invalid callback url to gitlab #113
Comments
|
All IP addresses What's the exact error message you are getting, and where do you see it? Are there any error messages in Gerrit's |
|
Hi Matthew, I used it in local network, the callback works in sonar, but failed in Gerrit. I tried to access the http://192.168.132.29:8081/oauth page and returned "Not Found". |
|
Does GitLab require the redirect to go to https? |
|
I guess no, because sonar also use the same gitlab server. sonar requires https and redirect works: https://localhost:port/sonar/oauth2/callback/gitlab. |
|
I just got bit by something similar to this, authenticating against gitlab. I'm currently using gerrit 2.14.20 and the 2.14.6.2 gerrit-oauth-plugin release. I tried to enable gitlab autnentication, configured gitlab and gerrit with the correct URLs, and gitlab kicks things back claiming an invalid URL. Here's where things get strange. The URL that the oauth-plugin generates is this: Note the redirect URI reads 'https:/' not 'https://' -- If I manually edit the URL to add the missing '/' everything works. The plugin authenticates against google and github properly, and gerrit's canonicalWebUrl correctly has 'https://' in it. (update: fix typo) |
|
I am not sure what could be wrong here. From the day one, the code looks right: [1]. service = new ServiceBuilder().provider(new GitLabApi(rootUrl))
.apiKey(cfg.getString(InitOAuth.CLIENT_ID))
.apiSecret(cfg.getString(InitOAuth.CLIENT_SECRET))
.callback(canonicalWebUrl + "oauth")
.build();Can you debug it? |
|
I've spent some quality time on this today, after having upgraded to gerrit 2.16.23, and the latest version of the 2.16 build of the oauth plugin. I discovered that the invalid URI problem I had was due to a trailing trailing '/' on the 'root-url' -- in other words, it needs to read "root-url = https://gitlab.com" That got me past the invalid URL, and gitlab then prompts me to authorize my gerrit instance. I say yes, and it redirects back ot the configured URL, but gerrit simply returns "Server Error" Here is the redirection URL that gitlab kicks back to the browser: https://my.gerrit.site/r/oauth?code=HEXBLABLABLA&state=MOREHEXBLABLABLA In the logs, I see this: [2020-11-15 05:34:55,493] [HTTP-86] WARN org.eclipse.jetty.server.HttpChannel : handleException /r/oauth com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'error': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false') Any suggestions? EDIT: That 'error code: 1010' message appears to be due to gitlab using cloudfare, and them not liking the user-agent: https://support.cloudflare.com/hc/en-us/articles/360029779472#error1010 EDIT2: Looks like cloudfare+gitlab is definitely rejecting some user-agents: https://gitlab.com/gitlab-org/gitlab/-/issues/223293 Would it be feasible to allow the user-agent reported by the oauth plugin to be configurable? |
|
I am not a Gitlab expert. I would probably accept anything that would help making GitLab OAuth provider work (again). |
I use gerrit-2.14.6.war and latest gerrit-oauth-provider jar, configured the redirect URI in gitlab as http://192.168.132.29:8081/gerrit/oauth according to documentation. But seems this is a invalid url.
could you help to specify what the correct redirect URL used here? thanks.
The text was updated successfully, but these errors were encountered: