Error logging into Github from EC2 builder instance


#1

When trying to oauth authenticate builder -> github the builder-api is logging a message that

oauth_client::github: GitHub response body: {"error":"bad_verification_code","error_description":"The code passed is incorrect or expired.","error_uri":"https://developer.github.com/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#bad-verification-code"}

And I am unable to sign in

I used terraform to mostly provision the builder, but it failed half way through provisioning.
I manually finished running the ./provision script and updated some values in bldr.env to match the IP of the EC2 instance I am on.

I can manually perform this authorization from this box using curl with SSL_CERT_FILE exported to the same value as the supervisor, and env | grep proxy yields no matches

I can’t think what else could be breaking here


#2

It looks like builder is making the authenticate call twice. I started journalctl and then initiated the login process from the website one time

[root@ip-10-0-1-5 ~]# journalctl --since 'now' --follow | grep oauth
Jul 31 14:25:03 ip-10-0-1-5.us-west-2.compute.internal hab[23188]: builder-api.default(O): DEBUG 2018-07-31T14:25:03Z: oauth_client::client: Authenticate called, config: OAuth2Cfg { provider: "github", token_url: "https://github.com/login/oauth/access_token", userinfo_url: "https://api.github.com/user", redirect_url: "http://18.237.111.XXX/", client_id: "XXX", client_secret: "XXX" }
Jul 31 14:25:04 ip-10-0-1-5.us-west-2.compute.internal hab[23188]: builder-api.default(O): DEBUG 2018-07-31T14:25:04Z: reqwest::async_impl::response: Response: '200 OK' for https://github.com/login/oauth/access_token?client_id=XXX&client_secret=XXX&code=1958a4b056bfca75dd38
Jul 31 14:25:04 ip-10-0-1-5.us-west-2.compute.internal hab[23188]: builder-api.default(O): DEBUG 2018-07-31T14:25:04Z: oauth_client::github: GitHub response body: {"access_token":"VALID","token_type":"bearer","scope":""}
Jul 31 14:25:04 ip-10-0-1-5.us-west-2.compute.internal hab[23188]: builder-api.default(O): DEBUG 2018-07-31T14:25:04Z: oauth_client::github: GitHub response body: GOOD STUFF
Jul 31 14:25:04 ip-10-0-1-5.us-west-2.compute.internal hab[23188]: builder-sessionsrv.default(O): DEBUG 2018-07-31T14:25:04Z: habitat_builder_sessionsrv::server::handlers: issuing session, Session { created_at: Instant { tv_sec: 64908, tv_nsec: 5760773 }, encoded_token: "CJHAgODnqs2zDhIEMjk1NBgAIig3NzViN2JkZmM2Yjc1M2RhNzNmOWQ2NDE2NjdjNjBhYzliYmZhMGIz", inner: id: 1037856884696031249 email: "" name: "chrisortman" token: "CJHAgODnqs2zDhIEMjk1NBgAIig3NzViN2JkZmM2Yjc1M2RhNzNmOWQ2NDE2NjdjNjBhYzliYmZhMGIz" flags: 0 oauth_token: "775b7bdfc6b753da73f9d641667c60ac9bbfa0b3" }
Jul 31 14:25:04 ip-10-0-1-5.us-west-2.compute.internal hab[23188]: builder-api.default(O): DEBUG 2018-07-31T14:25:04Z: oauth_client::client: Authenticate called, config: OAuth2Cfg { provider: "github", token_url: "https://github.com/login/oauth/access_token", userinfo_url: "https://api.github.com/user", redirect_url: "http://18.237.111.XXX/", client_id: "XXXX", client_secret: "XXXX" }
Jul 31 14:25:04 ip-10-0-1-5.us-west-2.compute.internal hab[23188]: builder-api.default(O): DEBUG 2018-07-31T14:25:04Z: reqwest::async_impl::response: Response: '200 OK' for https://github.com/login/oauth/access_token?client_id=XXXX&client_secret=XXXX&code=1958a4b056bfca75dd38
Jul 31 14:25:04 ip-10-0-1-5.us-west-2.compute.internal hab[23188]: builder-api.default(O): DEBUG 2018-07-31T14:25:04Z: oauth_client::github: GitHub response body: {"error":"bad_verification_code","error_description":"The code passed is incorrect or expired.","error_uri":"https://developer.github.com/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#bad-verification-code"}

#3

Hmm so this is an issue you’re seeing with adding GH as the Oauth provider for you on-prem repo? Let’s see about getting some info on this from @raskchanky /@salam since I think they might be the ones who wrote that.


#4

Are you still seeing this issue? If so, would you mind filing an issue against the builder repo?


#5

No, it looks like it is fixed testing with whatever is released / current as of this morning