OAuth and OmniAuth login stopped working after upgrade to 15.9
Today I've upgraded our company gitlab installation (docker omnibus) to version 15.9. Everything went well during upgrade, but the Google OAuth login no longer works. When anybody tries to login using google, gitlab shows 500 error and if the user reloads the page, also shows the following error: Could not authenticate you from GoogleOauth2 because "Invalid grant: bad request { "error": "invalid grant", "error description": "bad request" }".
. Also, there is the following exception in the production.log
file of the gitlab-rails:
Completed 500 Internal Server Error in 113ms (ActiveRecord: 54.6ms | Elasticsearch: 0.0ms | Allocations: 16065)
Settingslogic::MissingSetting (Missing setting 'sync_name' in 'ldap' section in /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml):
app/models/user_synced_attributes_metadata.rb:38:in `sync_name?'
app/models/user_synced_attributes_metadata.rb:30:in `syncable_attributes'
lib/gitlab/auth/o_auth/user.rb:261:in `update_profile'
lib/gitlab/auth/o_auth/user.rb:29:in `initialize'
app/controllers/omniauth_callbacks_controller.rb:151:in `new'
app/controllers/omniauth_callbacks_controller.rb:151:in `build_auth_user'
app/controllers/omniauth_callbacks_controller.rb:155:in `sign_in_user_flow'
app/controllers/omniauth_callbacks_controller.rb:124:in `omniauth_flow'
app/controllers/omniauth_callbacks_controller.rb:18:in `handle_omniauth'
app/controllers/application_controller.rb:532:in `set_current_admin'
lib/gitlab/session.rb:11:in `with_session'
app/controllers/application_controller.rb:523:in `set_session_storage'
lib/gitlab/i18n.rb:107:in `with_locale'
app/controllers/application_controller.rb:516:in `set_locale'
app/controllers/application_controller.rb:507:in `set_current_context'
config/initializers_before_autoloader/100_patch_omniauth_oauth2.rb:16:in `callback_phase'
lib/gitlab/metrics/elasticsearch_rack_middleware.rb:16:in `call'
lib/gitlab/middleware/memory_report.rb:13:in `call'
lib/gitlab/middleware/speedscope.rb:13:in `call'
lib/gitlab/database/load_balancing/rack_middleware.rb:23:in `call'
lib/gitlab/middleware/rails_queue_duration.rb:33:in `call'
lib/gitlab/metrics/rack_middleware.rb:16:in `block in call'
lib/gitlab/metrics/web_transaction.rb:46:in `run'
lib/gitlab/metrics/rack_middleware.rb:16:in `call'
lib/gitlab/jira/middleware.rb:19:in `call'
lib/gitlab/middleware/go.rb:20:in `call'
lib/gitlab/etag_caching/middleware.rb:21:in `call'
lib/gitlab/middleware/query_analyzer.rb:11:in `block in call'
lib/gitlab/database/query_analyzer.rb:37:in `within'
lib/gitlab/middleware/query_analyzer.rb:11:in `call'
lib/gitlab/middleware/multipart.rb:173:in `call'
lib/gitlab/middleware/read_only/controller.rb:50:in `call'
lib/gitlab/middleware/read_only.rb:18:in `call'
lib/gitlab/middleware/same_site_cookies.rb:27:in `call'
lib/gitlab/middleware/handle_malformed_strings.rb:21:in `call'
lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lib/gitlab/middleware/handle_ip_spoof_attack_error.rb:25:in `call'
lib/gitlab/middleware/request_context.rb:21:in `call'
lib/gitlab/middleware/webhook_recursion_detection.rb:15:in `call'
config/initializers/fix_local_cache_middleware.rb:11:in `call'
lib/gitlab/middleware/compressed_json.rb:37:in `call'
lib/gitlab/middleware/rack_multipart_tempfile_factory.rb:19:in `call'
lib/gitlab/middleware/sidekiq_web_static.rb:20:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:79:in `call'
lib/gitlab/middleware/release_env.rb:13:in `call'
We didn't change any outh-related settings and we do not use LDAP, only Google OAuth. How this can be fixed?
Possible workarounds
See this comment and the one after: #392952 (comment 1289095893)
Edited by Cynthia "Arty" Ng