GitLab OAuth results in Error in OAuth Server: Failed to complete OAuth handshake

[Br-ian]

Description:

Using OAuth with a self-hosted GitLab instance results in Error in OAuth Server: Failed to complete OAuth handshake. Thus, my users cannot use their GitLab account to login on Rocket.Chat

Steps to reproduce:

1. Go to Settings -> OAuth -> GitLab
2. Use the following settings:
   • OAuth Enabled: enabled
   • GitLab URL: https://gitlab./
   • GitLab ID: ID from GitLab's OAuth applications (https://gitlab./admin/applications)
   • GitLab Secret Secret from GitLab's OAuth applications (https://gitlab./admin/applications)
   • Identity Path: /api/v4/user
   • Merge Users: disabled
   • GitLab Callback URL: https://chat./_oauth/gitlab
3. Save changes, logout, click on the GitLab button
4. Window opens, pointing to: https://gitlab./users/sign_in, fill in login details, click on Login
5. GitLab shows authorize dialog (https://gitlab./authorize), I click on authorize and the window closes
6. Instead, Rocket.Chat shows an [undefined] error in the browser.

Expected behavior:

I expect to be able to authenticate my users against my self-hosted GitLab using OAuth.

Actual behavior:

Server returns a 404 not found: Error in OAuth Server: Failed to complete OAuth handshake with gitlab at https://gitlab./oauth/token. failed [404] 404 page not found

Browser shows an error message: [undefined]

Server Setup Information:

• Version of Rocket.Chat Server: 3.13.1
• Operating System: Ubuntu 18.04.5 LTS
• Deployment Method: docker
• Number of Running Instances: 1
• DB Replicaset Oplog: enabled
• NodeJS Version: 12.21.0
• MongoDB Version: 4.4.5

Client Setup Information

• Desktop App or Browser Version: Google Chrome Version 89.0.4389.114 (Official Build) (64-bit)
• Operating System: Windows 10 Pro 19042.867

Additional context

My setup is behind a Traefik SSL proxy.

OAuth Application in GitLab:

• Callback URL: https://chat./_oauth/gitlab
• Trusted: Y
• Confidential: Y
• Scopes: read_user

When I test with https://oauthdebugger.com/ everything works, POST https://gitlab.<my.domain>/oauth/token (with the correct key/values) results in

{
    "access_token": "<token>",
    "token_type": "Bearer",
    "refresh_token": "<token>",
    "scope": "read_user",
    "created_at": 1618326157
}

Relevant logs:

Server:

{"line":"405","file":"oauth_server.js","message":"Error in OAuth Server: Failed to complete OAuth handshake with gitlab at https://gitlab.<my.domain>/oauth/token. failed [404] 404 page not found ","time":{"$date":1618321817770},"level":"warn"}

Brower:

{"isClientSafe":true,"message":"[undefined]","errorType":"Meteor.Error"}

[johncrisp]

Thanks for the comprehensive report.

I think the error might be here:

Failed to complete OAuth handshake with gitlab at >https://gitlab./oauth/token. failed [404] 404 page not found

I think you need to check your gitlab access to that URL.

Please close this issue if you resolve the problem.