Closed mitya12342 closed 2 years ago
@mitya12342: Have you registered the console as an oauth client in the database?
@KrishnaIyer Sure Just to clarify I did run
SERVER_ADDRESS=https://x.x.x.x
ID=console
NAME=Console
CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
REDIRECT_URI=${SERVER_ADDRESS}/console/oauth/callback
REDIRECT_PATH=/console/oauth/callback
LOGOUT_REDIRECT_URI=${SERVER_ADDRESS}/console
LOGOUT_REDIRECT_PATH=/console
where x.x.x.x is my server ip
and xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx is random but the same as i put into console.oauth.client-secret
of ttn-lw-stack-docker.yml
I also tried keeping it console
then after running
sudo docker-compose run --rm stack is-db create-oauth-client \
--id ${ID} \
--name "${NAME}" \
--owner admin \
--secret "${CONSOLE_SECRET}" \
--redirect-uri "${REDIRECT_URI}" \
--redirect-uri "${REDIRECT_PATH}" \
--logout-redirect-uri "${LOGOUT_REDIRECT_URI}" \
--logout-redirect-uri "${LOGOUT_REDIRECT_PATH}"
I got
Creating network "thingsstack_default" with the default driver
Creating thingsstack_redis_1 ... done
Creating thingsstack_postgres_1 ... done
Creating thingsstack_stack_run ... done
INFO Connecting to Identity Server database...
INFO Updating OAuth client...
INFO Updated OAuth client {"secret": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"}
INFO Setting owner rights...
INFO Set owner rights
DEBUG No new version available
Do I need to set given secret aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
somewhere?
Thanks for your help!
where x.x.x.x is my server ip and xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx is random but the same as i put into console.oauth.client-secret of ttn-lw-stack-docker.yml
The client secret that you register for the console (--secret "${CONSOLE_SECRET}"
) should be the same as the value used in the --console.oauth.client-secret
.
Have you done that?
Got it working
There is a typo in https://www.thethingsindustries.com/docs/getting-started/installation/running-the-stack/#initialization I haven't noticed it until i typed everything by hand without copying it with variables It sets CLIENT_SECRET and then passes CONSOLE_SECRET
Summary
I am trying to set up opensource edition of self-hosted things stack. I am using self-signed certificate with own CA and public IP address (no domain name). After following the tutorial, I am able to log into admin account and /oauth interface, but not into the console, I am getting
Login failed
message.Steps to Reproduce
I have used example open-source config files. I am using IP address, so I replaced all
thethings.example.com
with server ip, placed correctly renamed ca, cert and key, commented and uncommented mentioned tls config sections, generated cookie keys. I can provide address of my installation if needed.According to Troubleshooting Installation Token Exchange Refused section:
client-secret
(I have tried keeping itconsole
and generating withopenssl rand -hex 32
)openssl verify -CAfile ca.pem cert.pem
; BUT it is only true for my own test CA/certs and fresh CA/certs generated by openssl. Method with cfssl from docs produces CA/certificates giving error4-5. I am running with own CA.
I have tried to recreate everything with latest (3.22.0) and previous (3.21.2) version of docker container. Behaviours are the same.
Current Result
When logging in, I get
Login failed
message with following details:And following messages in server log
I can provide full logs with debug verbosity if needed. Are there any way to display more details about oauth errors?
Expected Result
Successful console login
Relevant Logs
No response
URL
/console
Deployment
The Things Stack Open Source (self-hosted)
The Things Stack Version
3.22.0
Client Name and Version
Other Information
No response
Proposed Fix
No response
Contributing
Code of Conduct