search

ory / kratos

The most scalable and customizable identity server on the market. Replace your Homegrown, Auth0, Okta, Firebase with better UX and DX. Has all the tablestakes: Passkeys, Social Sign In, Multi-Factor Auth, SMS, SAML, TOTP, and more. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
https://www.ory.sh/?utm_source=github&utm_medium=banner&utm_campaign=kratos
Apache License 2.0
11.24k stars 963 forks source link

Unable to sign in with Auth0 #2485

Closed akshay196 closed 2 years ago

akshay196 commented 2 years ago

Preflight checklist

Describe the bug

When trying to login in with Auth0 provider, getting internal error and not able to login. The error is reason:json: cannot unmarshal string into Go struct field Claims.updated_at of type int64, check below for full stack trace. It seems Unmarshaling to Claims failed due to string type of update_at. Also noticed the issue is already fixed in #609, but I don't understand why we are converting the correct int64 type of udpatedAt back to string (which might be the cause of this error). I am happy to contribute to fix this.

Reproducing the bug

Steps to reproduce the behavior:

  1. Follow quickstart guide to start Kratos locally.
  2. Follow this guide to setup Auth0 provider, add provider entry in Auth0 and use Jsonnet code snippet given.
  3. Once you try to sign in with Auth0 provider you will get error as specified here.
  4. Also get following error on self-service UI image1

Relevant log output

kratos_1                      | time=2022-05-23T04:58:22Z level=error msg=An error occurred and is being forwarded to the error user interface. func=github.com/ory/x/logrusx.(*Logger).Logf file=/go/pkg/mod/github.com/ory/x@v0.0.358/logrusx/helper.go:118 audience=application error=map[debug: message:An internal server error occurred, please contact the system administrator reason:json: cannot unmarshal string into Go struct field Claims.updated_at of type int64 stack_trace:
kratos_1                      | github.com/ory/kratos/selfservice/strategy/oidc.(*ProviderAuth0).Claims
kratos_1                      |     /project/selfservice/strategy/oidc/provider_auth0.go:145
kratos_1                      | github.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).handleCallback
kratos_1                      |     /project/selfservice/strategy/oidc/strategy.go:330
kratos_1                      | github.com/ory/kratos/selfservice/strategy.disabledWriter
kratos_1                      |     /project/selfservice/strategy/handler.go:25
kratos_1                      | github.com/ory/kratos/selfservice/strategy.IsDisabled.func1
kratos_1                      |     /project/selfservice/strategy/handler.go:30
kratos_1                      | github.com/ory/kratos/x.NoCacheHandle.func1
kratos_1                      |     /project/x/nocache.go:18
kratos_1                      | github.com/ory/kratos/x.NoCacheHandle.func1
kratos_1                      |     /project/x/nocache.go:18
kratos_1                      | github.com/julienschmidt/httprouter.(*Router).ServeHTTP
kratos_1                      |     /go/pkg/mod/github.com/julienschmidt/httprouter@v1.3.0/router.go:387
kratos_1                      | github.com/ory/nosurf.(*CSRFHandler).handleSuccess
kratos_1                      |     /go/pkg/mod/github.com/ory/nosurf@v1.2.7/handler.go:234
kratos_1                      | github.com/ory/nosurf.(*CSRFHandler).ServeHTTP
kratos_1                      |     /go/pkg/mod/github.com/ory/nosurf@v1.2.7/handler.go:191
kratos_1                      | github.com/urfave/negroni.Wrap.func1
kratos_1                      |     /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46
kratos_1                      | github.com/urfave/negroni.HandlerFunc.ServeHTTP
kratos_1                      |     /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29
kratos_1                      | github.com/urfave/negroni.middleware.ServeHTTP
kratos_1                      |     /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38
kratos_1                      | github.com/ory/kratos/x.glob..func1
kratos_1                      |     /project/x/clean_url.go:12
kratos_1                      | github.com/urfave/negroni.HandlerFunc.ServeHTTP
kratos_1                      |     /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29
kratos_1                      | github.com/urfave/negroni.middleware.ServeHTTP
kratos_1                      |     /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38
kratos_1                      | net/http.HandlerFunc.ServeHTTP
kratos_1                      |     /usr/local/go/src/net/http/server.go:2047
kratos_1                      | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerResponseSize.func1
kratos_1                      |     /go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:198
kratos_1                      | net/http.HandlerFunc.ServeHTTP
kratos_1                      |     /usr/local/go/src/net/http/server.go:2047
kratos_1                      | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerCounter.func1
kratos_1                      |     /go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:101
kratos_1                      | net/http.HandlerFunc.ServeHTTP
kratos_1                      |     /usr/local/go/src/net/http/server.go:2047
kratos_1                      | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func1
kratos_1                      |     /go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:68
kratos_1                      | net/http.HandlerFunc.ServeHTTP
kratos_1                      |     /usr/local/go/src/net/http/server.go:2047
kratos_1                      | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerDuration.func2
kratos_1                      |     /go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:76
kratos_1                      | net/http.HandlerFunc.ServeHTTP
kratos_1                      |     /usr/local/go/src/net/http/server.go:2047
kratos_1                      | github.com/prometheus/client_golang/prometheus/promhttp.InstrumentHandlerRequestSize.func1
kratos_1                      |     /go/pkg/mod/github.com/prometheus/client_golang@v1.11.0/prometheus/promhttp/instrument_server.go:165
kratos_1                      | net/http.HandlerFunc.ServeHTTP
kratos_1                      |     /usr/local/go/src/net/http/server.go:2047
kratos_1                      | github.com/ory/x/prometheusx.Metrics.instrumentHandlerStatusBucket.func1
kratos_1                      |     /go/pkg/mod/github.com/ory/x@v0.0.358/prometheusx/metrics.go:108
kratos_1                      | net/http.HandlerFunc.ServeHTTP
kratos_1                      |     /usr/local/go/src/net/http/server.go:2047
kratos_1                      | github.com/ory/x/prometheusx.(*MetricsManager).ServeHTTP
kratos_1                      |     /go/pkg/mod/github.com/ory/x@v0.0.358/prometheusx/middleware.go:30
kratos_1                      | github.com/urfave/negroni.middleware.ServeHTTP
kratos_1                      |     /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38
kratos_1                      | github.com/ory/x/metricsx.(*Service).ServeHTTP
kratos_1                      |     /go/pkg/mod/github.com/ory/x@v0.0.358/metricsx/middleware.go:275
kratos_1                      | github.com/urfave/negroni.middleware.ServeHTTP
kratos_1                      |     /go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38 status:Internal Server Error status_code:500] http_request=map[headers:map[accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 accept-encoding:gzip, deflate, br accept-language:en-GB,en-US;q=0.9,en;q=0.8 cache-control:max-age=0 connection:keep-alive cookie: <redacted> host:127.0.0.1:4433 method:GET path:/self-service/methods/oidc/callback/auth001 query:code=<redacted> remote:172.20.0.1:57888 scheme:http] service_name=Ory Kratos service_version=v0.9.0-alpha.3

Relevant configuration

selfservice:
  default_browser_return_url: http://127.0.0.1:4455/
  allowed_return_urls:
    - http://127.0.0.1:4455

  methods:
    password:
      enabled: true
    oidc:
      enabled: true
      config:
        providers:
          - provider: auth0
            id: auth001
            client_id: <redacted>
            client_secret: <redacted>
            mapper_url: file:///etc/config/kratos/oidc.auth0.jsonnet
            scope:
              - email
              - profile
              - openid
            issuer_url: https://<redacted>.auth0.com/

Version

kratos:v0.9.0-alpha.3

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker Compose

Additional Context

No response

vinckr commented 2 years ago

Thanks for reporting! I would see to reproduce this before we make changes. Is a free tier on auth0 enough to reproduce?

akshay196 commented 2 years ago

Thanks for reporting! I would see to reproduce this before we make changes. Is a free tier on auth0 enough to reproduce?

Yes. I have been using basic starter plan of Auth0 with no cost.

aeneasr commented 2 years ago

That is strange, I thought we have an explicit workaround for that!

https://github.com/ory/kratos/blob/617949cb87e9c96755cc4cff2b831e53ed8ee3f4/selfservice/strategy/oidc/provider_auth0.go#L95-L107

Any idea why that's not working?

aeneasr commented 2 years ago

Ah yeah, the problem is that the int is formatted into a string here:

https://github.com/ory/kratos/blob/617949cb87e9c96755cc4cff2b831e53ed8ee3f4/selfservice/strategy/oidc/provider_auth0.go#L125