Closed Vad1mo closed 6 years ago
I finally found the logs as they where located in the edge region where the requests comes from and not where lambda function is.
However I now inspected the logs and receive bad-verification-code back from GitHub. Which is strange. I verified that the ID and Secret they are both correct transmitted to github.
data: 'error=bad_verification_code&error_description=The+code+passed+is+incorrect+or+expired.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-oauth-app-access-token-request-errors%2F%23bad-verification-code'
What might be the problem?
Just to make sure I understand this correctly, the library was working as expected earlier, but you are now receiving a bad verification code error?
Issue 11 had a no code found error. It may be helpful to read my response there although this issue isn't exactly the same. I would suggest trying out the debugger so we can verify which steps are occuring as expected and where it falls apart https://github.com/Widen/cloudfront-auth/wiki/Debug-&-Test.
I had a static website (just an index.html) that is working correctly without auth. So far I couldn't make the edge auth part work. Because I see No code or state found.
and because I am not redirected to Github to login.
I have a naked domain let call it sandbox.com
that contains a static website. Now I want to put the whole website behind the github.
{
"AUTH_REQUEST": {
"client_id": "8ef9551f809d9c4cf65a",
"redirect_uri": "https://sandbox.com/_callback",
"scope": "read:org user:email"
},
"TOKEN_REQUEST": {
"client_id": "8ef9551f809d9c4cfxxx",
"client_secret": "xxxxx",
"redirect_uri": "https://sandbox.com/_callback"
},
"DISTRIBUTION": "E1MCTRP3Z03ANB",
"AUTHN": "GITHUB",
"PRIVATE_KEY": "-----BEGIN RSA PRIVATE KEY-----OMITTED-----END RSA PRIVATE KEY-----\n",
"PUBLIC_KEY": "-----BEGIN PUBLIC KEY-----OMITTED-----END PUBLIC KEY-----\n",
"SESSION_DURATION": 36000,
"CALLBACK_PATH": "/",
"ORGANIZATION": "a-team",
"AUTHORIZATION_ENDPOINT": "https://github.com/login/oauth/authorize",
"TOKEN_ENDPOINT": "https://github.com/login/oauth/access_token"
}
GitHub is configured to redirect to https://sandbox.com/_callback
as well.
This are the logs:
15:01:40 START RequestId: 434a4a98-af8a-11e8-9667-51404dd513da Version: 15
15:01:40 2018-09-03T15:01:40.417Z 434a4a98-af8a-11e8-9667-51404dd513da Starting Authorization Process
15:01:40 2018-09-03T15:01:40.452Z 434a4a98-af8a-11e8-9667-51404dd513da Callback from GitHub received:
15:01:40 2018-09-03T15:01:40.471Z 434a4a98-af8a-11e8-9667-51404dd513da Requesting access token.
15:01:40 2018-09-03T15:01:40.805Z 434a4a98-af8a-11e8-9667-51404dd513da { status: 200, statusText: 'OK', headers: { server: 'GitHub.com', date: 'Mon, 03 Sep 2018 15:01:40 GMT', 'content-type': 'application/x-www-form-urlencoded; charset=utf-8', 'transfer-encoding': 'chunked', connection: 'close', status: '200 OK', 'cache-control': 'no-cache', vary: 'X-PJAX', '
15:01:40 END RequestId: 434a4a98-af8a-11e8-9667-51404dd513da
15:01:40 REPORT RequestId: 434a4a98-af8a-11e8-9667-51404dd513da Duration: 435.39 ms Billed Duration: 450 ms Memory Size: 128 MB Max Memory Used: 28 MB
This is the full request and response from github.
{
status: 200,
statusText: 'OK',
headers: {
server: 'GitHub.com',
date: 'Mon, 03 Sep 2018 15:01:40 GMT',
'content-type': 'application/x-www-form-urlencoded; charset=utf-8',
'transfer-encoding': 'chunked',
connection: 'close',
status: '200 OK',
'cache-control': 'no-cache',
vary: 'X-PJAX',
'set-cookie': ['has_recent_activity=1; path=/; expires=Mon, 03 Sep 2018 16:01:40 -0000',
'ignored_unsupported_browser_notice=false; path=/'
],
'x-request-id': 'f757a913-0291-4ffb-88ce-9fd90eebd465',
'x-runtime': '0.014039',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
'x-frame-options': 'deny',
'x-content-type-options': 'nosniff',
'x-xss-protection': '1; mode=block',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
'expect-ct': 'max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"',
'content-security-policy': 'default-src \'none\'; base-uri \'self\'; block-all-mixed-content; connect-src \'self\' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action \'self\' github.com gist.github.com; frame-ancestors \'none\'; frame-src render.githubusercontent.com; img-src \'self\' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src \'self\'; media-src \'none\'; script-src assets-cdn.github.com; style-src \'unsafe-inline\' assets-cdn.github.com',
'x-runtime-rack': '0.021058',
'x-github-request-id': 'BCB2:5E22:1573B36:28FF82C:5B8D4CD4'
},
config: {
adapter: [Function: httpAdapter],
transformRequest: {
'0': [Function: transformRequest]
},
transformResponse: {
'0': [Function: transformResponse]
},
timeout: 0,
xsrfCookieName: 'XSRF-TOKEN',
xsrfHeaderName: 'X-XSRF-TOKEN',
maxContentLength: -1,
validateStatus: [Function: validateStatus],
headers: {
Accept: 'application/json, text/plain, */*',
'Content-Type': 'application/x-www-form-urlencoded',
'User-Agent': 'axios/0.17.1',
'Content-Length': 156
},
method: 'post',
url: 'https://github.com/login/oauth/access_token',
data: 'client_id=8ef9551f809d9c4cfXXX&client_secret=XXXX&redirect_uri=https%3A%2F%2Fsandbox.com%2F_callback&code=&state='
},
request: ClientRequest {
domain: null,
_events: {
socket: [Object],
abort: [Function],
aborted: [Function],
error: [Function],
timeout: [Function],
prefinish: [Function: requestOnPrefinish]
},
_eventsCount: 6,
_maxListeners: undefined,
output: [],
outputEncodings: [],
outputCallbacks: [],
outputSize: 0,
writable: true,
_last: true,
upgrading: false,
chunkedEncoding: false,
shouldKeepAlive: false,
useChunkedEncodingByDefault: true,
sendDate: false,
_removedHeader: {
'content-length': false
},
_contentLength: null,
_hasBody: true,
_trailer: '',
finished: true,
_headerSent: true,
socket: TLSSocket {
_tlsOptions: [Object],
_secureEstablished: true,
_securePending: false,
_newSessionPending: false,
_controlReleased: true,
_SNICallback: null,
servername: null,
npnProtocol: undefined,
alpnProtocol: false,
authorized: true,
authorizationError: null,
encrypted: true,
_events: [Object],
_eventsCount: 9,
connecting: false,
_hadError: false,
_handle: null,
_parent: null,
_host: 'github.com',
_readableState: [Object],
readable: false,
domain: null,
_maxListeners: undefined,
_writableState: [Object],
writable: false,
allowHalfOpen: false,
destroyed: true,
_bytesDispatched: 375,
_sockname: null,
_pendingData: null,
_pendingEncoding: '',
server: undefined,
_server: null,
ssl: null,
_requestCert: true,
_rejectUnauthorized: true,
parser: null,
_httpMessage: [Circular],
read: [Function],
_consuming: true,
_idleNext: null,
_idlePrev: null,
_idleTimeout: -1
},
connection: TLSSocket {
_tlsOptions: [Object],
_secureEstablished: true,
_securePending: false,
_newSessionPending: false,
_controlReleased: true,
_SNICallback: null,
servername: null,
npnProtocol: undefined,
alpnProtocol: false,
authorized: true,
authorizationError: null,
encrypted: true,
_events: [Object],
_eventsCount: 9,
connecting: false,
_hadError: false,
_handle: null,
_parent: null,
_host: 'github.com',
_readableState: [Object],
readable: false,
domain: null,
_maxListeners: undefined,
_writableState: [Object],
writable: false,
allowHalfOpen: false,
destroyed: true,
_bytesDispatched: 375,
_sockname: null,
_pendingData: null,
_pendingEncoding: '',
server: undefined,
_server: null,
ssl: null,
_requestCert: true,
_rejectUnauthorized: true,
parser: null,
_httpMessage: [Circular],
read: [Function],
_consuming: true,
_idleNext: null,
_idlePrev: null,
_idleTimeout: -1
},
_header: 'POST /login/oauth/access_token HTTP/1.1\r\nAccept: application/json, text/plain, */*\r\nContent-Type: application/x-www-form-urlencoded\r\nUser-Agent: axios/0.17.1\r\nContent-Length: 156\r\nHost: github.com\r\nConnection: close\r\n\r\n',
_headers: {
accept: 'application/json, text/plain, */*',
'content-type': 'application/x-www-form-urlencoded',
'user-agent': 'axios/0.17.1',
'content-length': 156,
host: 'github.com'
},
_headerNames: {
accept: 'Accept',
'content-type': 'Content-Type',
'user-agent': 'User-Agent',
'content-length': 'Content-Length',
host: 'Host'
},
_onPendingData: null,
agent: Agent {
domain: null,
_events: [Object],
_eventsCount: 1,
_maxListeners: undefined,
defaultPort: 443,
protocol: 'https:',
options: [Object],
requests: {},
sockets: [Object],
freeSockets: {},
keepAliveMsecs: 1000,
keepAlive: false,
maxSockets: Infinity,
maxFreeSockets: 256,
maxCachedSessions: 100,
_sessionCache: [Object]
},
socketPath: undefined,
timeout: undefined,
method: 'POST',
path: '/login/oauth/access_token',
_ended: true,
_redirectable: Writable {
_writableState: [Object],
writable: true,
domain: null,
_events: [Object],
_eventsCount: 2,
_maxListeners: undefined,
_options: [Object],
_redirectCount: 0,
_requestBodyLength: 156,
_requestBodyBuffers: [],
_onNativeResponse: [Function],
_currentRequest: [Circular],
_currentUrl: 'https://github.com/login/oauth/access_token'
},
parser: null,
res: IncomingMessage {
_readableState: [Object],
readable: false,
domain: null,
_events: [Object],
_eventsCount: 3,
_maxListeners: undefined,
socket: [Object],
connection: [Object],
httpVersionMajor: 1,
httpVersionMinor: 1,
httpVersion: '1.1',
complete: true,
headers: [Object],
rawHeaders: [Object],
trailers: {},
rawTrailers: [],
upgrade: false,
url: '',
method: null,
statusCode: 200,
statusMessage: 'OK',
client: [Object],
_consuming: true,
_dumped: false,
req: [Circular],
responseUrl: 'https://github.com/login/oauth/access_token',
read: [Function]
}
},
data: 'error=bad_verification_code&error_description=The+code+passed+is+incorrect+or+expired.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-oauth-app-access-token-request-errors%2F%23bad-verification-code'
}
the CALLBACK_PATH was not set matching the redirect. Its kind of confusing all the redundant setting sin the config.json
. However it works now.
Thank you for the feedback! I'm glad you were able to get it working.
thank you for the library.
I have a problem that I receive a 401 error with
No code or state found.
I also don't see anything in the logs except the Test that I execute on the lambda.The website was already setup and working with cloudfront. I have the feeling that the lambda isn't triggered or there are any logs. Do you have an idea what that could be?