search

XSEDE / oauth-ssh

SSH with Globus Auth
Apache License 2.0
28 stars 11 forks source link

400 Client Error: Bad Request for url when trying to authorize a token #78

Closed jtfalgout closed 1 year ago

jtfalgout commented 1 year ago

Working on getting this going on a RHEL 8.7 system and have an installable RPM and what I think are the right pam modules (at least for testing).

I'm trying to authorize a token from a client with:

oauth-ssh-token authorize hostname.foo.com --identity xxxxx.xxxxx.xxxxx.xxxxxx

But get the error:

Traceback (most recent call last):
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/oauth_ssh/globus_auth.py", line 40, in _perform_request
    r.raise_for_status()
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://auth.globus.org/v2/api/identities?usernames=xxxxx.xxxxx.xxxxx.xxxxxx

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/jfalgout/Library/Python/3.10/bin/oauth-ssh-token", line 8, in <module>
    sys.exit(oauth_ssh_token())
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/oauth_ssh/oauth_ssh_token.py", line 88, in wrapper
    func(*args, **kw)
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/oauth_ssh/oauth_ssh_token.py", line 134, in token_authorize
    identity = Auth.lookup_identity(identity)
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/oauth_ssh/globus_auth.py", line 81, in lookup_identity
    identities = _authenticated_request(requests.get, path).json()
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/oauth_ssh/globus_auth.py", line 73, in _authenticated_request
    return _perform_request(method,
  File "/Users/jfalgout/Library/Python/3.10/lib/python/site-packages/oauth_ssh/globus_auth.py", line 42, in _perform_request
    raise GlobusAuthError(e.message)
AttributeError: 'HTTPError' object has no attribute 'message'

It's possible I am using the wrong client-id as the docs for Globus predate the current version and creating an application/project. If I grab either the client uuid of the project or uuid of the credentials, I get the same error.

I suspect the authentication call is to the wrong Globus URL since some substantial changes were made over the last year or so.

Jeff

jtfalgout commented 1 year ago

It looks like the oauth-ssh client you pull down from PIP doesn't include the client-id option. I'm now using the client downloaded from this repo and the option is there.