Fork me on GitHub
#ring
<
2020-03-19
>
Akiz08:03:26

Hi everybody, I am asking for help 🙂. I am using https://github.com/weavejester/ring-oauth2 to use corporate IDP. My application is SPA served on /webpage. And launch_uri (initializes auth) is on /login/. My redirect URI is /login/callback. I do not know what should be set in this route so there is nothing right now. Do I have to have some logic there? When I recieve the code from IDP I am redirected to /login/callback where I recieve state mismatch error. But I can see that state query string parameter is same as the first time I call IDP. Can somebody point me to the right direction as I am hopeless right now? The only hint I found is https://github.com/jupyterhub/jupyterhub/issues/1438 I am not using Auth0 but I am using NGINX with Let'sEncrypt certificate for providing HTTP content over HTTPS. Maybe this can cause some issues? Thank you!

weavejester17:03:50

It’s hard to tell whether or not you’re doing anything wrong without seeing your source code. A state mismatch means that the state passed by the query parameter from your OAuth provider doesn’t match the state stored in the session. So my first question is whether you have your session middleware added correctly, and whether you’re not accidentally overriding it with ring-defaults.

👍 4
Akiz08:03:29

These are routes:

(defroutes routes
  (GET "/" [] greet)
  (GET "/request" [] handle-dump) ;; will be used later for debuging
  (GET "/status" [] handle-driver-status)
  (GET "/login" [] handle-dump)
  (GET "/login/loopback" [] (response/redirect "/"))
  (not-found "Page not found"))
(As I said I am not sure what to do on "login/loopback" which is "redirect_uri", "/" is landing page)
(def app
  (wrap-file-info
   (wrap-resource
    (wrap-params 
     (middleware/wrap-format
      (
       idp-handler
       routes
       )
      ))
    "public")))   
And this is the handler.
(defn idp-handler [routes]
  (wrap-oauth2
   routes
   {:xxx
    {:authorize-uri    ""
     :access-token-uri ""
     :client-id        "????
     :client-secret    "????"
     :scopes           ["openid xxxx"]
     :grant-type       "refresh_token,authorization_code"
     :launch-uri       "/login"
     :redirect-uri     ""
     :landing-uri      "/"}}))