Requesting Oauth Authorisation code gives 500 error

I am trying to get permission for a user to use the API from a script, and thought it would be nice to get an oauth token using the trick of creating a webserver on localhost temporarily for the browser to redirect and collect the authorisation code. The documentation states

For development, GitLab allows insecure HTTP redirect URIs.

This suggests my approach should work.

I tried using authorization code with and without PKCE as documented at https://docs.gitlab.com/ee/api/oauth2.html but both give me a 500 error (Whoops, something went wrong on our end), which isn't terribly useful. Searching suggests this happens when there is an SSL error, so maybe in this case GitLab is not allowing an insecure redirect URL. I'd be grateful if someone could help me diagnose this, or let me know if this approach is a non-starter, in which case I will just have to instruct the user to use a personal access token, though this will have to be stored securely, so is more difficult to manage.

changed milestone to %DevOps Sprint 121

added Support good first issue workflowSprint Ready labels

I'll have a quick look in the GitLab logs to see if I can spot anything explaining why you're getting the 500s.

Well here's an example of the error from yesterday:

2021-05-12T16:59:15.684346103Z ActionView::Template::Error (No route matches {:action=>"show", :controller=>"users", :username=>#<Group id:89 @uis/ea-dba/camsis>}, possible unmatched constraints: [:username]):
2021-05-12T16:59:15.684350364Z     18: 
2021-05-12T16:59:15.684353656Z     19:           - auth_app_owner = @pre_auth.client.application.owner
2021-05-12T16:59:15.684357096Z     20:           - if auth_app_owner
2021-05-12T16:59:15.684360401Z     21:             - link_to_owner = link_to(auth_app_owner.name, user_path(auth_app_owner))
2021-05-12T16:59:15.684363823Z     22:             = _("This application was created by %{link_to_owner}.").html_safe % { link_to_owner: link_to_owner }
2021-05-12T16:59:15.684367410Z     23: 
2021-05-12T16:59:15.684370800Z     24:           = _("Please note that this application is not provided by GitLab and you should verify its authenticity before allowing access.")
2021-05-12T16:59:15.684374515Z   
2021-05-12T16:59:15.684377779Z app/views/doorkeeper/authorizations/new.html.haml:21

Now trying to work out what that means...

At a glance :username=>#<Group id:89 @uis/ea-dba/camsis> looks like we're trying authenticate as agroup rather than a user?

Spot this merged to Gitlab 1 week ago: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60066

Good catch(!)

@psh35 This seems to match the error you're getting. As such I think the best we can do is wait for the next release which should be around the 22nd.

Sounds good - will do.

Moving to ~"workflow::blocked" to re-visit after release.

I believe this is resolved in Gitlab 13.12

added 20m of time spent at 2021-05-13

added workflowBlocked label and removed workflowSprint Ready label

assigned to @rjg21

changed due date to May 25, 2021

added 1h of time spent at 2021-05-13

changed milestone to %DevOps Sprint 122

changed milestone to %DevOps Sprint 123

changed due date to May 24, 2021

changed due date to May 23, 2021

changed due date to May 22, 2021

changed due date to May 21, 2021

changed due date to May 20, 2021

changed due date to May 19, 2021

changed due date to May 18, 2021