Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

base64 secrets don't seem to work as the client secret between MAS and homeserver #2780

Open
pontaoski opened this issue May 16, 2024 · 0 comments
Open

base64 secrets don't seem to work as the client secret between MAS and homeserver #2780

pontaoski opened this issue May 16, 2024 · 0 comments

Comments

@pontaoski
Copy link 

May 16 16:54:49 ilo-kulupu mas-cli[4227]: 2024-05-16T16:54:49.222047Z ERROR http.server.request{otel.kind="server" otel.name="POST /oauth2/introspect" network.protocol.name="http" network.protocol.version="1.1" http.request.method="POST" url.path="/oauth2/introspect" url.scheme="http" http.route="/oauth2/introspect" user_agent.original="Synapse/1.105.1"}:handlers.oauth2.introspection.post{client.id="0000000000000000000SYNAPSE"}:verify: mas_axum_utils::client_authorization: error=client secret did not match

2024-05-16 16:54:46,992 - synapse.http.client - 426 - INFO - GET-118 - Received response to POST https://mas.toki.club/oauth2/introspect: 401
2024-05-16 16:54:46,992 - synapse.api.auth.msc3861_delegated - 270 - ERROR - GET-118 - Failed to introspect token
Traceback (most recent call last):
  File "/usr/lib64/python3.12/site-packages/synapse/api/auth/msc3861_delegated.py", line 268, in get_user_by_access_token
    introspection_result = await self._introspect_token(token)
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/site-packages/synapse/api/auth/msc3861_delegated.py", line 204, in _introspect_token
    raise HttpResponseException(
synapse.api.errors.HttpResponseException: 401: Unauthorized
2024-05-16 16:54:46,992 - synapse.http.server - 130 - INFO - GET-118 - <XForwardedForRequest at 0x7fa4bc36af30 method='GET' uri='/_matrix/client/r0/sync?timeout=30000&since=s168251_2124209_53_414898_35093_25_253_319440_0_29&filter=1' clientproto='HTTP/1.1' site='7893'> SynapseError: 503 - Unable to introspect the access token

example secrets that don't work for me: (openssl rand base64)

  • zk3kKn1QpZgZoKAllMoLXBdpySFflBPM5d4fnKAlgpfzR7c8G/1+Z2RHr7cPqU7+
  • Cv+YUm7VLclQTrfcAFeXBb6/HKgYb3jLTmnYkwFk9q+qgDx6LwC0geMcMHY+zhCm
  • myCBOIoCeArhQ/EtJDftyVa5q1ah7PjumSb7mwVLyoPbpBMitew2pAMfsoxPTxOp

example secrets that do work for me: (openssl rand hex)

  • cb6b76fe4b1cbbc56e18b7486d09997847d6b56370178ea73deed3805700044d1391a36629ed0370002172620f3c2b3b
  • e8c337ceaffd0d98a70ee61a31d987d7443174c1b12561232c817ffacfc1135fc70339d5a3c14ce96fb05fda3c4dd31e
  • `f1abc758100688ea23198d1b0d5b9713a5c467cb5cacdcab4900065a35102a5c30e492c7e436e39f769b68e972f58a7f``

i edited the MAS file as so:

clients:
  - client_id: 0000000000000000000SYNAPSE
    client_auth_method: client_secret_basic
    client_secret: "1234"

and then mas-cli config sync.

i edited the synapse file as so:

experimental_features:
  msc3861:
    enabled: true
    issuer: https://mas.toki.club/
    client_id: "0000000000000000000SYNAPSE"
    client_auth_method: client_secret_basic
    client_secret: "1234"
    admin_token: "..."
    account_management_url: "https://ldap.toki.club"

and then restarted synapse.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pontaoski