Grafana fails GitLab OAuth when token url is not accessible
Summary
Using gitlab docker image, Grafana failed to use OAuth code flow to get an access token because token_url
({external_url}/oauth/token
) is not accessible internally.
auth_url
is used by the user (browser) to get an auth code.
token_url
is used by the OAuth client (Grafana) to exchange code for a token.
Steps to reproduce
Custom external_url
in gitlab.rb
.
Inside gitlab docker container, the external_url
is not accessible maybe due to name resolution.
What is the current bug behavior?
Grafana returns login.OAuthLogin(NewTransportWithCode)
.
What is the expected correct behavior?
Successful login to Grafana.
Relevant logs
Relevant logs
==> /var/log/gitlab/grafana/current <== 2019-12-14_06:15:07.32551 t=2019-12-14T06:15:07+0000 lvl=info msg="state check" logger=oauth queryState={} cookieState={} 2019-12-14_06:15:07.33191 t=2019-12-14T06:15:07+0000 lvl=eror msg=login.OAuthLogin(NewTransportWithCode) logger=context userId=0 orgId=0 uname= error="Post http://{device-name}.local:4580/oauth/token: dial tcp [fe80::de:1ed:8589:6fef]:4580: connect: invalid argument" 2019-12-14_06:15:07.33264 t=2019-12-14T06:15:07+0000 lvl=eror msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/gitlab status=500 remote_addr=172.17.0.1 time_ms=8 size=1753 referer="http://{device-name}.local:4580/oauth/authorize?access_type=online&client_id={}&redirect_uri=http://{device-name}.local:4580/-/grafana/login/gitlab&response_type=code&scope=api&state={}"
Details of package version
Provide the package version installation details
Docker: gitlab/gitlab-ee:12.5.4-ee.0 external_url "http://{docker-host-hostname}.local:4580" gitlab_rails['gitlab_shell_ssh_port'] = 4522
Edited by Nick Dong