Codimd: Gitlab OAuth integration throws an internal server error on login

I forgot to say that the login works, I mean, after the error is shown I can access the hackmd root and it shows me logged in.

That's weird.
Did you also change the baseURL to your own server url? https://github.com/hackmdio/hackmd/blob/master/config.json#L36
For example: baseURL: "https://gitlab.example.com/"

I only tried on the GitLab itself to signin so maybe there is an issue.

Yup, I've it defined. I had it without the trailing slash, but I've just tried adding it and it still throws the internal server error.

I even tried to re-create the entire OAuth application (so I've added a new Client ID and a new Client Secret values) and it still throws the error.

btw, should I create a new issue for the logout redirect loop?

Let's solve this issue first before create that redirect loop issue, I think these might related.

Could you try to use the https://gitlab.com to oauth the users?
That's the environment I used to test and it was working fine.
And above error message The provided authorization grant is invalid, expired, revoked... was sent from your gitlab.

I think this might related to the oauth settings but not sure which side.
Which version of gitlab are you using?
I saw this issue on the internet https://gitlab.com/gitlab-org/gitlab-ce/issues/1610

I'm using the latest version of gitlab, which right now is 8.9.4.

Let me try with gitlab.com and I'll tell you.

So I tried search on the net.

It said the logout redirect loop is cause by the auth failure.
So the logout process will also check the if you auth already, if fail will try to auth you again.
Maybe that's the reason.
http://stackoverflow.com/questions/16861903/passport-authentication-failure-leads-to-redirect-loop

But the logout does not throw errors to the log :\

May you provide the logs between you click logout and show up redirect loop?
I will see what I can help.

Here are the logs when I logout.

After trying with gitlab.com, I've the same issue:

2016-07-08T01:06:57.862Z - info: ::ffff:172.17.0.1 - - [08/Jul/2016:01:06:57 +0000] "GET /auth/gitlab/callback?code=sha-removed-just-in-case HTTP/1.0" 302 44 "https://gitlab.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"

2016-07-08T01:06:57.898Z - info: Executing (default): SELECT "sid", "expires", "data", "createdAt", "updatedAt" FROM "Sessions" AS "Session" WHERE "Session"."sid" = 'domrecu35GpEqmoORQXnjbPx4X5JywTV';
2016-07-08T01:06:57.903Z - info: Executing (default): SELECT "id", "profileid", "profile", "history", "accessToken", "refreshToken", "createdAt", "updatedAt" FROM "Users" AS "User" WHERE "User"."id" = '084c3ec1-5fae-4446-a438-a82c0b40e5ec';
2016-07-08T01:06:57.905Z - info: deserializeUser: 084c3ec1-5fae-4446-a438-a82c0b40e5ec
TokenError: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
    at Strategy.OAuth2Strategy.parseErrorResponse (/hackmd/node_modules/passport-oauth2/lib/strategy.js:320:12)
    at Strategy.OAuth2Strategy._createOAuthError (/hackmd/node_modules/passport-oauth2/lib/strategy.js:367:16)
    at /hackmd/node_modules/passport-oauth2/lib/strategy.js:166:45
    at /hackmd/node_modules/oauth/lib/oauth2.js:177:18
    at passBackControl (/hackmd/node_modules/oauth/lib/oauth2.js:123:9)
    at IncomingMessage.<anonymous> (/hackmd/node_modules/oauth/lib/oauth2.js:143:7)
    at emitNone (events.js:91:20)
    at IncomingMessage.emit (events.js:185:7)
    at endReadableNT (_stream_readable.js:934:12)
    at _combinedTickCallback (internal/process/next_tick.js:74:11)
    at process._tickCallback (internal/process/next_tick.js:98:9)

OK, I'm able to reproduce this now, and even happen in any other sign in methods.
So that Internal Server Error is caused when you try to use the revoked token and that is the expected response.

I found that the issue might be the redirect after auth is fail for some reason and so do the logout.

Fixed in 44e2dab9ee6febdabd306d7a7e24e50d133bfb26
Thank you @elboletaire

Nice!

Hey @jackycute , I don't wanna open a new issue because I'm not sure if it really is an issue.. but since version 0.4.5 I cannot login to gitlab, it throws The redirect URI included is not valid..

I checked the redirect URI twice, and it seems to be ok (I have not changed it since you fixed issue #141). But there's something I find weird. If I try to access manually the callback URI, it redirects me to my Gitlab instance (and I can see again the The redirect URI included is not valid. error).

Is this normal?

PS. I've checked with other OAuth applications and I don't see this behavior there.

No problem, let's solve it.

Could you paste your config.json?
Also the error logs would be great.

Here's my config.json (I've edited the clientID and clientSecret):

{
    "production": {
        "debug": true,
        "urladdport": true,
        "db": {
            "username": "hackmd",
            "password": "hackmdpass",
            "database": "hackmd",
            "host": "hackmdPostgres",
            "port": "5432",
            "dialect": "postgres"
        },
        "gitlab": {
            "baseURL": "https://gitlab.cirici.com/",
            "clientID": "asdafasdaf",
            "clientSecret": "fdasfdsa"
        }
    }
}

The error log does not show anything interesting (just the accesses):

2016-11-16T16:15:28.431Z - info: Executing (default): SELECT "sid", "expires", "data", "createdAt", "updatedAt" FROM "Sessions" AS "Session" WHERE "Session"."sid" = 'N9fVFlhYX3RjzA0FPY_A1uDaYKGIM95u';
2016-11-16T16:15:28.439Z - info: Executing (7bc72e65-32af-45ac-a666-3d8a40bcf4be): START TRANSACTION;
2016-11-16T16:15:28.440Z - info: Executing (7bc72e65-32af-45ac-a666-3d8a40bcf4be): SET SESSION TRANSACTION ISOLATION LEVEL REPEATABLE READ;
2016-11-16T16:15:28.442Z - info: Executing (7bc72e65-32af-45ac-a666-3d8a40bcf4be): SELECT "sid", "expires", "data", "createdAt", "updatedAt" FROM "Sessions" AS "Session" WHERE "Session"."sid" = 'N9fVFlhYX3RjzA0FPY_A1uDaYKGIM95u';
2016-11-16T16:15:28.445Z - info: Executing (7bc72e65-32af-45ac-a666-3d8a40bcf4be): COMMIT;
2016-11-16T16:15:28.451Z - info: Executing (default): UPDATE "Sessions" SET "expires"='2016-11-30 16:15:28.434 +00:00',"data"='{"cookie":{"originalMaxAge":1209599999,"expires":"2016-11-30T16:15:28.434Z","httpOnly":true,"path":"/"},"returnTo":"https://md.cirici.com/"}',"updatedAt"='2016-11-16 16:15:28.447 +00:00' WHERE "sid" = 'N9fVFlhYX3RjzA0FPY_A1uDaYKGIM95u'
2016-11-16T16:15:28.459Z - info: ::ffff:172.17.0.18 - - [16/Nov/2016:16:15:28 +0000] "GET /auth/gitlab HTTP/1.1" 302 0 "https://md.cirici.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0

It seems that I have exactly the same behavior under /auth/gitlab than in /auth/gitlab/callback (at least it does exactly the same accessing them manually).

what's your callback url set in gitlab?
Do you also include to port in that callback url since you set urladdport to true in config.json.

I don't remember to have added that manually, probably copy-pasted accidentally.

The callback setup in gitlab is https://md.cirici.com/auth/gitlab/callback. Should I add the port 443 to it? Or better, maybe remove the urladdport (or set it to false)?

Sorry for late reply.
The urladdport won't work on port 80 and 443 (also mean HTTP and HTTPS default port), so no worries.

You have to set domain to md.cirici.com since you're not using the default url.
And also set protocolusessl to true since you using https in your url.

Awesome @jackycute now everything works perfectly! Thanks 😄