datatools-ui icon indicating copy to clipboard operation
datatools-ui copied to clipboard

Published 20 hours ago verified publisher icon ibi-group

Auth0 Configuration Problems Using Deployment Instructions - "Consent required"

Open geofsu opened this issue 6 years ago • 9 comments

When using the deployment instructions (here) to deploy the UI and Server application just on Localhost, I'm getting errors from Auth0 on using the authentication on a non-verifiable first party application.

I've tried to adapt the instructions on setting up Auth0 to the best of my knowledge even though it looks like the Auth0 on-boarding and set-up has changed drastically since the instructions were written.

Any help on this would be much appreciated or if there is any option to disable Auth0 (I see there was a way in a previous version) that would be great as I will only be running this instance locally for testing.

Thanks.

geofsu avatar Feb 05 '19 15:02 geofsu

Hello,

I think we (at Mappy) faced to the same deployment problem with current dev version.

After a few hours of code digging, the following comment lines pointed me a first solution : https://github.com/conveyal/datatools-ui/blob/c72cdc97da6f92fcdee3fd8dae4a84a918f0aec1/lib/manager/actions/user.js#L174 => With current Auth0 version, you will need to create a rule in order to expose user/app metadata, as discussed here : https://community.auth0.com/t/how-can-i-make-app-metadata-available-in-userinfo-endpoint/6664/3 (replace 'https://yourdomain.com/' by 'http://datatools/')

Then on server-side, you will need to bump the search_engine version from v2 to v3 ( at https://github.com/conveyal/datatools-server/blob/065c1ec9860780678ae957cc8f1fde82b54b9bcf/src/main/java/com/conveyal/datatools/manager/auth/Auth0Users.java#L52, and https://github.com/conveyal/datatools-server/blob/065c1ec9860780678ae957cc8f1fde82b54b9bcf/src/main/java/com/conveyal/datatools/manager/auth/Auth0Users.java#L56)

Also pay attention to the fact that current Auth0 account requires a .pem public key https://github.com/conveyal/datatools-server/blob/065c1ec9860780678ae957cc8f1fde82b54b9bcf/configurations/default/env.yml.tmp#L4 (see your Auth0 dashboard).

With these modifications in addition to dev doc instructions, Auth0 part was OK.

So I confirm that this part of doc (+ PG > 9.6 requirement) need to be refreshed. We could try to propose a PR on doc, if Conveyal maintainers agree.

AlternateF avatar Mar 05 '19 15:03 AlternateF

Hi @AlternateF, we're happy to accept a PR for updates to this process for the docs. I think some of what you described (e.g., setting up an Auth0 rule) is contained within the docs already, but if there are gaps or something is otherwise unclear, we are certainly open to improvements. Please do document the justification for any of the changes you have described and reference this issue in your PR.

Thanks for attempting to diagnose this issue. I'm curious to know if this worked for @geofsu.

landonreed avatar Mar 05 '19 18:03 landonreed

Hi, I'm having a similar problem. The documentation has incompatibilities with the latest version. Waiting new document. Thank you.

abdullahcel1k avatar Mar 06 '19 11:03 abdullahcel1k

@landonreed : Haha, indeed the metadata workaround is already documented in *.md dev docs, so I realize that online dev docs are outdated. Can you upload an up to date mkdoc'ed version, or I need to open a specific issue for that?

Then what seems to remain to have a fully functional setup is

  • document > 9.6 postgres version dependency (related to gtfs-lib )
  • upgrade search_engine param version on server side.

AlternateF avatar Mar 06 '19 14:03 AlternateF

Sorry about the disparity between the rendered docs and .md files. I have just rebuilt the dev docs, so they should reflect the latest.

@AlternateF, can you explain why the search_engine param needs to be updated (or point to some Auth0 documents describing this change)?

And yes, I agree that the docs need to reflect the requirement of Postgres 9.6 or later.

landonreed avatar Mar 06 '19 14:03 landonreed

@landonreed : according the doc, as far as I understood, Auth0 user search engine v2 has been deprecated and is now turned off : Migrate from Search v2 to v3.

AlternateF avatar Mar 06 '19 17:03 AlternateF

@AlternateF

Did you make any other changes aside from what you have documented?

The Auth0 interface is quite different from the documentation.

I have made the changes as per above but still have a "Failed Silent Auth" issue. See log below.

2019_03_28_15_47_34_Logs )

jevansxyz avatar Mar 28 '19 05:03 jevansxyz

Im still getting the same issue. I think the best solution is getting rid of Auth0 since it is causing a lot of issues.

karimhm avatar May 29 '19 11:05 karimhm

I'm also getting stuck at the "consent_required" when trying to log in for the first time. Have the others solved this? How? Any help would be highly appreciated.

EDIT: Found the solution: Auth0 seems to enforce consent when the URL is localhost, which I used when trying it out locally. Set up an alias in /etc/hosts (if on Linux or macOS) for localhost, e.g. datatools.dev, and use that, and than it worked.

mrieser avatar May 01 '20 18:05 mrieser