goth icon indicating copy to clipboard operation
goth copied to clipboard
verified publisher icon markbates

Failed to get user

Open SOG-web opened this issue 1 year ago • 4 comments

I keep getting this response, am using in memory session store {"status":"error","message":"Failed to get user: could not find a matching session for this request"}

SOG-web avatar Dec 18 '24 18:12 SOG-web

Is it possible that you are changing your gothic.Store at some point during the flow? This would explain why a session can not be found.

Otherwise you may want to provide a few more details on your implementation for us to analyse, cheers.

thirtified avatar Feb 25 '25 16:02 thirtified

Im getting the exact same error but only when using Safari.

  • Chrome works fine for google/keycloak (openid-connect)
  • Safari fails for google/keycloak (openid-connect)
  • Ive set all my callbacks / redirects to "127.0.0.1" and in the case of keycloak ( both are on same host ) ..

The Basic setup

store := sessions.NewCookieStore([]byte(env.AppConfig.COOKIE_ENCRYPTION_KEY))
	store.MaxAge(86400 * 30)
	store.Options.Path = "/"
	store.Options.HttpOnly = true // HttpOnly should always be enabled
	store.Options.Secure = true
	store.Options.SameSite = http.SameSiteNoneMode

gothic.Store = store

goth.UseProviders(
		google.New(env.AppConfig.GOOGLE_CLIENT_ID, env.AppConfig.GOOGLE_CLIENT_SECRET, env.AppConfig.GOOGLE_AUTH_CALLBACK, "profile", "email"),
	)

openidConnect, _ := openidConnect.New("goth-client",
		"**random secret**",
		"http://127.0.0.1:3001/auth/openid-connect/callback",
		"http://127.0.0.1:8181/realms/my-demo/.well-known/openid-configuration")
	if openidConnect != nil {
		goth.UseProviders(openidConnect)
	}

//
// FailurePoint ...
//
// GetFromSession retrieves a previously-stored value from the session.
// If no value has previously been stored at the specified key, it will return an error.
func GetFromSession(key string, req *http.Request) (string, error) {
	session, _ := Store.Get(req, SessionName)

^^^^ session looks valid but values is always empty on safari ( see below for example )

	value, err := getSessionValue(session, key)
	if err != nil {
		return "", errors.New("could not find a matching session for this request")
	}

	return value, nil
}

Session Example ..from getSessionValue(session, key)

Options: *sessions.Options {
   sessions.Options {Path: "/", Domain: "", MaxAge: 2592000, Secure: true, HttpOnly: true, Partitioned: false, SameSite: SameSiteNoneMode (4)
}
Secure: true
IsNew: true
name: "_gothic_session"
Values = map[interface {}]interface {} []

In the safari browser there is never the internal __gothic_session

Chrome...

Image

Safari.. is empty

Hope that helps

stecullum avatar Mar 05 '25 10:03 stecullum

Did you try out using other SameSite settings for the CookieStore, e.g. SameSiteLaxMode? I vaguely remember that this made a difference for me in certain browser/provider configurations.

thirtified avatar Mar 06 '25 16:03 thirtified

Tried every combo - in the end i switched to zitadel oidc library and its worked flawlessly

   "github.com/zitadel/oidc/v3/pkg/client/rp"
	httphelper "github.com/zitadel/oidc/v3/pkg/http"
	"github.com/zitadel/oidc/v3/pkg/oidc"

stecullum avatar Mar 10 '25 23:03 stecullum