email field in cookie is empty

[markusschuettler]

Hi,

I followed the Readme in setting up the forward-auth and the google oauth settings.
Running forward-auth 2.0.1 with traefik 1.7.12 on k8s with the .yml from issue #33.
Everything works fine, except the e-mail based whitelisting, where I am always rejected as unauthorized.
When checking the logs, I noticed that the email field in the cookie is empty:

time="2019-07-12T20:34:12Z" level=debug msg="Handling callback" headers="map[Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en;q=0.9,de-DE;q=0.8,de;q=0.7,en-US;q=0.6] Cookie:[_forward_auth_csrf={some_long_string}] Dnt:[1] Referer:[https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id={some_long_string}.apps.googleusercontent.com&as={some_long_string}&destination=https%3A%2F%2Fauth.mydomain.de%3A42443&approval_state={some_long_string}&oauthgdpr=1&xsrfsig={some_long_string}&flowName=GeneralOAuthFlow] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36] X-Forwarded-For:[10.42.0.83] X-Forwarded-Host:[auth.mydomain.de:42443] X-Forwarded-Method:[GET] X-Forwarded-Proto:[https] X-Forwarded-Uri:[/_oauth?state={some_long_string}%3Ahttps%3A%2F%2Fdashboard.mydomain.de%3A42443%2F%5D&code={some_long_string}&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=0&session_state={some_long_string}&prompt=consent]]" rule=default source_ip=10.42.0.83
time="2019-07-12T20:34:12Z" level=info msg="Generated auth cookie" source_ip=10.42.0.83 user= 
time="2019-07-12T20:34:12Z" level=debug msg="Authenticating request" headers="map[Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-GB,en;q=0.9,de-DE;q=0.8,de;q=0.7,en-US;q=0.6] Cookie:[_forward_auth={some_long_string}|1563006852|] Dnt:[1] Referer:[https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id={some_long_string}.apps.googleusercontent.com&as={some_long_string}&destination=https%3A%2F%2Fauth.mydomain.de%3A42443&approval_state={some_long_string}&oauthgdpr=1&xsrfsig={some_long_string}&flowName=GeneralOAuthFlow] Upgrade-Insecure-Requests:[1] User-Agent:[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36] X-Forwarded-For:[10.42.0.83] X-Forwarded-Host:[dashboard.mydomain.de:42443] X-Forwarded-Method:[GET] X-Forwarded-Proto:[https] X-Forwarded-Uri:[/]]]" rule=default source_ip=10.42.0.83

Any idea what might be the issue?

[thomseddon]

Hmm that's odd - did you manage to get to the bottom of this?

[bakakaba]

I seem to be experiencing the same issue. My setup is using the Google provider with auth-host and the cookie domain set to the root domain.

time="2019-12-06T01:32:10Z" level=info msg="Generated auth cookie" source_ip=10.0.1.1 user=

time="2019-12-06T01:32:10Z" level=error msg="Invalid email" email= source_ip=10.0.1.1

Let me know if you require more information as I'm at a lost on how to debug this further.

[markusschuettler]

Hmm that's odd - did you manage to get to the bottom of this?

No, sadly didn't have time to look into it any further.

[thomseddon]

Hey, if this is still an issue - please just re-open this issue and post the config and ideally a debug log from launch to failed attempt :)