-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP 500 error when trying to get access-token from master.apis.dev.openstreetmap.org with "openid" scope #1002
Comments
OIDC needs a signing key in its config, which may simply be still missing on the dev instance. Here’s the respective setting for production: https://github.com/openstreetmap/chef/blob/9c82d0eb2c75d1f5eb9b0689c5e3bed194fd1e0b/cookbooks/web/recipes/rails.rb#L151 I also hit this issue when testing in JOSM before, but forgot again to raise an issue, so thanks for doing that. Also it’s really more of an operations issue, and would be better served there in the operations repo. No worries, this issue can be easily moved across. |
I find it interesting how such an oversight passed the testing server. |
This comment was marked as resolved.
This comment was marked as resolved.
It's a POST request with url-encoded form body that looks like this when using cURL (with parameters in angled brackets):
That request (I just tried it with meaningless dummy values) works and returns the expected error response (but with an expected 400 and not 404 status code):
Interestingly in Spanish ... well ... at least something 🤷 |
This comment was marked as resolved.
This comment was marked as resolved.
the ALLOW_NOTHING_TOKEN is only preliminary because due to https://github.com/openstreetmap/openstreetmap-website/issues/4334 it is not possible to create a token that has no permissions
@tomhughes : could you please take a look at the I wanted to start testing JOSM OAuth2 settings with @tsmock, which is not possible as long as https://master.apis.dev.openstreetmap.org/.well-known/oauth-authorization-server doesn't work. |
Thanks for actually explaining what the problem is - it's not going to be an easy thing to fix though so I'll need to have a think about how to do it. |
My assumption here is that doorkeeper-openid_connect gem depends on the signing key to work properly. Once I configured a signing key in my local settings, .well-known/oauth-authorization-server was also available, which is a prerequisite for JOSM. |
Sure, the issue is how do we automate the generation of those keys for dev instances and ensure they persist properly. |
Hopefully openstreetmap/chef@1859ef7 has fixed this. |
URL
https://master.apis.dev.openstreetmap.org/oauth2/token
How to reproduce the issue?
It seems that adding the scope
openid
to the list of requested scopes returns a HTTP 500 error on thehttps://master.apis.dev.openstreetmap.org/oauth2/token
endpoint. Yes, I gave permission to that scope and yes I used all correct client-id and -secret values. Removingopenid
from the list of wanted scopes solves the problem.The error does not appear on the productive www.openstreetmap.org server!
This bug does not affect me (and would have a very low priority for me personally), I just saw it by accident.
Reproduce
Requires python3
authlib
dependency:http://127.0.0.1:8000/callback?...
, copy the whole url from the browsers address bar, paste it into the terminal and press Enterrequests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: https://master.apis.dev.openstreetmap.org/oauth2/token
comes up.This situation also appears using golang and the
golang/oauth2
library.Screenshot(s) or anything else?
No response
The text was updated successfully, but these errors were encountered: