Auth invalid client - Githubissues

petergrlica commented 1 year ago

Invalid client issue on auth screen pops-up now and then, investigate what the culprit is.

Some context: https://forum.cortezaproject.org/t/invalid-client-not-found-agian/981

Cause: This happens due to opening too many (>2) new tabs simultaneously. since all the request uses the same auth_session to authenticate, due to that once auth_session verifies clientID is removed from it, due to that auth flow fails for the others and result in invalid clientID(empty).

petergrlica commented 1 year ago

I do have an account with the same issue, if you need help with debugging, I can provide more info.

vicpatel commented 1 year ago

Working on Authorization token exchange on new tab.

Fajfa commented 1 year ago

@vicpatel Note down the necessary information that you found out to fix this issue

vicpatel commented 1 year ago

There are few possible solutuions to fix this:

Each new should have itw onw auth_session as of now there is one session per each login flow.
We start taking the considration on ms to resolve seassion values, auth flow.
We can make sure that it falls back to default clientID if user has just one active client, but not preferable for multiple client.

vicpatel commented 1 year ago

Updated description.

tjerman commented 1 year ago

Can't reproduce. The example Peter provided is for an old old version and it seems not relevant when updated to the latest version. Waiting for any replies on the forum thread.

github-actions[bot] commented 1 year ago

Stale issue message

avping commented 1 year ago

Im having the same issue. Im using non dockerized nginx and Im getting "internal error" on the first setup. however I can register and login, but without to access the admin page. sub.domain.com/ -> redirects to "/auth/oauth2/authorize?client_id=35808480891765145" -> internal error

I cannot see any authorized clients on the profile page. anyway its working with the nginx docker setup, but dont with the non dockerized nginx.

DEBUG   auth    handling request    {"url": "/auth/oauth2/default-client?redirect_uri=https://domain.domain.com/auth/callback&scope=profile%20api&state=shojyo9mtlo", "method": "GET"}
DEBUG   auth    handling request    {"url": "/auth/oauth2/authorize?client_id=358084808917651459&redirect_uri=SNIPDOMAIN%2Fauth%2Fcallback&response_mode=query&response_type=code&scope=profile+api&state=shojyo9mtlo", "method": "GET"}
DEBUG   auth    starting new oauth2 authorization flow  {"params": {"client_id":["358084808917651459"],"redirect_uri":["https://SNIPDOMAIN.comauth/callback"],"response_mode":["query"],"response_type":["code"],"scope":["profile api"],"state":["shojyo9mtlo"]}}
ERROR   auth    error in handler    {"error": "invalid client: not found"}

.env:

DOMAIN=sub.domain.com
VERSION=2023.3.7
LETSENCRYPT_HOST=sub.domain.com
HTTP_WEBAPP_ENABLED=true

also not working: HTTP_SSL_TERMINATED=true, without letsencrypt_host and virtual_host instead

github-actions[bot] commented 9 months ago

Stale issue message

github-actions[bot] commented 2 weeks ago

Stale issue message

cortezaproject / corteza

Auth invalid client #1171