search

gobuffalo / buffalo

Rapid Web Development w/ Go
http://gobuffalo.io
MIT License
8.07k stars 573 forks source link

Using the --api flag for "buffalo new" prevents the buffalo-goth plugin from working after route generation #2342

Closed astoicnick closed 1 year ago

astoicnick commented 1 year ago

Description

Hello, I have discovered that by using the --api flag when generating a new buffalo app, it is adding an option to the buffalo.New() call in app.go(approximately line 46). The setting, "SessionStore: sessions.Null{}", prevents the buffalo-goth callback from working as expected. After generating the routes from the buffalo-goth plugin for Google, if you add your secret and clientId it will successfully redirect you to Google's consent screen. After gathering consent, Google is redirecting the user to /auth/google/callback. It is at this point that the error message "could not find a matching session for this request". If I remove the "SessionStore: sessions.Null{}" from app.go, the callback works as expected.

Additional details are below, but my question is this: should the "SessionStore: sessions.Null{}" still be there despite this issue? If it shouldn't be there, can I go try and fix it and submit a PR?

To Reproduce

What I did to get successful goth process on first try:

  1. I created a new buffalo app by running "buffalo new google_goth_sample"
  2. I installed the buffalo-goth plugin, and ran 'buffalo g goth google'
  3. I added my secret and key to the .env file, as well as adding "ADDR=127.0.0.1"
  4. I ran buffalo dev, and the callback worked right off the bat How to reproduce the issue I'm running into:
  5. Create a buffalo app with the --api flag, "buffalo new google_goth_api_sample --api"
  6. install the buffalo-goth plugin, and run 'buffalo g goth google'
  7. Add the secret, key, and addr variables to the .env file, same as above
  8. run buffalo dev, and after google redirects you from the constent screen, you should see the same error message I've seen, which is a 401 status code with the following JSON:

{ "error": "could not find a matching session for this request", "trace": "could not find a matching session for this request", "code": 401 }

Additional Context

Details

``` Paste the output of `buffalo info` here! ``` `Pwd C:\Users\nicho\go\src\github.com\astoicnick\goth_api Root C:\Users\nicho\go\src\github.com\astoicnick\goth_api GoPath C:\Users\nicho\go PackagePkg goth_api ActionsPkg goth_api/actions ModelsPkg goth_api/models GriftsPkg goth_api/grifts WithModules true Name goth_api Bin bin\goth_api VCS git WithPop true WithSQLite false WithDep false WithWebpack false WithNodeJs false WithYarn false WithDocker true WithGrifts true AsWeb false AsAPI true InApp true PackageJSON {map[]} -> Buffalo: config/buffalo-app.toml name = "goth_api" bin = "bin\\goth_api" vcs = "git" with_pop = true with_sqlite = false with_dep = false with_webpack = false with_nodejs = false with_yarn = false with_docker = true with_grifts = true as_web = false as_api = true -> Buffalo: config/buffalo-plugins.toml [[plugin]] binary = "buffalo-goth" go_get = "github.com/gobuffalo/buffalo-goth@latest" [[plugin]] binary = "buffalo-pop" go_get = "github.com/gobuffalo/buffalo-pop/v3@latest" -> Buffalo: go.mod module goth_api go 1.19 require ( github.com/gobuffalo/buffalo v1.0.1 github.com/gobuffalo/buffalo-pop/v3 v3.0.6 github.com/gobuffalo/envy v1.10.2 github.com/gobuffalo/grift v1.5.2 github.com/gobuffalo/mw-contenttype v1.0.1 github.com/gobuffalo/mw-forcessl v1.0.1 github.com/gobuffalo/mw-i18n/v2 v2.0.2 github.com/gobuffalo/mw-paramlogger v1.0.1 github.com/gobuffalo/pop/v6 v6.0.8 github.com/gobuffalo/suite/v4 v4.0.3 github.com/gobuffalo/x v0.1.0 github.com/markbates/goth v1.74.1 github.com/rs/cors v1.8.2 github.com/unrolled/secure v1.13.0 ) require ( cloud.google.com/go v0.67.0 // indirect github.com/BurntSushi/toml v1.2.0 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect github.com/aymerick/douceur v0.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dustin/go-humanize v1.0.0 // indirect github.com/fatih/color v1.13.0 // indirect github.com/fatih/structs v1.1.0 // indirect github.com/felixge/httpsnoop v1.0.1 // indirect github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/go-sql-driver/mysql v1.6.0 // indirect github.com/gobuffalo/events v1.4.3 // indirect github.com/gobuffalo/fizz v1.14.4 // indirect github.com/gobuffalo/flect v0.3.0 // indirect github.com/gobuffalo/github_flavored_markdown v1.1.3 // indirect github.com/gobuffalo/helpers v0.6.7 // indirect github.com/gobuffalo/httptest v1.5.2 // indirect github.com/gobuffalo/logger v1.0.7 // indirect github.com/gobuffalo/meta v0.3.3 // indirect github.com/gobuffalo/mw-csrf v1.0.1 // indirect github.com/gobuffalo/nulls v0.4.2 // indirect github.com/gobuffalo/plush/v4 v4.1.16 // indirect github.com/gobuffalo/refresh v1.13.2 // indirect github.com/gobuffalo/tags/v3 v3.1.4 // indirect github.com/gobuffalo/validate/v3 v3.3.3 // indirect github.com/gofrs/uuid v4.3.0+incompatible // indirect github.com/golang/protobuf v1.4.2 // indirect github.com/gorilla/css v1.0.0 // indirect github.com/gorilla/handlers v1.5.1 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/gorilla/securecookie v1.1.1 // indirect github.com/gorilla/sessions v1.2.1 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect github.com/jackc/pgconn v1.13.0 // indirect github.com/jackc/pgio v1.0.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgproto3/v2 v2.3.1 // indirect github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect github.com/jackc/pgtype v1.12.0 // indirect github.com/jackc/pgx/v4 v4.17.2 // indirect github.com/jmoiron/sqlx v1.3.5 // indirect github.com/joho/godotenv v1.4.0 // indirect github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect github.com/luna-duclos/instrumentedsql v1.1.3 // indirect github.com/mattn/go-colorable v0.1.9 // indirect github.com/mattn/go-isatty v0.0.14 // indirect github.com/mattn/go-sqlite3 v1.14.15 // indirect github.com/microcosm-cc/bluemonday v1.0.20 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/monoculum/formam v3.5.5+incompatible // indirect github.com/nicksnyder/go-i18n v1.10.1 // indirect github.com/pelletier/go-toml v1.2.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rogpeppe/go-internal v1.9.0 // indirect github.com/sergi/go-diff v1.2.0 // indirect github.com/sirupsen/logrus v1.9.0 // indirect github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d // indirect github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e // indirect github.com/spf13/cobra v1.5.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/testify v1.8.0 // indirect golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect golang.org/x/net v0.0.0-20221002022538-bcab6841153b // indirect golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 // indirect golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0 // indirect golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 // indirect golang.org/x/text v0.3.7 // indirect google.golang.org/appengine v1.6.6 // indirect google.golang.org/protobuf v1.25.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect )`
sio4 commented 1 year ago

Questions for clarifying the situation:

  1. What is the purpose of the app and why did you add --api?
  2. If the app is an api service, how/why it works with OAuth social login that requires user interection and a session?

Or any additional information that could help us to understand the use case?

astoicnick commented 1 year ago

The purpose of the app is to be an authentication API. Ideally when a user logs into a website, they can choose from google sign in or our managed authentication. When they click the google sign in button, this authentication API will handle the callback and provide an access token that can be used to authenticate with any of the other web services we have.

I added --api because this application will need to return an access token to any client that calls it, and I don't want it to return an html page, I want it to return json.

After what you've said, I think you can close this out because it sounds like I don't fully understand how the social login will be used in the authentication API. Thank you