OCIS gives out 400 error while trying to login

Steps to reproduce

  1. Install and configure OCIS
  2. Point nginx to OCIS
  3. Open the page

Expected behaviour

There should be no error

Actual behaviour

After configured OCIS, nginx and started the OCIS systemd service, accessing the web UI gave the error Failed to connect to server. Unexpected HTTP response: 400. Please check your connection and try again. Checking the network log using developer tool shows that it’s caused by OCIS returning 400 to a request to https://own.poscat.moe:8443/signin/v1/identifier/_/hello

the full request (curl):

curl 'https://own.poscat.moe:8443/signin/v1/identifier/_/hello' \
  -H 'authority: own.poscat.moe:8443' \
  -H 'accept: application/json, text/plain, */*' \
  -H 'accept-language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7' \
  -H 'content-type: application/json' \
  -H 'dnt: 1' \
  -H 'kopano-konnect-xsrf: 1' \
  -H 'origin: https://own.poscat.moe:8443' \
  -H 'referer: https://own.poscat.moe:8443/signin/v1/identifier?client_id=web&code_challenge=A9SqOyxCR6XuhoUoGTtc7pjcFmpcn1CD_dDg1qXqtMM&code_challenge_method=S256&flow=oidc&redirect_uri=https%3A%2F%2Fown.poscat.moe%3A8443%2Foidc-callback.html&response_mode=query&response_type=code&scope=openid+profile+email&state=8231e81eaa774580b7d2506c4d9caa0a' \
  -H 'sec-ch-ua: "Chromium";v="118", "Microsoft Edge";v="118", "Not=A?Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: same-origin' \
  -H 'sec-gpc: 1' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36 Edg/118.0.2088.61' \
  --data-raw '{"scope":"openid profile email","client_id":"web","redirect_uri":"https://own.poscat.moe:8443/oidc-callback.html","flow":"oidc","state":"1af6fa0644598a8b"}' \

Corresponding log:

WRN rejecting identifier HTTP request error="origin does not match request URL" host=own.poscat.moe line=github.com/owncloud/ocis/v2/ocis-pkg/log/logrus_wrapper.go:50 origin=https://own.poscat.moe:8443 referer=https://own.poscat.moe:8443/signin/v1/identifier?client_id=web&code_challenge=Uehc87BUoZL8kooEVQ3-y7Ic_A2fB0FoMGCDe2UBf8c&code_challenge_method=S256&flow=oidc&redirect_uri=https%3A%2F%2Fown.poscat.moe%3A8443%2Foidc-callback.html&response_mode=query&response_type=code&scope=openid+profile+email&state=f1284dd17b5446afa716c5bcbaf6d942 service=idp user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36 Edg/118.0.2088.61"

Server configuration

Operating system:
NixOS 23.05

Web server:


PHP version:

ownCloud version: (see ownCloud admin page)
OCIS 4.0.2

Updated from an older ownCloud or fresh install:

Where did you install ownCloud from:
Downloaded the binary from official site.

Client configuration


Operating system:

After some code digging, it seems that it’s because the server is hosted on non-standard port. When golang’s net/url parses the referrer url, the returned url’s host is actually host:port, which makes the check in vendor/github.com/libregraph/lico/identifier/handlers.go#L96 (ffs why can’t I post links) to fail. Not sure if I should submit a bug report to OCIS or upstream though.

Just for completeness. Here is corresponding github issue: Login page shows error 400 when hosted on a non-standard port · Issue #7563 · owncloud/ocis · GitHub

1 Like