Mattermost-server: GitLab SSO Issue (Bad Token Type)

Created on 25 Feb 2016 · 9Comments · Source: mattermost/mattermost-server

Having this issue with GitLab Omnibus Package

GitLab 8.5.1
GitLab Shell 2.6.10
GitLab API v3
Git 2.6.2
Ruby 2.1.8p440
Rails 4.2.5.1
PostgreSQL 9.2.10

This is on a totally fresh install (same issue twice).

After selecting "Create Team with GitLab" and authorizing the app (both admin and non admin users) I get the Bad Token Type screen and this shows up in the log

==> /var/log/gitlab/mattermost/mattermost.log <==
[2016/02/25 10:28:24 EST] [EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=4kcpk3yt778x9b6mpscocyrpjh uid= ip=X.X.X.X Bad token type [details: token_type=]

UPDATE:

Looking at the code here it seems that the check on ar.TokenType is failing, but when I manually test the OAuth flow on the GitLab installation with curl

curl https://GITLAB_URI/oauth/token --data 'client_id=APP_ID&client_secret=SECRET&code=CODE_FROM_AUTH_REDIRECT&grant_type=authorization_code&redirect_uri=https%3A%2F%2FMATTERMOST_URI%2Fsignup%2Fgitlab%2Fcomplete'

I get a valid response with token_type: "bearer" in the body JSON

Source

paulbdavis

Most helpful comment

Hey I'm running into this same problem and there aren't many others out there.

What do you mean to real DNS record for your server? Any help here would be greatly appreciated

After i choose 'authorize application' on Gitlab. it redirects me back to Mattermost with a 'Bad Token Type' error

hschoenburg on 29 Sep 2016

👍4

All 9 comments

OK, so by adding in some logs to the relevant section and replacing the binary in /opt/gitlab/embedded/bin I determined that gitlab is responding with a "Not Found" error

==> /var/log/gitlab/mattermost/mattermost.log <==
[2016/02/25 15:32:52 EST] [EROR] token call: curl 'https://GITLAB_URL/oauth/token' --data 'client_id=APP_ID&client_secret=SECRET&code=CODE_FROM_AUTH_REDIRECT&grant_type=authorization_code&redirect_uri=https%3A%2F%2FMATTERMOST_URL%2Fsignup%2Fgitlab%2Fcomplete'
[2016/02/25 15:32:53 EST] [EROR] response contents: {"status":"404","error":"Not Found"}
[2016/02/25 15:32:53 EST] [EROR] AccessResponse: &{AccessToken: TokenType: ExpiresIn:0 Scope: RefreshToken:}
[2016/02/25 15:32:53 EST] [EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=abizy85frbdy5xspa5p9g7545h uid= ip=71.114.51.11 Bad token type [details: token_type=]

However, when I use the curl command that gets logged out, it works.

paulbdavis on 25 Feb 2016

Yikes, this is 100% a non issue, boneheaded mistake on my part (no _real_ DNS record for my servers...). Sorry for the bother.

paulbdavis on 25 Feb 2016

Hey I'm running into this same problem and there aren't many others out there.

What do you mean to real DNS record for your server? Any help here would be greatly appreciated

After i choose 'authorize application' on Gitlab. it redirects me back to Mattermost with a 'Bad Token Type' error

hschoenburg on 29 Sep 2016

👍4

I have this problem, too. I see the behavior described in hschoenburg's post. GitLab used to be able to authenticate Mattermost users. The issue seems to have started when updating from community edition 3.6.2 to 3.9.0.

Could it be issue #6489?

Fonata on 1 Jun 2017

@hschoenburg @fonata @dougthor42 @ertanden @m-aciek @kkirsche

Your issue may be related to https://github.com/mattermost/platform/issues/6489.

Can you try removing the port number from the mattermost['service_site_url'] setting in gitlab.rb?

jasonblais on 1 Jun 2017

👍1

Thanks, Jason! The port tip doesn't apply to us. We have Mattermost installed from the binaries, not from GitLab's Omnibus. Both run on separate servers, thus there is no Mattermost-related entry in gitlab.rb

I realize now I have written to the wrong issue. I'd love to see which URL Mattermost is trying to query for the token, so I'll try to get Mattermost running from sources. Then, I'll hopefully see some DNS or port or http vs. https issue. If I manage to track it down, I'll post it here.

Fonata on 1 Jun 2017

👍2

Thanks @Fonata that would be highly appreciated.