauth/callback/microsoft

[SecureCPU]

/api/oauth/callback/microsoft

[SecureCPU]

Still getting the same error.

[SecureCPU]

This is the full URL when I get that error (Link can only be viewed once.

CLICK HERE TO VIEW

[zz5840]

@SecureCPU It still shows Cannot read properties of null (reading 'nonce'), right?

[SecureCPU]

@SecureCPU It still shows Cannot read properties of null (reading 'nonce'), right?

I didn't see that error, just the one I mentioned before. But Microsoft still doesn't work.

[zz5840]

This is the full URL when I get that error (Link can only be viewed once.

CLICK HERE TO VIEW

After you get this URL, please use curl to request the token and check outputs.

You can send it to my email i#qingfu.dev if it contains sensitive information.

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=authorization_code&code=YOUR_CODE&redirect_uri=YOUR_APP_URL/api/oauth/callback/microsoft' https://login.microsoftonline.com/common/oauth2/v2.0/token

Don't forget to replace the variable in URL. The code is from URL you get from last step, it's a bit long, please be careful with the boundary.

BTW, please re-open the PR.

[SecureCPU]

I found the issue...

So I entered the wrong value for the Client Secret, I used the Client Secret ID instead of the Client Secret Value.

Once I figured that out, I reissued the Client Secret and used the value instead of the ID and it worked like a charm.

Sorry for the trouble, ended up being user error. feel really stupid i missed the 2 up on this application.

[rewulff]

Had the same issue on Microsoft for another reason.
JSON DEBUG: "Cannot GET //api/oauth/auth/microsoft"

Simple solution:

In Pingvin-Settings I setted up my domain with / at the end. This leaded to //api which fails.

Just make sure to end your Domain in Settings to TLD without / at the end.