Allen
Allen21h ago

Custom Auth Error: {"type":"AuthError","error":"Auth provider discovery of ... failed...

{"type":"AuthError","error":"Auth provider discovery of https://api.descope.com/P2uJnHX3QKs8u2j56nj63SSlYsn1 failed","baseVersion":0,"authUpdateAttempted":true} despite valid metadata existing here: https://api.descope.com/P2uJnHX3QKs8u2j56nj63SSlYsn1/.well-known/openid-configuration my understanding is that the error comes from here... https://github.com/get-convex/convex-backend/blob/main/crates/authentication/src/lib.rs#L149-L181
GitHub
convex-backend/crates/authentication/src/lib.rs at main · get-conv...
The open-source reactive database for app developers - get-convex/convex-backend
8 Replies
Convex Bot
Convex Bot21h ago
Thanks for posting in <#1088161997662724167>. Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets. - Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.) - Use search.convex.dev to search Docs, Stack, and Discord all at once. - Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI. - Avoid tagging staff unless specifically instructed. Thank you!
Allen
AllenOP21h ago
not much in the name of logs outside of the error message i posted above from the network tab for the ws handshake. codewise didn't seem to be much that changed in the convex backend section other than maybe this https://github.com/get-convex/convex-backend/commit/b19e1caf6b8c312e80b0f2eca2cc71ed4db2bb02 https://github.com/get-convex/convex-backend/issues/36197
GitHub
Upgrade oauth2 to 5.0.0 and openidconnect to 4.0.0+patches (#36197)...
GitOrigin-RevId: c18fc8f87cc679c58636c993fc72c2315c066f7c
Allen
AllenOP21h ago
do y'all have more logs on any of the errors that could be occuring? maybe in the openidconnect package? 
    /// Asynchronously fetches the OpenID Connect Discovery document and associated JSON Web Key Set
    /// from the OpenID Connect Provider.
    pub fn discover_async<'c, C>(
        issuer_url: IssuerUrl,
        http_client: &'c C,
    ) -> impl Future<Output = Result<Self, DiscoveryError<<C as AsyncHttpClient<'c>>::Error>>> + 'c
    where
        Self: 'c,
        C: AsyncHttpClient<'c>,
    {
        Box::pin(async move {
            let discovery_url = issuer_url
                .join(CONFIG_URL_SUFFIX)
                .map_err(DiscoveryError::UrlParse)?;

            let provider_metadata = http_client
                .call(
                    Self::discovery_request(discovery_url.clone()).map_err(|err| {
                        DiscoveryError::Other(format!("failed to prepare request: {err}"))
                    })?,
                )
                .await
                .map_err(DiscoveryError::Request)
                .and_then(|http_response| {
                    Self::discovery_response(&issuer_url, &discovery_url, http_response)
                })?;

            JsonWebKeySet::fetch_async(provider_metadata.jwks_uri(), http_client)
                .await
                .map(|jwks| Self {
                    jwks,
                    ..provider_metadata
                })
        })
    }
    /// Asynchronously fetches the OpenID Connect Discovery document and associated JSON Web Key Set
    /// from the OpenID Connect Provider.
    pub fn discover_async<'c, C>(
        issuer_url: IssuerUrl,
        http_client: &'c C,
    ) -> impl Future<Output = Result<Self, DiscoveryError<<C as AsyncHttpClient<'c>>::Error>>> + 'c
    where
        Self: 'c,
        C: AsyncHttpClient<'c>,
    {
        Box::pin(async move {
            let discovery_url = issuer_url
                .join(CONFIG_URL_SUFFIX)
                .map_err(DiscoveryError::UrlParse)?;

            let provider_metadata = http_client
                .call(
                    Self::discovery_request(discovery_url.clone()).map_err(|err| {
                        DiscoveryError::Other(format!("failed to prepare request: {err}"))
                    })?,
                )
                .await
                .map_err(DiscoveryError::Request)
                .and_then(|http_response| {
                    Self::discovery_response(&issuer_url, &discovery_url, http_response)
                })?;

            JsonWebKeySet::fetch_async(provider_metadata.jwks_uri(), http_client)
                .await
                .map(|jwks| Self {
                    jwks,
                    ..provider_metadata
                })
        })
    }
sshader
sshader20h ago
We have Error discovering auth provider: https://api.descope.com/P2uJnHX3QKs8u2j56nj63SSlYsn1, Failed to parse server response on our side -- just curl-ing that endpoint, I notice that the registration_endpoint field is an empty string and perhaps the parsing code is expecting a valid URL?
Allen
AllenOP20h ago
Weird, would it not just be ignored and treated as None? https://github.com/ramosbugs/openidconnect-rs/blob/main/src/discovery/mod.rs#L67
GitHub
openidconnect-rs/src/discovery/mod.rs at main · ramosbugs/openidco...
OpenID Connect Library for Rust. Contribute to ramosbugs/openidconnect-rs development by creating an account on GitHub.
Allen
AllenOP20h ago
hmm yeah actually maybe that is it? https://github.com/ramosbugs/openidconnect-rs/blob/main/src/macros.rs#L372 gonna be hard to change the actual content since that's set by the auth provider
GitHub
openidconnect-rs/src/macros.rs at main · ramosbugs/openidconnect-rs
OpenID Connect Library for Rust. Contribute to ramosbugs/openidconnect-rs development by creating an account on GitHub.
Allen
AllenOP20h ago
yeah seeing others mention similar errors when a value is not a valid URL: https://github.com/ramosbugs/openidconnect-rs/issues/71
GitHub
Parsing issue with parsing service_documentation · Issue #71 · ra...
In discovery.rs, I am seeing the following code, which does not allow service_documentation to be a non-empty and non_url at the same time: https://618898.app.netsuite.com/.well-known/openid-config...
Allen
AllenOP19h ago
but that's probably the best bet appreciate the help--great pointer!

Did you find this page helpful?