Gtea as OAuth2 Provider to vouch-proxy. Got http 400 after auth

Install/Maintain/Configure

binooetomo June 12, 2024, 6:31am 1

Dear all.
Actualy I’m not sure to post this to gitea community or to vouch-proxy community

I have in-house gitea server, but I’m not the admin/superuser of that server.

I’m trying to play with “vouch-proxy”, and use that gitea server as OAUTH provider.
when I set “application” on gitea, I put “https://sflow.bino.jcamp.net/auth” as “Redirect URI”

When I open a restricted location, the gitea oauth concern page is showed. allowed.
Gitea login page showed, and I make entry with my credentials.

But then vouch-proxy got http status 400, with message (captured from terminal running vouch-proxy):

=============below is when browser open restricted page{"level":"debug","ts":1718172149.906143,"msg":"/validate"}
{"level":"warn","ts":1718172149.9062073,"msg":"no jwt found in request"}
{"level":"debug","ts":1718172149.9062219,"msg":"domain sflow.bino.jcamp.net matched array value at [0]=sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172149.9062283,"msg":"setting the cookie domain to sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172149.906251,"msg":"CaptureWriter.Write set w.StatusCode 401"}
{"level":"info","ts":1718172149.9064434,"msg":"|401|  166.805µs /validate","statusCode":401,"request":1,"latency":0.000166805,"avgLatency":0.000166805,"ipPort":"127.0.0.1:39168","method":"GET","host":"sflow.bino.jcamp.net","path":"/validate","referer":""}
{"level":"debug","ts":1718172149.910774,"msg":"/login"}
{"level":"debug","ts":1718172149.9108303,"msg":"domain sflow.bino.jcamp.net matched array value at [0]=sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172149.9108303,"msg":"setting the cookie domain to sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172149.910914,"msg":"session state set to uZZM2JQI7Kb2U5mdiEaRoNtNJYdl87"}
{"level":"debug","ts":1718172149.910982,"msg":"Login url param normalized to 'https://sflow.bino.jcamp.net/'"}
{"level":"debug","ts":1718172149.911011,"msg":"domain sflow.bino.jcamp.net matched array value at [0]=sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172149.9110367,"msg":"session requestedURL set to https://sflow.bino.jcamp.net/"}
{"level":"debug","ts":1718172149.9110422,"msg":"Adding code challenge"}
{"level":"debug","ts":1718172149.9110863,"msg":"saving session with failcount 1"}
{"level":"debug","ts":1718172149.9113464,"msg":"redirecting to oauthURL https://rujak.id/login/oauth/authorize?client_id=055a95cf-f5bb-41ed-9592-ef21d6ae99ce&code_challenge=ntp-c2-7hGmOuet-IKWvduh9QWamW1SANGUwJpKhEGc&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fsflow.bino.jcamp.net%2Fauth&response_type=code&scope=read%3Auser&state=uZZM2JQI7Kb2U5mdiEaRoNtNJYdl87"}
{"level":"debug","ts":1718172149.9114056,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"info","ts":1718172149.911519,"msg":"|302|  699.075µs /login","statusCode":302,"request":2,"latency":0.000699075,"avgLatency":0.00043294,"ipPort":"127.0.0.1:39182","method":"GET","host":"sflow.bino.jcamp.net","path":"/login","referer":""}
{"level":"debug","ts":1718172155.8108938,"msg":"/validate"}
{"level":"warn","ts":1718172155.8109374,"msg":"no jwt found in request"}
{"level":"debug","ts":1718172155.8109467,"msg":"domain sflow.bino.jcamp.net matched array value at [0]=sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172155.8109522,"msg":"setting the cookie domain to sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172155.8109858,"msg":"CaptureWriter.Write set w.StatusCode 401"}
{"level":"info","ts":1718172155.8110924,"msg":"|401|  179.352µs /validate","statusCode":401,"request":3,"latency":0.000179352,"avgLatency":0.000348411,"ipPort":"127.0.0.1:39196","method":"GET","host":"sflow.bino.jcamp.net","path":"/validate","referer":""}
{"level":"debug","ts":1718172155.8222628,"msg":"/login"}
{"level":"debug","ts":1718172155.8222716,"msg":"domain sflow.bino.jcamp.net matched array value at [0]=sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172155.8222716,"msg":"setting the cookie domain to sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172155.8223488,"msg":"session state set to QpLazA3VuTaro2OAlTUj4qATrRVdAaX"}
{"level":"debug","ts":1718172155.8224194,"msg":"Login url param normalized to 'https://sflow.bino.jcamp.net/'"}
{"level":"debug","ts":1718172155.8224404,"msg":"domain sflow.bino.jcamp.net matched array value at [0]=sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172155.8224554,"msg":"session requestedURL set to https://sflow.bino.jcamp.net/"}
{"level":"debug","ts":1718172155.8224623,"msg":"Adding code challenge"}
{"level":"debug","ts":1718172155.822474,"msg":"saving session with failcount 1"}
{"level":"debug","ts":1718172155.822571,"msg":"redirecting to oauthURL https://rujak.id/login/oauth/authorize?client_id=055a95cf-f5bb-41ed-9592-ef21d6ae99ce&code_challenge=KTEN5W8afAn-krQxLoY-xymzocP2V70yJHpoNiuhpF0&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fsflow.bino.jcamp.net%2Fauth&response_type=code&scope=read%3Auser&state=QpLazA3VuTaro2OAlTUj4qATrRVdAaX"}
{"level":"debug","ts":1718172155.8225772,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"info","ts":1718172155.822762,"msg":"|302|  373.593µs /login","statusCode":302,"request":4,"latency":0.000373593,"avgLatency":0.000354706,"ipPort":"127.0.0.1:39202","method":"GET","host":"sflow.bino.jcamp.net","path":"/login","referer":""}

============ gitea login page showed up, do login with credentials============


{"level":"debug","ts":1718172236.458993,"msg":"/auth"}
{"level":"debug","ts":1718172236.4590986,"msg":"CaptureWriter.Write set w.StatusCode 302"}
{"level":"info","ts":1718172236.4592237,"msg":"|302|  163.672µs /auth","statusCode":302,"request":5,"latency":0.000163672,"avgLatency":0.0003165,"ipPort":"127.0.0.1:39784","method":"GET","host":"sflow.bino.jcamp.net","path":"/auth","referer":""}
{"level":"debug","ts":1718172236.4674423,"msg":"/auth/{state}/"}
{"level":"warn","ts":1718172236.823152,"msg":"/auth Error while retrieving user info after successful login at the OAuth provider: oauth2: \"unauthorized_client\" \"client is not authorized\""}
{"level":"debug","ts":1718172236.8232434,"msg":"domain sflow.bino.jcamp.net matched array value at [0]=sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172236.8232558,"msg":"setting the cookie domain to sflow.bino.jcamp.net"}
{"level":"debug","ts":1718172236.8232708,"msg":"rendering error for user: 400 Bad Request"}
{"level":"debug","ts":1718172236.8233438,"msg":"CaptureWriter.Write set w.StatusCode 400"}
{"level":"info","ts":1718172236.8236487,"msg":"|400| 356.049053ms /auth/QpLazA3VuTaro2OAlTUj4qATrRVdAaX/","statusCode":400,"request":6,"latency":0.356049053,"avgLatency":0.059605258,"ipPort":"127.0.0.1:39798","method":"GET","host":"sflow.bino.jcamp.net","path":"/auth/QpLazA3VuTaro2OAlTUj4qATrRVdAaX/","referer":""}

Kindly please tellme what to check/do to fix this problem

sincerely
-bino-