Custom OAuth "No Matching login attempt found"

joelchittum · June 7, 2021, 5:19pm

I am trying to setup a custom oauth solution and I am getting a “No matching login attempt found”. The logs from the rocketchat container are: Meteor ➔ method public-settings/get → userId: undefined, arguments: [{}]
API ➔ debug Success {
statusCode: 200,
body: {
message: ‘{“msg”:“result”,“id”:“3”,“result”:{“update”:,“remove”:}}’,
success: true
}
}
API ➔ debug POST: /api/v1/method.callAnon/login
Exception while invoking method login Error: No matching login attempt found [145546287]
at MethodInvocation. (packages/accounts-oauth/oauth_server.js:35:21)
at packages/accounts-base/accounts_server.js:499:31
at tryLoginMethod (packages/accounts-base/accounts_server.js:1341:14)
at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:497:22)
at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.js:7:35)
at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:557:31)
at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12)
at packages/ddp-server/livedata_server.js:1689:15
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at packages/ddp-server/livedata_server.js:1687:36
at new Promise ()
at Server.applyAsync (packages/ddp-server/livedata_server.js:1686:12)
at Server.apply (packages/ddp-server/livedata_server.js:1625:26)
at Server.call (packages/ddp-server/livedata_server.js:1607:17)
at Object.post (app/api/server/v1/misc.js:263:26)
at app/api/server/api.js:394:82
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9
=> awaited here:
at Promise.await (/app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:60:12)
at Server.apply (packages/ddp-server/livedata_server.js:1638:22)
at Server.call (packages/ddp-server/livedata_server.js:1607:17)
at Object.post (app/api/server/v1/misc.js:263:26)
at app/api/server/api.js:394:82
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9
API ➔ debug Success {
statusCode: 200,
body: {
message: ‘{“msg”:“result”,“id”:“4”,“error”:{“isClientSafe”:true,“error”:145546287,“reason”:“No matching login attempt found”,“message”:“No matching login attempt found [145546287]”,“errorType”:“Meteor.Error”}}’,
success: true
}
}

I am curious if there is an way of finding more information about the error so I can diagnose what is happening.

john.crisp · June 8, 2021, 9:26am

Hi.

Can you be a bit more descriptive on how you are setting this up please?

Have a read of this for how to report issues effectively.

gist.github.com

https://gist.github.com/reetp/a66149d5f060f260643a353ca7067a98

Readme.md

# Rocket.Chat - Asking for help

For users with issues with Rocket.Chat please do yourselves a few favours before asking for help.

Before you start.

First, you must ALWAYS test on the latest version of Rocket.Chat - you can also try [https://open.rocket.chat](https://open.rocket.chat) which always runs development versions. A large amount of issues are fixed with an update.

You are going to need to provide some basic information if you want a chance of resolving your issue.

This file has been truncated. show original

joelchittum · June 8, 2021, 2:43pm

Server Hardware: Docker container
Version of Rocket.Chat Server: 3.15.0
Operating System: Docker container
Deployment Method: docker
Number of Running Instances: 1
DB Replicaset Oplog: mongodb://mongo:27017/local
NodeJS Version: 12.22.1 - x64
MongoDB Version: 4.0.24

Client Type: Browser Chrome 91.0.4472.77 (64-bit)

Setup new Rocketchat docker container enable custom oauth provider and try to login with confirmed good user name. After which the error that is given is “No matching login attempt found”. Is there a error log that I can check to find more information about what is going wrong.

john.crisp · June 8, 2021, 5:40pm

You can first set the log level in Rocket and check the logs there, or via the CLI:

docker logs -f <container>

Have you tried just using the curl commands in the API docs?

What did that show?

joelchittum · June 9, 2021, 8:44pm

How do I change the log level. I have not found that option in Rocket UI. And I do not know the command line switch that I need.

john.crisp · June 10, 2021, 8:32am

Look in Admin, Logs.

joelchittum · June 18, 2021, 6:07pm

After more testing with my oauth provider and increasing the log level in rocketchat I am getting this error.

{“line”:“69”,“file”:“oauth_server.js”,“message”:“Unable to base64 decode state from OAuth query: undefined”,“time”:{"$date":1624039466464},“level”:“warn”}
{“line”:“69”,“file”:“oauth_server.js”,“message”:“Unable to base64 decode state from OAuth query: undefined”,“time”:{"$date":1624039466465},“level”:“warn”}
server.js:204 API ➔ debug POST: /api/v1/method.callAnon/login
Failed login detected - Username[unknown] ClientAddress[10.255.0.2] ForwardedFor[10.255.0.2] XRealIp[undefined] UserAgent[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.106 Safari/537.36]
Exception while invoking method login Error: No matching login attempt found [145546287]
at MethodInvocation. (packages/accounts-oauth/oauth_server.js:35:21)
at packages/accounts-base/accounts_server.js:499:31
at tryLoginMethod (packages/accounts-base/accounts_server.js:1341:14)
at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:497:22)
at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.js:7:35)
at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:557:31)
at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12)
at packages/ddp-server/livedata_server.js:1689:15
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at packages/ddp-server/livedata_server.js:1687:36
at new Promise ()
at Server.applyAsync (packages/ddp-server/livedata_server.js:1686:12)
at Server.apply (packages/ddp-server/livedata_server.js:1625:26)
at Server.call (packages/ddp-server/livedata_server.js:1607:17)
at Object.post (app/api/server/v1/misc.js:263:26)
at app/api/server/api.js:394:82
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9
=> awaited here:
at Promise.await (/app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:60:12)
at Server.apply (packages/ddp-server/livedata_server.js:1638:22)
at Server.call (packages/ddp-server/livedata_server.js:1607:17)
at Object.post (app/api/server/v1/misc.js:263:26)
at app/api/server/api.js:394:82
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9
server.js:204 API ➔ debug Success {
statusCode: 200,
body: {
message: ‘{“msg”:“result”,“id”:“14”,“error”:{“isClientSafe”:true,“error”:145546287,“reason”:“No matching login attempt found”,“message”:“No matching login attempt found [145546287]”,“errorType”:“Meteor.Error”}}’,
success: true
}
}

Is the oauth provider supposed to return the state value to rocktechat with the authorization code or am I misunderstanding this error log?

joelchittum · July 1, 2021, 9:14pm

So additional information I have gotten from the logs in rocketchat has to do with the OAuth handshake.

Error: Failed to complete OAuth handshake with edxoauth at https://edx.centos-vm/oauth/token. getaddrinfo ENOTFOUND edx.centos-vm
at CustomOAuth.getAccessToken (app/custom-oauth/server/custom_oauth_server.js:148:18)
at Object.handleOauthRequest (app/custom-oauth/server/custom_oauth_server.js:205:26)
at OAuth._requestHandlers. (packages/oauth2/oauth2_server.js:10:33)
at middleware (packages/oauth/oauth_server.js:170:5)
at /app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40
=> awaited here:
at Promise.await (/app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:60:12)
at Server.apply (packages/ddp-server/livedata_server.js:1638:22)
at Server.call (packages/ddp-server/livedata_server.js:1607:17)
at Object.post (app/api/server/v1/misc.js:263:26)
at app/api/server/api.js:394:82
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9

john.crisp · July 2, 2021, 3:49pm

This domain is invlaid.

getaddrinfo ENOTFOUND edx.centos-vm

Please check this link

https://edx.centos-vm/oauth/token

joelchittum · July 2, 2021, 3:53pm

This is a local domain it is not on the internet but it is valid in my setup.

john.crisp · July 2, 2021, 3:55pm

It doesn’t resolve though, hence this error.

getaddrinfo ENOTFOUND edx.centos-vm

joelchittum · July 2, 2021, 3:56pm

Ohok sorry i see what you are saying now thanks for the help.

john.crisp · July 2, 2021, 4:00pm

If that solves your issue please mark it as solved!!

Thanks.

joelchittum · July 8, 2021, 2:35pm

This issue seems to be related to my setup being containers on the same domain and rocketchat not being able to resolve the oauth2 container is there a setting within rocketchat that I am missing to get rocketchat to resolve other containers with the swarm.

john.crisp · July 9, 2021, 8:53am

OK, you failed to mention this setup earlier…

Number of Running Instances: 1

But in actual fact you have a cluster?

You need to give us full details of your setup. Are you using HA Proxy and sticky sessions etc?

joelchittum · July 9, 2021, 11:41am

I am not using sticky sessions but I am using apache to direct all of my traffic. I only have one rocketchat container running I have not set up any more than that. The oauth server is a container that is running on the same network and the same machine as the rocktechat container. I am able to ping the apache container from the rocketchat container and vis versa via the container names.

john.crisp · July 12, 2021, 10:08am

I think you need to test pinging from inside each container to another container.

A bit like this, and then ping from there.

docker exec -it <container name> /bin/bash

joelchittum · July 12, 2021, 10:47am

That is how I was testing the ping from inside of the rocketchat container to the apache container and it works fine and I also tested ping from inside the apache container to the rocktechat container and it works just fine as well

joelchittum · July 14, 2021, 2:59pm

The fix for this particular issue is to use the oauth docker container name for the token endpoint that needs to be connected to.

john.crisp · July 14, 2021, 4:23pm

Cool! I presume docker knows the internal IP for this.

Can you post some samples of how you did this for others please?

Thanks.

Topic		Replies	Views
Cannot oauth login with Keycloak (17.0.0) behind Nginx (1.23.1-alpine) reverse proxy Community Support	5	897	July 31, 2022
Custom OAuth “No Matching login attempt found” Development rocketchat-apps	1	611	February 28, 2023
Need help with custom OAuth implementation in rocketchat Community Support rocketchat-apps	9	3226	August 10, 2021
OAuth fails to log into RocketChat Community Support	2	937	May 6, 2023
User not found [403] - Meteor.Error Community Support	3	1738	September 12, 2021

Join our Community Open Call tomorrow where we'll share more details regarding recent changes and answer questions about updating your workspace to the latest Rocket.Chat

Custom OAuth "No Matching login attempt found"

Related Topics