Mattermost login fails - bad token type

How to Use GitLab
1

I’m trying to get mattermost bundeld with gitlab 9.1.1 to work. The mattermost signon fails when I sign on via gitlab. Gitlab displays a page that says I have to authorize access. When I do, I get the following error in the log:

[2017/04/26 21:39:43 PDT] [DEBG] /api/v3/oauth/gitlab/signup
[2017/04/26 21:39:47 PDT] [DEBG] /signup/gitlab/complete
[2017/04/26 21:39:50 PDT] [EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=i73sta9dzfdetyseichyngqxca uid= ip=xx.xx.xx.xx Bad token type [details: token_type=, response_body=]
[2017/04/26 21:39:51 PDT] [DEBG] /error
[2017/04/26 21:39:51 PDT] [DEBG] /api/v3/users/initial_load

The ip is my external IP.

replaced my real host with “example” in the following config:

mattermost_external_url ‘https://mm.example.com
mattermost[‘enable’] = true
mattermost[‘log_file_level’] = ‘DEBUG’
mattermost[‘service_use_ssl’] = true
mattermost[‘service_site_url’] = ‘https://mm.example.com
mattermost[‘team_site_name’] = “Mattermost”
mattermost[‘team_restrict_creation_to_domains’] = “example.com
mattermost[‘gitlab_enable’] = true
mattermost[‘gitlab_id’] = “xxx”
mattermost[‘gitlab_secret’] = “xxx”
mattermost[‘gitlab_scope’] = “”
mattermost[‘gitlab_auth_endpoint’] = “https://example.com/oauth/authorize
mattermost[‘gitlab_token_endpoint’] = “https://example.com/oauth/token
mattermost[‘gitlab_user_api_endpoint’] = “https://example.com/api/v3/user
mattermost_nginx[‘enable’] = true
mattermost_nginx[‘ssl_certificate’] = “/etc/letsencrypt/live/example.com/fullchain.pem”
mattermost_nginx[‘ssl_certificate_key’] = “/etc/letsencrypt/live/example.com/privkey.pem”

gitlab_id and secret were set from admin page.

Any idea what is wrong?

2

I think I read that “production” is the mattermost binary. So it look to me like gitlab is not authorizing mattermost for some reason:

==> /var/log/gitlab/gitlab-rails/production.log <==
Started POST “/oauth/token” for 209.237.252.107 at 2017-04-27 14:17:33 -0700
Processing by Doorkeeper::TokensController#create as JSON
Parameters: {“client_id”=>“b5a5d12eeee6e3b9e20367b530768c969c77ad6905bf1e6d32762396219dc448”, “client_secret”=>"[FILTERED]", “code”=>"[FILTERED]", “grant_type”=>“authorization_code”, “redirect_uri”=>“https://mm.example.com/signup/gitlab/complete”}
Completed 401 Unauthorized in 41ms

I thought that this might be related to my turning off signups. That was the case for creating a new group. With signups off, I could not create a new group. This only happened for the first group added. After that I could create another group with signups off.

3

Embarrassing. The issue turned out to be a bad secret token for mattermost[‘gitlab_secret’]. Somewhere along the way in copy-n-pasting, a couple characters when missing.