Roadmap Reveal 🗺 What's next for Rocket.Chat, Sep 22

Custom OAuth "No Matching login attempt found"

I am trying to setup a custom oauth solution and I am getting a “No matching login attempt found”. The logs from the rocketchat container are: Meteor ➔ method public-settings/get → userId: undefined, arguments: [{}]
API ➔ debug Success {
statusCode: 200,
body: {
message: ‘{“msg”:“result”,“id”:“3”,“result”:{“update”:,“remove”:}}’,
success: true
}
}
API ➔ debug POST: /api/v1/method.callAnon/login
Exception while invoking method login Error: No matching login attempt found [145546287]
at MethodInvocation. (packages/accounts-oauth/oauth_server.js:35:21)
at packages/accounts-base/accounts_server.js:499:31
at tryLoginMethod (packages/accounts-base/accounts_server.js:1341:14)
at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:497:22)
at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.js:7:35)
at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:557:31)
at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12)
at packages/ddp-server/livedata_server.js:1689:15
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at packages/ddp-server/livedata_server.js:1687:36
at new Promise ()
at Server.applyAsync (packages/ddp-server/livedata_server.js:1686:12)
at Server.apply (packages/ddp-server/livedata_server.js:1625:26)
at Server.call (packages/ddp-server/livedata_server.js:1607:17)
at Object.post (app/api/server/v1/misc.js:263:26)
at app/api/server/api.js:394:82
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9
=> awaited here:
at Promise.await (/app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:60:12)
at Server.apply (packages/ddp-server/livedata_server.js:1638:22)
at Server.call (packages/ddp-server/livedata_server.js:1607:17)
at Object.post (app/api/server/v1/misc.js:263:26)
at app/api/server/api.js:394:82
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9
API ➔ debug Success {
statusCode: 200,
body: {
message: ‘{“msg”:“result”,“id”:“4”,“error”:{“isClientSafe”:true,“error”:145546287,“reason”:“No matching login attempt found”,“message”:“No matching login attempt found [145546287]”,“errorType”:“Meteor.Error”}}’,
success: true
}
}

I am curious if there is an way of finding more information about the error so I can diagnose what is happening.

Hi.

Can you be a bit more descriptive on how you are setting this up please?

Have a read of this for how to report issues effectively.

Server Hardware: Docker container
Version of Rocket.Chat Server: 3.15.0
Operating System: Docker container
Deployment Method: docker
Number of Running Instances: 1
DB Replicaset Oplog: mongodb://mongo:27017/local
NodeJS Version: 12.22.1 - x64
MongoDB Version: 4.0.24

Client Type: Browser Chrome 91.0.4472.77 (64-bit)

Setup new Rocketchat docker container enable custom oauth provider and try to login with confirmed good user name. After which the error that is given is “No matching login attempt found”. Is there a error log that I can check to find more information about what is going wrong.

You can first set the log level in Rocket and check the logs there, or via the CLI:

docker logs -f <container>

Have you tried just using the curl commands in the API docs?

What did that show?

How do I change the log level. I have not found that option in Rocket UI. And I do not know the command line switch that I need.

Look in Admin, Logs.

After more testing with my oauth provider and increasing the log level in rocketchat I am getting this error.

{“line”:“69”,“file”:“oauth_server.js”,“message”:“Unable to base64 decode state from OAuth query: undefined”,“time”:{"$date":1624039466464},“level”:“warn”}
{“line”:“69”,“file”:“oauth_server.js”,“message”:“Unable to base64 decode state from OAuth query: undefined”,“time”:{"$date":1624039466465},“level”:“warn”}
server.js:204 API ➔ debug POST: /api/v1/method.callAnon/login
Failed login detected - Username[unknown] ClientAddress[10.255.0.2] ForwardedFor[10.255.0.2] XRealIp[undefined] UserAgent[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.106 Safari/537.36]
Exception while invoking method login Error: No matching login attempt found [145546287]
at MethodInvocation. (packages/accounts-oauth/oauth_server.js:35:21)
at packages/accounts-base/accounts_server.js:499:31
at tryLoginMethod (packages/accounts-base/accounts_server.js:1341:14)
at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:497:22)
at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.js:7:35)
at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:557:31)
at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12)
at packages/ddp-server/livedata_server.js:1689:15
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at packages/ddp-server/livedata_server.js:1687:36
at new Promise ()
at Server.applyAsync (packages/ddp-server/livedata_server.js:1686:12)
at Server.apply (packages/ddp-server/livedata_server.js:1625:26)
at Server.call (packages/ddp-server/livedata_server.js:1607:17)
at Object.post (app/api/server/v1/misc.js:263:26)
at app/api/server/api.js:394:82
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9
=> awaited here:
at Promise.await (/app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:60:12)
at Server.apply (packages/ddp-server/livedata_server.js:1638:22)
at Server.call (packages/ddp-server/livedata_server.js:1607:17)
at Object.post (app/api/server/v1/misc.js:263:26)
at app/api/server/api.js:394:82
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9
server.js:204 API ➔ debug Success {
statusCode: 200,
body: {
message: ‘{“msg”:“result”,“id”:“14”,“error”:{“isClientSafe”:true,“error”:145546287,“reason”:“No matching login attempt found”,“message”:“No matching login attempt found [145546287]”,“errorType”:“Meteor.Error”}}’,
success: true
}
}

Is the oauth provider supposed to return the state value to rocktechat with the authorization code or am I misunderstanding this error log?

So additional information I have gotten from the logs in rocketchat has to do with the OAuth handshake.

Error: Failed to complete OAuth handshake with edxoauth at https://edx.centos-vm/oauth/token. getaddrinfo ENOTFOUND edx.centos-vm
at CustomOAuth.getAccessToken (app/custom-oauth/server/custom_oauth_server.js:148:18)
at Object.handleOauthRequest (app/custom-oauth/server/custom_oauth_server.js:205:26)
at OAuth._requestHandlers. (packages/oauth2/oauth2_server.js:10:33)
at middleware (packages/oauth/oauth_server.js:170:5)
at /app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40
=> awaited here:
at Promise.await (/app/bundle/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:60:12)
at Server.apply (packages/ddp-server/livedata_server.js:1638:22)
at Server.call (packages/ddp-server/livedata_server.js:1607:17)
at Object.post (app/api/server/v1/misc.js:263:26)
at app/api/server/api.js:394:82
at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
at Object._internalRouteActionHandler [as action] (app/api/server/api.js:394:39)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9

This domain is invlaid.

getaddrinfo ENOTFOUND edx.centos-vm

Please check this link

https://edx.centos-vm/oauth/token

This is a local domain it is not on the internet but it is valid in my setup.

It doesn’t resolve though, hence this error.

getaddrinfo ENOTFOUND edx.centos-vm

Ohok sorry i see what you are saying now thanks for the help.

If that solves your issue please mark it as solved!!

Thanks.

This issue seems to be related to my setup being containers on the same domain and rocketchat not being able to resolve the oauth2 container is there a setting within rocketchat that I am missing to get rocketchat to resolve other containers with the swarm.

OK, you failed to mention this setup earlier…

Number of Running Instances: 1

But in actual fact you have a cluster?

You need to give us full details of your setup. Are you using HA Proxy and sticky sessions etc?

I am not using sticky sessions but I am using apache to direct all of my traffic. I only have one rocketchat container running I have not set up any more than that. The oauth server is a container that is running on the same network and the same machine as the rocktechat container. I am able to ping the apache container from the rocketchat container and vis versa via the container names.

I think you need to test pinging from inside each container to another container.

A bit like this, and then ping from there.

docker exec -it <container name> /bin/bash

That is how I was testing the ping from inside of the rocketchat container to the apache container and it works fine and I also tested ping from inside the apache container to the rocktechat container and it works just fine as well

The fix for this particular issue is to use the oauth docker container name for the token endpoint that needs to be connected to.

Cool! I presume docker knows the internal IP for this.

Can you post some samples of how you did this for others please?

Thanks.