OAuth request to get authorization code fails #4055

Ke1i · 2023-06-02T16:35:25Z

Actual behaviour

-Tell us what happens
Cannot log into my self-hosted OCIS instance (version 3.0.0-rc.4) using Owncloud android app (version 4.0) sourced from F-Droid

Expected behaviour

-Tell us what should happen
Owncloud android app should log into my account and display my files after successful authentication

Steps to reproduce

Install OCIS using binary version 3.0.0-rc.4
Create a test user account from the web interface
Log into said test user account using the android app

Can this problem be reproduced with the official owncloud server?

(url: https://demo.owncloud.org, user: test, password: test)
No. I tested the android app using the test server and I could log in using the above provided credentials.

Environment data

Android version:
11
Device model:
htc m8wl
Stock or customized system:
Custom (DivestOS 18.1)
ownCloud app version:
4.0
ownCloud server version:
OCIS 3.0.0-rc.4

Logs

Web server error log

I didn't have the log feature on while testing. I'm using caddy as a reverse proxy. It also handles my certificates from duckdns.

ownCloud log (From Android app)

V: 2023-06-02 16:57:38:815(MainApp.kt:206) $onCreate.onActivityPaused()LogsListActivity onPause() ending
D: 2023-06-02 16:57:38:859(MainApp.kt:115) $onCreate.onActivityCreated()SettingsActivity onCreate(Bundle) starting
V: 2023-06-02 16:57:38:960(MainApp.kt:193) $onCreate.onActivityStarted()SettingsActivity onStart() starting
V: 2023-06-02 16:57:38:981(MainApp.kt:202) $onCreate.onActivityResumed()SettingsActivity onResume() starting
V: 2023-06-02 16:57:39:333(MainApp.kt:210) $onCreate.onActivityStopped()LogsListActivity onStop() ending
V: 2023-06-02 16:57:39:339(MainApp.kt:223) $onCreate.onActivityDestroyed()LogsListActivity onDestroy() ending
V: 2023-06-02 16:57:41:202(MainApp.kt:206) $onCreate.onActivityPaused()SettingsActivity onPause() ending
V: 2023-06-02 16:57:41:229(FileDisplayActivity.kt:181) .onCreate()onCreate() start
D: 2023-06-02 16:57:41:240(MainApp.kt:115) $onCreate.onActivityCreated()FileDisplayActivity onCreate(Bundle) starting
I: 2023-06-02 16:57:41:259(AccountAuthenticator.java:91) .addAccount()Adding account with type owncloud and auth token null
D: 2023-06-02 16:57:41:415(AppRater.java:53) .appLaunched()The app has been launched 11 times
D: 2023-06-02 16:57:41:417(AppRater.java:69) .appLaunched()The number of launches already exceed 2, the default number of launches, so let's check some dates
D: 2023-06-02 16:57:41:418(AppRater.java:71) .appLaunched()Current moment is 1685714261417
D: 2023-06-02 16:57:41:418(AppRater.java:72) .appLaunched()The date of the first launch + days until prompt is 1685709253940172800000
D: 2023-06-02 16:57:41:419(AppRater.java:74) .appLaunched()The date of the neutral click + days until neutral click is 086400000
V: 2023-06-02 16:57:41:420(FileDisplayActivity.kt:258) .onCreate()onCreate() end
V: 2023-06-02 16:57:41:425(MainApp.kt:193) $onCreate.onActivityStarted()FileDisplayActivity onStart() starting
D: 2023-06-02 16:57:41:431(DrawerActivity.kt:446) .updateQuota()Update Quota
V: 2023-06-02 16:57:41:438(FileDisplayActivity.kt:745) .onResume()onResume() start
V: 2023-06-02 16:57:41:439(MainApp.kt:202) $onCreate.onActivityResumed()FileDisplayActivity onResume() starting
W: 2023-06-02 16:57:41:440(DrawerActivity.kt:558) .setDrawerMenuItemChecked()setDrawerMenuItemChecked has been called with invalid menu-item-ID
V: 2023-06-02 16:57:41:441(FileDisplayActivity.kt:767) .onResume()onResume() end
D: 2023-06-02 16:57:41:538(OperationsService.java:92) .onCreate()Creating service
V: 2023-06-02 16:57:41:543(FileDisplayActivity.kt:771) .onPause()onPause() start
V: 2023-06-02 16:57:41:545(MainApp.kt:206) $onCreate.onActivityPaused()FileDisplayActivity onPause() ending
V: 2023-06-02 16:57:41:546(FileDisplayActivity.kt:778) .onPause()onPause() end
D: 2023-06-02 16:57:41:567(FileActivity.java:386) $OperationsServiceConnection.onServiceConnected()Operations service connected
D: 2023-06-02 16:57:41:577(MainApp.kt:115) $onCreate.onActivityCreated()LoginActivity onCreate(Bundle) starting
V: 2023-06-02 16:57:41:699(MainApp.kt:193) $onCreate.onActivityStarted()LoginActivity onStart() starting
V: 2023-06-02 16:57:41:701(MainApp.kt:202) $onCreate.onActivityResumed()LoginActivity onResume() starting
V: 2023-06-02 16:57:41:923(MainApp.kt:210) $onCreate.onActivityStopped()FileDisplayActivity onStop() ending
V: 2023-06-02 16:57:41:927(FileDisplayActivity.kt:731) .onSaveInstanceState()onSaveInstanceState() start
V: 2023-06-02 16:57:41:932(MainApp.kt:219) $onCreate.onActivitySaveInstanceState()FileDisplayActivity onSaveInstanceState(Bundle) starting
V: 2023-06-02 16:57:41:936(FileDisplayActivity.kt:741) .onSaveInstanceState()onSaveInstanceState() end
V: 2023-06-02 16:57:41:982(MainApp.kt:223) $onCreate.onActivityDestroyed()FileDisplayActivity onDestroy() ending
V: 2023-06-02 16:57:41:991(OperationsService.java:120) .onDestroy()Destroying service
V: 2023-06-02 16:57:42:078(MainApp.kt:210) $onCreate.onActivityStopped()SettingsActivity onStop() ending
V: 2023-06-02 16:57:42:083(MainApp.kt:223) $onCreate.onActivityDestroyed()SettingsActivity onDestroy() ending
V: 2023-06-02 16:57:45:110(MainApp.kt:206) $onCreate.onActivityPaused()LoginActivity onPause() ending
V: 2023-06-02 16:57:45:140(MainApp.kt:210) $onCreate.onActivityStopped()LoginActivity onStop() ending
V: 2023-06-02 16:57:45:143(MainApp.kt:219) $onCreate.onActivitySaveInstanceState()LoginActivity onSaveInstanceState(Bundle) starting
V: 2023-06-02 16:57:45:172(MainApp.kt:223) $onCreate.onActivityDestroyed()LoginActivity onDestroy() ending
D: 2023-06-02 16:57:52:722(MainApp.kt:115) $onCreate.onActivityCreated()SplashActivity onCreate(Bundle) starting
V: 2023-06-02 16:57:52:793(FileDisplayActivity.kt:181) .onCreate()onCreate() start
D: 2023-06-02 16:57:52:799(MainApp.kt:115) $onCreate.onActivityCreated()FileDisplayActivity onCreate(Bundle) starting
I: 2023-06-02 16:57:52:808(AccountAuthenticator.java:91) .addAccount()Adding account with type owncloud and auth token null
D: 2023-06-02 16:57:52:919(AppRater.java:53) .appLaunched()The app has been launched 12 times
D: 2023-06-02 16:57:52:920(AppRater.java:69) .appLaunched()The number of launches already exceed 2, the default number of launches, so let's check some dates
D: 2023-06-02 16:57:52:921(AppRater.java:71) .appLaunched()Current moment is 1685714272921
D: 2023-06-02 16:57:52:923(AppRater.java:72) .appLaunched()The date of the first launch + days until prompt is 1685709253940172800000
D: 2023-06-02 16:57:52:924(AppRater.java:74) .appLaunched()The date of the neutral click + days until neutral click is 086400000
V: 2023-06-02 16:57:52:926(FileDisplayActivity.kt:258) .onCreate()onCreate() end
V: 2023-06-02 16:57:52:931(MainApp.kt:193) $onCreate.onActivityStarted()FileDisplayActivity onStart() starting
D: 2023-06-02 16:57:52:939(DrawerActivity.kt:446) .updateQuota()Update Quota
V: 2023-06-02 16:57:52:947(FileDisplayActivity.kt:745) .onResume()onResume() start
V: 2023-06-02 16:57:52:951(MainApp.kt:202) $onCreate.onActivityResumed()FileDisplayActivity onResume() starting
W: 2023-06-02 16:57:52:952(DrawerActivity.kt:558) .setDrawerMenuItemChecked()setDrawerMenuItemChecked has been called with invalid menu-item-ID
V: 2023-06-02 16:57:52:953(FileDisplayActivity.kt:767) .onResume()onResume() end
D: 2023-06-02 16:57:52:962(OperationsService.java:92) .onCreate()Creating service
V: 2023-06-02 16:57:52:968(FileDisplayActivity.kt:771) .onPause()onPause() start
V: 2023-06-02 16:57:52:970(MainApp.kt:206) $onCreate.onActivityPaused()FileDisplayActivity onPause() ending
V: 2023-06-02 16:57:52:972(FileDisplayActivity.kt:778) .onPause()onPause() end
D: 2023-06-02 16:57:53:050(FileActivity.java:386) $OperationsServiceConnection.onServiceConnected()Operations service connected
D: 2023-06-02 16:57:53:061(MainApp.kt:115) $onCreate.onActivityCreated()LoginActivity onCreate(Bundle) starting
V: 2023-06-02 16:57:53:165(MainApp.kt:193) $onCreate.onActivityStarted()LoginActivity onStart() starting
V: 2023-06-02 16:57:53:169(MainApp.kt:202) $onCreate.onActivityResumed()LoginActivity onResume() starting
V: 2023-06-02 16:57:53:336(MainApp.kt:210) $onCreate.onActivityStopped()FileDisplayActivity onStop() ending
V: 2023-06-02 16:57:53:339(FileDisplayActivity.kt:731) .onSaveInstanceState()onSaveInstanceState() start
V: 2023-06-02 16:57:53:342(MainApp.kt:219) $onCreate.onActivitySaveInstanceState()FileDisplayActivity onSaveInstanceState(Bundle) starting
V: 2023-06-02 16:57:53:345(FileDisplayActivity.kt:741) .onSaveInstanceState()onSaveInstanceState() end
V: 2023-06-02 16:57:53:347(MainApp.kt:223) $onCreate.onActivityDestroyed()SplashActivity onDestroy() ending
V: 2023-06-02 16:57:53:383(MainApp.kt:223) $onCreate.onActivityDestroyed()FileDisplayActivity onDestroy() ending
V: 2023-06-02 16:57:53:403(OperationsService.java:120) .onDestroy()Destroying service
D: 2023-06-02 16:57:56:522(ClientManager.kt:93) .getClientForAnonymousCredentials()Reusing anonymous client for https://ocis.keli.duckdns.org
D: 2023-06-02 16:57:56:538(OwnCloudClient.java:129) .saveExecuteHttpMethod()Executing in request with id 89f4e531-d373-4bae-a2d4-9fbcb5e76510
D: 2023-06-02 16:57:56:551(LogBuilder.kt:38) .logHttp()[Network, request] [info] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Method: GET URL: https://ocis.keli.duckdns.org/.well-known/webfinger?rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer&resource=https%3A%2F%2Focis.keli.duckdns.org
D: 2023-06-02 16:57:56:553(LogBuilder.kt:38) .logHttp()[Network, request] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] X-Request-ID: 89f4e531-d373-4bae-a2d4-9fbcb5e76510
D: 2023-06-02 16:57:56:556(LogBuilder.kt:38) .logHttp()[Network, request] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] User-Agent: Mozilla/5.0 (Android) ownCloud-android/4.0
D: 2023-06-02 16:57:56:558(LogBuilder.kt:38) .logHttp()[Network, request] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Accept-Language: en
D: 2023-06-02 16:57:56:560(LogBuilder.kt:38) .logHttp()[Network, request] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Accept-Encoding: identity
D: 2023-06-02 16:57:56:562(LogBuilder.kt:38) .logHttp()[Network, request] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Host: ocis.keli.duckdns.org
D: 2023-06-02 16:57:56:564(LogBuilder.kt:38) .logHttp()[Network, request] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Connection: Keep-Alive
D: 2023-06-02 16:57:56:567(LogBuilder.kt:38) .logHttp()[Network, request] [body] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Empty body
D: 2023-06-02 16:57:56:597(LogBuilder.kt:38) .logHttp()[Network, response] [info] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Method: GET URL: https://ocis.keli.duckdns.org/.well-known/webfinger?rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer&resource=https%3A%2F%2Focis.keli.duckdns.org Code: 200 Message: OK
D: 2023-06-02 16:57:56:599(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Alt-Svc: h3=":443"; ma=2592000
D: 2023-06-02 16:57:56:601(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value
D: 2023-06-02 16:57:56:602(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Content-Length: 146
D: 2023-06-02 16:57:56:603(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Content-Security-Policy: frame-ancestors 'none'
D: 2023-06-02 16:57:56:605(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Content-Type: application/json; charset=utf-8
D: 2023-06-02 16:57:56:607(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Date: Fri, 02 Jun 2023 13:57:55 GMT
D: 2023-06-02 16:57:56:608(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Expires: Thu, 01 Jan 1970 00:00:00 GMT
D: 2023-06-02 16:57:56:609(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Last-Modified: Fri, 02 Jun 2023 13:57:55 GMT
D: 2023-06-02 16:57:56:611(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Server: Caddy
D: 2023-06-02 16:57:56:612(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Vary: Origin
D: 2023-06-02 16:57:56:614(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] X--Version: 
D: 2023-06-02 16:57:56:615(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] X-Content-Type-Options: nosniff
D: 2023-06-02 16:57:56:617(LogBuilder.kt:38) .logHttp()[Network, response] [header] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] X-Frame-Options: DENY
D: 2023-06-02 16:57:56:618(LogBuilder.kt:38) .logHttp()[Network, response] [body] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Length: 146 byte body
D: 2023-06-02 16:57:56:620(LogBuilder.kt:38) .logHttp()[Network, response] [body] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] Type: application/json; charset=utf-8
D: 2023-06-02 16:57:56:623(LogBuilder.kt:38) .logHttp()[Network, response] [body] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] --> Body start for response
D: 2023-06-02 16:57:56:625(LogBuilder.kt:38) .logHttp()[Network, response] [body] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] {"subject":"https://ocis.keli.duckdns.org","links":[{"rel":"http://openid.net/specs/connect/1.0/issuer","href":"https://ocis.keli.duckdns.org"}]}

D: 2023-06-02 16:57:56:626(LogBuilder.kt:38) .logHttp()[Network, response] [body] [89f4e531-d373-4bae-a2d4-9fbcb5e76510] <-- Body end for response -- Omitted: 0 bytes
D: 2023-06-02 16:57:56:631(GetInstancesViaWebFingerOperation.kt:76) .onRequestSuccessful()Successful WebFinger request: WebFingerResponse(subject=https://ocis.keli.duckdns.org, links=[LinkItem(rel=http://openid.net/specs/connect/1.0/issuer, href=https://ocis.keli.duckdns.org)])
D: 2023-06-02 16:57:56:633(ClientManager.kt:93) .getClientForAnonymousCredentials()Reusing anonymous client for https://ocis.keli.duckdns.org
D: 2023-06-02 16:57:56:635(OwnCloudClient.java:129) .saveExecuteHttpMethod()Executing in request with id dc269140-fd19-4e4c-b8b0-951c4e7225c3
D: 2023-06-02 16:57:56:639(LogBuilder.kt:38) .logHttp()[Network, request] [info] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Method: GET URL: https://ocis.keli.duckdns.org/.well-known/openid-configuration
D: 2023-06-02 16:57:56:641(LogBuilder.kt:38) .logHttp()[Network, request] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] OCS-APIREQUEST: true
D: 2023-06-02 16:57:56:642(LogBuilder.kt:38) .logHttp()[Network, request] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] X-Request-ID: dc269140-fd19-4e4c-b8b0-951c4e7225c3
D: 2023-06-02 16:57:56:644(LogBuilder.kt:38) .logHttp()[Network, request] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] User-Agent: Mozilla/5.0 (Android) ownCloud-android/4.0
D: 2023-06-02 16:57:56:645(LogBuilder.kt:38) .logHttp()[Network, request] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Accept-Language: en
D: 2023-06-02 16:57:56:647(LogBuilder.kt:38) .logHttp()[Network, request] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Accept-Encoding: identity
D: 2023-06-02 16:57:56:653(LogBuilder.kt:38) .logHttp()[Network, request] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Host: ocis.keli.duckdns.org
D: 2023-06-02 16:57:56:655(LogBuilder.kt:38) .logHttp()[Network, request] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Connection: Keep-Alive
D: 2023-06-02 16:57:56:657(LogBuilder.kt:38) .logHttp()[Network, request] [body] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Empty body
D: 2023-06-02 16:57:56:665(LogBuilder.kt:38) .logHttp()[Network, response] [info] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Method: GET URL: https://ocis.keli.duckdns.org/.well-known/openid-configuration Code: 200 Message: OK
D: 2023-06-02 16:57:56:667(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Alt-Svc: h3=":443"; ma=2592000
D: 2023-06-02 16:57:56:668(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value
D: 2023-06-02 16:57:56:669(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Content-Length: 1823
D: 2023-06-02 16:57:56:674(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Content-Security-Policy: frame-ancestors 'none'
D: 2023-06-02 16:57:56:676(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Content-Type: application/json; encoding=utf-8
D: 2023-06-02 16:57:56:677(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Date: Fri, 02 Jun 2023 13:57:55 GMT
D: 2023-06-02 16:57:56:678(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Expires: Thu, 01 Jan 1970 00:00:00 GMT
D: 2023-06-02 16:57:56:680(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Last-Modified: Fri, 02 Jun 2023 13:57:55 GMT
D: 2023-06-02 16:57:56:681(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Server: Caddy
D: 2023-06-02 16:57:56:683(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Vary: Origin
D: 2023-06-02 16:57:56:685(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] X-Content-Type-Options: nosniff
D: 2023-06-02 16:57:56:687(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] X-Frame-Options: DENY
D: 2023-06-02 16:57:56:688(LogBuilder.kt:38) .logHttp()[Network, response] [header] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] X-Idp-Version: 3.0.0-rc.4
D: 2023-06-02 16:57:56:690(LogBuilder.kt:38) .logHttp()[Network, response] [body] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Length: 1823 byte body
D: 2023-06-02 16:57:56:693(LogBuilder.kt:38) .logHttp()[Network, response] [body] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] Type: application/json; encoding=utf-8
D: 2023-06-02 16:57:56:695(LogBuilder.kt:38) .logHttp()[Network, response] [body] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] --> Body start for response
D: 2023-06-02 16:57:56:696(LogBuilder.kt:38) .logHttp()[Network, response] [body] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] {
  "issuer": "https://ocis.keli.duckdns.org",
  "authorization_endpoint": "https://ocis.keli.duckdns.org/signin/v1/identifier/_/authorize",
  "token_endpoint": "https://ocis.keli.duckdns.org/konnect/v1/token",
  "userinfo_endpoint": "https://ocis.keli.duckdns.org/konnect/v1/userinfo",
  "end_session_endpoint": "https://ocis.keli.duckdns.org/signin/v1/identifier/_/endsession",
  "check_session_iframe": "https://ocis.keli.duckdns.org/konnect/v1/session/check-session.html",
  "jwks_uri": "https://ocis.keli.duckdns.org/konnect/v1/jwks.json",
  "scopes_supported": [
    "openid",
    "offline_access",
    "profile",
    "email",
    "LibgreGraph.UUID",
    "LibreGraph.RawSub"
  ],
  "response_types_supported": [
    "id_token token",
    "id_token",
    "code id_token",
    "code id_token token"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "RS256"
  ],
  "userinfo_signing_alg_values_supported
D: 2023-06-02 16:57:56:697(LogBuilder.kt:38) .logHttp()[Network, response] [body] [dc269140-fd19-4e4c-b8b0-951c4e7225c3] <-- Body end for response -- Omitted: 799 bytes
D: 2023-06-02 16:57:56:701(GetOIDCDiscoveryRemoteOperation.kt:64) .run()Successful response {
  "issuer": "https://ocis.keli.duckdns.org",
  "authorization_endpoint": "https://ocis.keli.duckdns.org/signin/v1/identifier/_/authorize",
  "token_endpoint": "https://ocis.keli.duckdns.org/konnect/v1/token",
  "userinfo_endpoint": "https://ocis.keli.duckdns.org/konnect/v1/userinfo",
  "end_session_endpoint": "https://ocis.keli.duckdns.org/signin/v1/identifier/_/endsession",
  "check_session_iframe": "https://ocis.keli.duckdns.org/konnect/v1/session/check-session.html",
  "jwks_uri": "https://ocis.keli.duckdns.org/konnect/v1/jwks.json",
  "scopes_supported": [
    "openid",
    "offline_access",
    "profile",
    "email",
    "LibgreGraph.UUID",
    "LibreGraph.RawSub"
  ],
  "response_types_supported": [
    "id_token token",
    "id_token",
    "code id_token",
    "code id_token token"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "RS256"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "RS256"
  ],
  "request_object_signing_alg_values_supported": [
    "ES256",
    "ES384",
    "ES512",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "none",
    "EdDSA"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "none"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "RS256"
  ],
  "claims_parameter_supported": true,
  "claims_supported": [
    "iss",
    "sub",
    "aud",
    "exp",
    "iat",
    "name",
    "family_name",
    "given_name",
    "email",
    "email_verified"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": false
}

D: 2023-06-02 16:57:56:706(GetOIDCDiscoveryRemoteOperation.kt:70) .run()Get OIDC Discovery completed and parsed to [OIDCDiscoveryResponse(authorization_endpoint=https://ocis.keli.duckdns.org/signin/v1/identifier/_/authorize, check_session_iframe=https://ocis.keli.duckdns.org/konnect/v1/session/check-session.html, end_session_endpoint=https://ocis.keli.duckdns.org/signin/v1/identifier/_/endsession, issuer=https://ocis.keli.duckdns.org, registration_endpoint=null, response_types_supported=[id_token token, id_token, code id_token, code id_token token], scopes_supported=[openid, offline_access, profile, email, LibgreGraph.UUID, LibreGraph.RawSub], token_endpoint=https://ocis.keli.duckdns.org/konnect/v1/token, token_endpoint_auth_methods_supported=[client_secret_basic, none], userinfo_endpoint=https://ocis.keli.duckdns.org/konnect/v1/userinfo)]
D: 2023-06-02 16:57:56:710(ViewModelExt.kt:68) $runUseCaseWithResult.invokeSuspend()Use case executed: GetServerInfoAsyncUseCase with result: Success(data=com.owncloud.android.domain.server.model.ServerInfo$OIDCServer@38fb84e)
D: 2023-06-02 16:57:56:721(LoginActivity.kt:476) .performGetAuthorizationCodeRequest()A browser should be opened now to authenticate this user.
V: 2023-06-02 16:57:56:758(MainApp.kt:206) $onCreate.onActivityPaused()LoginActivity onPause() ending
V: 2023-06-02 16:58:01:658(MainApp.kt:210) $onCreate.onActivityStopped()LoginActivity onStop() ending
V: 2023-06-02 16:58:01:662(MainApp.kt:219) $onCreate.onActivitySaveInstanceState()LoginActivity onSaveInstanceState(Bundle) starting
V: 2023-06-02 16:58:01:685(MainApp.kt:223) $onCreate.onActivityDestroyed()LoginActivity onDestroy() ending
D: 2023-06-02 16:58:16:351(MainApp.kt:115) $onCreate.onActivityCreated()LoginActivity onCreate(Bundle) starting
V: 2023-06-02 16:58:16:502(MainApp.kt:193) $onCreate.onActivityStarted()LoginActivity onStart() starting
E: 2023-06-02 16:58:16:508(LoginActivity.kt:517) .handleGetAuthorizationCodeResponse()OAuth request to get authorization code failed. State mismatching, maybe somebody is trying a CSRF attack.
V: 2023-06-02 16:58:16:516(MainApp.kt:202) $onCreate.onActivityResumed()LoginActivity onResume() starting
V: 2023-06-02 16:58:20:926(MainApp.kt:206) $onCreate.onActivityPaused()LoginActivity onPause() ending
D: 2023-06-02 16:58:20:966(MainApp.kt:115) $onCreate.onActivityCreated()SettingsActivity onCreate(Bundle) starting
V: 2023-06-02 16:58:21:047(MainApp.kt:193) $onCreate.onActivityStarted()SettingsActivity onStart() starting
V: 2023-06-02 16:58:21:074(MainApp.kt:202) $onCreate.onActivityResumed()SettingsActivity onResume() starting
V: 2023-06-02 16:58:21:469(MainApp.kt:210) $onCreate.onActivityStopped()LoginActivity onStop() ending
V: 2023-06-02 16:58:21:478(MainApp.kt:219) $onCreate.onActivitySaveInstanceState()LoginActivity onSaveInstanceState(Bundle) starting
V: 2023-06-02 16:58:21:524(MainApp.kt:223) $onCreate.onActivityDestroyed()LoginActivity onDestroy() ending
V: 2023-06-02 16:58:24:607(MainApp.kt:206) $onCreate.onActivityPaused()SettingsActivity onPause() ending
D: 2023-06-02 16:58:24:700(MainApp.kt:115) $onCreate.onActivityCreated()LogsListActivity onCreate(Bundle) starting
V: 2023-06-02 16:58:24:827(MainApp.kt:193) $onCreate.onActivityStarted()LogsListActivity onStart() starting
V: 2023-06-02 16:58:24:829(MainApp.kt:202) $onCreate.onActivityResumed()LogsListActivity onResume() starting
V: 2023-06-02 16:58:25:123(MainApp.kt:210) $onCreate.onActivityStopped()SettingsActivity onStop() ending
V: 2023-06-02 16:58:25:127(MainApp.kt:219) $onCreate.onActivitySaveInstanceState()SettingsActivity onSaveInstanceState(Bundle) starting
V: 2023-06-02 16:58:25:157(MainApp.kt:223) $onCreate.onActivityDestroyed()SettingsActivity onDestroy() ending
V: 2023-06-02 16:58:26:235(MainApp.kt:206) $onCreate.onActivityPaused()LogsListActivity onPause() ending
V: 2023-06-02 16:58:31:078(MainApp.kt:210) $onCreate.onActivityStopped()LogsListActivity onStop() ending
V: 2023-06-02 16:58:31:086(MainApp.kt:219) $onCreate.onActivitySaveInstanceState()LogsListActivity onSaveInstanceState(Bundle) starting
V: 2023-06-02 16:58:31:127(MainApp.kt:223) $onCreate.onActivityDestroyed()LogsListActivity onDestroy() ending

OCIS systemd log

 ● ocis.service
     Loaded: loaded (/etc/systemd/system/ocis.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-06-02 17:06:18 EAT; 12min ago
   Main PID: 598 (ocis)
      Tasks: 19 (limit: 4445)
     Memory: 302.4M
        CPU: 10.587s
     CGroup: /system.slice/ocis.service
             └─598 ocis server

Jun 02 17:17:14 keli ocis[598]: {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"keli/Z4Q5iFWkT3-000226","remote-addr":"192.168.1.101","method":"GET","status":200,"path":"/konnect/v1/userinfo","duration":101.321353,"bytes":249,"time":"2023-06-02T17:17:14.993656533+03:00","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
Jun 02 17:17:15 keli ocis[598]: {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"keli/Z4Q5iFWkT3-000228","remote-addr":"192.168.1.104","method":"GET","status":200,"path":"/konnect/v1/userinfo","duration":98.010426,"bytes":249,"time":"2023-06-02T17:17:15.158157453+03:00","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
Jun 02 17:17:15 keli ocis[598]: {"level":"info","service":"auth-machine","pkg":"rgrpc","traceid":"00000000000000000000000000000000","time":"2023-06-02T17:17:15.161176195+03:00","line":"github.com/cs3org/reva/[email protected]/internal/grpc/services/authprovider/authprovider.go:141","message":"user idp:\"https://ocis.keli.duckdns.org\" opaque_id:\"b7d0edc2-48fd-477a-a2ea-190219e2aba8\" type:USER_TYPE_PRIMARY  authenticated"}
Jun 02 17:17:15 keli ocis[598]: {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"293d1651-2e6c-45fe-9aa5-a216b3fa3289","remote-addr":"192.168.1.101","method":"POST","status":201,"path":"/api/v0/settings/values-list","duration":115.393308,"bytes":3,"time":"2023-06-02T17:17:15.165129922+03:00","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
Jun 02 17:17:42 keli ocis[598]: {"level":"info","service":"auth-machine","pkg":"rgrpc","traceid":"00000000000000000000000000000000","time":"2023-06-02T17:17:42.719579958+03:00","line":"github.com/cs3org/reva/[email protected]/internal/grpc/services/authprovider/authprovider.go:141","message":"user idp:\"https://ocis.keli.duckdns.org\" opaque_id:\"b7d0edc2-48fd-477a-a2ea-190219e2aba8\" type:USER_TYPE_PRIMARY  authenticated"}
Jun 02 17:17:42 keli ocis[598]: {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"f7f8ffec-87f6-49db-a4bf-15550af68367","remote-addr":"192.168.1.101","method":"GET","status":200,"path":"/ocs/v2.php/apps/notifications/api/v1/notifications","duration":8.328655,"bytes":72,"time":"2023-06-02T17:17:42.72442988+03:00","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
Jun 02 17:18:13 keli ocis[598]: {"level":"info","service":"auth-machine","pkg":"rgrpc","traceid":"00000000000000000000000000000000","time":"2023-06-02T17:18:13.021924982+03:00","line":"github.com/cs3org/reva/[email protected]/internal/grpc/services/authprovider/authprovider.go:141","message":"user idp:\"https://ocis.keli.duckdns.org\" opaque_id:\"b7d0edc2-48fd-477a-a2ea-190219e2aba8\" type:USER_TYPE_PRIMARY  authenticated"}
Jun 02 17:18:13 keli ocis[598]: {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"dcef8b89-2dae-4f96-8bf3-080dfe814874","remote-addr":"192.168.1.101","method":"GET","status":200,"path":"/ocs/v2.php/apps/notifications/api/v1/notifications","duration":9.918554,"bytes":72,"time":"2023-06-02T17:18:13.0283891+03:00","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
Jun 02 17:18:43 keli ocis[598]: {"level":"info","service":"auth-machine","pkg":"rgrpc","traceid":"00000000000000000000000000000000","time":"2023-06-02T17:18:43.117964335+03:00","line":"github.com/cs3org/reva/[email protected]/internal/grpc/services/authprovider/authprovider.go:141","message":"user idp:\"https://ocis.keli.duckdns.org\" opaque_id:\"b7d0edc2-48fd-477a-a2ea-190219e2aba8\" type:USER_TYPE_PRIMARY  authenticated"}
Jun 02 17:18:43 keli ocis[598]: {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"401303a3-dbde-413b-8362-4d1142344244","remote-addr":"192.168.1.101","method":"GET","status":200,"path":"/ocs/v2.php/apps/notifications/api/v1/notifications","duration":9.109438,"bytes":72,"time":"2023-06-02T17:18:43.123721915+03:00","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}

OCIS environment file

OCIS_URL=https://ocis.keli.duckdns.org
PROXY_TLS=false
OCIS_INSECURE=true
PROXY_ENABLE_BASIC_AUTH=true
OCIS_LOG_LEVEL=info
OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/var/lib/ocis
PROXY_HTTP_ADDR=0.0.0.0:9200

Additional info

I'm using Caddy as my reverse proxy and I can access OCIS just fine from web browsers (desktop and mobile)
When I first tested the android app without the reverse proxy, it worked with the OCIS environment file below - after complaining about an "untrusted certificate" which I had to accept.

OCIS_URL=https://keli.local:9200
PROXY_TLS=true
OCIS_INSECURE=true
PROXY_ENABLE_BASIC_AUTH=true
OCIS_LOG_LEVEL=info
OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/var/lib/ocis

But I couldn't stream a video I uploaded because of an "untrusted certificate" error. So I installed caddy and changed the environment file. I tried to log in using the new address but I couldn't - but the browsers worked just fine.
When I couldn't log in I deleted everthing in /var/lib/ocis and the yaml file in /etc/ocis/ then rerun sudo -u ocis ocis init --config-path /etc/ocis
I logged into the new OCIS instance via Firefox and created a new test user. I tried to log in this user using the android app but it wouldn't even after successfull authentication.
So far, webdav (via davs://ocis.keli.duckdns.org/remote.php/webdav) and web (https://ocis.keli.duckdns.org) work but not the android app.
Any help?

Screenshots

OCIS web interface on Mull

OCIS webdav access via gnome files

OCIS authentication on Owncloud android app

The text was updated successfully, but these errors were encountered:

michaelstingl · 2023-06-02T16:44:40Z

Maybe related to an oCIS issue with 3.0.0-rc.4:

Ke1i · 2023-06-02T17:28:13Z

I tried adding the environment variables below in my /etc/ocis/ocis.env file as suggested above but it didn't work.

PROXY_USER_OIDC_CLAIM=preferred_username
PROXY_USER_CS3_CLAIM=username

Ke1i · 2023-06-03T12:20:15Z

I tried to log in today and it worked for some reason :)
My environment file:

OCIS_URL=https://ocis.keli.duckdns.org
PROXY_TLS=false
OCIS_INSECURE=true
PROXY_ENABLE_BASIC_AUTH=true
OCIS_LOG_LEVEL=info
OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/var/lib/ocis
PROXY_HTTP_ADDR=127.0.0.1:9200
PROXY_USER_OIDC_CLAIM=preferred_username
PROXY_USER_CS3_CLAIM=username
PROXY_LOG_LEVEL=debug

JuancaG05 · 2023-06-05T06:46:23Z

Hi @Ke1i! Nice that it already works, it seems the problem was what @michaelstingl commented. I'll close the issue, but don't hesitate to open a new one or re-open this if new problems appear or the problem persists 😀.

JuancaG05 closed this as completed Jun 5, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OAuth request to get authorization code fails #4055

OAuth request to get authorization code fails #4055

Ke1i commented Jun 2, 2023

michaelstingl commented Jun 2, 2023

Ke1i commented Jun 2, 2023

Ke1i commented Jun 3, 2023

JuancaG05 commented Jun 5, 2023

OAuth request to get authorization code fails #4055

OAuth request to get authorization code fails #4055

Comments

Ke1i commented Jun 2, 2023

Actual behaviour

Expected behaviour

Steps to reproduce

Can this problem be reproduced with the official owncloud server?

Environment data

Logs

Web server error log

ownCloud log (From Android app)

OCIS systemd log

OCIS environment file

Additional info

Screenshots

michaelstingl commented Jun 2, 2023

Ke1i commented Jun 2, 2023

Ke1i commented Jun 3, 2023

JuancaG05 commented Jun 5, 2023