Windows Desktop App - The provided credentials are not correct

I started having this problem after removing the existing connection - when I tried to recreate it, I got the error that my credential were invalid. I updated the Server from 10.5 to 10.7 - same issue - I removed and reinstalled oauth2 - different problem that was due to a client_id/secret inconsistency between the client and the server, I updated the DB and now I am back to the invalid credentials. The user can log into the Web UI no problem, but the client is unable to connect using oauth2.

As a work around I have disabled oauth2 and created an app password/token. This is working, fine, but I would like to get the oauth2 working.

Expected behaviour

Tell us what should happen

Actual behaviour

Tell us what happens instead

Steps to reproduce

  1. Launch desktop app
  2. Click Add Account
  3. Enter URL
  4. Launches web - enter credentials
  5. Select Authorize
  6. Web UI indicates successfully authorized
  7. Client indicates credentials are not correct

Server configuration

Operating system:CentOS 7

Web server: Apache

Database: Mysql

PHP version:7.0.27

ownCloud version:10.7.04

Storage backend (external storage): SAN (DotHill - 8G Fiber)

Client configuration

Client version: 2.9.05150

Operating system: Windows 10 Professional

OS language: English

Qt version used by client package (Linux only, see also Settings dialog):

Client package (From ownCloud or distro) (Linux only):

Installation path of client: c:\program files\owncloud

Logs

Please use Gist (https://gist.github.com/) or a similar code paster for longer
logs.

Template for output < 10 lines

  1. Client logfile: Output of owncloud --logwindow or owncloud --logfile log.txt
    (On Windows using cmd.exe, you might need to first cd into the ownCloud directory)
    (See also http://doc.owncloud.org/desktop/2.2/troubleshooting.html#client-logfile )
    09-29 10:58:18:045 [ debug sync.networkjob ] [ OCC::AbstractNetworkJob::needsRetry ]: Not Retry auth job OCC::SimpleNetworkJob(“https://owncloud/.well-known/openid-configuration”, “9f7c110d-d95e-4d09-9ca0-ba197f6b2726”, “9f7c110d-d95e-4d09-9ca0-ba197f6b2726”, “Error transferring https://owncloud/.well-known/openid-configuration - server replied: Not Found”) QUrl(“https://owncloud/.well-known/openid-configuration”)
    09-29 10:58:18:045 [ warning sync.networkjob ]: OCC::SimpleNetworkJob(“https://owncloud/.well-known/openid-configuration”, “9f7c110d-d95e-4d09-9ca0-ba197f6b2726”, “9f7c110d-d95e-4d09-9ca0-ba197f6b2726”, “Error transferring https://owncloud/.well-known/openid-configuration - server replied: Not Found”) QNetworkReply::ContentNotFoundError “Server replied “404 Not Found” to “GET https://owncloud/.well-known/openid-configuration”” 404
    09-29 10:58:18:045 [ info sync.accessmanager ]: 4 “” “https://owncloud/index.php/apps/oauth2/api/v1/token” has X-Request-ID “68d9b2f3-6c85-4124-8432-a3bdeba88783”
    09-29 10:58:18:045 [ debug sync.cookiejar ] [ OCC::CookieJar::cookiesForUrl ]: QUrl(“https://owncloud/index.php/apps/oauth2/api/v1/token”) requests: (QNetworkCookie(“ocxiubi089tc=2davj6ipa5oekohorm5p0mtko3; secure; HttpOnly; domain=owncloud; path=/”), QNetworkCookie(“oc_sessionPassphrase=jIMMXJjq10r6HviaE4pvwxPP%2B1sDl1RiYQzT5Y5HXiSnIu1X2ZwyOiWuFHvVsijV0W7GvtI08Q210HCuYoCXWYvyU%2FODqJHkrmHuBaoYPTvfIMh%2FxP6MWdmMyeQ0ftzm; secure; HttpOnly; domain=owncloud; path=/”))
    09-29 10:58:18:045 [ info sync.httplogger ]: “68d9b2f3-6c85-4124-8432-a3bdeba88783: Request: POST https://owncloud/index.php/apps/oauth2/api/v1/token Header: { Authorization: Basic [redacted], Content-Type: application/x-www-form-urlencoded; charset=UTF-8, User-Agent: Mozilla/5.0 (Windows) mirall/2.9.0 (build 5150) (ownCloud, windows-10.0.19043 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: /, X-Request-ID: 68d9b2f3-6c85-4124-8432-a3bdeba88783, Original-Request-ID: 68d9b2f3-6c85-4124-8432-a3bdeba88783, Content-Length: 305, Cookie: ocxiubi089tc=2davj6ipa5oekohorm5p0mtko3; oc_sessionPassphrase=jIMMXJjq10r6HviaE4pvwxPP%2B1sDl1RiYQzT5Y5HXiSnIu1X2ZwyOiWuFHvVsijV0W7GvtI08Q210HCuYoCXWYvyU%2FODqJHkrmHuBaoYPTvfIMh%2FxP6MWdmMyeQ0ftzm, } Data: [client_id=&client_secret==openid%20offline_access%20email%20profile&grant_type=refresh_token&refresh_token=fieoDB1OTaXjBelouuajVHFx3ApypkDJqcFu1ry6GzQ9IM5v1zzKk5smRGBrjg05]”
    09-29 10:58:18:045 [ info sync.networkjob ]: Created OCC::SimpleNetworkJob(“https://owncloud/index.php/apps/oauth2/api/v1/token”, “68d9b2f3-6c85-4124-8432-a3bdeba88783”, “68d9b2f3-6c85-4124-8432-a3bdeba88783”) for OCC::OAuth(0x1d7badefa00)
    09-29 10:58:18:045 [ debug sync.networkjob ] [ OCC::AbstractNetworkJob::slotFinished ]: Network job finished OCC::SimpleNetworkJob(“https://owncloud/.well-known/openid-configuration”, “9f7c110d-d95e-4d09-9ca0-ba197f6b2726”, “9f7c110d-d95e-4d09-9ca0-ba197f6b2726”, “Error transferring https://owncloud/.well-known/openid-configuration - server replied: Not Found”)
    09-29 10:58:18:266 [ info sync.httplogger ]: “68d9b2f3-6c85-4124-8432-a3bdeba88783: Response: POST 200 https://owncloud/index.php/apps/oauth2/api/v1/token Header: { Date: Wed, 29 Sep 2021 16:58:19 GMT, Server: Apache/2.4.6 (CentOS) PHP/7.2.34, X-Powered-By: PHP/7.2.34, Expires: Thu, 19 Nov 1981 08:52:00 GMT, Cache-Control: no-cache, no-store, must-revalidate, Pragma: no-cache, Content-Security-Policy: default-src ‘none’;manifest-src ‘self’;script-src ‘self’ ‘unsafe-eval’;style-src ‘self’ ‘unsafe-inline’;img-src ‘self’ data: blob:;font-src ‘self’;connect-src ‘self’;media-src ‘self’, X-XSS-Protection: 0, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-Robots-Tag: none, X-Download-Options: noopen, X-Permitted-Cross-Domain-Policies: none, Content-Length: 323, Keep-Alive: timeout=5, max=98, Connection: Keep-Alive, Content-Type: application/json; charset=utf-8, } Data: [{“access_token”:“LMtt8B9OfpLIPPOLrk1sVcoGWscqgr2fn7FTlDh8ADFZszAXPrk4lmhEu9gyc3UX”,“token_type”:“Bearer”,“expires_in”:3600,“refresh_token”:“LdgGqn3fBwMRbRVkXDJq0hqXTCVCRm6CCsBjiDrflrvDrQ8sHqhCFCdrM83Sy2yn”,“user_id”:“beau”,“message_url”:“https:\/\/owncloud\/index.php\/apps\/oauth2\/authorization-successful”}]”
    09-29 10:58:18:266 [ info sync.credentials.manager ]: set “ownCloud_credentials:owncloud:9c747aa5-5749-47e7-b5b1-2228202de0bf:http/oauthtoken”
    09-29 10:58:18:266 [ debug sync.networkjob.jobqueue ] [ OCC::JobQueue::unblock ]: unblock: 0 “beau@owncloud”
    09-29 10:58:18:266 [ debug sync.networkjob ] [ OCC::AbstractNetworkJob::slotFinished ]: Network job finished OCC::SimpleNetworkJob(“https://owncloud/index.php/apps/oauth2/api/v1/token”, “68d9b2f3-6c85-4124-8432-a3bdeba88783”, “68d9b2f3-6c85-4124-8432-a3bdeba88783”)
    09-29 10:58:18:280 [ info sync.credentials.manager ]: added “ownCloud_credentials:owncloud:9c747aa5-5749-47e7-b5b1-2228202de0bf:http/oauthtoken”
    09-29 10:58:31:083 [ debug gui.wizard ] [ OCC::OwncloudWizard::slotCurrentPageChanged ]: Current Wizard page changed to -1
    09-29 10:58:33:389 [ info gui.account.manager ]: Saved all account settings, status: QSettings::NoError
    09-29 10:58:33:416 [ debug gui.socketapi ] [ OCC::SocketApi::~SocketApi ]: dtor
    09-29 10:58:33:416 [ info gui.socketapi ]: Lost connection QLocalSocket(0x1d7b7c13b00)
    09-29 10:58:33:416 [ info gui.socketapi ]: Lost connection QLocalSocket(0x1d7b7c13f80)

  2. Web server error log: no errors logged in /var/log/httpd/error_log

  3. Server logfile: ownCloud log (data/owncloud.log):
    {“reqId”:“YVSWGhNVnbXmxDv2NYVnmAAAAAY”,“level”:0,“time”:“2021-09-29T16:36:42+00:00”,“remoteAddr”:“192.168.1.31”,“user”:“beau”,“app”:“OC\User\Session::validateToken”,“method”:“GET”,“url”:"/ocs/v2.php/apps/notifications/api/v1/notifications?format=json",“message”:“token 6c3ac1ae1a8a41e1b2fe3e916d2efba3fda27a10506f2529e7934ebc00b59ef62b8620def06d4c82bf7adaf2d5cc6a2d07edcc2bca826e92406fadc1f2f36b4f with token id 1417 found, validating”}
    {“reqId”:“YVSWLdmDtPJ2cbqq-PMlkgAAAAQ”,“level”:0,“time”:“2021-09-29T16:37:01+00:00”,“remoteAddr”:“192.168.1.31”,“user”:“beau”,“app”:“OC\User\Session::validateToken”,“method”:“GET”,“url”:"/ocs/v2.php/apps/notifications/api/v1/notifications?format=json",“message”:“token 6c3ac1ae1a8a41e1b2fe3e916d2efba3fda27a10506f2529e7934ebc00b59ef62b8620def06d4c82bf7adaf2d5cc6a2d07edcc2bca826e92406fadc1f2f36b4f with token id 1417 found, validating”}
    {“reqId”:“YVSWLdmDtPJ2cbqq-PMlkgAAAAQ”,“level”:0,“time”:“2021-09-29T16:37:01+00:00”,“remoteAddr”:“192.168.1.31”,“user”:“beau”,“app”:“OC\User\Session::validateToken”,“method”:“GET”,“url”:"/ocs/v2.php/apps/notifications/api/v1/notifications?format=json",“message”:“token 6c3ac1ae1a8a41e1b2fe3e916d2efba3fda27a10506f2529e7934ebc00b59ef62b8620def06d4c82bf7adaf2d5cc6a2d07edcc2bca826e92406fadc1f2f36b4f with token id 1417 found, validating”}
    {“reqId”:“YVSWOBN9vEniX@5GygOkSgAAAAA”,“level”:0,“time”:“2021-09-29T16:37:12+00:00”,“remoteAddr”:“192.168.1.31”,“user”:“beau”,“app”:“OC\User\Session::validateToken”,“method”:“GET”,“url”:"/ocs/v2.php/apps/notifications/api/v1/notifications?format=json",“message”:“token 6c3ac1ae1a8a41e1b2fe3e916d2efba3fda27a10506f2529e7934ebc00b59ef62b8620def06d4c82bf7adaf2d5cc6a2d07edcc2bca826e92406fadc1f2f36b4f with token id 1417 found, validating”}
    {“reqId”:“YVSWOBN9vEniX@5GygOkSgAAAAA”,“level”:0,“time”:“2021-09-29T16:37:12+00:00”,“remoteAddr”:“192.168.1.31”,“user”:“beau”,“app”:“OC\User\Session::validateToken”,“method”:“GET”,“url”:"/ocs/v2.php/apps/notifications/api/v1/notifications?format=json",“message”:“token 6c3ac1ae1a8a41e1b2fe3e916d2efba3fda27a10506f2529e7934ebc00b59ef62b8620def06d4c82bf7adaf2d5cc6a2d07edcc2bca826e92406fadc1f2f36b4f with token id 1417 found, validating”}
    {“reqId”:“YVSWSwGVHOOKg8ahgNGVUwAAAAU”,“level”:0,“time”:“2021-09-29T16:37:31+00:00”,“remoteAddr”:“192.168.1.31”,“user”:“beau”,“app”:“OC\User\Session::validateToken”,“method”:“GET”,“url”:"/ocs/v2.php/apps/notifications/api/v1/notifications?format=json",“message”:“token 6c3ac1ae1a8a41e1b2fe3e916d2efba3fda27a10506f2529e7934ebc00b59ef62b8620def06d4c82bf7adaf2d5cc6a2d07edcc2bca826e92406fadc1f2f36b4f with token id 1417 found, validating”}
    {“reqId”:“YVSWSwGVHOOKg8ahgNGVUwAAAAU”,“level”:0,“time”:“2021-09-29T16:37:31+00:00”,“remoteAddr”:“192.168.1.31”,“user”:“beau”,“app”:“OC\User\Session::validateToken”,“method”:“GET”,“url”:"/ocs/v2.php/apps/notifications/api/v1/notifications?format=json",“message”:“token 6c3ac1ae1a8a41e1b2fe3e916d2efba3fda27a10506f2529e7934ebc00b59ef62b8620def06d4c82bf7adaf2d5cc6a2d07edcc2bca826e92406fadc1f2f36b4f with token id 1417 found, validating”}
    {“reqId”:“YVSWVkVIoUBisJy0akI6hQAAAAo”,“level”:0,“time”:“2021-09-29T16:37:43+00:00”,“remoteAddr”:“192.168.1.31”,“user”:“beau”,“app”:“OC\User\Session::validateToken”,“method”:“GET”,“url”:"/ocs/v2.php/apps/notifications/api/v1/notifications?format=json",“message”:“token 6c3ac1ae1a8a41e1b2fe3e916d2efba3fda27a10506f2529e7934ebc00b59ef62b8620def06d4c82bf7adaf2d5cc6a2d07edcc2bca826e92406fadc1f2f36b4f with token id 1417 found, validating”}
    {“reqId”:“YVSWVkVIoUBisJy0akI6hQAAAAo”,“level”:0,“time”:“2021-09-29T16:37:43+00:00”,“remoteAddr”:“192.168.1.31”,“user”:“beau”,“app”:“OC\Authentication\Token\DefaultTokenProvider::updateTokenActivity”,“method”:“GET”,“url”:"/ocs/v2.php/apps/notifications/api/v1/notifications?format=json",“message”:“updating activity of token 1417 to 1632933463”}
    {“reqId”:“YVSWVkVIoUBisJy0akI6hQAAAAo”,“level”:0,“time”:“2021-09-29T16:37:43+00:00”,“remoteAddr”:“192.168.1.31”,“user”:“beau”,“app”:“OC\User\Session::validateToken”,“method”:“GET”,“url”:"/ocs/v2.php/apps/notifications/api/v1/notifications?format=json",“message”:“token 6c3ac1ae1a8a41e1b2fe3e916d2efba3fda27a10506f2529e7934ebc00b59ef62b8620def06d4c82bf7adaf2d5cc6a2d07edcc2bca826e92406fadc1f2f36b4f with token id 1417 found, validating”}

Check installed modules.
https://doc.owncloud.com/server/latest/admin_manual/configuration/server/security/oauth2.html#requirements

Please advise what in the logs is suggesting one of the modules? And does it also suggest which module? Because if it does, I will be honest, I don’t see it.

I actually suspect that this problem is because of the load balancer (reverse proxy) and I am pursuing that avenue at this time. Just leaving the post up in case someone out there actually had the same issue and came up with some other solution.

https://social.microsoft.com/Forums/en-US/e9a3d887-8223-4446-9018-a6613a049712/using-owin-for-oauth2-behind-http-reverse-proxy-or-load-balance