Uncaught exceptions when OAuth fails

[tumido]

Describe the bug If OAuth exchange fails, JupyterHub returns a bare 500 instead of some helpful error explanation.

[E 2021-05-10 11:01:46.555 JupyterHub web:1793] Uncaught exception GET /hub/oauth_callback?code=sha256~dbN9Os_LL5zXqJtIDDiVgDoKMkjVGtL86bKpMPTEAmI&state=eyJzdGF0ZV9pZCI6ICI0YWZhMWMzNTk0YTQ0ZTBjYjU3ODc3ZDQwYzgzM2RhMCIsICJuZXh0X3VybCI6ICIvaHViL2hvbWUifQ%3D%3D (::ffff:10.131.0.1)
    HTTPServerRequest(protocol='http', host='jupyterhub-opf-jupyterhub.apps.zero.massopen.cloud', method='GET', uri='/hub/oauth_callback?code=sha256~dbN9Os_LL5zXqJtIDDiVgDoKMkjVGtL86bKpMPTEAmI&state=eyJzdGF0ZV9pZCI6ICI0YWZhMWMzNTk0YTQ0ZTBjYjU3ODc3ZDQwYzgzM2RhMCIsICJuZXh0X3VybCI6ICIvaHViL2hvbWUifQ%3D%3D', version='HTTP/1.1', remote_ip='::ffff:10.131.0.1')
    Traceback (most recent call last):
      File "/opt/app-root/lib/python3.6/site-packages/tornado/web.py", line 1704, in _execute
        result = await result
      File "/opt/app-root/src/oauthenticator/oauthenticator/oauth2.py", line 224, in get
        user = await self.login_user()
      File "/opt/app-root/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 754, in login_user
        authenticated = await self.authenticate(data)
      File "/opt/app-root/lib/python3.6/site-packages/jupyterhub/auth.py", line 469, in get_authenticated_user
        authenticated = await maybe_future(self.authenticate(handler, data))
      File "/opt/app-root/src/oauthenticator/oauthenticator/openshift.py", line 130, in authenticate
        resp = await http_client.fetch(req)
    tornado.curl_httpclient.CurlError: HTTP 599: NSS: client certificate not found (nickname not specified)

[E 2021-05-10 11:01:46.562 JupyterHub log:181] {
      "X-Forwarded-For": "87.219.202.227,::ffff:10.131.0.1",
      "Forwarded": "for=87.219.202.227;host=jupyterhub-opf-jupyterhub.apps.zero.massopen.cloud;proto=https",
      "X-Forwarded-Proto": "https,http",
      "X-Forwarded-Port": "443,80",
      "X-Forwarded-Host": "jupyterhub-opf-jupyterhub.apps.zero.massopen.cloud",
      "Host": "jupyterhub-opf-jupyterhub.apps.zero.massopen.cloud",
      "Cookie": "_xsrf=[secret]; oauthenticator-state=[secret]",
      "Accept-Language": "it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7,es;q=0.6",
      "Accept-Encoding": "gzip, deflate, br",
      "Sec-Ch-Ua-Mobile": "?0",
      "Sec-Ch-Ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Google Chrome\";v=\"90\"",
      "Sec-Fetch-Dest": "document",
      "Sec-Fetch-User": "?1",
      "Sec-Fetch-Mode": "navigate",
      "Sec-Fetch-Site": "cross-site",
      "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
      "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
      "Upgrade-Insecure-Requests": "1",
      "Connection": "close"
    }
[E 2021-05-10 11:01:46.563 JupyterHub log:189] 500 GET /hub/oauth_callback?code=[secret]&state=[secret] (@::ffff:10.131.0.1) 20012.70ms

Expected behavior Better error handling and guidance for the user to what they can do.

Screenshots

Additional context This error can be fixed by user flushing JupyterHub browser cache + page refresh.

[dianadujing]

@tumido I've got the same issue on OpenShift 4.6. Do you know how to work around this issue? As you mentioned, this error can be fixed by user flushing JupyterHub browser cache + page refresh. However, I have tried to clean cache and opened a new private webpage, still no luck.

[tumido]

hey @dianadujing, sorry I don't have any better way to workaround this. :shrug: Honestly I haven't even seen this error lately in our setup (which I account to being lucky rather than that it's not an issue anymore).

@vpavlin @anishasthana @maulikjs do you guys have any ideas here?