Mattermost oauth "Unknown State"

Hi there,

after I upgraded to 8.12, the oauth for the embedded mattermost is not working anymore.

After logging in, I get the response “Unknown state”.

I get the nice error in the mattermost logs

[EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=5id619uyipdzp83fej65rx9jha uid= ip= xx.xx.xx.xx Invalid state [details: illegal base64 data at input byte 118]

Interestingly, gitlab says “unknown uri” if I enter in the application links the callback urls starting with https:// even though I can confirm that the urls are right.

I run gitlab and mattermost behind an apache reverse proxy which points to gitlab workhorse listening on 8181. and Mattermost listening at 8065.

It worked before the upgrade but now I am not able to log in to mattermost anymore. It seems like a minor bug with the encoding of the oauth token or a misconfiguration with the proxy settings on my side. :confused:

This is the apache config for mattermost. Any hints here?

<VirtualHost *:443>
ServerSignature Off
AllowEncodedSlashes NoDecode

RewriteEngine on

Redirect all non-static requests to thin

DocumentRoot /opt/gitlab/embedded/service/mattermost/webapp/dist

RewriteCond %{REQUEST_URI} ^/api/v1/websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://{REQUEST_URI} [P,QSA,L]
RewriteRule ^/(.*)${REQUEST_URI} [P,QSA,L]

ProxyPass /
ProxyPassReverse /
ProxyPreserveHost on

<Proxy *>
Order deny,allow
Allow from all

RequestHeader set X_FORWARDED_PROTO ‘https’
RequestHeader set X-Forwarded-Ssl on

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/

Custom log file locations

ErrorLog /var/log/apache2/mattermost_error.log
CustomLog /var/log/apache2/mattermost_access.log combined
SSLCertificateChainFile /etc/letsencrypt/live/

<VirtualHost :80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.
) https://%{SERVER_NAME}/$1 [R=301,L]

Seemed to be an issue with my apache config. Solved with that vhost config. Maybe someone knows why or ran in the same issue. Damn… .just solved five minutes after posting the question :wink: