Open pontaoski opened 5 months ago
May 16 16:54:49 ilo-kulupu mas-cli[4227]: 2024-05-16T16:54:49.222047Z ERROR http.server.request{otel.kind="server" otel.name="POST /oauth2/introspect" network.protocol.name="http" network.protocol.version="1.1" http.request.method="POST" url.path="/oauth2/introspect" url.scheme="http" http.route="/oauth2/introspect" user_agent.original="Synapse/1.105.1"}:handlers.oauth2.introspection.post{client.id="0000000000000000000SYNAPSE"}:verify: mas_axum_utils::client_authorization: error=client secret did not match
2024-05-16 16:54:46,992 - synapse.http.client - 426 - INFO - GET-118 - Received response to POST https://mas.toki.club/oauth2/introspect: 401 2024-05-16 16:54:46,992 - synapse.api.auth.msc3861_delegated - 270 - ERROR - GET-118 - Failed to introspect token Traceback (most recent call last): File "/usr/lib64/python3.12/site-packages/synapse/api/auth/msc3861_delegated.py", line 268, in get_user_by_access_token introspection_result = await self._introspect_token(token) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.12/site-packages/synapse/api/auth/msc3861_delegated.py", line 204, in _introspect_token raise HttpResponseException( synapse.api.errors.HttpResponseException: 401: Unauthorized 2024-05-16 16:54:46,992 - synapse.http.server - 130 - INFO - GET-118 - <XForwardedForRequest at 0x7fa4bc36af30 method='GET' uri='/_matrix/client/r0/sync?timeout=30000&since=s168251_2124209_53_414898_35093_25_253_319440_0_29&filter=1' clientproto='HTTP/1.1' site='7893'> SynapseError: 503 - Unable to introspect the access token
example secrets that don't work for me: (openssl rand base64)
zk3kKn1QpZgZoKAllMoLXBdpySFflBPM5d4fnKAlgpfzR7c8G/1+Z2RHr7cPqU7+
Cv+YUm7VLclQTrfcAFeXBb6/HKgYb3jLTmnYkwFk9q+qgDx6LwC0geMcMHY+zhCm
myCBOIoCeArhQ/EtJDftyVa5q1ah7PjumSb7mwVLyoPbpBMitew2pAMfsoxPTxOp
example secrets that do work for me: (openssl rand hex)
cb6b76fe4b1cbbc56e18b7486d09997847d6b56370178ea73deed3805700044d1391a36629ed0370002172620f3c2b3b
e8c337ceaffd0d98a70ee61a31d987d7443174c1b12561232c817ffacfc1135fc70339d5a3c14ce96fb05fda3c4dd31e
i edited the MAS file as so:
clients: - client_id: 0000000000000000000SYNAPSE client_auth_method: client_secret_basic client_secret: "1234"
and then mas-cli config sync.
mas-cli config sync
i edited the synapse file as so:
experimental_features: msc3861: enabled: true issuer: https://mas.toki.club/ client_id: "0000000000000000000SYNAPSE" client_auth_method: client_secret_basic client_secret: "1234" admin_token: "..." account_management_url: "https://ldap.toki.club"
and then restarted synapse.
For your information, this issue has been copied over to the Element fork of matrix-authentication-service: https://github.com/element-hq/matrix-authentication-service/issues/2780
matrix-authentication-service
example secrets that don't work for me: (openssl rand base64)
zk3kKn1QpZgZoKAllMoLXBdpySFflBPM5d4fnKAlgpfzR7c8G/1+Z2RHr7cPqU7+
Cv+YUm7VLclQTrfcAFeXBb6/HKgYb3jLTmnYkwFk9q+qgDx6LwC0geMcMHY+zhCm
myCBOIoCeArhQ/EtJDftyVa5q1ah7PjumSb7mwVLyoPbpBMitew2pAMfsoxPTxOp
example secrets that do work for me: (openssl rand hex)
cb6b76fe4b1cbbc56e18b7486d09997847d6b56370178ea73deed3805700044d1391a36629ed0370002172620f3c2b3b
e8c337ceaffd0d98a70ee61a31d987d7443174c1b12561232c817ffacfc1135fc70339d5a3c14ce96fb05fda3c4dd31e
i edited the MAS file as so:
and then
mas-cli config sync
.i edited the synapse file as so:
and then restarted synapse.