search

BookStackApp / BookStack

A platform to create documentation/wiki content built with PHP & Laravel
https://www.bookstackapp.com/
MIT License
15k stars 1.88k forks source link

Integration error using OpenID and AWS Cognito #3897

Closed tedivo closed 1 year ago

tedivo commented 1 year ago

Attempted Debugging

Searched GitHub Issues

Describe the Scenario

I'm trying to integrate BookStackApp with AWS Cognito using OpenID.

Everything has been configured as per the documentation available and the YouTube video, however when I click Login with OIDC, it presents an Unknown Error occurred. See logs showing

Enabling debug logs show this...

production.ERROR: Required parameter not passed: "code" {"exception":"[object] (BadMethodCallException(code: 0): Required parameter not passed: \"code\" at /var/www/docs.example.com/public_html/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php:35)

Exact BookStack Version

22.11

Log Content

``` Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log production.ERROR: Required parameter not passed: "code" {"exception":"[object] (BadMethodCallException(code: 0): Required parameter not passed: \"code\" at /var/www/docs.example.com/public_html/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php:35) Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log [stacktrace] Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #0 /var/www/docs.example.com/public_html/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php(53): League\\OAuth2\\Client\\Grant\\AbstractGrant->checkRequiredParameter() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #1 /var/www/docs.example.com/public_html/vendor/league/oauth2-client/src/Grant/AbstractGrant.php(76): League\\OAuth2\\Client\\Grant\\AbstractGrant->checkRequiredParameters() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #2 /var/www/docs.example.com/public_html/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(535): League\\OAuth2\\Client\\Grant\\AbstractGrant->prepareRequestParameters() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #3 /var/www/docs.example.com/public_html/app/Auth/Access/Oidc/OidcService.php(78): League\\OAuth2\\Client\\Provider\\AbstractProvider->getAccessToken() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #4 /var/www/docs.example.com/public_html/app/Http/Controllers/Auth/OidcController.php(57): BookStack\\Auth\\Access\\Oidc\\OidcService->processAuthorizeResponse() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #5 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\\Http\\Controllers\\Auth\\OidcController->callback() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #6 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #7 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\\Routing\\ControllerDispatcher->dispatch() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #8 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\\Routing\\Route->runController() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #9 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\\Routing\\Route->run() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #10 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #11 /var/www/docs.example.com/public_html/app/Http/Middleware/CheckGuard.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #12 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\CheckGuard->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #13 /var/www/docs.example.com/public_html/app/Http/Middleware/Localization.php(45): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #14 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\Localization->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #15 /var/www/docs.example.com/public_html/app/Http/Middleware/RunThemeActions.php(26): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #16 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\RunThemeActions->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #17 /var/www/docs.example.com/public_html/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #18 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\CheckEmailConfirmed->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #19 /var/www/docs.example.com/public_html/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #20 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\PreventAuthenticatedResponseCaching->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #21 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #22 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #23 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #24 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #25 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #26 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #27 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Session\\Middleware\\StartSession->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #28 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #29 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #30 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #31 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #32 /var/www/docs.example.com/public_html/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #33 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\ApplyCspRules->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #34 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #35 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\\Pipeline\\Pipeline->then() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #36 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\\Routing\\Router->runRouteWithinStack() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #37 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRoute() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #38 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\\Routing\\Router->dispatchToRoute() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #39 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #40 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #41 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #42 /var/www/docs.example.com/public_html/app/Http/Middleware/TrustProxies.php(41): Illuminate\\Http\\Middleware\\TrustProxies->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #43 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\TrustProxies->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #44 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #45 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #46 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #47 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #48 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #49 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #50 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #51 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #52 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #53 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #54 /var/www/docs.example.com/public_html/public/index.php(53): Illuminate\\Foundation\\Http\\Kernel->handle() Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log #55 {main} Dec 2 14:16:51 SVPRDTVDDOCS001 laravel.log "} ```

PHP Version

7.4.3

Hosting Environment

Ubuntu 20.04.5 LTS installed manually with git clone

ssddanbrown commented 1 year ago

Tracing the error through, I get the impression that query parameters are maybe not being handled here.

tedivo commented 1 year ago

Hi - thanks for the quick response.

The callback URL does not have a code parameter. https://docs.example.com/oidc/callback?error_description=invalid_scope&state=c50fdebacf62de85967a572bc94a06d0&error=invalid_request

I'm using Apache web server. which config are you looking for? The apache2.conf or the site conf?

ssddanbrown commented 1 year ago

@tedivo That's okay, don't need the server config now based on the URL.

So AWS cognito is returning an "invalid scope" error. By default BookStack will request the openid, profile & email scopes, not sure what is tripping AWS cognito here. If you've set the OIDC_ADDITIONAL_SCOPES option that could also affect things here.

tedivo commented 1 year ago

That was it - perfect! Thank you.

Can you please update the documentation with the scopes that are used by default?

tedivo commented 1 year ago

@ssddanbrown - Sorry, one further issue downstream. The login screen from Cognito is now being displayed but once I authenticate, the callback URL is displaying JSON on screen instead of taking me back into the BookStackApp.

Callback URL https://docs.example.com/oidc/callback?code=2f97bb4a-0eda-4330-93cd-f2ba110bcb95&state=80b51548034bd69f9c36935f50f71e98

JSON displayed {"at_hash":"iFxK7gMu60p_L-DhSyJAFg","sub":"e958c733-1666-40bb-acdf-9dfea40fc714","email_verified":true,"custom:organization_id":"43eb4c8f-234d-4b29-89b6-000000000000","iss":"https:\/\/cognito-idp.us-west-1.amazonaws.com\/us-west-1_cEGDILpY4","cognito:username":"e958c733-1666-40bb-acdf-9dfea40fc714","origin_jti":"b853717e-9588-4c3a-8d3b-372fb1839f1a","aud":"4kb2r55a3c0flt8p9fircvfag3","event_id":"116d622b-5868-4841-99e6-5bf88bf60918","token_use":"id","auth_time":1670022961,"name":"Mark","exp":1670026561,"iat":1670022961,"family_name":"PTL","jti":"a1c94201-6bba-4da9-8cb6-2835d8d3aa2e","email":"mark@example.com"}

ssddanbrown commented 1 year ago

@tedivo Do you currently have the OIDC_DUMP_USER_DETAILS option set to true?

tedivo commented 1 year ago

Yes - I did :-(

I'm sorry. Set to false and it works perfectly now!