thepeoplesbourgeois

thepeoplesbourgeois

OAuth /callback failure on bad self-signed cert.... in dev

Hey all,

I’m building an app in Phoenix and have hit a snag with implementing OAuth signup/login. To follow OAuth 2 security requirements, I need to go through https, which I can do in dev by generating a self-signed certificate and setting its pathname in config/dev.exs. The OAuth provider I’m connecting accepts the request and callback URLs and hands off the login credential to my app at https://<ngrok-generated-domain>/auth/:provider/callback but when my client arrives there, the app sends back a failure response with status code 400.

The interesting thing is that the failure is coming from erlang code, with this message appearing in the log:

[info] TLS :client: In state :wait_cert_cr at ssl_handshake.erl:1952 generated CLIENT ALERT: Fatal - Handshake Failure
 - {:bad_cert, :hostname_check_failed}

This happens even when I specify the hostname allowed in mix phx.gen.cert to be the domain that’s generated when I start running ngrok. I’ve looked for any kind of similar problem in StackOverflow and general Google results, and had found one post somewhere for an issue an Erlang developer encountered, where the solution was to set some sort of generic flag for the VM to ignore certain CA certificate issues (or some severity level of certificate issues? I was fuzzy on the overall details of the flag, and I can’t find the page again now).

This error just started occurring recently – on a prior version of Erlang/OTP, I made it through to the success path for the handshake. I’m working around this issue by reverting back to that version of the OTP, but I was wondering if anybody else had encountered this issue, and could help me to resolve it on later minor/patch versions of OTP.

Thank you in advance!
The People’s Bourgeois

Marked As Solved

voltone

voltone

Ah, yeah, I meant 1.16.0.

It seems that the fix that was included in 1.16.0 doesn’t always work: see benoitc/hackney#664. If that’s your issue, upgrade to 1.17.0…

Also Liked

thepeoplesbourgeois

thepeoplesbourgeois

THANK YOU!!

I’m finally unstuck :weary_face:

thepeoplesbourgeois

thepeoplesbourgeois

Unfortunately, that isn’t the issue :confused: I used mix phx.gen.cert without any arguments to generate the original cert, which should use a default value of localhost.

I thought the problem could be coming from the fact that the OAuth validation was taking me back to an ngrok address, so I tried regenerating the certificate with mix phx.gen.cert localhost <generated-hash-value>.ngrok.com, but that still produced the same error. I’m about to delete the cert files and try again with the ngrok domain as the first argument to phx.gen.cert, but I’m unsure of how much more successful that’ll go.

WHOOPS, looks like I should’ve been paying some attention to what ngrok is using for its CA certificate, because yup, a wildcard cert is the exact kind of cert they are indeed using for their subdomains, yes. 100%

I would post a screenshot of the cert, but I’m apparently too new to do so -_-

Where Next?

Popular in Questions Top

_russellb
I want to try my hand at web scraping. What tools/libraries do I need to use. I’m hoping to turn this into something professional so don’...
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
fireproofsocks
I’m working on defining a simple Ecto schema for a table (in PostGres), but I don’t see where I can define a column as NOT NULL. Conside...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
jaysoifer
Is there a way to rollback a specific migration and only that one (“skipping” all the other ones)? Would mix ecto.rollback -v 200809061...
New
baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New
script
If I have a string “1000 cfu/ml” . I want to remove the characters and / and space . So the string is like this "1000" What is the ...
New
srinivasu
How to handle excepions in elixir? Suppose i have A, B, C ,D, E modules. and each module has get() function. A.get() method will call t...
New
chensan
I have a User schema with a :from_id field set to type :string: defmodule TweetBot.Repo.Migrations.CreateUsers do use Ecto.Migration ...
New
marick
I had some trouble figuring out how to make many-to-many associations work. Once I got it working, I wrote a blog post. Because I’m a nov...
New

Other popular topics Top

marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
JakeBecker
TL;DR: I’ve just released an implementation of Microsoft’s IDE-independent Language Server Protocol for Elixir. It adds language support ...
1144 53690 245
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
KronicDeth
Elixir plugin for JetBrain’s IntelliJ Platform (including Rubymine) This is a plugin that adds support for Elixir to JetBrains IntelliJ...
289 36128 110
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New
PeterCarter
There are pre-rolled solutions for other frameworks that do work. However, Phoenix does not seem to have these. Have people had good expe...
New

We're in Beta

About us Mission Statement