unable to login using gitlab.com account from git.fosscommunity.in

See related discussion https://gitlab.com/gitlab-org/gitlab-ce/issues/22291

cc @stanhu

@pravi Can you list the valid redirect URIs in your OAuth2 applications?

I think it should include:

https://git.fosscommunity.in/users/auth/gitlab/callback

Seems similar to:

• https://github.com/intridea/omniauth-oauth2/issues/81
• https://github.com/intridea/omniauth-oauth2/issues/82

Oh interesting, when I try to login, I see the URL:

https://git.fosscommunity.in/users/auth/gitlab/callback&response_type=code&scope=api&state=abcdb

I think it should be "callback?response_type" instead of "&".

@stanhu so should this be fixed in omniauth-gitlab?

@pravi FYI, I was not able to reproduce this problem on another GitLab Omnibus installation; the callback URL was similar as above.

I did more testing on git.fosscommunity.in. I'm having a hard time connecting my GitLab.com to my account in the first place. It looks to me after GitLab.com makes the callback to git.fosscommuity.in, the GitLab CE installation there never registers the proper state:

1. I click "Authorize"
2. This redirects to https://git.fosscommunity.in/users/auth/gitlab/callback?code=<code>&state=<state>
3. git.fosscommunity.in redirects me to the sign_in page

Something is wrong there. Can you check your logs to see if there's a reason to connect?

Which logfile and what type of errors to look for?

@stanhu you could not reproduce this on omnibus because it is still using omniauth-oauth2 1.3.1. Can you try updating it to 1.4.0?

@stanhu I can confirm this is caused by omniauth-oauth2 version 1.4.0. I downgraded it to 1.3.1 and login with gitlab.com works now. From the upstream issue, they expect omniauth-gitlab to fix it (as they fixed omniauth-google-oauth2).

@pravi Can you describe or link what exactly needs to be fixed?

Fix in omniauth-google-oauth2 https://github.com/zquestz/omniauth-google-oauth2/pull/205

Reported here https://github.com/linchus/omniauth-gitlab/issues/13

@stanhu omniauth-gitlab author says it works with omniauth-oauth2 1.4.0. May be its a bug in the way gitlab is using omniauth-gitlab?

I just tried bumping to 1.4.0, and I see this in the error logs:

21:26:04 rails-web.1             | I, [2016-11-07T21:26:04.245007 #56637]  INFO -- omniauth: (gitlab) Callback phase initiated.
21:26:05 rails-web.1             | E, [2016-11-07T21:26:05.068009 #56637] ERROR -- omniauth: (gitlab) Authentication failure! invalid_credentials: OAuth2::Error, invalid_grant: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

I then noticed that gitlab-omniauth had this commit:

• https://github.com/linchus/omniauth-gitlab/commit/26c47e55396205fab8439363c98136d0fde797f3
• https://github.com/linchus/omniauth-gitlab/issues/10

Bumping gitlab-omniauth to 1.0.2 solved the problem.

Status changed to closed by merge request gitlab-org/gitlab-ce!7348

mentioned in commit test-nick/gitlab-ce@949f2336

mentioned in commit test-nick/gitlab-ce@fb6b114b