Integration error using OpenID and AWS Cognito #3897

tedivo · 2022-12-02T22:26:24Z

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

I'm trying to integrate BookStackApp with AWS Cognito using OpenID.

Everything has been configured as per the documentation available and the YouTube video, however when I click Login with OIDC, it presents an Unknown Error occurred. See logs showing

Enabling debug logs show this...

production.ERROR: Required parameter not passed: "code" {"exception":"[object] (BadMethodCallException(code: 0): Required parameter not passed: \"code\" at /var/www/docs.example.com/public_html/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php:35)

Exact BookStack Version

22.11

Log Content

Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  production.ERROR: Required parameter not passed: "code" {"exception":"[object] (BadMethodCallException(code: 0): Required parameter not passed: \"code\" at /var/www/docs.example.com/public_html/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php:35)
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  [stacktrace]
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #0 /var/www/docs.example.com/public_html/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php(53): League\\OAuth2\\Client\\Grant\\AbstractGrant->checkRequiredParameter()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #1 /var/www/docs.example.com/public_html/vendor/league/oauth2-client/src/Grant/AbstractGrant.php(76): League\\OAuth2\\Client\\Grant\\AbstractGrant->checkRequiredParameters()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #2 /var/www/docs.example.com/public_html/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(535): League\\OAuth2\\Client\\Grant\\AbstractGrant->prepareRequestParameters()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #3 /var/www/docs.example.com/public_html/app/Auth/Access/Oidc/OidcService.php(78): League\\OAuth2\\Client\\Provider\\AbstractProvider->getAccessToken()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #4 /var/www/docs.example.com/public_html/app/Http/Controllers/Auth/OidcController.php(57): BookStack\\Auth\\Access\\Oidc\\OidcService->processAuthorizeResponse()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #5 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\\Http\\Controllers\\Auth\\OidcController->callback()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #6 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #7 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\\Routing\\ControllerDispatcher->dispatch()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #8 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\\Routing\\Route->runController()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #9 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\\Routing\\Route->run()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #10 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #11 /var/www/docs.example.com/public_html/app/Http/Middleware/CheckGuard.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #12 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\CheckGuard->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #13 /var/www/docs.example.com/public_html/app/Http/Middleware/Localization.php(45): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #14 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\Localization->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #15 /var/www/docs.example.com/public_html/app/Http/Middleware/RunThemeActions.php(26): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #16 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\RunThemeActions->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #17 /var/www/docs.example.com/public_html/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #18 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\CheckEmailConfirmed->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #19 /var/www/docs.example.com/public_html/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #20 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\PreventAuthenticatedResponseCaching->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #21 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #22 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #23 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #24 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #25 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #26 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #27 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Session\\Middleware\\StartSession->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #28 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #29 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #30 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #31 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #32 /var/www/docs.example.com/public_html/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #33 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\ApplyCspRules->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #34 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #35 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\\Pipeline\\Pipeline->then()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #36 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\\Routing\\Router->runRouteWithinStack()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #37 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRoute()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #38 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\\Routing\\Router->dispatchToRoute()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #39 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #40 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #41 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #42 /var/www/docs.example.com/public_html/app/Http/Middleware/TrustProxies.php(41): Illuminate\\Http\\Middleware\\TrustProxies->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #43 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\TrustProxies->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #44 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #45 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #46 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #47 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #48 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #49 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #50 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #51 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #52 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #53 /var/www/docs.example.com/public_html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #54 /var/www/docs.example.com/public_html/public/index.php(53): Illuminate\\Foundation\\Http\\Kernel->handle()
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  #55 {main}
Dec 2 14:16:51  SVPRDTVDDOCS001  laravel.log  "}

PHP Version

7.4.3

Hosting Environment

Ubuntu 20.04.5 LTS installed manually with git clone

The text was updated successfully, but these errors were encountered:

ssddanbrown · 2022-12-02T22:44:40Z

Tracing the error through, I get the impression that query parameters are maybe not being handled here.

Upon attempted login, on return from the OIDC system, do you see a code parameter in the URL?
What webserver are you using? And can you share the (Anonymized) config used?

tedivo · 2022-12-02T22:49:34Z

Hi - thanks for the quick response.

The callback URL does not have a code parameter.
https://docs.example.com/oidc/callback?error_description=invalid_scope&state=c50fdebacf62de85967a572bc94a06d0&error=invalid_request

I'm using Apache web server. which config are you looking for? The apache2.conf or the site conf?

ssddanbrown · 2022-12-02T23:03:53Z

@tedivo That's okay, don't need the server config now based on the URL.

So AWS cognito is returning an "invalid scope" error.
By default BookStack will request the openid, profile & email scopes, not sure what is tripping AWS cognito here. If you've set the OIDC_ADDITIONAL_SCOPES option that could also affect things here.

tedivo · 2022-12-02T23:07:54Z

That was it - perfect! Thank you.

Can you please update the documentation with the scopes that are used by default?

tedivo · 2022-12-02T23:19:03Z

@ssddanbrown - Sorry, one further issue downstream. The login screen from Cognito is now being displayed but once I authenticate, the callback URL is displaying JSON on screen instead of taking me back into the BookStackApp.

Callback URL
https://docs.example.com/oidc/callback?code=2f97bb4a-0eda-4330-93cd-f2ba110bcb95&state=80b51548034bd69f9c36935f50f71e98

JSON displayed
{"at_hash":"iFxK7gMu60p_L-DhSyJAFg","sub":"e958c733-1666-40bb-acdf-9dfea40fc714","email_verified":true,"custom:organization_id":"43eb4c8f-234d-4b29-89b6-000000000000","iss":"https:\/\/cognito-idp.us-west-1.amazonaws.com\/us-west-1_cEGDILpY4","cognito:username":"e958c733-1666-40bb-acdf-9dfea40fc714","origin_jti":"b853717e-9588-4c3a-8d3b-372fb1839f1a","aud":"4kb2r55a3c0flt8p9fircvfag3","event_id":"116d622b-5868-4841-99e6-5bf88bf60918","token_use":"id","auth_time":1670022961,"name":"Mark","exp":1670026561,"iat":1670022961,"family_name":"PTL","jti":"a1c94201-6bba-4da9-8cb6-2835d8d3aa2e","email":"mark@example.com"}

ssddanbrown · 2022-12-02T23:20:20Z

@tedivo Do you currently have the OIDC_DUMP_USER_DETAILS option set to true?

tedivo · 2022-12-02T23:21:48Z

Yes - I did :-(

I'm sorry. Set to false and it works perfectly now!

tedivo added the 🐕 Support label Dec 2, 2022

tedivo closed this as completed Dec 2, 2022

tedivo reopened this Dec 2, 2022

tedivo closed this as completed Dec 2, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Integration error using OpenID and AWS Cognito #3897

Integration error using OpenID and AWS Cognito #3897

tedivo commented Dec 2, 2022 •

edited by ssddanbrown

Loading

ssddanbrown commented Dec 2, 2022

tedivo commented Dec 2, 2022

ssddanbrown commented Dec 2, 2022

tedivo commented Dec 2, 2022

tedivo commented Dec 2, 2022 •

edited

Loading

ssddanbrown commented Dec 2, 2022

tedivo commented Dec 2, 2022

Integration error using OpenID and AWS Cognito #3897

Integration error using OpenID and AWS Cognito #3897

Comments

tedivo commented Dec 2, 2022 • edited by ssddanbrown Loading

Attempted Debugging

Searched GitHub Issues

Describe the Scenario

Exact BookStack Version

Log Content

PHP Version

Hosting Environment

ssddanbrown commented Dec 2, 2022

tedivo commented Dec 2, 2022

ssddanbrown commented Dec 2, 2022

tedivo commented Dec 2, 2022

tedivo commented Dec 2, 2022 • edited Loading

ssddanbrown commented Dec 2, 2022

tedivo commented Dec 2, 2022

tedivo commented Dec 2, 2022 •

edited by ssddanbrown

Loading

tedivo commented Dec 2, 2022 •

edited

Loading