OIDC return gives "Internal server error"

[cap19]

I've tried both LTI and OIDC auth separately but it's not working for me. It gives 'Internal server error' for both. Port 443, 80, 400000-49999 are open through the firewall.

Google is the OIDC provider. I'm able to sign in successfully with Google and it returns back to my site but displays Internal server error. I've setup redirect_uri : 'https://client.example.com/auth/callback' correctly at Google and in config.js file in the server.

client.example.com was replaced my domain. Where should I look to troubleshoot?

Thanks!

[misi]

Check the errors on server logs. Try to add DEBUG=* in server environment and restart it to see verbose log. I have never tried with google, but I will try it.

[cap19]

I found this in the log...

Error: did not find expected authorization request details in session, req.session["oidc:myprovider.com"] is undefined

Where do I define this?

Here's my oidc from the server

oidc: { //issuerURL : 'https://accounts.google.com/', issuerURL : 'https://**myprovider.com**/', clientOptions : { client_id : '#################qSYlyraKivyhps', client_secret : '#################IDDKHdctkCyugwX', scope : 'openid email profile', //scope : 'openid', // where client.example.com is your multiparty meeting server redirect_uri : 'https://conference.domain.com/auth/callback' } }

[misi]

Check the logs. Please give me some time to test google auth in my system. From the error it seems something wrong with session hadling, check redis config and things connected to session handling.

[umasol]

Hi - first off, thanks for the great software.

I am also seeing "Internal server error" message. Log shows

Error: did not find expected authorization request details in session, req.session["oidc:XXXXXXXXXXXXX"] is undefined

Installed using docker on Ubuntu 18.04

[cap19]

Hi @misi - Google auth does not work as it does not allow client_secret in the auth request. It works with client_id only. When I comment out client_secret, MM errors out during auth request.

I've tired with different oidc test provider https://phantauth.net/_ but end up with req.session undefined in MM. __--

Anybody else in the community have any insights or suggestions?

[havfo]

Hi - first off, thanks for the great software.

I am also seeing "Internal server error" message. Log shows

Error: did not find expected authorization request details in session, req.session["oidc:XXXXXXXXXXXXX"] is undefined

Installed using docker on Ubuntu 18.04

I have encountered this error when I am testing and having multiple tabs open. Could you check that this is a problem when you clear all cookies and have only one tab open?

[umasol]

@havfo Cleared cookies and tried with one tab only in Chrome, Firefox and Edge, but the issue remains. Get the same error message in MM. Also, tried from another computer but same issue.

I tried both Docker and Manual install on fresh VPS on Ubuntu 18.04 and Debian 10.3.

Does OIDC require any special configs in redis or some other place besides server config.js file in the auth section?

[misi]

I added a new commit to develop and tested after this fix with google successfully. @cap19 I fixed this client_secret thing.

[misi]

did not find expected authorization request details in session when server can't find and mach data the returned on callback with the request data saved to session. const session = req.session[sessionKey]; Where sessionKey is oidc:${url.parse(this._issuer.issuer).hostname

@umasol Which auth provider do you use? I don't experience this error. I need more info, can you please help and send your config OIDC requires to be set the server.auth.oidc settings properly and enable auth on the user interface.

[cap19]

I added a new commit to develop and tested after this fix with google successfully. @cap19 I fixed this client_secret thing.

@misi - Google auth works now. Thanks a lot for the fix :)

I tested it and here's my observation: 1) on letsmeet.no the login icon shows on the second screen i.e. "Your Name" window, whereas on my install I see the login icon on both the first, "Room Name" screen and second, "Your Name" screen. I used the following in app config.js to enable the icon loginEnabled : true, Are there any other configs for this?

2) Can any non logged-in user (Guest) also Lock the room? I assumed it was something only a logged-in user would be able to do.

Thank you again! MM is super cool....

[misi]

@cap19 @umasol please let me know if you experience still any error with oidc. I will try to add an express error handler midleware to dump back the detailed error information in 500.

[misi]

1. You are right only you need to enable the app config, and also set the server config auth oidc part properly. Strange that you see the login window in the same window. Login should open a new window!
2. Any user can lock the room actually. It will change later, because we are thinking about how to modify it, if there is moderator in the room, maybe then normal users shouldn't have right to lock the room.

[cap19]

@cap19 @umasol please let me know if you experience still any error with oidc. I will try to add an express error handler midleware to dump back the detailed error information in 500.

@misi - Google auth works fine.

However, I'm still getting "Error: did not find expected authorization request details in session, req.session" for auth through a hosted site using orangeMini auth server. Chrome says "ERR too many redirects" (between oidc provider and MM) and eventually ends with req.session undefined error.

Detailed error information might be useful if it can shed more light on what's going on between the servers. Thank you!

[cap19]

1. You are right only you need to enable the app config, and also set the server config auth oidc part properly. Strange that you see the login window in the same window. Login should open a new window!
2. Any user can lock the room actually. It will change later, because we are thinking about how to modify it, if there is moderator in the room, maybe then normal users shouldn't have right to lock the room.

Regarding 1, let me clarify. The login window does open up in a new tab. I was referring to the login icon on two different screens in MM. It was just a minor difference I found in my install compared to letsmeet.no

Thanks for the heads-up on 2 potentially making into the product roadmap.

[cap19]

I downloaded the develop branch. The user role based features are powerful and among the best in the industry. The level of configuration it offers now is superb!

My 1 and 2 comment above are already addressed.

Very well done :)

[misi]

@cap19 Is there any open question here?

[cap19]

@cap19 @umasol please let me know if you experience still any error with oidc. I will try to add an express error handler midleware to dump back the detailed error information in 500.

@misi - not sure if the middleware error handler was added?

I don't have any open questions here.

[volkankoc]

@misi i have the same problem "Internal Server Error" logs Error: did not find expected authorization request details in session, req.session["oidc:accounts.google.com"] is undefined edumeet_1 | at /opt/eduvidyoluk/server/node_modules/openid-client/lib/passport_strategy.js:125:13 edumeet_1 | at OpenIDConnectStrategy.authenticate (/opt/eduvidyoluk/server/node_modules/openid-client/lib/passport_strategy.js:173:5) edumeet_1 | at attempt (/opt/eduvidyoluk/server/node_modules/passport/lib/middleware/authenticate.js:366:16) edumeet_1 | at authenticate (/opt/eduvidyoluk/server/node_modules/passport/lib/middleware/authenticate.js:367:7) edumeet_1 | at Layer.handle [as handle_request] (/opt/eduvidyoluk/server/node_modules/express/lib/router/layer.js:95:5) edumeet_1 | at next (/opt/eduvidyoluk/server/node_modules/express/lib/router/route.js:137:13) edumeet_1 | at Route.dispatch (/opt/eduvidyoluk/server/node_modules/express/lib/router/route.js:112:3) edumeet_1 | at Layer.handle [as handle_request] (/opt/eduvidyoluk/server/node_modules/express/lib/router/layer.js:95:5) edumeet_1 | at /opt/eduvidyoluk/server/node_modules/express/lib/router/index.js:281:22 edumeet_1 | at Function.process_params (/opt/eduvidyoluk/server/node_modules/express/lib/router/index.js:335:12)