workers-sdk icon indicating copy to clipboard operation
workers-sdk copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

oauth redirect flow broken inside vm

Open kkoenig opened this issue 3 years ago • 3 comments

I typically develop in a vagrant VM where there is no browser installed, the oauth flow in wrangler2 breaks because the redirect URI has "localhost:8976" set in the callback parameter. We should be able to support copy pasting the callback URL to another machine and complete the auth flow there (cloudflared supports this)

Repro:

vagrant@kkoenig-devbox:~$ echo "export default { fetch() { return new Response('hello world') } }" > index.js
vagrant@kkoenig-devbox:~$  npx wrangler@beta dev index.js
 ⛅️ wrangler 0.0.27
--------------------
Attempting to login via OAuth...
Failed to open https://dash.cloudflare.com/oauth2/auth?response_type=code&client_id=... redirect_uri=http%3A%2F%2Flocalhost%3A8976%2Foauth%2Fcallback&scope=account%3Aread%20user%3Aread%20workers%3Awrite%20... in a browser

When I hope the URL in my host OS browser and complete the auth flow, the callback is never completed because the url is http://localhost:8976/oauth/callback?...

The same thing repros with wrangler 1

vagrant@kkoenig-devbox:~$ npx @cloudflare/wrangler login
Allow Wrangler to open a page in your browser? [y/n]
y
💁  Opened a link in your default browser: https://dash.cloudflare.com/oauth2/auth?redirect_url=<localhost>

But not with cloudflared which performs the same handshake

vagrant@kkoenig-devbox:~$ cloudflared login
Please open the following URL and log in with your Cloudflare account:

https://dash.cloudflare.com/argotunnel?callback=https%3A%2F%2Flogin.cloudflareaccess.org...

Leave cloudflared running to download the cert automatically.
You have successfully logged in.

kkoenig avatar May 03 '22 21:05 kkoenig

This seems related #862

JacobMGEvans avatar May 04 '22 19:05 JacobMGEvans

I came here because I ran into this issue as well, but I realized it is not that difficult to work around if you have something like curl on the VM/machine you ran wrangler on. Maybe this is helpful to someone:

Just copy-past the URL that you get redirected to in the browser (i.e. http://localhost:8976/oauth/callback?...), and then just run something like curl "http://localhost:8976/oauth/callback?..." on the VM/machine where you are ran the wrangler command.

martin-svedin avatar May 10 '22 17:05 martin-svedin

there's not much we can do to address this directly, but we can improve the user experience by adding documentation explaining the workaround provided by @martin-svedin 👍

lrapoport-cf avatar Aug 18 '22 14:08 lrapoport-cf