Help

0

Odoo 12 OAuth2 Gluu 4.1 OpenID error invalid client from Odoo

Avatar
RPG LLC

Greetings. Trying to get Odoo12 (running on Ubuntu 18.04) to work with Gluu 4.1 as Identity Provider.

This is freshly installed setup (not yet production, though trying to get it ready to be so).

Anyone have any ideas where the mismatch might be happening?
Anyone here ever setup any version of Odoo with Gluu on the backend?

For some reason I'm getting an error of invalid client from Odoo side, without additional information. While as far as I can tell the Gluu side is providing "Success" response for authentication.
https://e.rpgresearch.com/web/login
Click the button below the Odoo login: RpgResearchOdooGluuOauth.
Which shows this link:
https://au.rpgresearch.com/oxauth/restv1/authorize?response_type=token&client_id=e2c14ce1-f76a-4008-a83e-3a95a15dd82a&redirect_uri=https%3A%2F%2Fe.rpgresearch.com%2Fauth_oauth%2Fsignin&scope=False&state={%22d%22%3A+%22odoo12%22%2C+%22p%22%3A+4%2C+%22r%22%3A+%22https%253A%252F%252Fe.rpgresearch.com%252Fweb%22}
But just get error page: "Access Denied" https://e.rpgresearch.com/web/login?oauth_error=2

Log output: /var/log/odoo12/odoo.log
2020-06-03 20:45:28,644 746 INFO odoo12 werkzeug: 127.0.0.1 - - [03/Jun/2020 20:45:28] "GET /auth_oauth/signin HTTP/1.0" 200 - 0 0.000 0.003
2020-06-03 20:45:28,769 746 ERROR odoo12 odoo.addons.auth_oauth.controllers.main: OAuth2: invalid_client
Traceback (most recent call last):
  File "/opt/odoo/odoo12/odoo/addons/auth_oauth/controllers/main.py", line 133, in signin
    credentials = env['res.users'].sudo().auth_oauth(provider, kw)
  File "/opt/odoo/odoo12/odoo/addons/auth_oauth/models/res_users.py", line 96, in auth_oauth
    validation = self._auth_oauth_validate(provider, access_token)
  File "/opt/odoo/odoo12/odoo/addons/auth_oauth/models/res_users.py", line 36, in _auth_oauth_validate
    raise Exception(validation['error'])
Exception: invalid_client
2020-06-03 20:45:28,771 746 INFO odoo12 werkzeug: 127.0.0.1 - - [03/Jun/2020 20:45:28] "GET /auth_oauth/signin?error_description=The+request+is+missing+a+required+parameter%2C+includes+an+unsupported+parameter+or+parameter+value%2C+or+is+otherwise+malformed.&state={%22d%22%3A+%22odoo12%22%2C+%22p%22%3A+4%2C+%22r%22%3A+%22https%3A%2F%2Fe.rpgresearch.com%2Fweb%22}&error=invalid_request HTTP/1.0" 303 - 4 0.002 0.095
2020-06-03 20:45:28,904 746 INFO odoo12 werkzeug: 127.0.0.1 - - [03/Jun/2020 20:45:28] "GET /web/login?oauth_error=2 HTTP/1.0" 200 - 129 0.043 0.081
2020-06-03 20:45:29,081 746 INFO odoo12 werkzeug: 127.0.0.1 - - [03/Jun/2020 20:45:29] "POST /website/translations HTTP/1.0" 200 - 14 0.011 0.018


On the gluu server's  Apache server log (chroot'd enviro): /var/log/apache2/other_vhosts_access.log
au.rpgresearch.com:443 96.79.202.21 - - [03/Jun/2020:15:04:47 -0700] "GET /oxauth/restv1/authorize?response_type=token&client_id=e2c14ce1-f76a-4008-a83e-3a95a15dd82a&redirect_uri=https%3A%2F%2Fe.rpgresearch.com%2Fauth_oauth%2Fsignin&scope=openid&state={%22d%22%3A+%22odoo12%22%2C+%22p%22%3A+4%2C+%22r%22%3A+%22https%253A%252F%252Fe.rpgresearch.com%252Fweb%22} HTTP/1.1" 302 3904 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"
au.rpgresearch.com:443 96.79.202.18 - - [03/Jun/2020:15:04:47 -0700] "GET /oxauth/restv1/token HTTP/1.1" 401 4266 "-" "python-requests/2.20.0"
Output from gluu shows: "Successful":  /opt/opendj/logs/   tail -f * | grep e2c14ce1-f76a-4008-a83e-3a95a15dd82a
[03/Jun/2020:22:18:54 +0000] SEARCH REQ conn=210 op=8 msgID=9 base="inum=e2c14ce1-f76a-4008-a83e-3a95a15dd82a,ou=clients,o=gluu" scope=base filter="(objectClass=*)" attrs="ALL"
{"eventName":"DJ-LDAP","client":{"ip":"127.0.0.1","port":50296},"server":{"ip":"127.0.0.1","port":1636},"request":{"protocol":"LDAPS","operation":"SEARCH","connId":210,"msgId":9,"dn":"inum=e2c14ce1-f76a-4008-a83e-3a95a15dd82a,ou=clients,o=gluu","scope":"base","filter":"(objectClass=*)","attrs":["ALL"]},"transactionId":"0","response":{"status":"SUCCESSFUL","statusCode":"0","elapsedTime":1,"elapsedTimeUnits":"MILLISECONDS","nentries":1},"timestamp":"2020-06-03T22:18:54.711Z","_id":"a9b04644-00da-4625-8a36-d09e3e093b93-11819"}

Any ideas what might be off that is leading Odoo to generate that "Wrong client" error?

Odoo Oauth config values:
Odoo Menu > Settings > General Settings > Ingegrations >OAuth Authentication > OAuth Providers>
    • Provider Name: RPG Research Gluu 4.1
    • CLient ID: e2c14ce1-f76a-4008-a83e-3a95a15dd82a
    • Allowed: Checked
    • Body: RpgResearchOdooGluuOauth
    • Authentication URL: https://au.rpgresearch.com/oxauth/restv1/authorize
    • Scope: <blank> (also tried openid, or email, no difference in error message).
    • Validation URL: https://au.rpgresearch.com/oxauth/restv1/token
    • Data URL: https://au.rpgresearch.com/oxauth/restv1/userinfo


Gluu OpenID config values:
    • Client ID: e2c14ce1-f76a-4008-a83e-3a95a15dd82a
Client secret: ***************
    • Client Name: RpgResearchOdooGluuOauth
    • Client Description: OAuth Client for RPG Research Odoo + Gluu
    • Redirect Login URI:
    • https://e.rpgresearch.com/auth_oauth/signin
    • Scopes <blank > (also tried with just openid, or email, with no difference in error)
    • Application Type: Web
    • Subject Type: pairwise
    • Authentication method: client_secret_basic
    • Grant Type: authorization_code

Anyone have any ideas where the mismatch might be?
Anyone here ever connected any version of Odoo to Gluu?
Thanks for any suggestions!


1 Comment
Avatar
Discard
Avatar
RPG LLC
-

This is a real show-stopper. Can some one please provide some suggestions of things to try to help point in the right direction to trying to get this working? Thanks!

1 Answer
0
Avatar
RPG LLC
Best Answer

Any suggestions?

Avatar
Discard