1.0.0-rc.1 fail to oauth with github enterprise

everpcpc · November 14, 2018, 5:57am

Hi, I’am running drone with:

docker create \
    --name=drone-server \
    --net=host \
    -v /etc/ssl:/etc/ssl \
    -e DRONE_LOGS_DEBUG=true \
    -e DRONE_SERVER_HOST=xxxx \
    -e DRONE_SERVER_PROTO=https \
    -e DRONE_TLS_CERT=/etc/ssl/xxx.crt \
    -e DRONE_TLS_KEY=/etc/ssl/xxx.key \
    -e DRONE_RPC_SECRET=xxx \
    -e DRONE_DATABASE_DRIVER=mysql \
    -e DRONE_DATABASE_DATASOURCE="xxx" \
    -e DRONE_GITHUB_SERVER=https://github.xxx \
    -e DRONE_GITHUB_CLIENT_ID=xxx \
    -e DRONE_GITHUB_CLIENT_SECRET=xxx \
    drone/drone:1.0.0-rc.1

But when open the page, it’s always blank after redirected back from github with url https://drone.xxx/authorize?code=xxx&state=xxx
It seems the request to https://drone.xxx/api/user always returns 401.
And the database has no user synced.

logs on the server are as follows:

2018-11-14 13:57:36.121840500 {"fields.time":"2018-11-14T05:57:36Z","latency":5506,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/","request-id":"1CxxT9CldwTIjiesmOpJ7dNWSzf","time":"2018-11-14T05:57:36Z"}
2018-11-14 13:57:36.421639500 {"fields.time":"2018-11-14T05:57:36Z","latency":229970,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/css/app.a9712d5a.css","request-id":"1CxxT5DNUhNYBwWTS7WokleZ812","time":"2018-11-14T05:57:36Z"}
2018-11-14 13:57:36.426950500 {"fields.time":"2018-11-14T05:57:36Z","latency":338658,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/js/app.4407cc1d.js","request-id":"1CxxTBKeJTqdinpetqMjLxuihEi","time":"2018-11-14T05:57:36Z"}
2018-11-14 13:57:36.624385500 {"fields.time":"2018-11-14T05:57:36Z","latency":197716032,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/js/chunk-vendors.53043314.js","request-id":"1CxxT5uQ8JkXv1W1YtiaJ3fykPq","time":"2018-11-14T05:57:36Z"}
2018-11-14 13:57:37.112653500 {"level":"debug","msg":"api: authentication required","request-id":"1CxxTDNlMWgoTOztOdn2AHfDf1W","time":"2018-11-14T05:57:37Z"}
2018-11-14 13:57:37.112654500 {"level":"debug","msg":"api: guest access","request-id":"1CxxTDNlMWgoTOztOdn2AHfDf1W","time":"2018-11-14T05:57:37Z"}
2018-11-14 13:57:37.112672500 {"fields.time":"2018-11-14T05:57:37Z","latency":66277,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/api/user","request-id":"1CxxTDNlMWgoTOztOdn2AHfDf1W","time":"2018-11-14T05:57:37Z"}
2018-11-14 13:57:37.162899500 {"level":"debug","msg":"events: stream opened","request-id":"1CxxTDsqEweQbtMHM2QszMinYqx","time":"2018-11-14T05:57:37Z"}
2018-11-14 13:57:37.324676500 {"fields.time":"2018-11-14T05:57:37Z","latency":75256,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/login","request-id":"1CxxTF7n4FocgR6cd7iW3Osr4QB","time":"2018-11-14T05:57:37Z"}
2018-11-14 13:57:38.577386500 {"fields.time":"2018-11-14T05:57:38Z","latency":3900,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/authorize?code=5f6f017f08091399627f\u0026state=365a858149c6e2d1","request-id":"1CxxTNUXMLijdjzzIB0nriL2Sqq","time":"2018-11-14T05:57:38Z"}
2018-11-14 13:57:38.959730500 {"level":"debug","msg":"events: stream cancelled","request-id":"1CxxTDsqEweQbtMHM2QszMinYqx","time":"2018-11-14T05:57:38Z"}
2018-11-14 13:57:38.959731500 {"level":"debug","msg":"events: stream closed","request-id":"1CxxTDsqEweQbtMHM2QszMinYqx","time":"2018-11-14T05:57:38Z"}
2018-11-14 13:57:38.959740500 {"level":"debug","msg":"api: guest access","request-id":"1CxxTDsqEweQbtMHM2QszMinYqx","time":"2018-11-14T05:57:38Z"}
2018-11-14 13:57:38.959766500 {"fields.time":"2018-11-14T05:57:38Z","latency":1796994051,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/api/stream","request-id":"1CxxTDsqEweQbtMHM2QszMinYqx","time":"2018-11-14T05:57:38Z"}
2018-11-14 13:57:38.966497500 {"fields.time":"2018-11-14T05:57:38Z","latency":969262,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/css/app.a9712d5a.css","request-id":"1CxxTRFS7MXoqGLyXwffRxFrGfv","time":"2018-11-14T05:57:38Z"}
2018-11-14 13:57:38.966701500 {"fields.time":"2018-11-14T05:57:38Z","latency":946341,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/js/app.4407cc1d.js","request-id":"1CxxTLlQ8D0RzVUvmflafljUqq2","time":"2018-11-14T05:57:38Z"}
2018-11-14 13:57:39.276390500 {"fields.time":"2018-11-14T05:57:39Z","latency":310484555,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/js/chunk-vendors.53043314.js","request-id":"1CxxTLO2OCSdwC8Ovwag6Lnu5Nf","time":"2018-11-14T05:57:39Z"}
2018-11-14 13:57:40.164498500 {"level":"debug","msg":"api: authentication required","request-id":"1CxxTfrCXiknpU9zIJelpRjRDVe","time":"2018-11-14T05:57:40Z"}
2018-11-14 13:57:40.164499500 {"level":"debug","msg":"api: guest access","request-id":"1CxxTfrCXiknpU9zIJelpRjRDVe","time":"2018-11-14T05:57:40Z"}
2018-11-14 13:57:40.164514500 {"fields.time":"2018-11-14T05:57:40Z","latency":55044,"level":"debug","method":"GET","msg":"","remote":"10.0.132.6:60061","request":"/api/user","request-id":"1CxxTfrCXiknpU9zIJelpRjRDVe","time":"2018-11-14T05:57:40Z"}
2018-11-14 13:57:40.214621500 {"level":"debug","msg":"events: stream opened","request-id":"1CxxTgCfaWoUqmaY4w3c0gihSPj","time":"2018-11-14T05:57:40Z"}

Where should the problem possibly exists?
Btw, the source code for 1.0.0-rc.1 seems not on github? It may help a lot if I can debug with source.
Thanks very much.

bradrydzewski · November 14, 2018, 6:07am

It looks like you have the wrong application callback URL. I see it redirects back to /authorize? instead of /login. See the example authorization callback URL at https://docs.drone.io/intro/github/multi-machine/#create-an-oauth-application

everpcpc · November 14, 2018, 6:11am

Ah, thank you very much.
I did not noticed this 1.0 change from 0.8 before.