OAuth fails with "Must utilize https", but everything is https

dsuedholt · November 15, 2019, 12:41am

I set up Google OAuth for my seafile installation. When I’m using it, after logging into Google and being redirected to /oauth/callback, I see the “Error, please contact administrator message.” The logfile says

[ERROR] seahub.oauth.views:136 oauth_callback (insecure_transport) OAuth 2 MUST utilize https.

All the URLs in the settings are https. The seafile sign-on page, the Google OAuth login page and the callback page are all https and yet I see this error. Here is my seahub_settings:

FILE_SERVER_ROOT = 'https://my.server/seafhttp'
OAUTH_REDIRECT_URL = 'https://my.server/seafile/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'google.com'
OAUTH_AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth'
OAUTH_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token'
OAUTH_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo'
OAUTH_SCOPE = [
    "https://www.googleapis.com/auth/userinfo.email",
]
OAUTH_ATTRIBUTE_MAP = {
    "name": (False, "name"),
    "email": (True, "email"),
}

What’s going wrong here?

dsuedholt · November 15, 2019, 1:10am

Found a quickndirty fix myself:

in seahub/seahub/oauth/views.py, in the function oauth_callback, I changed

token = session.fetch_token(
            TOKEN_URL,
            client_secret=CLIENT_SECRET,
            authorization_response=request.get_full_path())

to

token = session.fetch_token(
            TOKEN_URL,
            client_secret=CLIENT_SECRET,
            authorization_response='https://my.server'+request.get_full_path())

Since request.get_full_path() actually just contained /seafile/oauth/… and not the full URL.

z3ky · November 1, 2021, 10:28am

Works for me, too.
Hope this bug will be fixed soon.

FlorianJSa · December 31, 2021, 12:49am

Hi, thanks for you reply same issue here.