Describe the bug
When login/consent cancel, public server(/oauth2/auth?client_id=...) returns an error after #1758
Reproducing the bug(Login)
Steps to reproduce the behavior:
https://127.0.0.1:3030/callback?error=server_error&error_debug=The+login+request+was+previously+remembered+and+can+only+be+forgotten+using+the+reject+feature.&error_description=The+authorization+server+encountered+an+unexpected+condition+that+prevented+it+from+fulfilling+the+request&state=RdQSwXfR%2F6B3uNk%2B15RxcA%3D%3D
{"debug":"The login request was previously remembered and can only be forgotten using the reject feature.","description":"The authorization server encountered an unexpected condition that prevented it from fulfilling the request","error":"server_error","level":"error","msg":"An error occurred","time":"2020-04-09T05:47:14Z"}
{"level":"debug","msg":"Stack trace: \ngithub.com/ory/hydra/consent.(*DefaultStrategy).verifyAuthentication\n\t/go/src/github.com/ory/hydra/consent/strategy_default.go:357\ngithub.com/ory/hydra/consent.(*DefaultStrategy).HandleOAuth2AuthorizationRequest\n\t/go/src/github.com/ory/hydra/consent/strategy_default.go:970\ngithub.com/ory/hydra/oauth2.(*Handler).AuthHandler\n\t/go/src/github.com/ory/hydra/oauth2/handler.go:624\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/[email protected]/router.go:334\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2012\ngithub.com/ory/hydra/x.RejectInsecureRequests.func1\n\t/go/src/github.com/ory/hydra/x/tls_termination.go:83\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:261\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/hydra/metrics/prometheus.(*MetricsManager).ServeHTTP\n\t/go/src/github.com/ory/hydra/metrics/prometheus/middleware.go:26\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/reqlog.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/reqlog/middleware.go:140\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2807\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1895\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1373","time":"2020-04-09T05:47:14Z"}
Reproducing the bug(Consent)
Server configuration
log:
level: "debug"
format: json
serve:
public:
port: 4444
admin:
port: 4445
tls:
allow_termination_from:
- "192.168.0.0/24"
- "127.0.0.1/32"
dsn: "mysql://[REDUCTED]:[REDUCTED]@tcp(mysql:3306)/hydra?parseTime=true&collation=utf8mb4_bin"
webfinger:
oidc_discovery:
userinfo_url: "http://localhost:3000/api/oidc/v1/userinfo"
urls:
self:
issuer: "https://127.0.0.1:8080"
login: "http://localhost:3000/oidc/login"
consent: "http://localhost:3000/oidc/consent"
ttl:
login_consent_request: 1h
access_token: 1h
refresh_token: 672h
id_token: 1h
auth_code: 10m
oauth2:
expose_internal_errors: "true"
secrets:
system:
- SystemSecret12345
- SystemSecret1234
cookie:
- CookieSecret12345
- CookieSecret1234
Environment
I'm seeing the same error and stack trace after upgrading to v1.4.2. As a result, after rejecting a login request, the following error is returned to the client (as error description):
"The authorization server encountered an unexpected condition that prevented it from fulfilling the request"
instead of the actual error description that was passed from login-consent app.
Ok so the issue is that the actual error message is not being set but instead an internal server error message, right?
Was able to reproduce it, working on a fix!
Thanks!
Most helpful comment
Was able to reproduce it, working on a fix!