Skip to content

State Token not Passed Using Oauth2 #903

New issue
New issue
Closed
Closed
State Token not Passed Using Oauth2#903
@quangola

Description

@quangola
quangola
opened on Jul 3, 2018

What is the issue or idea you have?

STF does not appear to be passing the state token to the Oauth2 provider (IBM Security Access Manager) when running "local" with a public IP

Please provide the steps to reproduce the issue.
Running an instance of STF local with a remote Nginx server doing HTTPS (configured per deployment guide)

  1. Launch STF:
export STF_AUTH_OAUTH2_OAUTH_CLIENT_SECRET=XXXXXXX
export STF_AUTH_OAUTH2_OAUTH_CALLBACK_URL=https://XXXXXXX/auth/oauth/callback
export STF_AUTH_OAUTH2_OAUTH_USERINFO_URL=https://XXXXXXX/mga/sps/oauth/oauth20/introspect
export STF_AUTH_OAUTH2_OAUTH_SCOPE=openid email
export STF_AUTH_OAUTH2_OAUTH_CLIENT_ID=XXXXXXX
export STF_AUTH_OAUTH2_OAUTH_AUTHORIZATION_URL=https://XXXXXXX/mga/sps/oauth/oauth20/authorize
export STF_AUTH_OAUTH2_OAUTH_TOKEN_URL=https://XXXXXXX/mga/sps/oauth/oauth20/token

stf local --public-ip XXXXXXX --lock-rotation --auth-type oauth2

What is the expected behavior?

I'd expect the state token to be sent to the authentication provider

Do you see errors or warnings in the stf local output? If so, please paste them or the full log here.

AuthorizationError: FBTOAU202E The required parameter: [state] was not found in the request.
    at Strategy.OAuth2Strategy.authenticate (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/passport-oauth2/lib/strategy.js:131:25)
    at attempt (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/passport/lib/middleware/authenticate.js:348:16)
    at authenticate (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/passport/lib/middleware/authenticate.js:349:7)
    at Layer.handle [as handle_request] (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/index.js:317:13)
    at /home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/index.js:335:12)
    at next (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/index.js:275:10)
    at initialize (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/passport/lib/middleware/initialize.js:53:5)
    at Layer.handle [as handle_request] (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/index.js:317:13)
    at /home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/index.js:335:12)
    at next (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/index.js:275:10)
    at expressInit (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/middleware/init.js:40:5)
    at Layer.handle [as handle_request] (/home/stfuser/npm/build/lib/node_modules/stf/node_modules/express/lib/router/layer.js:95:5)

Please run stf doctor and paste the output here.

2018-07-03T15:41:08.920Z INF/cli:doctor 40144 [*] OS Arch: x64
2018-07-03T15:41:08.921Z INF/cli:doctor 40144 [*] OS Platform: linux
2018-07-03T15:41:08.922Z INF/cli:doctor 40144 [*] OS Platform: 4.4.0-128-generic
2018-07-03T15:41:08.922Z INF/cli:doctor 40144 [*] Using Node 8.11.1
2018-07-03T15:41:08.951Z INF/cli:doctor 40144 [*] Using ZeroMQ 4.2.3
2018-07-03T15:41:08.985Z INF/cli:doctor 40144 [*] Using ADB 1.0.39
2018-07-03T15:41:08.987Z INF/cli:doctor 40144 [*] Using RethinkDB 2.3.6~0xenial
2018-07-03T15:41:09.147Z INF/cli:doctor 40144 [*] Using ProtoBuf 3.5.1
2018-07-03T15:41:09.313Z INF/cli:doctor 40144 [*] Using GraphicsMagick 1.3.23

Activity

sorccu

sorccu commented on Jul 4, 2018

@sorccu
sorccu
on Jul 4, 2018
Member

Seems like it's an undocumented option: jaredhanson/passport-oauth2#28

The state: true value should be added to option.oauth which is used here: https://github.com/openstf/stf/blob/master/lib/units/auth/oauth2/index.js#L23

Easiest way would be to add a new boolean flag, defaulting to true, here: https://github.com/openstf/stf/blob/master/lib/cli/auth-oauth2/index.js

How about you create a patch and send us a PR? :)

sorccu

sorccu commented on Jul 14, 2018

@sorccu
sorccu
on Jul 14, 2018
Member

This should be fixed and enabled by default in master now. Give it a go and see whether it works for you.

sorccu
closed this as completedon Jul 14, 2018
quangola

quangola commented on Jul 17, 2018

@quangola
quangola
on Jul 17, 2018
Author

Yep, that fixed it. Thanks! Maybe next time I'll send a patch. You know, once I learn a thing or two about NodeJS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @sorccu@quangola

        Issue actions
          State Token not Passed Using Oauth2 · Issue #903 · openstf/stf