Mattermost oauth "Unknown State"

myghty · September 30, 2016, 7:08pm

Hi there,

after I upgraded to 8.12, the oauth for the embedded mattermost is not working anymore.

After logging in, I get the response “Unknown state”.

I get the nice error in the mattermost logs

[EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=5id619uyipdzp83fej65rx9jha uid= ip= xx.xx.xx.xx Invalid state [details: illegal base64 data at input byte 118]

Interestingly, gitlab says “unknown uri” if I enter in the application links the callback urls starting with https:// even though I can confirm that the urls are right.

I run gitlab and mattermost behind an apache reverse proxy which points to gitlab workhorse listening on 8181. and Mattermost listening at 8065.

It worked before the upgrade but now I am not able to log in to mattermost anymore. It seems like a minor bug with the encoding of the oauth token or a misconfiguration with the proxy settings on my side.

This is the apache config for mattermost. Any hints here?

<VirtualHost *:443>
ServerName xxx.xxx.eu
ServerSignature Off
AllowEncodedSlashes NoDecode

RewriteEngine on

Redirect all non-static requests to thin

DocumentRoot /opt/gitlab/embedded/service/mattermost/webapp/dist

RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} ^/api/v1/websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
RewriteRule ^/(.*)$ http://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]

ProxyPass / http://127.0.0.1:8065
ProxyPassReverse / http://127.0.0.1:8065
ProxyPreserveHost on

<Proxy *>
Order deny,allow
Allow from all

RequestHeader set X_FORWARDED_PROTO ‘https’
RequestHeader set X-Forwarded-Ssl on

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/xx.xx.eu/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xx.xx.eu/privkey.pem

Custom log file locations

ErrorLog /var/log/apache2/mattermost_error.log
CustomLog /var/log/apache2/mattermost_access.log combined
SSLCertificateChainFile /etc/letsencrypt/live/xx.xx.eu/chain.pem

<VirtualHost :80>
ServerName xxx.xx.eu
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.) https://%{SERVER_NAME}/$1 [R=301,L]

myghty · September 30, 2016, 7:14pm

Seemed to be an issue with my apache config. Solved with that vhost config. Maybe someone knows why or ran in the same issue. Damn… .just solved five minutes after posting the question

Topic		Replies	Views
Gitlab mattermost oauth problem How to Use GitLab	0	1363	May 8, 2016
Redirect_uri changes between authorize and token How to Use GitLab token	0	1848	August 31, 2022
GitLab Mattermost SSO redirects to 127.0.0.1:8065 + Bad token type How to Use GitLab	0	1237	January 19, 2018
Mattermost with apache proxy How to Use GitLab	0	1658	June 18, 2017
Gitlab/Mattermost login issue - Bad response from token request for review How to Use GitLab mattermost	1	3261	March 30, 2019

Mattermost oauth "Unknown State"

Redirect all non-static requests to thin

DocumentRoot /opt/gitlab/embedded/service/mattermost/webapp/dist

Custom log file locations

Related topics