Oauth2 login error: "Anfrage nicht gültig"

thommie · February 28, 2022, 8:20pm

When setting up OIDC with OC “10.9.1.0” Enterprise, I get the following error during the browser call for authentication of the desktop client Version 2.9.2:

Anfrage nicht gültig
Diese Anfrage ist nicht gültig. Bitte kontaktiere den Administrator von “Desktop”, wenn der Fehler weiterhin erscheint."

Any ideas how to debug this? Do I have wrong client secrets here? The log shows:

{"reqId":"Yh0sFOPMeoJNiwALGVBneAAAAAY","level":3,"time":"February 28, 2022 20:09:57","remoteAddr":"87.154.170.124","user":"
thommie4","app":"no app in context","method":"GET","url":"\/index.php\/apps\/oauth2\/authorize?response_type=code&client_id
=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&redirect_uri=http:\/\/localhost:41375&code_challenge=oXgI
uufcWQBO6PGU67_6ecWpD9l0mY20Amsc2KyGVU4&code_challenge_method=S256&scope=openid%20offline_access%20email%20profile&prompt=s
elect_account%20consent&state=IQxuBRFxx1Iy8qMb8ldMOwf7eaRL9zUMOsbrQuDHh3U%3D","message":"Invalid OAuth request with invalid
redirect_uri: http:\/\/localhost:41375 !== http:\/\/127.0.0.1"}

I dont understand the ““Invalid OAuth request with invalid redirect_uri: http://localhost:41375 !== http://127.0.0.1”}” The registered clients are:

root@app3:/var/www/owncloud# sudo -u www-data php occ oauth2:list-clients
  - Android:
    - name: Android
    - redirect-url: oc://android.owncloud.com
    - client-id: yPqBE9mUGqis02QNpcFInYG9uReRQieclurlLMfHJyynzK5YlueAE6mdJmkguqEu
    - client-secret: Oc3OKADBS1NmzgPzYxpvDZGPjKXSAtbwpxyCPcF9Dosjsccs0Fes926zFlL6zJdn
    - allow-sub-domains: false
    - trusted: false
  - iOS:
    - name: iOS
    - redirect-url: oc://ios.owncloud.com
    - client-id: BXjNwPvDiSBy8YZV5Kn5GEVbkPkBC2ALpAL4A17expXrcX9HnXinIcVJzvVplppi
    - client-secret: creRskCWIF8FXYBFObYhrttjtBDvt7C6RBI1NPjqwQWm5bDvDLkW7gtNxUySeyIK
    - allow-sub-domains: false
    - trusted: false
  - Desktop:
    - name: Desktop
    - redirect-url: http://127.0.0.1
    - client-id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
    - client-secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh
    - allow-sub-domains: false
    - trusted: false

The redirect URL is http://127.0.0.1 and this should be correct accoridng to
OpenID Connect (OIDC) :: ownCloud Documentation
and Open Authentication (OAuth2) :: ownCloud Documentation

A second OC test setup works fine, but with this instance here, I have a problem.

alfredb · February 28, 2022, 8:56pm

I might be wrong, but AFAIR, all this stuff requires https-connections.

thommie · February 28, 2022, 9:10pm

yes, true, but all of this is already https as the app server operates behind a load balancer (haproxy) which delivers the https certs. The redirect URL http://127.0.0.1 ist the one from the official docs.

michaelstingl · March 3, 2022, 3:23pm

Redirect URI in ownCloud 10 OAuth 2.0 app is http://localhost:*:

You shouldn’t change this!!

When using OpenID Connect, the ownCloud desktop sync client uses http://127.0.0.1. (after positive check for /.well-known/openid-configuration)

system · June 1, 2022, 3:24pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.