search

aj-foster / identity

Rapid authentication for new Elixir projects
MIT License
9 stars 2 forks source link

Changeset error when using with Github App #3

Closed yujonglee closed 2 days ago

yujonglee commented 1 month ago

Everything works fine when I use Github OAuth App, but when I provide config from Github App, I got this error while handling callback:

[warning] Error during OAuth callback:
#Ecto.Changeset<action: :insert, changes: %{user: #Ecto.Changeset<action: :insert, changes: %{}, errors: [], data: #Identity.User<>, valid?: true>, token: "ghu_tbmQSuinq0KWNgOOuZaMpbQnmlhnX60E0CUs", provider: "github", scopes: [], last_active_at: ~U[2024-05-24 03:38:37.036640Z], provider_id: "61503739"}, errors: [expires_at: {"is invalid", [type: :utc_datetime_usec, validation: :cast]}], data: #Identity.Schema.OAuthLogin<>, valid?: false>

More context:

[info] Sent 200 in 380µs
[info] GET /auth/github
[debug] Processing with Identity.Controller.oauth_request/2
  Parameters: %{"provider" => "github"}
  Pipelines: [:browser]
[info] Sent 302 in 624µs
[debug] Identity.Controller halted in Ueberauth.call/2
[info] GET /auth/github/callback
[debug] Processing with Identity.Controller.oauth_callback/2
  Parameters: %{"code" => "d3e90aaebc392261e950", "provider" => "github", "state" => "uoNqWg6K8EoNNu7QilvHfUuO"}
  Pipelines: [:browser]
[debug] QUERY OK source="user_oauth_logins" db=8.6ms queue=2.1ms idle=1335.6ms
SELECT u0."id", u0."expires_at", u0."last_active_at", u0."provider", u0."provider_id", u0."scopes", u0."token", u0."user_id", u0."inserted_at", u1."id" FROM "user_oauth_logins" AS u0 INNER JOIN "users" AS u1 ON u1."id" = u0."user_id" WHERE ((u0."provider" = $1) AND (u0."provider_id" = $2)) ["github", "61503739"]
↳ Identity.create_or_update_oauth/2, at: lib/identity.ex:879
[warning] Error during OAuth callback:
#Ecto.Changeset<action: :insert, changes: %{user: #Ecto.Changeset<action: :insert, changes: %{}, errors: [], data: #Identity.User<>, valid?: true>, token: "ghu_tbmQSuinq0KWNgOOuZaMpbQnmlhnX60E0CUs", provider: "github", scopes: [], last_active_at: ~U[2024-05-24 03:38:37.036640Z], provider_id: "61503739"}, errors: [expires_at: {"is invalid", [type: :utc_datetime_usec, validation: :cast]}], data: #Identity.Schema.OAuthLogin<>, valid?: false>
[info] Sent 302 in 1571ms
yujonglee commented 1 month ago

Feel free to close it if it is not a problem from Identity side. Still not sure how this only happens with Github App, not Oauth App.

aj-foster commented 2 days ago

I believe this issue is due to the different way that GitHub Apps handle user tokens. After looking into this further, I think Identity can only support GitHub OAuth apps at this time. Apps use a different (better) token expiration policy that would require additional work to support. For now it's probably outside the scope of Identity, but could be adapted later.