oauth2_proxy
oauth2_proxy copied to clipboard
I keep on receiving 403 http: named cookie not present, How can I get it to work on localhost?
Hey,
This is my config file.
## OAuth2 Proxy Config File
## https://github.com/bitly/oauth2_proxy
## <addr>:<port> to listen on for HTTP/HTTPS clients
http_address = "127.0.0.1:4180"
https_address = ":443"
## TLS Settings
# tls_cert_file = ""
# tls_key_file = ""
## the OAuth Redirect URL.
# defaults to the "https://" + requested host header + "/oauth2/callback"
redirect_url="http://127.0.0.1.xip.io:4180/oauth2/callback"
## the http url(s) of the upstream endpoint. If multiple, routing is based on path
upstreams = [
"http://localhost:8080"
]
## Log requests to stdout
request_logging = true
## pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream
# pass_basic_auth = true
# pass_user_headers = true
## pass the request Host Header to upstream
## when disabled the upstream Host is used as the Host Header
# pass_host_header = true
## Email Domains to allow authentication for (this authorizes any email on this domain)
## for more granular authorization use `authenticated_emails_file`
## To authorize any email addresses use "*"
email_domains = "*"
## The OAuth Client ID, Secret
client_id = "I have put client id here"
client_secret = "I have put secret here"
## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
# pass_access_token = false
## Authenticated Email Addresses File (one email per line)
# authenticated_emails_file = ""
## Htpasswd File (optional)
## Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption
## enabling exposes a username/login signin form
# htpasswd_file = ""
## Templates
## optional directory with custom sign_in.html and error.html
# custom_templates_dir = ""
## skip SSL checking for HTTPS requests
# ssl_insecure_skip_verify = false
## Cookie Settings
## Name - the cookie name
## Secret - the seed string for secure cookies; should be 16, 24, or 32 bytes
## for use with an AES cipher when cookie_refresh or pass_access_token
## is set
## Domain - (optional) cookie domain to force cookies to (ie: .yourcompany.com)
## Expire - (duration) expire timeframe for cookie
## Refresh - (duration) refresh the cookie when duration has elapsed after cookie was initially set.
## Should be less than cookie_expire; set to 0 to disable.
## On refresh, OAuth token is re-validated.
## (ie: 1h means tokens are refreshed on request 1hr+ after it was set)
## Secure - secure cookies are only sent by the browser of a HTTPS connection (recommended)
## HttpOnly - httponly cookies are not readable by javascript (recommended)
cookie_name = "test"
cookie_secret = "VGhpcyBpcyBhbiBhd2Vzb21lIHNjcmlwdA=="
cookie_domain = "127.0.0.1.xip.io:4180"
cookie_expire = "168h"
## cookie_refresh = ""
cookie_httponly = true
My app server is on port 8080 and I have not set up any end point there to receive any info from your server on 4180. (I actually don't even know if I have to do something like that because I can't move forward with this named cookie not set error).
I copied your sample config file, read some similar issues here and trying tweaking my config to make it work. But it is not working, and here are the logs.
amankapoor@amankapoor:~/go/bin$ ./oauth2_proxy -config=oauth2_config.cfg
2017/11/01 03:31:43 oauthproxy.go:130: mapping path "/" => upstream "http://localhost:8080"
2017/11/01 03:31:43 oauthproxy.go:157: OAuthProxy configured for Google Client ID: 1030362162437-qjd6mi9ld2gd0v2kiml6orvd590vpfjm.apps.googleusercontent.com
2017/11/01 03:31:43 oauthproxy.go:163: Cookie settings: name:test secure(https):true httponly:true expiry:168h0m0s domain:127.0.0.1.xip.io:4180 refresh:disabled
2017/11/01 03:31:43 http.go:49: HTTP: listening on 127.0.0.1:4180
2017/11/01 03:31:52 oauthproxy.go:601: 127.0.0.1:33204 Cookie "test" not present
2017/11/01 03:31:52 oauthproxy.go:272: Warning: request host is "127.0.0.1" but using configured cookie domain of "127.0.0.1.xip.io:4180"
2017/11/01 03:31:52 cookie.go:168: net/http: invalid Cookie.Domain "127.0.0.1.xip.io:4180"; dropping domain attribute
127.0.0.1 - - [01/Nov/2017:03:31:52 +0530] 127.0.0.1:4180 GET - "/" HTTP/1.1 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.62 Chrome/62.0.3202.62 Safari/537.36" 403 2474 0.001
2017/11/01 03:31:53 oauthproxy.go:601: 127.0.0.1:33204 Cookie "test" not present
2017/11/01 03:31:53 oauthproxy.go:272: Warning: request host is "127.0.0.1" but using configured cookie domain of "127.0.0.1.xip.io:4180"
2017/11/01 03:31:53 cookie.go:168: net/http: invalid Cookie.Domain "127.0.0.1.xip.io:4180"; dropping domain attribute
127.0.0.1 - - [01/Nov/2017:03:31:53 +0530] 127.0.0.1:4180 GET - "/favicon.ico" HTTP/1.1 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.62 Chrome/62.0.3202.62 Safari/537.36" 403 2485 0.000
2017/11/01 03:31:54 oauthproxy.go:272: Warning: request host is "127.0.0.1" but using configured cookie domain of "127.0.0.1.xip.io:4180"
2017/11/01 03:31:54 cookie.go:168: net/http: invalid Cookie.Domain "127.0.0.1.xip.io:4180"; dropping domain attribute
127.0.0.1 - - [01/Nov/2017:03:31:54 +0530] 127.0.0.1:4180 GET - "/oauth2/start?rd=%2F" HTTP/1.1 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.62 Chrome/62.0.3202.62 Safari/537.36" 302 368 0.000
2017/11/01 03:31:58 oauthproxy.go:344: ErrorPage 403 Permission Denied http: named cookie not present
127.0.0.1 - - [01/Nov/2017:03:31:57 +0530] 127.0.0.1.xip.io:4180 GET - "/oauth2/callback?state=26f4091142ce5454f8069217d75bdd19:/&code=4/g8uLHn-ZiSCoNf9_A6CSQfgW0nYiVuCuPsoRnjERk3k" HTTP/1.1 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.62 Chrome/62.0.3202.62 Safari/537.36" 403 353 0.286
2017/11/01 03:31:58 oauthproxy.go:601: 127.0.0.1:33214 Cookie "test" not present
2017/11/01 03:31:58 oauthproxy.go:272: Warning: request host is "127.0.0.1.xip.io" but using configured cookie domain of "127.0.0.1.xip.io:4180"
2017/11/01 03:31:58 cookie.go:168: net/http: invalid Cookie.Domain "127.0.0.1.xip.io:4180"; dropping domain attribute
127.0.0.1 - - [01/Nov/2017:03:31:58 +0530] 127.0.0.1.xip.io:4180 GET - "/favicon.ico" HTTP/1.1 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.62 Chrome/62.0.3202.62 Safari/537.36" 403 2485 0.000
I was looking for an easy plug n play solution for authentication basically and came across this. But I am unable to make it work, can you please help?
Btw, do you see in the logs that it show secure-cookie to be true even when I have deleted that from the config file?
cookie_secure defaults to true, you'll have to set it to false
@amankapoor can you confirm that setting cookie_secure=False
resolved your issue?
I remember, noticing this secure true issue while copying my logs to paste here. I did try explicitly setting it to false, but unfortunately it also did not work. Then, I sent you the logs without that.
But that is not the focus of my issue here.
Also, I am providing extra info below, may be it could help.
Authorised JavaScript origins - http://localhost:4180 Authorised redirect URIs - http://127.0.0.1.xip.io:4180/oauth2/callback
The repo has so many stars and may be people who are using it are experienced. But for beginners like me it would be great if you add links relevant to deploying on localhost in your readme. Btw, current readme is also comprehensive.
2017/11/01 03:31:43 oauthproxy.go:163: Cookie settings: name:test secure(https):true ... 2017/11/01 03:31:52 oauthproxy.go:272: Warning: request host is "127.0.0.1" but using configured cookie domain of "127.0.0.1.xip.io:4180" 2017/11/01 03:31:52 cookie.go:168: net/http: invalid Cookie.Domain "127.0.0.1.xip.io:4180"; dropping domain attribute
see https://stackoverflow.com/questions/1612177/are-http-cookies-port-specific
I am also getting this error now... Could've sworn that it was working last week... However, the first time result a 'Sign In' link and I click on the 'Sign In' link, it will go thru without issue...
See below...
403 Permission Denied http: named cookie not present
Sign In
Bump
Getting this even though cookie_secure is set to false AND even states such upon oauth2_proxy startup.
Bump, same here. My setup does not have a public dns. I am hitting it via ip, maybe that's the issue?
Same here. Trying to use keycloak.
I ran into this issue while using the fetch
api in Angular
. After letting fetch
to pass cookies across, I was able to resolve this issue.