dudki
May 30, 2024, 1:02pm
1
We’ve configured Third-party login application for our Wekan instance to allow users login to Wekan with RC creds. And it works but somewhy only for users with Admin role. Regular user gets “Not authorized” error. I see in user’s profile he latest timestamp of login and it’s he same as login attempt, but 0 information about this login in both RC and Wekan logs. User became able to login when i made it an Admin for a moment and lost it’s permissions when i removed Admin role.
Wekan 6.0.9
Version of Rocket.Chat Server:
Operating System:
Deployment Method:
Number of Running Instances:
DB Replicaset Oplog:
NodeJS Version:
MongoDB Version:
Proxy:
Firewalls involved:
reetp
May 30, 2024, 2:18pm
2
Likely due to this. I think you have to allow Manage Oauth Apps.
opened 11:39AM - 14 Feb 24 UTC
### Description:
After I installed the Update to 6.6.0 (from 6.4.8) users wit… hout the "Manage Oauth Apps"-permission can't Log into apps that use RocketChat as Oauth povider. Users without that permission get this error:
In the Logs, this message appears:
```json
{
"level":35,
"time":"2024-02-14T10:56:11.856Z",
"pid":4621,
"hostname":"[redacted]",
"name":"API",
"method":"GET",
"url":"/api/v1/oauth-apps.get?clientId=[redacted]",
"userId":"[redacted]",
"userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Safari/605.1.15",
"host":"[redacted]",
"referer":"https://[redacted]/oauth/authorize?response_type=code&client_id=[redacted]&redirect_uri=[redacted]",
"remoteIP":"[redacted]",
"status":403,
"responseTime":1
}
```
With a user that has the permission, the status-code is 200 instead.
### Steps to reproduce:
1. Set up a third-party app under Administration->Workspace->Third-party login
2. Try to login in the app with a user that doesn't have the "Manage Oauth Apps"-permission. -> won't work.
3. Configure the user to have that permission
4. Try logging in again -> works.
### Expected behavior:
What happened in 6.4.8 and previously. Users can log in using oauth without that permission.
### Actual behavior:
Users need to have the permission to manage oauth apps, which isn't something they should be able to.
### Server Setup Information:
- Version of Rocket.Chat Server: 6.6.0
- Operating System: Ubuntu 20.04.6 LTS
- Deployment Method: "Deploy with ubuntu"
- Number of Running Instances: 1
- NodeJS Version: 14.18.3
- MongoDB Version: 4.4.25
### Client Setup Information
- Desktop App or Browser Version: any
- Operating System: any
### Relevant logs:
see description.
reetp
May 30, 2024, 3:22pm
4
Cool.
Watch that bug as there are likely to be some changes in due course.