You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/10/15 02:27:24 UTC
[GitHub] [apisix] liuxiran opened a new issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
liuxiran opened a new issue #2426:
URL: https://github.com/apache/apisix/issues/2426
Please answer these questions before submitting your issue.
- Why do you submit this issue?
- [ ] Question or discussion
- [x] Bug
- [ ] Requirements
- [ ] Feature or performance improvement
- [ ] Other
### Bug
- Which version of Apache APISIX Dashboard, OS, and Browser?
1. create a route, enable openid-connect plugin, configs:
```json
{
"name": "api2",
"route_group_id": "de45ec14-317f-4177-8a22-10ab95bd45f7",
"route_group_name": "group1",
"status": true,
"desc": "",
"protocols": ["http"],
"paths": ["/get1"],
"methods": ["GET"],
"upstream_protocol": "https",
"type": "roundrobin",
"plugins": {
"openid-connect": {
"client_id": "kbyuFDidLLm280LIwVFiazOqjO3ty8KH",
"client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa",
"discovery": "https://samples.auth0.com/.well-known/openid-configuration"
}
},
"script": {},
"uris": ["/get1"],
"vars": [],
"upstream": {
"type": "roundrobin",
"nodes": {
"httpbin.org:443": 1
},
"timeout": {
"connect": 6000,
"send": 6000,
"read": 6000
}
},
"upstream_header": {},
"upstream_path": {
"to": "/get"
}
}
```
2. visit this route via chrome, got 500 error
3. got the error log in apisix error.log:
```shell
2020/10/10 06:47:45 [error] 26#26: *6045490 [lua] openidc.lua:1378: authenticate(): request to the redirect_uri path but there's no session state found, client: 192.168.1.145, server: , request: "GET /get HTTP/1.1", host: "192.168.1.145:9
2020/10/10 06:47:45 [error] 26#26: *6045490 [lua] openid-connect.lua:163: phase_func(): failed to authenticate in openidc: request to the redirect_uri path but there's no session state found, client: 192.168.1.145, server: , request: "GET
2020/10/10 06:47:45 [error] 25#25: *6045493 lua entry thread aborted: runtime error: /usr/local/apisix/apisix/plugins/echo.lua:96: attempt to index local 'conf' (a userdata value)
stack traceback:
coroutine 0:
/usr/local/apisix/apisix/plugins/echo.lua: in function 'phase_fun'
[string "route#41ee9eef-564e-4208-86e6-fc6834bd7178"]:17: in function 'phase_func'
/usr/local/apisix/apisix/script.lua:52: in function 'run'
/usr/local/apisix/apisix/init.lua:508: in function 'http_access_phase'
access_by_lua(nginx.conf:173):2: in main chunk, client: 192.168.1.145, server: , request: "GET /favicon.ico HTTP/1.1", host: "192.168.1.145:9080", referrer: "http://192.168.1.145:9080/get"
```
**`redirect_uri` should be a reqired param in openid-connect plugin**
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] liuxiran closed issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
liuxiran closed issue #2426:
URL: https://github.com/apache/apisix/issues/2426
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Xarxavier commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
Xarxavier commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-1083230192
Hello guys, may i know how you resolve this issue?, i have tried this:
https://stackoverflow.com/questions/49338403/openidc-with-keycloak-error-uthenticate-request-to-the-redirect-uri-path-but
but still couldnt get it work.
Thanks in advance.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
moonming commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-713425157
@nic-chen @membphis ping
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Xarxavier removed a comment on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
Xarxavier removed a comment on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-1083230192
Hello guys, may i know how you resolve this issue?, i have tried this:
https://stackoverflow.com/questions/49338403/openidc-with-keycloak-error-uthenticate-request-to-the-redirect-uri-path-but
but still couldnt get it work.
Thanks in advance.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] liuxiran commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
liuxiran commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-714280441
> > ```shell
> > 2020/10/10 06:47:45 [error] 26#26: *6045490 [lua] openid-connect.lua:163: phase_func(): failed to authenticate in openidc: request to the redirect_uri path but there's no session state found, client: 192.168.1.145, server: , request: "GET
> > ```
>
> we got this error, I think it is fine. because you did not set a correct `redirect_uri`.
>
> when missing `redirect_uri`, it'll use `ctx.var.request_uri` as default value: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_uri .
>
> > ```shell
> > 2020/10/10 06:47:45 [error] 25#25: *6045493 lua entry thread aborted: runtime error: /usr/local/apisix/apisix/plugins/echo.lua:96: attempt to index local 'conf' (a userdata value)
> > stack traceback:
> > coroutine 0:
> > /usr/local/apisix/apisix/plugins/echo.lua: in function 'phase_fun'
> > [string "route#41ee9eef-564e-4208-86e6-fc6834bd7178"]:17: in function 'phase_func'
> > /usr/local/apisix/apisix/script.lua:52: in function 'run'
> > /usr/local/apisix/apisix/init.lua:508: in function 'http_access_phase'
> > ```
>
> @liuxiran that is another error message of plugin `echo`, but I do not find you enabled this plugin. so I think this error message is not related to this issue.
@membphis Thank you very much~! since It has nothing wrong about the openid-connect schema, I'll try again to config a right `redirect_uri` :)
then close this issue, thx again~!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-711015085
> I think it's a schema defined bug.
> `redirect_uri` should be required according to the error log.
A new PR to fix this bug is better. welcome PR
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
moonming commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-713460248
yes, `redirect_uri` is optional
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] lemonrains commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
lemonrains commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-978779938
> I had the same problem. https://github.com/zmartzone/lua-resty-openidc/blob/v1.7.2/lib/resty/openidc.lua Line 1361 `local session, session_error = r_session.start(session_opts)` https://github.com/bungle/lua-resty-session/blob/v2.24/lib/resty/session.lua Line 320 `return self, present` session_error receives the value of present,session is not initialized present
I got the same error, how did you solve it finally?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] fukiki commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
fukiki commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-712056117
@nic-chen
If `redirect_uri` is not provided in schema, it will be set by `ngx.var.request_uri`, please see [openid-connect.lua](https://github.com/apache/apisix/blob/master/apisix/plugins/openid-connect.lua#L144), Dose this mean that request_uri already has a default value, request_uri should be optional?
Looking forward to your reply, thx
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] juzhiyuan commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
juzhiyuan commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-708854778
This issue is related to apisix according to @nic-chen's feedback, so I transfer it here.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] lemonrains commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
lemonrains commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-978803473
Refer the following link, I solved my problem.
https://stackoverflow.com/questions/49338403/openidc-with-keycloak-error-uthenticate-request-to-the-redirect-uri-path-but
>Your redirect URI must not be set to "/" but to some arbitrary path that is not supposed to return content (like /redirect_uri). It is a "vanity" URL that is handled by lua-resty-openidc
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-980523127
@lemonrains do we need to update the code or docs of APISIX?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-713435104
@moonming Please confirm which way is correct. You wrote this code.
1. if the `redirect_uri` is a required field.
2. if not, what is the default value? `ctx.var.request_uri`?
https://github.com/apache/apisix/blob/master/apisix/plugins/openid-connect.lua#L143-L146
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-714224798
> ```shell
> 2020/10/10 06:47:45 [error] 26#26: *6045490 [lua] openid-connect.lua:163: phase_func(): failed to authenticate in openidc: request to the redirect_uri path but there's no session state found, client: 192.168.1.145, server: , request: "GET
> ```
we got this error, I think it is fine. because you did not set a correct `redirect_uri`.
when missing `redirect_uri`, it'll use `ctx.var.request_uri` as default value: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_uri .
``` shell
> 2020/10/10 06:47:45 [error] 25#25: *6045493 lua entry thread aborted: runtime error: /usr/local/apisix/apisix/plugins/echo.lua:96: attempt to index local 'conf' (a userdata value)
> stack traceback:
> coroutine 0:
> /usr/local/apisix/apisix/plugins/echo.lua: in function 'phase_fun'
> [string "route#41ee9eef-564e-4208-86e6-fc6834bd7178"]:17: in function 'phase_func'
> /usr/local/apisix/apisix/script.lua:52: in function 'run'
> /usr/local/apisix/apisix/init.lua:508: in function 'http_access_phase'
> ```
@liuxiran that is another error message of plugin `echo`, but I do not find you enabled this plugin. so I think this error message is not related to this issue.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis edited a comment on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
membphis edited a comment on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-714224798
> ```shell
> 2020/10/10 06:47:45 [error] 26#26: *6045490 [lua] openid-connect.lua:163: phase_func(): failed to authenticate in openidc: request to the redirect_uri path but there's no session state found, client: 192.168.1.145, server: , request: "GET
> ```
we got this error, I think it is fine. because you did not set a correct `redirect_uri`.
when missing `redirect_uri`, it'll use `ctx.var.request_uri` as default value: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_uri .
> ``` shell
> 2020/10/10 06:47:45 [error] 25#25: *6045493 lua entry thread aborted: runtime error: /usr/local/apisix/apisix/plugins/echo.lua:96: attempt to index local 'conf' (a userdata value)
> stack traceback:
> coroutine 0:
> /usr/local/apisix/apisix/plugins/echo.lua: in function 'phase_fun'
> [string "route#41ee9eef-564e-4208-86e6-fc6834bd7178"]:17: in function 'phase_func'
> /usr/local/apisix/apisix/script.lua:52: in function 'run'
> /usr/local/apisix/apisix/init.lua:508: in function 'http_access_phase'
> ```
@liuxiran that is another error message of plugin `echo`, but I do not find you enabled this plugin. so I think this error message is not related to this issue.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] nic-chen commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
nic-chen commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-710109807
@membphis
I think it's a schema defined bug.
`redirect_uri` should be required according to the error log.
@liuxiran Could you solve it together, please? It looks like you are solving issues of other plugins's schema 😄
https://github.com/apache/apisix/blob/master/apisix/plugins/openid-connect.lua#L45
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tangjun2012 commented on issue #2426: bug:enable openid-connect plugin without redirect_uri got 500 error
Posted by GitBox <gi...@apache.org>.
tangjun2012 commented on issue #2426:
URL: https://github.com/apache/apisix/issues/2426#issuecomment-754564328
I had the same problem.
https://github.com/zmartzone/lua-resty-openidc/blob/v1.7.2/lib/resty/openidc.lua Line 1361
`local session, session_error = r_session.start(session_opts)`
https://github.com/bungle/lua-resty-session/blob/v2.24/lib/resty/session.lua Line 320
`return self, present`
session_error receives the value of present,session is not initialized present
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org