400 Error with vouch in a path about vouch-proxy HOT 11 CLOSED

line 223 shows localhost and but your VP config shows a much longer domain. Those must be aligned.

The warning in the logs for /authenticate/auth such as "/auth Invalid session state: stored %!s(<nil>), returned XBb1V24PP6bP4fahuZy87GU6s4aZcZ8" are essentially saying that it can't find the correct code in the session cookie.

from vouch-proxy.

I changed line 223 to the same domain and am still seeing the issue. I am doing this locally with my hosts file remapping 127.0.0.1 to the domain

from vouch-proxy.

Something must be wrong with the authorization cookie.

Do you see the cookie getting set in the /login response? It should include a session code. That cookie and code is later used in the /auth requests. Is it there? Does it include a path?

Does the browser operate in the same domain for the entire round trip?

If you continue to have problems, please update your gist with the current configs you're using and fresh logs. Also please include one run with testing enabled

from vouch-proxy.

ok - that's helpful. I see the VouchSession cookie in the /login request. But the domain is set to localhost. I'm not sure why its localhost, the only times I'm using localhost is in the proxy_pass config for nginx. I thought that was acceptable according to the examples in github?

from vouch-proxy.

@Smith-Chris1 are you still working this issue? If not could you please close it?

If you do still want help please do provide current configs and logs.

from vouch-proxy.

Thanks for following up - sorry for the delay. I think I'm nearly there, but am now getting this error:

{"level":"debug","ts":1709750896.2578976,"msg":"/auth/{state}/"}
{"level":"warn","ts":1709750916.2905672,"msg":"/auth Error while retrieving user info after successful login at the OAuth provider: Post \"https://myOktaDomain.okta.com/oauth2/v1/token\": net/http: TLS handshake timeout"}
{"level":"debug","ts":1709750916.2905893,"msg":"domain myserver.domain.co matched array value at [0]=domain.co"}
{"level":"debug","ts":1709750916.2905939,"msg":"setting the cookie domain to myserver.domain.co"}
{"level":"debug","ts":1709750916.290604,"msg":"rendering error for user: 400 Bad Request"}
{"level":"debug","ts":1709750916.2906082,"msg":"CaptureWriter.Write set w.StatusCode 400"}

from vouch-proxy.

What have you tried? Are you able to 'curl' the user info URL?

from vouch-proxy.

I am able to curl the user_info_url from the host I'm on. I notice that I am going through a proxy server though, not sure if that would affect anything

from vouch-proxy.

I am using the docker image and have configured it to run with this service file:

[Unit]
Description=Vouch-Proxy container
After=docker.service
Wants=network-online.target docker.socket
Requires=docker.socket

[Service]
TimeoutStartSec=0
Type=forking
Restart=always
RestartSec=10s
ExecStartPre=-/usr/bin/docker rm vouch-proxy-container
ExecStart=-/usr/bin/docker run --rm --name vouch-proxy-container --net=host -p 9091:9091 -v /path/to/config/config:/config quay.io/vouch/vouch-proxy
ExecStop=-/usr/bin/docker stop vouch-proxy-container
Type=simple
NotifyAccess=all

[Install]
WantedBy=multi-user.target

from vouch-proxy.

going through a proxy server

that's documented in the README

from vouch-proxy.

solved it in my env by not using the vouch docker image. thanks for the help and support.

from vouch-proxy.