simov
commented
2 years ago I don't have an OAuth app for FusionAuth so I can't really test it. Nothing changed in Grant in that regard, so it have to be something with your OAuth app configuration maybe?
Closed fanshaohua-fan closed 2 years ago
simov
commented
2 years ago I don't have an OAuth app for FusionAuth so I can't really test it. Nothing changed in Grant in that regard, so it have to be something with your OAuth app configuration maybe?
fanshaohua-fan
commented
2 years ago If I understand the oauth flow correctly, seems the FusionAuth has returned the code to grant. The next step should be grant exchange the access_token with the returned code and filled key/secret.
I could even do it successful via postman.
simov
commented
2 years ago @fanshaohua-fan I think there is something wrong with the certificate of your domain name. I installed FusionAuth locally and it seems to be working with my local instance of the example app. I double checked the certificate for grant.outofindex.com and that seems to be fine as well.
fanshaohua-fan
commented
2 years ago @simov , I run the SSL check on my domain, everything looks good. see the detail report with the links below: https://www.ssllabs.com/ssltest/analyze.html?d=auth-development.loyalty-cloud.nl https://www.sslshopper.com/ssl-checker.html#hostname=auth-development.loyalty-cloud.nl
But I will try to setup FusionAuth locally with certificate, currently it's hosted within Azure Kubernetes Service. not sure if it's related.
fanshaohua-fan
commented
2 years ago @simov It encounter the same error for my local setup. I realize it might be related with the Root certificate expiration from Let's Encrypt. Maybe the ISRG Root X1 certificate is not trusted by the host of grant.outofindex.com, or a old version openssl is being used. Can you have a look?
Check the doc in detail: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
simov
commented
2 years ago I verified that I have the ISRG_Root_X1.crt certificate on my server, and the OpenSSL version is 1.1.0f. This is the report about my certificate https://www.ssllabs.com/ssltest/analyze.html?d=grant.outofindex.com
fanshaohua-fan
commented
2 years ago @simov , I replaced the certificate of FusionAuth server to another one, which's not issued by Let's Encrypt, then it works.
Can you try to reproduce it with a Let's Encrypt certificate? Think the reason is that the ISRG_Root_X1 certificate is not trusted by your application, even you have it on the server.
simov
commented
2 years ago fanshaohua-fan
commented
2 years ago @simov it's working now :+1: Thanks a lot for the support and quick fix!
I use the website as the usual way but encounter an error about "certificate has expired". The certificates of both FusionAuth(auth-mobile-app-staging.loyalty-cloud.com) and grant.outofindex.com are pretty normal, Have no clue what could be the reason.