Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run your own OAuth 2.0 Server : " Client authentication failed " #1091

Closed
nishaantchauhan opened this issue Oct 12, 2018 · 10 comments
Closed

Run your own OAuth 2.0 Server : " Client authentication failed " #1091

nishaantchauhan opened this issue Oct 12, 2018 · 10 comments

Comments

@nishaantchauhan
Copy link

I have followed "https://www.ory.sh/run-oauth2-server-open-source-api-security/" tutorial to make our own OAuth server using Docker.

After executing whole things we get the 404 error from the UI side and we check the logs so we got this Error "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)"

Anyone have a solution than PLease provide us

Thanks in Advance
@aeneasr
Copy link
Member

aeneasr commented Oct 12, 2018

That's usually due to some mishap while c&p, could you retry the tutorial again from afresh?

@nishaantchauhan
Copy link
Author

I did it twice. The first time we get the unique key violation Error so we did it the second time and we get client authentication failed Error.

@aeneasr
Copy link
Member

aeneasr commented Oct 12, 2018

If you're getting unique key violation you're not starting against a fresh installation. Do docker-compose kill and docker-compose rm, then restart the tutorial.

@nishaantchauhan
Copy link
Author

nishaantchauhan commented Oct 15, 2018
edited
Loading

After that, I retry the tutorial from the fresh here are the ports with their Error
127.0.0.1:9020
image

127.0.0.1:9010
image

127.0.0.1:9000
image

Logs also clear no Error except 404 for favicon
Also, https://localhost:9001/health/status URL gives an ok response

please check this log also

time="2018-10-15T08:57:34Z" level=info msg="Connecting with postgres://:@ory-hydra-example--postgres:5432/hydra?sslmode=disable"
time="2018-10-15T08:57:34Z" level=info msg="Connected to SQL!"
time="2018-10-15T08:57:34Z" level=info msg="JSON Web Key Set hydra.openid.id-token does not exist yet, generating new key pair..."
time="2018-10-15T08:57:35Z" level=info msg="Setting up Prometheus middleware"
time="2018-10-15T08:57:35Z" level=info msg="Transmission of telemetry data is enabled, to learn more go to: https://www.ory.sh/docs/guides/latest/telemetry/"
time="2018-10-15T08:57:35Z" level=info msg="JSON Web Key Set hydra.https-tls does not exist yet, generating new key pair..."
time="2018-10-15T08:57:42Z" level=info msg="Setting up http server on :4445"
time="2018-10-15T08:57:42Z" level=warning msg="HTTPS disabled. Never do this in production."
time="2018-10-15T08:57:42Z" level=info msg="Setting up http server on :4444"
time="2018-10-15T08:57:42Z" level=warning msg="HTTPS disabled. Never do this in production."
time="2018-10-15T08:57:47Z" level=info msg="started handling request" method=GET remote="172.18.0.1:50076" request=/health/ready
time="2018-10-15T08:57:47Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=910851 method=GET remote="172.18.0.1:50076" request=/health/ready status=200 text_status=OK took="910.851µs"
time="2018-10-15T08:57:47Z" level=info msg="started handling request" method=GET remote="172.18.0.1:50076" request=/favicon.ico
time="2018-10-15T08:57:47Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=72942 method=GET remote="172.18.0.1:50076" request=/favicon.ico status=404 text_status="Not Found" took="72.942µs"
time="2018-10-15T08:57:47Z" level=info msg="started handling request" method=GET remote="172.18.0.1:50076" request=/favicon.ico
time="2018-10-15T08:57:47Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=84389 method=GET remote="172.18.0.1:50076" request=/favicon.ico status=404 text_status="Not Found" took="84.389µs"
time="2018-10-15T08:57:53Z" level=info msg="started handling request" method=GET remote="172.18.0.1:50076" request=/health/ready
time="2018-10-15T08:57:53Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=76367 method=GET remote="172.18.0.1:50076" request=/health/ready status=200 text_status=OK took="76.367µs"
time="2018-10-15T09:00:40Z" level=info msg="started handling request" method=GET remote="172.18.0.1:50084" request=/health/ready
time="2018-10-15T09:00:40Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=159033 method=GET remote="172.18.0.1:50084" request=/health/ready status=200 text_status=OK took="159.033µs"
time="2018-10-15T09:01:19Z" level=info msg="started handling request" method=POST remote="172.18.0.4:51434" request=/clients
time="2018-10-15T09:01:20Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=157155587 method=POST remote="172.18.0.4:51434" request=/clients status=201 text_status=Created took=157.155587ms
time="2018-10-15T09:05:01Z" level=info msg="started handling request" method=POST remote="172.18.0.4:52016" request=/oauth2/token
time="2018-10-15T09:05:01Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=160591619 method=POST remote="172.18.0.4:52016" request=/oauth2/token status=200 text_status=OK took=160.591619ms
time="2018-10-15T09:36:03Z" level=info msg="started handling request" method=POST remote="172.18.0.4:51454" request=/oauth2/introspect
time="2018-10-15T09:36:04Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=949375859 method=POST remote="172.18.0.4:51454" request=/oauth2/introspect status=200 text_status=OK took=949.375859ms
time="2018-10-15T09:59:40Z" level=info msg="started handling request" method=POST remote="172.18.0.5:35052" request=/clients
time="2018-10-15T09:59:41Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=605183913 method=POST remote="172.18.0.5:35052" request=/clients status=201 text_status=Created took=605.183913ms
time="2018-10-15T10:02:07Z" level=info msg="started handling request" method=GET remote="172.18.0.1:38848" request=/
time="2018-10-15T10:02:07Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=15670017 method=GET remote="172.18.0.1:38848" request=/ status=404 text_status="Not Found" took=15.670017ms
time="2018-10-15T10:02:07Z" level=info msg="started handling request" method=GET remote="172.18.0.1:38848" request=/favicon.ico
time="2018-10-15T10:02:07Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=92691 method=GET remote="172.18.0.1:38848" request=/favicon.ico status=404 text_status="Not Found" took="92.691µs"
time="2018-10-15T10:02:07Z" level=info msg="started handling request" method=GET remote="172.18.0.1:38848" request=/favicon.ico
time="2018-10-15T10:02:07Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=84591 method=GET remote="172.18.0.1:38848" request=/favicon.ico status=404 text_status="Not Found" took="84.591µs"
time="2018-10-15T10:06:35Z" level=info msg="started handling request" method=GET remote="172.18.0.1:39048" request=/
time="2018-10-15T10:06:35Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=82995756 method=GET remote="172.18.0.1:39048" request=/ status=404 text_status="Not Found" took=82.995756ms
time="2018-10-15T10:11:20Z" level=info msg="started handling request" method=GET remote="172.18.0.1:39268" request=/
time="2018-10-15T10:11:20Z" level=info msg="completed handling request" measure#http://127.0.0.1:9000/.latency=120031129 method=GET remote="172.18.0.1:39268" request=/ status=404 text_status="Not Found" took=120.031129ms

@aeneasr
Copy link
Member

aeneasr commented Oct 15, 2018 via email

@nishaantchauhan
Copy link
Author

nishaantchauhan commented Oct 15, 2018
edited
Loading

I don't get it yet what's the issue?
I just follow the same instructions which were in the tutorial didn't change a single thing..

@aeneasr
Copy link
Member

aeneasr commented Oct 15, 2018 via email

@nishaantchauhan
Copy link
Author

nishaantchauhan commented Oct 15, 2018
edited
Loading

I started from fresh (didn't use docker-compose kill && docker-compose rm) used followed commands but it's all executed perfectly. when I check through the UI http://127.0.0.1:9020 I get the error from all ports which I saw you on an earlier post.

Step 1 :
$ docker network create hydraguide

Step 2 :
$ docker run --network hydraguide
--name ory-hydra-example--postgres
-e POSTGRES_USER=hydra
-e POSTGRES_PASSWORD=secret
-e POSTGRES_DB=hydra
-d postgres:9.6

Step 3 :
$ export SYSTEM_SECRET=y82XL-wAPCCZu+B4

Step 4 :
$ export DATABASE_URL=postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable

Step 5 :
$ docker run -it --rm
--network hydraguide
oryd/hydra:v1.0.0-beta.8
migrate sql $DATABASE_URL

Step 6 :
$ docker run -d
--name ory-hydra-example--hydra
--network hydraguide
-p 9000:4444
-p 9001:4445
-e SYSTEM_SECRET=$SYSTEM_SECRET
-e DATABASE_URL=$DATABASE_URL
-e OAUTH2_ISSUER_URL=http://127.0.0.1:9000/
-e OAUTH2_CONSENT_URL=http://127.0.0.1:9020/consent
-e OAUTH2_LOGIN_URL=http://127.0.0.1:9020/login
oryd/hydra:v1.0.0-beta.8 serve all --dangerous-force-http

Step 7 :
The check is it alive through http://localhost:9001/health/ready URL get an ok response

Step 8 :
$ docker run --rm -it
oryd/hydra:v1.0.0-beta.8
help

Step 9 :
$ docker run --rm -it
--network hydraguide
oryd/hydra:v1.0.0-beta.8
clients create
--endpoint http://ory-hydra-example--hydra:4445
--id some-consumer
--secret some-secret
--grant-types client_credentials
--response-types token,code

Step10 :
$ docker run --rm -it
--network hydraguide
oryd/hydra:v1.0.0-beta.8
token client
--client-id some-consumer
--client-secret some-secret
--endpoint http://ory-hydra-example--hydra:4444

Step 11 :
$ docker run --rm -it
--network hydraguide
oryd/hydra:v1.0.0-beta.8
token introspect
--client-id some-consumer
--client-secret some-secret
--endpoint http://ory-hydra-example--hydra:4445
>INSERT-TOKEN-HERE<

Step 12 :
$ docker run -d
--name ory-hydra-example--consent
-p 9020:3000
--network hydraguide
-e HYDRA_URL=http://ory-hydra-example--hydra:4445
-e NODE_TLS_REJECT_UNAUTHORIZED=0
oryd/hydra-login-consent-node:v1.0.0-beta.8

Step 13 :
$ docker run --rm -it
--network hydraguide
oryd/hydra:v1.0.0-beta.8
clients create
--endpoint http://ory-hydra-example--hydra:4445
--id another-consumer
--secret consumer-secret
-g authorization_code,refresh_token
-r token,code,id_token
--scope openid,offline
--callbacks http://127.0.0.1:9010/callback

Step 14 :
$ docker run --rm -it
--network hydraguide
-p 9010:9010
oryd/hydra:v1.0.0-beta.8
token user
--port 9010
--auth-url http://127.0.0.1:9000/oauth2/auth
--token-url http://ory-hydra-example--hydra:4444/oauth2/token
--client-id another-consumer
--client-secret consumer-secret
--scope openid,offline
--redirect http://127.0.0.1:9010/callback

@aeneasr
Copy link
Member

aeneasr commented Oct 15, 2018

Thank you, it would have been even more helpful if you had included the responses of each command, but let's go with what we have :)

So step 10 & 11 work fine, right? It should look like this:

$ docker run --rm -it \
>   --network hydraguide \
>   oryd/hydra:v1.0.0-beta.8 \
>   token client \
>     --client-id some-consumer \
>     --client-secret some-secret \
>     --endpoint http://ory-hydra-example--hydra:4444

Q9j1ONjGPNXT0vcZaGGoAlONkfhQZ5MPXjsMenJfAUs.xL9N9Zol5jZnkqE6jms3O6AggPMv9Uua5hOtNAaw3Qc
H-O-N-E-Y-P-O-T:hydra aeneas$ docker run --rm -it \
>   --network hydraguide \
>   oryd/hydra:v1.0.0-beta.8 \
>   token introspect \
>     --client-id some-consumer \
>     --client-secret some-secret \
>     --endpoint http://ory-hydra-example--hydra:4445 \
> Q9j1ONjGPNXT0vcZaGGoAlONkfhQZ5MPXjsMenJfAUs.xL9N9Zol5jZnkqE6jms3O6AggPMv9Uua5hOtNAaw3Qc
{
        "active": true,
        "client_id": "some-consumer",
        "exp": 1539613570,
        "iat": 1539609970,
        "iss": "http://127.0.0.1:9000/",
        "sub": "some-consumer",
        "token_type": "access_token"
}

The token will obviously be different but the output should be similar.

For me, all of the above command work just perfectly. After executing the last command I see:

bildschirmfoto 2018-10-15 um 15 29 22

Then I click on http://127.0.0.1:9010 which opens:

bildschirmfoto 2018-10-15 um 15 30 06

And after clicking "Authorize application" I see:

bildschirmfoto 2018-10-15 um 15 30 26

So the tutorial works as expected. Is it possible that one of those ports is either blocked by your firewall or another process is running on it? If you run docker ps you should see something like this:

d2e3ec66e4e8        oryd/hydra-login-consent-node:v1.0.0-beta.8   "/bin/sh -c 'npm sta…"   3 minutes ago       Up 3 minutes                    0.0.0.0:9020->3000/tcp                           ory-hydra-example--consent
2f4feefa976f        oryd/hydra:v1.0.0-beta.8                      "hydra serve all --d…"   6 minutes ago       Up 6 minutes                    0.0.0.0:9000->4444/tcp, 0.0.0.0:9001->4445/tcp   ory-hydra-example--hydra
22e4075da230        postgres:9.6                                  "docker-entrypoint.s…"   7 minutes ago       Up 7 minutes                    5432/tcp                                         ory-hydra-example--postgres

Make sure that all three containers are up and running and don't have errors.

@nishaantchauhan
Copy link
Author

nishaantchauhan commented Oct 16, 2018
edited
Loading

Thank you for solution unblock the port 9010

Thanks a Lot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aeneasr @nishaantchauhan