Closed jnweiger closed 1 year ago
Ocis bare metal server setup with apache reverse proxy and internal IDP; according to https://github.com/owncloud/QA/blob/master/tools/hetzner-deploy/deploy_ocis_bare_metal.sh
DCR seems to be off in this server, is this a problem?
No. This seems to be related to a recent change we did to the internal IDP's configuration. (https://github.com/owncloud/ocis/commit/52951b42b0db11f652e3924ba73cec3b68666042).
For some reason the LibgreGraph.UUID
(yes the "typo" in there is correct) is not returned for the desktop and mobile clients. Even though the client configuration is set to implicitly include it.
@micbar @kulmann I guess this is a blocker for 3.0.0
So after a bit of debugging it seems that lico does not apply the configured implicit_scopes
on userinfo requests under certain circumstances. I haven't fully figured out yet what those circumstances are, but this results in the lg.uuid
claim missing on userinfo request issued with the access_token provided by the desktop client (likely the mobile clients suffer the same issue). I believe this is a bug in lico. I'll try to collect some more info and create an upstream bug report.
Meanwhile, with the 3.0 release in mind, it's probably best if we revert https://github.com/owncloud/ocis/commit/52951b42b0db11f652e3924ba73cec3b68666042 for now even if that partially brings us #904 back.
Decided in a call today with @rhafer and @jnweiger that we revert the change mentioned by @rhafer for ocis-3.0.0
. @rhafer will try to come up with a minimal reproducer for the apparent bug in lico. When that's fixed upstream we can re-introduce the lg.uuid
claim change.
(Without having the revert https://github.com/owncloud/ocis/commit/e01290107954dab707324e29b1487eadbfb0dbd1) Set these two env variables:
PROXY_USER_OIDC_CLAIM=preferred_username PROXY_USER_CS3_CLAIM=username
Now desktop client 4.1.0 can connect.
Upstream bug report: https://github.com/libregraph/lico/issues/98
Confirmed fixed in today's https://download.owncloud.com/ocis/ocis/daily/ocis-testing-linux-amd64 (Tested with testpilotcloud 4.0.0.10862-daily20230507)
Pre-submission Checks
Describe the bug
Download https://download.owncloud.com/desktop/ownCloud/daily/3.2/linux-appimage/ownCloud-3.2.2.10628-daily20230413-x86_64.AppImage https://download.owncloud.com/desktop/ownCloud/daily/4.0/linux-appimage/ownCloud-4.0.0.10900-daily20230512-x86_64.AppImage https://download.owncloud.com/desktop/ownCloud/daily/4.1/linux-appimage/ownCloud-4.1.0.11119-daily20230531-x86_64.AppImage
Paste the https url of an ocis instance. The client redirects to a web browser. Log in through the web browser, by pasting admin username and admin password, and granting access. The login at the browser succeeds, but the desktop client has an error.
The ocis server log shows
The client log fro 3.2 ends with:
The client log from 4.0 ends with:
The client log from 4.1 end with:
Expected behavior
Client can connect.
Steps to reproduce the issue
No response
Screenshots
.
Logs
.
Client version number
Same with all three versions 3.2.2, 4.0.0, 4.1.0 from the URLs above.
Desktop environment (Linux only)
ubintu 20.04
Client package version and origin (Linux only)
No response
Installation path (Windows only)
No response
Server information
ocis version Version: 3.0.0-rc.4+971ba4e76 Compiled: 2023-05-23 00:00:00 +0000
Additional context
No response