Github 0auth 401 Bad Request

[benschac]

I followed the site documentation without any luck trying to get the github 0auth feature to work with the REPL.
discord link: https://discordapp.com/channels/457912077277855764/457912077277855766/753267308658556928

Error

GET /auth/callback Error: Unauthorized
    at toError (/Users/benjaminschachter/svelte/site/node_modules/httpie/dist/httpie.js:6:15)
    at IncomingMessage.<anonymous> (/Users/benjaminschachter/svelte/site/node_modules/httpie/dist/httpie.js:41:6)
    at IncomingMessage.emit (events.js:326:22)
    at endReadableNT (_stream_readable.js:1226:12)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  statusMessage: 'Unauthorized',
  statusCode: 401,
  headers: {
    server: 'GitHub.com',
    date: 'Wed, 09 Sep 2020 14:34:02 GMT',
    'content-type': 'application/json; charset=utf-8',
    'content-length': '80',
    connection: 'close',
    status: '401 Unauthorized',
    'x-github-media-type': 'github.v3; format=json',
    'x-ratelimit-limit': '60',
    'x-ratelimit-remaining': '56',
    'x-ratelimit-reset': '1599663514',
    'x-ratelimit-used': '4',
    'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset',
    'access-control-allow-origin': '*',
    'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
    'x-frame-options': 'deny',
    'x-content-type-options': 'nosniff',
    'x-xss-protection': '1; mode=block',
    'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
    'content-security-policy': "default-src 'none'",
    vary: 'Accept-Encoding, Accept, X-Requested-With',
    'x-github-request-id': 'EAFF:10ED:1F60CF2:4BC4C34:5F58E7DA'
  },
  data: {
    message: 'Bad credentials',
    documentation_url: 'https://docs.github.com/rest'
  }
}

There wasn't a path forward there, also searched around discord, GitHub and GitHub issues svelte and didn't find anyone else with the same issue.

[benmccann]

I haven't used this feature locally, but at a minimum you probably have to set some properties in the .env file:

GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

[benschac]

I did it. I also checked that they were being loaded into the application correctly. It's creating token and going through the flow but ends with that 401 unauthorized. :(

…

On Wed, Sep 9, 2020 at 5:52 PM Ben McCann ***@***.***> wrote: I haven't used this feature locally, but at a minimum you probably have to set some properties in the .env file: GITHUB_CLIENT_ID= GITHUB_CLIENT_SECRET= — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#5372 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AATDCI4BKKIWPZDS3HLX5PLSE72JBANCNFSM4RCSMZIQ> .

-- Benjamin

[Conduitry]

I can't reproduce this. Did you create the OAuth app with the appropriate Homepage URL and Authorization callback URL settings described in the site readme?

However, I am then getting different errors which prevent the login from completing when the environment variables with the database credentials are not set. I'm poking around to see whether there's some sensible thing we can do if that's not available, but I'm not sure what makes the most sense to do here.

What are you trying to do exactly? What's your goal in running the OAuth portion of the site locally?

[benschac]

Yes, I followed the readme step-by-step.

#4712

I was working on a browser bug in Safari. Being able to have the integration so I don't have to constantly copy-paste the code that's causing the issue is the goal.

[benschac]

I feel like I should be using Docker? There isn't any documentation or a `docker-compose` file. Also tried manually running the migrations without any luck.

…

On Thu, Sep 10, 2020 at 7:14 AM Conduitry ***@***.***> wrote: I can't reproduce this. Did you create the OAuth app with the appropriate Homepage URL and Authorization callback URL settings described in the site readme? However, I am then getting different errors which prevent the login from completing when the environment variables with the database credentials are not set. I'm poking around to see whether there's some sensible thing we can do if that's not available, but I'm not sure what makes the most sense to do here. What are you trying to do exactly? What's your goal in running the OAuth portion of the site locally? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#5372 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AATDCI53O66V3TX2A7F3KYTSFCYIPANCNFSM4RCSMZIQ> .

-- Benjamin

[Conduitry]

If you are running the site in development mode, requests to get specific saved REPLs are proxied to the real endpoints, so you have read-only access to all the same REPLs (using corresponding URLs) without having to sign in at all or have a local database. Alternatively, if you don't want to load it from the real REPL database and endpoints, you can manually edit any of the examples in site/content/examples.

[benschac]

This is super helpful. I'll update the site `readme.md` with this information.

…

On Thu, Sep 10, 2020 at 11:31 AM Conduitry ***@***.***> wrote: If you are running the site in development mode, requests to get specific saved REPLs are proxied to the real endpoints, so you have read-only access to all the same REPLs (using corresponding URLs) without having to sign in at all or have a local database. Alternatively, if you don't want to load it from the real REPL database and endpoints, you can manually edit any of the examples in site/content/examples. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#5372 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AATDCI7JMUYM57GUUJ7J2H3SFDWMNANCNFSM4RCSMZIQ> .

-- Benjamin

[benschac]

This get fixed?