workers-sdk icon indicating copy to clipboard operation
workers-sdk copied to clipboard
verified publisher icon cloudflare

๐Ÿ› BUG: `npx wrangler login` from remote machine still or again broken

Open newsve opened this issue 1 year ago โ€ข 10 comments

Which Cloudflare product(s) does this pertain to?

Wrangler core

What version(s) of the tool(s) are you using?

3.51.2

What version of Node are you using?

20.12.1

What operating system and version are you using?

macOS 14.4.1

Describe the Bug

Observed behavior

Please describe.

  1. Open Terminal on macOS
  2. ssh into your Ubuntu 22.04 VPS
  3. npx wrangler login
  4. Copy the link and paste it in Chrome Version v124
  5. Approve
  6. Copy link
  7. Paste link into second terminal on Ubuntu VPS
  8. get:
โ–ฒ [WARNING] Received query string parameter doesn't match the one sent! Possible malicious activity somewhere.

Fwiw, I tried every possible permutation of the curl command.

Expected behavior

A successful login

related but closed again: https://github.com/cloudflare/workers-sdk/issues/2874

Please provide a link to a minimal reproduction

Follow aforementioned steps closely.

Please provide any relevant error logs

when running curl -v I got:

*   Trying 127.0.0.1:8976...
* connect to 127.0.0.1 port 8976 failed: Connection refused
*   Trying ::1:8976...
* Connected to localhost (::1) port 8976 (#0)
> GET /oauth/callback?code=[redacted] HTTP/1.1
> Host: localhost:8976
> User-Agent: curl/7.81.0
> Accept: */*

newsve avatar Apr 22 '24 06:04 newsve

@newsve Maybe a little different, but I have a similar problem on VS Code's DevContainer.

Frog-kt avatar May 16 '24 05:05 Frog-kt

maybe help you this workaround https://developers.cloudflare.com/workers/wrangler/commands/#use-wrangler-login-on-a-remote-machine

bgbruno avatar May 19 '24 02:05 bgbruno

@newsve Maybe a little different, but I have a similar problem on VS Code's DevContainer.

I'm also trying to do this in a VS Code DevContainer and having issues. If I open the URL in a browser and use the browser's dev tools to obtain the callback URL, then try to use curl to open the callback URL, it just hangs forever. I eventually get a timeout on the 'wrangler login' terminal, but it doesn't exit back to the prompt. The curl command is just hung there and doesn't time out. If I hit CTRL-C to exit curl, then the 'wrangler login' exits and goes back to a prompt, too.

This is the curl output:

  • Trying 127.0.0.1:8976...
  • connect to 127.0.0.1 port 8976 failed: Connection refused
  • Trying [::1]:8976...
  • Connected to localhost (::1) port 8976 (#0)

GET /oauth/callback?code=...SNIP...&scope=account%3Aread%20user%3Aread%20workers%3Awrite%20workers_kv%3Awrite%20workers_routes%3Awrite%20workers_scripts%3Awrite%20workers_tail%3Aread%20d1%3Awrite%20pages%3Awrite%20zone%3Aread%20ssl_certs%3Awrite%20constellation%3Awrite%20ai%3Awrite%20queues%3Awrite%20offline_access&state=...SNIP... HTTP/1.1 Host: localhost:8976 User-Agent: curl/7.88.1 Accept: /

It is clearly connecting to wrangler, but wrangler is not recognizing it or proceeding.

Also, it's worth noting that I tried this with and without the port forwarding from VS Code DevContainers.

gable-digital avatar Jun 29 '24 12:06 gable-digital

Also run in vscode devcontainer, I can't make it work using the workaround, but rather I configured the CLOUDFLARE_ACCOUNT_ID and CLOUDFLARE_API_TOKEN in .env, and works.

aiden-liu avatar Aug 18 '24 08:08 aiden-liu

Any news on this ? I was excited to try cloudflare d1 for the first time, but was immediately disappointed and gave up.

lroal avatar Nov 14 '24 11:11 lroal

I have the similar issue, run wrangler login in VSCode SSH machine, the browser redirect is successful, but the wrangler login hangs forever.

image

jizusun avatar Dec 26 '24 07:12 jizusun

Same problem here. Opening a second terminal to run curl with the localhost address give me also this error: โ–ฒ [WARNING] Received query string parameter doesn't match the one sent! Possible malicious activity somewhere.

lakano avatar Aug 25 '25 13:08 lakano

Which Cloudflare product(s) does this pertain to?

Wrangler core

What version(s) of the tool(s) are you using?

3.51.2

What version of Node are you using?

20.12.1

What operating system and version are you using?

macOS 14.4.1

Describe the Bug

Observed behavior

Please describe.

  1. Open Terminal on macOS
  2. ssh into your Ubuntu 22.04 VPS
  3. npx wrangler login
  4. Copy the link and paste it in Chrome Version v124
  5. Approve
  6. Copy link
  7. Paste link into second terminal on Ubuntu VPS
  8. get:
โ–ฒ [WARNING] Received query string parameter doesn't match the one sent! Possible malicious activity somewhere.

Fwiw, I tried every possible permutation of the curl command.

Expected behavior

A successful login

related but closed again: #2874

Please provide a link to a minimal reproduction

Follow aforementioned steps closely.

Please provide any relevant error logs

when running curl -v I got:

  • Trying 127.0.0.1:8976...
  • connect to 127.0.0.1 port 8976 failed: Connection refused
  • Trying ::1:8976...
  • Connected to localhost (::1) port 8976 (#0)

GET /oauth/callback?code=[redacted] HTTP/1.1 Host: localhost:8976 User-Agent: curl/7.81.0 Accept: /

Add "" to the localhost url in the curl command

marcobibichan avatar Aug 29 '25 15:08 marcobibichan

Add "" to the localhost url in the curl command

I already put the double quotes around the URL.

Here are my steps:

On the SSH remote server:

$ wrangler login

 โ›…๏ธ wrangler 4.35.0
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
Attempting to login via OAuth...
Opening a link in your default browser: https://dash.cloudflare.com/oauth2/auth?response_type=code&client_id=(REDACTED)&redirect_uri=http%3A%2F%2Flocalhost%3A8976%2Foauth%2Fcallback&scope=account%3Aread%20user%3Aread%20workers%3Awrite%20workers_kv%3Awrite%20workers_routes%3Awrite%20workers_scripts%3Awrite%20workers_tail%3Aread%20d1%3Awrite%20pages%3Awrite%20zone%3Aread%20ssl_certs%3Awrite%20ai%3Awrite%20queues%3Awrite%20pipelines%3Awrite%20secrets_store%3Awrite%20containers%3Awrite%20cloudchamber%3Awrite%20offline_access&state=3csbau8yqyCPbPJE-VVWGMUpdf1ewuX.&code_challenge=(REDACTED)&code_challenge_method=S256
โ–ฒ [WARNING] Failed to open

Then I copy/paste in a new private browser window on my local computer this URL, I fill login / password / 2nd factor, then I confirm the authorizations and the window is redirected to a localhost address but indeed without success as it's not in remote.

I copy/paste this URL to the curl command on a new SSH remote connection to the server like this :

$ curl -v "http://localhost:8976/oauth/callback?code=(REDACTED)&scope=account%3Aread%20user%3Aread%20workers%3Awrite%20workers_kv%3Awrite%20workers_routes%3Awrite%20workers_scripts%3Awrite%20workers_tail%3Aread%20d1%3Awrite%20pages%3Awrite%20zone%3Aread%20ssl_certs%3Awrite%20ai%3Awrite%20queues%3Awrite%20pipelines%3Awrite%20secrets_store%3Awrite%20containers%3Awrite%20cloudchamber%3Awrite%20offline_access&state=(REDACTED)"
* Host localhost:8976 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:8976...
* Connected to localhost (::1) port 8976
* using HTTP/1.x
> GET /oauth/callback?code=(REDACTED)&scope=account%3Aread%20user%3Aread%20workers%3Awrite%20workers_kv%3Awrite%20workers_routes%3Awrite%20workers_scripts%3Awrite%20workers_tail%3Aread%20d1%3Awrite%20pages%3Awrite%20zone%3Aread%20ssl_certs%3Awrite%20ai%3Awrite%20queues%3Awrite%20pipelines%3Awrite%20secrets_store%3Awrite%20containers%3Awrite%20cloudchamber%3Awrite%20offline_access&state=(REDACTED) HTTP/1.1
> Host: localhost:8976
> User-Agent: curl/8.14.1
> Accept: */*
> 
* Request completely sent off

Then I go back in my initial SSH remote tab to see if it's works, but no, I have theses new messages :

โœ˜ [ERROR] The body of the response was HTML rather than JSON. Check the debug logs to see the full body of the response.


โœ˜ [ERROR] It looks like you might have hit a bot challenge page. This may be transient but if not, please contact Cloudflare to find out what can be done. When you contact Cloudflare, please provide your Ray ID: 97d5ae9d7debff34-CDG


This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). The promise rejected with the reason:
Error: Invalid JSON in response: status: 403 Forbidden
    at getJSONFromResponse (/home/debian/.local/share/fnm/node-versions/v22.18.0/installation/lib/node_modules/wrangler/wrangler-dist/cli.js:49567:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
    at async exchangeAuthCodeForAccessToken (/home/debian/.local/share/fnm/node-versions/v22.18.0/installation/lib/node_modules/wrangler/wrangler-dist/cli.js:49161:31)
    at async Server.<anonymous> (/home/debian/.local/share/fnm/node-versions/v22.18.0/installation/lib/node_modules/wrangler/wrangler-dist/cli.js:49317:30)

Any help is appreciated :)

lakano avatar Sep 11 '25 08:09 lakano