Page MenuHomePhabricator

[deployment] Unable to complete authorization pipeline
Closed, ResolvedPublicBUG REPORT


My declarations of "being done" were rather premature. It took me a while to realize that once I pointed the "production" version of Toolhunt to the actual Toolhub servers, that I would also need to switch all of the Oauth-related URLs. I duly registered the tool with Toolhub and made the necessary changes, and it all goes smoothly at first, but on the final redirect back to, I end up receiving a 502 error.

bad_gateway.jpg (775×1 px, 253 KB)

I get the same results in Firefox, Chrome and Edge.

@bd808, any thoughts?

Event Timeline

@NicoleLBee I can recreate the crash. I can also load without problems. I'm wondering what errors are being logged on your backend when that route in passed the code and state parameters that come back from the OAuth handshake with This looks to me like the backend crashing hard on the handshake completion step.

From /data/project/toolhunt-api/uwsgi.log:

Traceback (most recent call last):
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/", line 2548, in __call__
    return self.wsgi_app(environ, start_response)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/", line 2528, in wsgi_app
    response = self.handle_exception(e)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/", line 2525, in wsgi_app
    response = self.full_dispatch_request()
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/", line 1822, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/", line 1820, in full_dispatch_request
    rv = self.dispatch_request()
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/flask/", line 1796, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/data/project/toolhunt-api/www/python/src/", line 23, in authorize
    flask.session["token"] = oauth.toolhub.authorize_access_token()
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/authlib/integrations/flask_client/", line 101, in authorize_access_token
    token = self.fetch_access_token(**params, **kwargs)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/authlib/integrations/base_client/", line 342, in fetch_access_token
    token = client.fetch_token(token_endpoint, **params)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/authlib/oauth2/", line 207, in fetch_token
    return self._fetch_token(
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/authlib/oauth2/", line 364, in _fetch_token
    return self.parse_response_token(resp)
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/authlib/oauth2/", line 338, in parse_response_token
    token = resp.json()
  File "/data/project/toolhunt-api/www/python/venv/lib/python3.9/site-packages/requests/", line 975, in json
    raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

So if I'm reading that correctly, it's failing because the response that it's getting cannot be parsed as a json?

NicoleLBee triaged this task as Unbreak Now! priority.Apr 5 2023, 6:58 PM
NicoleLBee added subscribers: Damilare, Slst2020.

Suffice it to say that this is a big problem that I don't know how to solve. The deployment to Toolforge has definitely required more fiddling than we anticipated (though the documentation is quite good, and if it took a while it was entirely my fault).

I'm not sure what I've done wrong and why this isn't working when it worked perfectly with the demo server.

  1. I registered Toolhunt in the Toolhub developer settings and set the redirect URL to
  3. I didn't touch any of the existing code.

@Damilare or @Slst2020, if either of you can think of something I've missed, please let me know.

I made a clone of the toolhub-demo-gadget and hooked it up to Toolhub, and it works, so clearly there is something wrong with my implementation. The search continues...

I reinstalled authlib and requests and got the same error, then stuck Toolhunt's credentials into Toolhunt-api-staging, changed the various URIs and redirects, and ended up with the same error again, so presumably, there's nothing wrong with the package installations in Toolhunt. (I had been toying with the idea of wiping the data and re-cloning it, reinstalling all of the packages, etc.)

I went to toolhunt-staging (the frontend half of our staging tool), and changed the value of the proxy uri (VITE_FLASK_BACKEND_URL) to point to toolhub-oauth-test (my toolhub-demo-gadget clone); set toolhub-oauth-test to redirect to toolhunt-staging and IT WORKS. I am able to log into Toolhunt by this method.

I am at a loss. There is clearly some fundamental difference between Bryan's gadget and my implementation of it.

One difference that I notice is that if I go directly to (currently rigged to the demo tool) I get an HTML response, whereas if I go to I get a JSON response. I don't know if this is significant, but it is a difference that exists for reasons unknown to me, JSONs are involved, and I really am scraping the bottom of my "ideas" barrel.

And even if it is somehow significant, why is it only an issue now, when we're trying to interface with Toolhub instead of Toolhub-demo?

Hi @NicoleLBee so I just put up a patch for this bug. Looks like we needed to specify the other register params as it was done in the demo-gadget. I guess toolhub-demo didn't require those.

NicoleLBee claimed this task.