Internal error when authenticating

[panosru]

Hi, I have an issue with authentication, these are the environment variables in my compose yml file:

    environment:
      - PORT=4000
      - MIX_ENV=prod
      - FORCE_SSL=true
      - DATABASE_URL=postgres://postgres@postgresql:5432/accent_development
      - WEBAPP_SKIP_SUBRESOURCE_INTEGRITY=true
      - CANONICAL_URL=accent.<my-domain>
      - WEBAPP_AUTH_PROVIDERS=github
      - GITHUB_CLIENT_ID=$GITHUB_CLIENT_ID
      - GITHUB_CLIENT_SECRET=$GITHUB_CLIENT_SECRET
      - RESTRICTED_PROJECT_CREATOR_EMAIL_DOMAIN=<my-domain>
      - MAILER_FROM=accent@<my-domain>

I have tried with and without FORCE_SSL=true and MIX_ENV=prod environment variables.

When I authenticate I'm redirected back to: https://accent.<my-domain>/auth/github/callback?code=***&state=*** and I'm getting:

{
  "error": "Internal error",
  "message": "An error occured, someone as been notified"
}

And the logs are:

11:42:11.215 request_id=F4DDmzHZ_a6irnkAAACi [info] GET /auth/github/callback
11:42:11.216 [warning] Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'
11:42:11.903 [warning] Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'
11:42:12.564 request_id=F4DDmzHZ_a6irnkAAACi [info] Sent 500 in 1349ms
11:42:12.564 [error] #PID<0.3700.0> running Accent.Endpoint (connection #PID<0.3698.0>, stream id 1) terminated
Server: accent.<my-domain>:80 (http)
Request: GET /auth/github/callback?code=***&state=***
** (exit) an exception was raised:
    ** (FunctionClauseError) no function clause matching in String.downcase/2
        (elixir 1.14.3) lib/string.ex:899: String.downcase(nil, :default)
        (accent 1.18.3) lib/accent/auth/user_remote/authenticator.ex:30: Accent.UserRemote.Authenticator.map_user/2
        (accent 1.18.3) lib/accent/auth/user_remote/authenticator.ex:10: Accent.UserRemote.Authenticator.authenticate/1
        (accent 1.18.3) lib/web/controllers/auth_controller.ex:14: Accent.AuthController.callback/2
        (accent 1.18.3) lib/web/controllers/auth_controller.ex:1: Accent.AuthController.action/2
        (accent 1.18.3) lib/web/controllers/auth_controller.ex:1: Accent.AuthController.phoenix_controller_pipeline/2
        (phoenix 1.7.7) lib/phoenix/router.ex:430: Phoenix.Router.__call__/5
        (accent 1.18.3) lib/web/router.ex:1: Accent.Router.call/2
11:46:01.176 request_id=F4DD0Lyh7bxfNhwAAAPB [info] GET /apple-touch-icon.png
11:46:01.176 request_id=F4DD0LykIuqVRzQAAADC [info] GET /apple-touch-icon-precomposed.png
11:46:01.177 request_id=F4DD0Lyh7bxfNhwAAAPB [info] Sent 404 in 210µs
11:46:01.177 request_id=F4DD0LykIuqVRzQAAADC [info] Sent 404 in 172µs
11:46:01.372 request_id=F4DD0MhPcvTCH4IAAAPh [info] GET /auth/github/callback
11:46:01.374 request_id=F4DD0MhPcvTCH4IAAAPh [info] Sent 302 in 1ms
11:46:01.381 request_id=F4DD0MjYhpd2jUwAAADi [info] GET /
11:46:01.382 request_id=F4DD0MjYhpd2jUwAAADi [info] Sent 200 in 1ms

I run the app behind Nginx Reverse Proxy like so:

And this is the setting in my GitHub App:

I have tried with and without checking the Request user authorization (OAuth) during installation.

Thanks!

[simonprev]

We assume that the external provider (GitHub in your case) expose the email in the callback.

Do you have control over what permission you are granted in GitHub?

[panosru]

I'm checking in GitHub Apps settings and I saw that the app was not "installed" in my account, so I installed it and now it looks like so:

But that did not help. In Permission & events there are these settings though:

Once I changed the Email addresses from No access to Read-only, it worked.

So, it's not a bug of accent, but when you create a GitHub app you have to give at least read-only access for the authentication to work it seems.

If that is written in the documentation then I apologise, I must've missed it.

Thank you for pointing out the right direction to look for!

Cheers!