oauth2-proxy: Github Auth return 404 after auth with 7.3.0. 7.2.0 no issues

Expected Behavior

Athenticate and forward to backend app

Current Behavior

Return 500 image from proxy. Get 404 Error in proxy log

[2022/05/31 12:26:17] [github.go:280] Found Github Organization:"XXX_BV" Team:"k8s-log-XXX" (Name:"k8s-log-XXX")
[2022/05/31 12:26:17] [oauthproxy.go:775] Error creating session during OAuth2 callback: unexpected status "404": {"message":"Not Found","documentation_url":"https://docs.github.com/rest/reference/users#list-email-addresses-for-the-authenticated-user"}

Possible Solution

Steps to Reproduce (for bugs)

Your Environment

Docker (bitnami build) used env:

    spec:
      containers:
        - args:
            - '--provider=github'
            - '--github-org=XXX_BV'
            - '--github-team=k8s-log-XXX'
            - '--email-domain=*'
            - '--redirect-url=https://kibana.XXX.net/oauth2/callback'
            - '--upstream=file:///dev/null'
            - '--http-address=0.0.0.0:4180'
            - '--custom-sign-in-logo=/mnt/logo.png'
            - '--footer=-'
  • Version used:
  • 7.3.0 (broken)
  • 7.2.0 (working)

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 20
  • Comments: 17 (4 by maintainers)

Commits related to this issue

Most upvoted comments

Hi,

The issue is indeed caused by the default github scope being overridden from the new code.

You can work around this for the moment by setting the following scope into the config:

--scope "user:email"
+22
hevans-dglcom on Jun 26, 2022

The same here

+17
luk-kop on May 31, 2022

Hi,

The issue is indeed caused by the default github scope being overridden from the new code.

You can work around this for the moment by setting the following scope into the config:

--scope "user:email"

Thanks for the workaround. It resolved the 500 error.

+12
nakshathru on Jun 28, 2022

Yep v7.3 is completely broken and should never have been released as latest stable IMO. Azure auth is also completely borked.

+9
knightian on Jun 1, 2022

I still get the same issue, even with scope user:email

[2022/12/18 10:08:15] [oauthproxy.go:830] Error creating session during OAuth2 callback: unexpected status "404": {"message":"Not Found","documentation_url":"https://docs.github.com/rest/reference/users#list-email-addresses-for-the-authenticated-user"}
+7
sfxworks on Dec 18, 2022

Still an issue:

[2023/05/14 20:05:11] [oauthproxy.go:830] Error creating session during OAuth2 callback: unexpected status “404”: {“message”:“Not Found”,“documentation_url”:“https://docs.github.com/rest/reference/users#list-email-addresses-for-the-authenticated-user”}

Using - --scope=user:email inside args solved the issue for me.

+5
HassanMSh on May 14, 2023

Facing the same issue with latest version. GitHub enterprise auth is broken after migrating to v7.3 Was working fine till v7.2.1

+2
nakshathru on Jun 2, 2022

@JoelSpeed I did a bit of trial and error testing with this, and it seems the issue occurs after #1560 was merged in. In my own tests the GitHub provider works if you revert the changes in providers.go on lines 135, 136, and 139. (p -> providerConfig)

That said, I’m not familiar with the inner workings of oauth2-proxy, so I’m not sure what implications such a change would have, or why it’s impacting the GitHub provider in this way.

+1
crbednarz on Jun 3, 2022
Read more comments on GitHub
← oauth2-proxy: Gitea auth provider fails with 7.2.1
oauth2-proxy: I can't get Authorization: Bearer <token> to work with version 6.1.1 . It works with 5.1.1 →