Nextcloud OAuth2 callback does nothing

leandroramos · August 3, 2023, 3:23pm

My version of HedgeDoc is: 1.9.9

What I expected to happen:

Be logged in using Nextcloud OAuth2

What actually happened:

Nothing

Hello.
I am using version 1.9.9 of HedgeDoc, which I successfully deployed using Dokku.
I configured Nextcloud’s OAuth2 authentication and the URLs are correct, but when I return to the callback URL nothing happens, the application continues to show the Login button.

Can anyone help me figure out how to make this work?

leandroramos · August 3, 2023, 5:09pm

It’s not working in docker-compose deploys too.

sheogorath · August 30, 2023, 11:23pm

It sounds like the reverse proxy isn’t configured properly. We have seen this issue multiple times when reverse peoxies weren’t communicating that a connection was done over HTTPS. See our docs: Reverse Proxy - HedgeDoc

leandroramos · September 6, 2023, 3:18pm

Thank you.
I copied the nginx config from the website but the error still occurs.
The authentication works on hosts that do not use a reverse proxy, so I don’t know what I have to change in reverse proxy config.

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
}
server {
        server_name hedgedoc.example.me;

        location / {
                proxy_pass http://10.10.34.27:3000;
                proxy_set_header Host $host; 
                proxy_set_header X-Real-IP $remote_addr; 
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
                proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /socket.io/ {
                proxy_pass http://10.10.34.27:3000;
                proxy_set_header Host $host; 
                proxy_set_header X-Real-IP $remote_addr; 
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/hedgedoc.example.me/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/hedgedoc.example.me/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = hedgedoc.example.me) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name hedgedoc.example.me;
    listen 80;
    return 404; # managed by Certbot

leandroramos · September 6, 2023, 3:29pm

I’m sorry, My mistake.

The solution was disabling SSL since it’s managed in my reverse proxy host.
Thank you.

CMD_PROTOCOL_USESSL=false

leandroramos · September 6, 2023, 4:03pm

It’s not 100% solved.
If I turn on CMD_PROTOCOL_USESSL, OAuth2 doesn’t work.
If I turn off CMD_PROTOCOL_USESSL, OAuth2 works but I got mixed content (https and http).