Page MenuHomePhabricator
Create Task
Maniphest T334025

[deployment] Unable to complete authorization pipeline
Closed, ResolvedPublicBUG REPORT
Actions

Description

My declarations of "being done" were rather premature. It took me a while to realize that once I pointed the "production" version of Toolhunt to the actual Toolhub servers, that I would also need to switch all of the Oauth-related URLs. I duly registered the tool with Toolhub and made the necessary changes, and it all goes smoothly at first, but on the final redirect back to toolhunt.toolforge.org, I end up receiving a 502 error.

bad_gateway.jpg (775×1 px, 253 KB)

I get the same results in Firefox, Chrome and Edge.

@bd808, any thoughts?

Related Objects

Event Timeline

NicoleLBee created this task.Apr 4 2023, 9:03 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 4 2023, 9:03 PM
NicoleLBee mentioned this in T330155: [backend] Deploy on Toolforge.Apr 4 2023, 9:04 PM
bd808 added a comment.Apr 4 2023, 10:30 PM

@NicoleLBee I can recreate the crash. I can also load https://toolhunt.toolforge.org/api/authorize without problems. I'm wondering what errors are being logged on your backend when that route in passed the code and state parameters that come back from the OAuth handshake with https://toolhub.wikimedia.org? This looks to me like the backend crashing hard on the handshake completion step.

bd808 added a comment.Apr 4 2023, 10:48 PM

From /data/project/toolhunt-api/uwsgi.log:

Traceback (most recent call last):
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/app.py", line 2548, in __call__
    return self.wsgi_app(environ, start_response)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/app.py", line 2528, in wsgi_app
    response = self.handle_exception(e)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/app.py", line 2525, in wsgi_app
    response = self.full_dispatch_request()
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/app.py", line 1822, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/app.py", line 1820, in full_dispatch_request
    rv = self.dispatch_request()
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/app.py", line 1796, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/data/project/toolhunt-api/www/python/src/app.py", line 23, in authorize
    flask.session["token"] = oauth.toolhub.authorize_access_token()
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/authlib/integrations/flask_client/apps.py", line 101, in authorize_access_token
    token = self.fetch_access_token(**params, **kwargs)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/authlib/integrations/base_client/sync_app.py", line 342, in fetch_access_token
    token = client.fetch_token(token_endpoint, **params)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/authlib/oauth2/client.py", line 207, in fetch_token
    return self._fetch_token(
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/authlib/oauth2/client.py", line 364, in _fetch_token
    return self.parse_response_token(resp)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/authlib/oauth2/client.py", line 338, in parse_response_token
    token = resp.json()
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/requests/models.py", line 975, in json
    raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
NicoleLBee added a comment.Apr 5 2023, 7:25 AM

So if I'm reading that correctly, it's failing because the response that it's getting cannot be parsed as a json?

NicoleLBee triaged this task as Unbreak Now! priority.Apr 5 2023, 6:58 PM
NicoleLBee added subscribers: Damilare, Slst2020.

Suffice it to say that this is a big problem that I don't know how to solve. The deployment to Toolforge has definitely required more fiddling than we anticipated (though the documentation is quite good, and if it took a while it was entirely my fault).

I'm not sure what I've done wrong and why this isn't working when it worked perfectly with the demo server.

  1. I registered Toolhunt in the Toolhub developer settings and set the redirect URL to https://toolhunt.toolforge.org/api/authorize
  2. I updated the relevant environmental variables: TOOLHUB_CLIENT_ID, TOOLHUB_CLIENT_SECRET, REDIRECT_URI, TOOLHUB_ACCESS_TOKEN_URL and TOOLHUB_AUTHORIZE_URL.
  3. I didn't touch any of the existing code.

@Damilare or @Slst2020, if either of you can think of something I've missed, please let me know.

NicoleLBee added a comment.Apr 6 2023, 5:32 AM

I made a clone of the toolhub-demo-gadget and hooked it up to Toolhub, and it works, so clearly there is something wrong with my implementation. The search continues...

NicoleLBee added a comment.Apr 6 2023, 8:05 AM

I reinstalled authlib and requests and got the same error, then stuck Toolhunt's credentials into Toolhunt-api-staging, changed the various URIs and redirects, and ended up with the same error again, so presumably, there's nothing wrong with the package installations in Toolhunt. (I had been toying with the idea of wiping the data and re-cloning it, reinstalling all of the packages, etc.)

NicoleLBee added a comment.Apr 6 2023, 8:44 AM

I went to toolhunt-staging (the frontend half of our staging tool), and changed the value of the proxy uri (VITE_FLASK_BACKEND_URL) to point to toolhub-oauth-test (my toolhub-demo-gadget clone); set toolhub-oauth-test to redirect to toolhunt-staging and IT WORKS. I am able to log into Toolhunt by this method.

I am at a loss. There is clearly some fundamental difference between Bryan's gadget and my implementation of it.

NicoleLBee added a comment.EditedApr 6 2023, 9:11 AM

One difference that I notice is that if I go directly to https://toolhunt-staging.toolforge.org/api/authorize (currently rigged to the demo tool) I get an HTML response, whereas if I go to https://toolhunt.toolforge.org/api/authorize I get a JSON response. I don't know if this is significant, but it is a difference that exists for reasons unknown to me, JSONs are involved, and I really am scraping the bottom of my "ideas" barrel.

And even if it is somehow significant, why is it only an issue now, when we're trying to interface with Toolhub instead of Toolhub-demo?

Damilare added a comment.Apr 7 2023, 12:29 PM

Hi @NicoleLBee so I just put up a patch for this bug. Looks like we needed to specify the other register params as it was done in the demo-gadget. I guess toolhub-demo didn't require those.

NicoleLBee added a comment.Apr 7 2023, 1:26 PM

Thank you again, @Damilare

NicoleLBee moved this task from Backlog to In review on the Toolhunt board.Apr 7 2023, 1:32 PM
NicoleLBee closed this task as Resolved.Apr 11 2023, 5:13 AM
NicoleLBee claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL