Skip to content
This repository has been archived by the owner on Jan 24, 2019. It is now read-only.

error redeeming code: illegal base64 data #560

Closed
danopia opened this issue Mar 9, 2018 · 1 comment
Closed

error redeeming code: illegal base64 data #560

danopia opened this issue Mar 9, 2018 · 1 comment

Comments

@danopia
Copy link
Contributor

danopia commented Mar 9, 2018
edited
Loading

I use oauth2_proxy with a custom provider, using login_url, redeem_url, and profile_url. Recently, new proxies stopped working, and simply 500'd when I tried logging in.

I traced this back to #421. My provider puts padding on the JWTs and padding is no longer allowed. I've rolled back to a working version, but would appreciate guidance on how to fix this for the future.

oauth2_proxy
  -upstream
  http://localhost:3000
  -config
  /conf/oauth2_proxy.cfg
  -skip-provider-button

oauth2_proxy.cfg:

login_url = "https://custom-server/oauth2/auth"
profile_url = "https://custom-server/api/v1/me"
redeem_url = "https://custom-server/oauth2/access_token"
email_domains = ["*"]
http_address = "http://0.0.0.0:4180"
pass_basic_auth = false
jehiah added a commit that referenced this issue Mar 25, 2018
@jehiah
Merge pull request #561 from danopia/patch-1
1c1db88 
Strip JWT base64 padding before parsing. #560
brockoffdev pushed a commit to brockoffdev/oauth2_proxy that referenced this issue Jun 11, 2018
@danopia @brockoffdev
Strip JWT base64 padding before parsing. bitly#560
9c6eda7
EricEllett pushed a commit to segmentio/oauth2_proxy that referenced this issue Jun 18, 2018
Merge remote-tracking branch 'upstream/master' into SEC-757-refresh-flow
43021c8 
* upstream/master: (34 commits)
  Strip JWT base64 padding before parsing. bitly#560
  typo(README): Terminiation » Termination
  Support bcrypt passwords in htpasswd
  Fix typo in css for the sign in page template
  more robust ClearSessionCookie()
  README: fix nginx auth_request example for requests with body
  providers: iterate across all pages from /user/orgs github endpoint.
  Test request logging
  Document request-logging-format option
  Make request logging format configurable
  distribution: remove gpm references and update to use dep
  distribution: create sha256sum.txt file when creating binaries to allow validation of checksums. * update README.md to include instructions on how to verify prebuilt binaries for new releases.
  Github provider: use login as user
  options: update options parsing for better handling of incorrect values * don't add in failed compiled regexes for skip auth regex option * improve test coverage for skip auth regex option to handle partial success case * add tests for incorrect upstream options parsing errors
  Switch from gpm -> dep for dependency management
  Switch from 18F/hmacauth to mbland/hmacauth
  providers: update gitlab api endpoint to use latest version, v4
  Swap out bmizerany/assert package that is deprecated in favor of stretchr/testify/assert
  Drop deprecated MyUSA provider.
  Add OpenID Connect provider name.
  ...
JoelSpeed referenced this issue in oauth2-proxy/oauth2-proxy Jun 20, 2018
@danopia @JoelSpeed
Strip JWT base64 padding before parsing. #560
d3427fc
@danopia
Copy link
Contributor Author

danopia commented Aug 29, 2018

Since my patch for this issue was merged back in March, I'm closing my own issue here.

The actual discussion (however minimal) happened in #561

@danopia danopia closed this as completed Aug 29, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danopia