ShinyProxy auth0 too many redirects

Hi

I am currently migrating from Keycloak to Auth0 for identity management and authorisation.
I have set the following in my application.yml
openid:
auth-url: h {cantputthelikebecuasenewuser}/authorize
token-url: {cantputthelikebecuasenewuser}/oauth/token
jwks-url: {cantputthelikebecuasenewuser}/.well-known/jwks.json
client-id: SuPeRsEcReT
client-secret: sUpErSeCrEt
username-attribute: name
roles-claim: {cantputthelikebecuasenewuser}/shinyproxy_roles

And when I start SP and navigate to localhost:8080 I get redirected to Auth0 as I should.

I enter user and pass and then I get the Auth0 spinner for a long time. in my SP logs I have:
2019-03-21 15:58:38.134 ERROR 20444 — [ XNIO-2 task-17] io.undertow.request : UT005023: Exception handling request to /login/oauth2/code/shinyproxy

java.lang.StackOverflowError: null
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_171]

Followed by the kind of garbage one might expect for indefinite redirects!

I have /login/oauth2/code/shinyproxy as the only entry in my allowed redirects.

Using SP 2.0.4 and CP 0.5.0

Edd

Hi @Eddwo,

Can you please take a look at this? ShinyProxy with Auth0 Authentication & Nginx config - infinite redirect loop

thanks for the reply.

Well… I did already have that setting “server.userForwardHeaders:true” although I am not using nginx in my development set up. I tried taking the setting out and it also doesn’t work.

I have some more information;
This only seems to happen if a user is not authorised. For example, if I create an account but do not verify my email. I guess auth0 doesn’t show the error itself, but redirects the user back to the home application (SP in this case) and allows that application to handle the authentication error.

Is this a feature that is not implemented in SP?
Do you know of a way I can override the return url SP sends to Auth0? I could implement my own controller and views to handle this if so…

Thanks again

Hello @Eddwo

Were you able to make this work? I have the same issue. If a user with a social login is not authorized, an error should be sent to the application. Right now, it seems like the application doesn’t handle this problem, and an infinite 302 loop occurs.

Hello @Eddwo & @ari04s,

I have the same issue, using google social login.

For a new user, using the sign-up from the auth0 login on my shiny proxy page, this gives an ERR_TOO_MANY_REDIRECTS on /login# right after sign-up.

The new user is created in Auth0 admin, and if I add the right groups in app_metadata then the login will work.

I am missing something for the sign-up process, any idea ?

thanks