Error: Data too long for column 'access_token'

[zblesk]

I'm trying to make OIDC login work with Authentik.
This is still my config:

    environment:
      HTTP_SERVER_PORT: 80
      HTTP_SERVER_CORS: "*"
      DATABASE_DRIVER: mysql
      DATABASE_NAME: pastefy
      DATABASE_USER: pastefyusr
      DATABASE_PASSWORD: passwd
      DATABASE_HOST: mariadb
      DATABASE_PORT: 3306
      SERVER_NAME: "https://domain"
      OAUTH2_CUSTOM_CLIENT_ID: id
      OAUTH2_CUSTOM_CLIENT_SECRET: passwd
      OAUTH2_CUSTOM_AUTH_ENDPOINT: https://domain/application/o/authorize/
      OAUTH2_CUSTOM_TOKEN_ENDPOINT: https://domain/application/o/token/
      OAUTH2_CUSTOM_USERINFO_ENDPOINT: https://domain/application/o/userinfo/

You've already helped me get over the first problem.

The next one was an error saying I don't have the right redirect_uri. With some reading here and some guesswork, the error stopped showing up after I set a strict redirect url to: https://domain/api/v2/auth/oauth2/oidc/callback.

Now most of the flow looks correct: I get redirected to Authentik, confirm, get redirected back and get this error:

{
  "success": false,
  "exception": "InvocationTargetException",
  "error": true,
  "exists": false
}

The URL I see this on is https://domain/api/v2/auth/oauth2/oidc/callback?code=bdc7d862fb374c2d85a350b7e04cbe7d&state=

when I check out logs in docker-compose, I see this:

pastefy  | Caused by: org.javawebstack.orm.exception.ORMQueryException: Data truncation: Data too long for column 'access_token' at row 1
pastefy  |      at org.javawebstack.orm.Repo.executeCreate(Repo.java:131)
pastefy  |      at org.javawebstack.orm.Repo.create(Repo.java:93)
pastefy  |      at org.javawebstack.orm.Repo.save(Repo.java:86)
pastefy  |      ... 17 more
pastefy  | java.lang.reflect.InvocationTargetException
pastefy  |      at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
pastefy  |      at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
pastefy  |      at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
pastefy  |      at java.base/java.lang.reflect.Method.invoke(Method.java:569)
pastefy  |      at org.javawebstack.orm.Model.save(Model.java:130)
pastefy  |      at de.interaapps.pastefy.auth.OAuth2Callback.handle(OAuth2Callback.java:44)
pastefy  |      at de.interaapps.pastefy.auth.strategies.oauth2.OAuth2Strategy.lambda$createRoutes$1(OAuth2Strategy.java:36)
pastefy  |      at org.javawebstack.http.router.HTTPRouter.execute(HTTPRouter.java:399)
pastefy  |      at org.javawebstack.http.router.HTTPRouter.lambda$start$2(HTTPRouter.java:337)
pastefy  |      at org.javawebstack.http.router.undertow.UndertowHTTPSocketServer.lambda$start$1(UndertowHTTPSocketServer.java:50)
pastefy  |      at io.undertow.server.Connectors.executeRootHandler(Connectors.java:395)
pastefy  |      at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859)
pastefy  |      at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
pastefy  |      at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
pastefy  |      at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
pastefy  |      at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
pastefy  |      at java.base/java.lang.Thread.run(Thread.java:840)

I'm not sure if this is a bug, or a config error on my part.
Thanks for any help.

[djonko]

Same issue on my side, I am using Authentik

[Fastjur]

I'm having this same issue, using Authentik!

[Fastjur]

Possibly interesting to note. For me it only worked when specifying the OAUTH variables using OAUTH2_OIDC_... instead of OAUTH2_CUSTOM_....

E.g.: OAUTH2_OIDC_CLIENT_ID: [myClientId]

[djonko]

@Fastjur please could you share your config variable for authentik ? My is ... but it doesn't work

 AUTH_PROVIDER: OIDC  
 OAUTH2_OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
 OAUTH2_OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}
 OAUTH2_OIDC_AUTH_ENDPOINT: ${OIDC_AUTH_ENDPOINT}
 OAUTH2_OIDC_TOKEN_ENDPOINT: ${OIDC_TOKEN_ENDPOINT}
 OAUTH2_OIDC_USERINFO_ENDPOINT: ${OIDC_USERINFO_ENDPOINT} 

[Fastjur]

Sorry for the confusion. I am having the same problem as is reported in this issue, where you get:

{
  "success": false,
  "exception": "InvocationTargetException",
  "error": true,
  "exists": false
}

But for me to even get to that point, I had to change CUSTOM to OIDC. Mine looks exactly like yours, minus the AUTH_PROVIDER. Thus:

 OAUTH2_OIDC_CLIENT_ID: ${OIDC_CLIENT_ID}
 OAUTH2_OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET}
 OAUTH2_OIDC_AUTH_ENDPOINT: ${OIDC_AUTH_ENDPOINT}
 OAUTH2_OIDC_TOKEN_ENDPOINT: ${OIDC_TOKEN_ENDPOINT}
 OAUTH2_OIDC_USERINFO_ENDPOINT: ${OIDC_USERINFO_ENDPOINT} 

[Fastjur]

Did you guys figure out a way around this already?

[zzahkaboom24]

I just became interested in this as well.
Thanks to your tips of changing CUSTOM to OIDC, now I am working towards implementing Authentik properly with Pastefy myself.
I'll let you know if I found something.

[zzahkaboom24]

Okay, I got past the login.

When checking the MariaDB, I saw the access_token inside pastefy_auth_keys being set to varchar(255).
I changed it from varchar(255) to text and the login in Pastefy worked.
I did not restart the Pastefy Docker container, because if I do, it breaks on me and I have yet to figure this out.
That's the commands I used inside the MariaDB Docker container:

mariadb -u root -p${MYSQL_ROOT_PASSWORD}
USE pastefy;
SHOW COLUMNS FROM pastefy_auth_keys;
ALTER TABLE pastefy_auth_keys MODIFY COLUMN access_token TEXT;

[djonko]

Okay, I got past the login.

When checking the MariaDB, I saw the access_token inside pastefy_auth_keys being set to varchar(255). I changed it from varchar(255) to text and the login in Pastefy worked. I did not restart the Pastefy Docker container, because if I do, it breaks on me and I have yet to figure this out. That's the commands I used inside the MariaDB Docker container:

mariadb -u root -p${MYSQL_ROOT_PASSWORD}
USE pastefy;
SHOW COLUMNS FROM pastefy_auth_keys;
ALTER TABLE pastefy_auth_keys MODIFY COLUMN access_token TEXT;

I just tried it, and it worked with Authentic. thanks @zzahkaboom24

[JulianFun123]

@djonko pastefy automigrates the database on start. Set PASTEFY_AUTOMIGRATE=false to disable it.

Fix for this will be there in the future. How long do authentik keys get?

[djonko]

@djonko pastefy automigrates the database on start. Set PASTEFY_AUTOMIGRATE=false to disable it.

Fix for this will be there in the future. How long do authentik keys get?

access_token off my last added row is ~ 1700 caracters

[djonko]

@JulianFun123 what is the side effect of PASTEFY_AUTOMIGRATE=false ? Am I able to continue get new update after that ?

[JulianFun123]

It'll disable automatic migration of the Database.
The sideeffect is that you need to alter tables in future pastefy updates (if there are any changes to the database) if the access token length doesn't get increased in a future update.

[djonko]

It'll disable automatic migration of the Database. The sideeffect is that you need to alter tables in future pastefy updates (if there are any changes to the database) if the access token length doesn't get increased in a future update.

ok thanks. Could you add the access_token column adjustment in future release or better fix ? thanks in advance

[MrRubberDucky]

For anyone stumbling upon this while setting up their own stuff, what zzahkaboom24 said will fix it. Though with Pocket ID, I also needed to set another column to Text in order for it to work properly.

mariadb -u root -p
USE pastefy;
SHOW COLUMNS FROM pastefy_auth_keys;
ALTER TABLE pastefy_auth_keys MODIFY COLUMN access_token TEXT;
ALTER TABLE pastefy_auth_keys MODIFY COLUMN refresh_token TEXT;

...and also make sure that following environmental variable is set to false: PASTEFY_AUTOMIGRATE=false so it doesn't revert it back to what it was before.

Just leaving this here in case it helps somebody out.