Closed zxdzxd closed 3 years ago
level=error msg="Invalid 'state' parameter provided: not found"
# The base path of dex and the external name of the OpenID Connect service.
# This is the canonical URL that all clients MUST use to refer to dex. If a
# path is provided, dex's HTTP service will listen at a non-root URL.
issuer: http://127.0.0.1:5556/dex
# The storage configuration determines where dex stores its state. Supported
# options include SQL flavors and Kubernetes third party resources.
#
# See the storage document at Documentation/storage.md for further information.
storage:
type: sqlite3
config:
file: examples/dex.db
# Configuration for the HTTP endpoints.
web:
http: 0.0.0.0:5556
# Uncomment for HTTPS options.
# https: 127.0.0.1:5555
# tlsCert: /etc/dex/server.crt
# tlsKey: /etc/dex/server.key
# Uncomment this block to enable the gRPC API. This values MUST be different
# from the HTTP endpoints.
# grpc:
# addr: 127.0.0.1:5557
# tlsCert: examples/grpc-client/server.crt
# tlsKey: examples/grpc-client/server.key
# tlsClientCA: /etc/dex/client.crt
# Uncomment this block to enable configuration for the expiration time durations.
# expiry:
# signingKeys: "6h"
# idTokens: "24h"
# Options for controlling the logger.
# logger:
# level: "debug"
# format: "text" # can also be "json"
# Instead of reading from an external storage, use this list of clients.
#
# If this option isn't chosen clients may be added through the gRPC API.
staticClients:
- id: 6c0971e3c5016f020e0f
redirectURIs:
- 'http://127.0.0.1:5556/dex/callback'
name: 'Github'
secret: 5dd8069b23820aaad1afb6c215f6eb5cd72f33c2
connectors:
#- type: mockCallback
# id: mock
# name: Example
- type: github
id: github
name: Github
config:
issuer: http://127.0.0.1:5556/dex
# # Connector config values starting with a "$" will read from the environment.
clientID: 6c0971e3c5016f020e0f
clientSecret: 5dd8069b23820aaad1afb6c215f6eb5cd72f33c2
redirectURI: http://127.0.0.1:5556/dex/callback
# Let dex keep a list of passwords which can be used to login to dex.
enablePasswordDB: true
# A static list of passwords to login the end user. By identifying here, dex
# won't look in its underlying storage for passwords.
#
# If this option isn't chosen users may be added through the gRPC API.
#staticPasswords:
#- email: "admin@example.com"
# bcrypt hash of the string "password"
# hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
# username: "admin"
# userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
this is config-dev.yaml file is the config file correct ? how can i remove above error ?
@zxdzxd Please specify which version of dex you are using.
dex master
@rithujohn191 i am getting similar error as in issue #944 https://github.com/coreos/dex/issues/944
while i am working to implement it for github using sqlite 3
@zxdzxd are you trying to follow the getting started docs and implement the example app? In that case the values under staticClients
is wrong. You seem to have provided the GitHub client credentials. It should be changed to the following:
staticClients:
- id: example-app
redirectURIs:
- 'http://127.0.0.1:5555/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
You can find the source code of the example app here: https://github.com/coreos/dex/tree/master/cmd/example-app
thank you for response @rithujohn191 github id provider is working now
but when similar configuration change i did for Gitlab
i get following error
time="2017-05-18T10:37:53Z" level=error msg="Failed to authenticate: gitlab: failed to get token: oauth2: cannot fetch token: 401 Unauthorized\nResponse: {\"error\":\"invalid_client\",\"error_description\":\"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.\"}"
Failed to return user's identity.
it is generated from here https://github.com/coreos/dex/blob/master/server/handlers.go#L379
my config-dev.yaml codes for connector
connectors:
#- type: mockCallback
# id: mock
# name: Example
- type: gitlab
id: gitlab
name: Gitlab
config:
baseURL: https://www.gitlab.com
issuer: http://127.0.0.1:5556/dex
# # Connector config values starting with a "$" will read from the environment.
clientID: gitlab client id
clientSecret: gitlab client secret
redirectURI: http://127.0.0.1:5556/dex/callback
please help me solve the error
+1 I have the same issue with google go_projects/src/github.com/coreos/dex$ bin/dex version dex Version: 15242a86b83058d0b3409a304320878006e1c3c6 Go Version: go1.8.3 Go OS/ARCH: darwin amd64
109 - type: oidc
110 id: google
111 name: Google
112 config:
113 # Canonical URL of the provider, also used for configuration discovery.
114 # This value MUST match the value returned in the provider config discovery.
115 #
116 # See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
117 issuer: https://accounts.google.com
118
119 # Connector config values starting with a "$" will read from the environment.
120 clientID: my_client_id
121 clientSecret: my_secret
122
123 # Dex's issuer URL + "/callback"
124 redirectURI: http://127.0.0.1:8080/dex/callback
@tfluehmann have you followed the instructions here to register your app with gitlab? Do the callback URLs match?
@rithujohn191 No, I follwed the instructions here: https://github.com/coreos/dex/blob/master/Documentation/oidc-connector.md But in the google interface I've whitelisted the callback url http://127.0.0.1:8080/dex/callback. The downloaded JSON from google looks like this:
{"web":
{"client_id":"xyz",
"project_id":"eighth-beacon-100622",
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"client_secret":"xyz",
"redirect_uris":["http://127.0.0.1:8080/dex/callback"],
"javascript_origins":["http://localhost","http://127.0.0.1"]
}
}
I tried to follow this page: https://developers.google.com/identity/protocols/OpenIDConnect
might wanna cycle your github oauth app credentials
I'm also seeing the same on Gitlab:
My connector configuration for gitlab in my dex configuration:
- type: gitlab
id: gitlab
name: Gitlab
config:
baseURL: https://www.gitlab.com
clientID: $GITLAB_CLIENT_ID
clientSecret: $GITLAB_SECRET
redirectURI: http://127.0.0.1:5556/dex/callback
Gitlab configuration (e.g. https://gitlab.com/oauth/applications/12345)
Application Id: [GITLAB_CLIENT_ID] Secret: [GITLAB_SECRET] Callback url: http://127.0.0.1:5556/dex/callback Scopes: api (Access your API) read_user (Read user information) read_registry (Read Registry) openid (Authenticate using OpenID Connect)
console error:
"Failed to authenticate: gitlab: failed to get token: oauth2: cannot fetch token: 401 Unauthorized Response: {\"error\":\"invalid_client\",\"error_description\":\"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.\"}"
When currently logged in (e.g. in another tab)
@derekjwilliams please try to set baseURL: https://gitlab.com instead of https://www.gitlab.com, it may work
@goby @rithujohn191 having the same issue with Azure AD, any workarounds ?
I have the same issue with Google :(
@tuwid did you ever find a solution when using Azure ?
@brondum nope :/
I also encountered this issue today, the reason is because the redirect uri is wrong.
The redirect uri in both dex config.yaml and example-app start flag is the example-app redirect URI, not the dex server URI.
This is quite an old issue. Google and OIDC connectors are actively used in production by multiple users, so if there was a bug, it might have been fixed in the meantime. If you still experience this problem, please open a new issue.
@ericchiang can you give detailed steps on how to implement github using dex i am getting certain error as "unable to connect github"