search

ueberauth / ueberauth_slack

Slack OAuth2 Strategy for Überauth
MIT License
23 stars 33 forks source link

Exchanging a verification code for an access token no longer works #27

Closed acconrad closed 6 years ago

acconrad commented 6 years ago

Summary

The example Heroku app with Slack no longer seems to handle Step 3 of the Slack OAuth sign in. I can confirm this same thing happens with my own app.

Steps to reproduce

  1. Head to sample Heroku app on any browser (I've tried this on Safari, Firefox, Chrome on Mac OSX 10.13.5 High Sierra)
  2. Click "Sign in with Slack"
  3. Click "Authorize" Expected: The app was installed (my app) and I was signed in successfully (sample app and my app) Actual: The response on the Heroku app says "Internal Server Error" (both apps)

Config Info

These are the relevant pieces from my Elixir/Phoenix app to compare against the sample app:

  def project do
    [
      elixir: "~> 1.4",
    ]
  end
  defp deps do
    [
      {:phoenix, "~> 1.3.2"},
      {:phoenix_pubsub, "~> 1.0"},
      {:phoenix_ecto, "~> 3.2"},
      {:postgrex, ">= 0.0.0"},
      {:phoenix_html, "~> 2.10"},
      {:phoenix_live_reload, "~> 1.0", only: :dev},
      {:gettext, "~> 0.11"},
      {:cowboy, "~> 1.0"},
      {:oauth, github: "tim/erlang-oauth"},
      {:oauth2, "~> 0.8", override: true},
      {:ueberauth, "~> 0.4"},
      {:ueberauth_slack, "~> 0.4"},
      {:poison, "~> 3.0", override: true}
    ]
  end

Possible solution

I noticed with my app it was returning this in the logs (sensitive information redacted, also formatted because GitHub sucks at long lines):

** (KeyError) key :access_token not found in: 

%OAuth2.Client{
  authorize_url: "https://slack.com/oauth/authorize", 
  client_id: "XXX.YYY", 
  client_secret: "THESECRET", 
  headers: [], 
  params: %{}, 
  redirect_uri: "https://myapp.herokuapp.com/auth/slack/callback", 
  ref: nil, 
  request_opts: [], 
  site: "https://slack.com/api", 
  strategy: Ueberauth.Strategy.Slack.OAuth, 
  token: %OAuth2.AccessToken{
    access_token: nil, 
    expires_at: nil, 
    other_params: %{
      "error" => "bad_client_secret", 
      "ok" => false
    }, 
    refresh_token: nil, 
    token_type: "Bearer"
  }, 
  token_method: :post, 
  token_url: "https://slack.com/api/oauth.access"
}

2018-06-26T03:37:24.064879+00:00 app[web.1]:(ueberauth_slack) 
lib/ueberauth/strategy/slack.ex:63: 
Ueberauth.Strategy.Slack.handle_callback!/1

2018-06-26T03:37:24.064881+00:00 app[web.1]:(ueberauth) 
lib/ueberauth/strategy.ex:301: 
Ueberauth.Strategy.run_callback/2

2018-06-26T03:37:24.064883+00:00 app[web.1]:(myapp) 
lib/myapp_web/controllers/auth_controller.ex:1:
MyappWeb.AuthController.phoenix_controller_pipeline/2

Notice the error points to "error" => "bad_client_secret" - even though I can 100% confirm in my app that the Client Secret returned is indeed the same and correct Client Secret that Slack provides me. Is this the same thing you see in the ueberauth_example app logs on Heroku?

acconrad commented 6 years ago

This was fixed when I pulled master, but 0.4.x doesn't recognize this properly so I bumped the version, which should resolve everything

acconrad commented 6 years ago

0.5.0 merged! Gonna close this