使用Keystone进行身份验证后，Cosmos-gui应用程序崩溃

Question

I have a problem. My cosmos gui application crashes after trying to authorize with keystone. Horizon application is running on https://192.168.4.33:443 , while cosmos-gui is running on http://192.168.4.180:81 . My gui config file looks like this:

"oauth2": {
"idmURL": "https://192.168.4.33",
"client_id": "***********************************",
"client_secret": "*********************************",
"callbackURL": "http://192.168.4.180:81/auth",
"response_type": "code"

},

and inside horizon i registered application Cosmos Big data with parameters:

Description
Cosmos Big data

URL
https://192.168.4.33

Callback URL
http://192.168.4.180:81/auth

So afterwards i start cosmos-gui application and after clicking on login it redirects me to this url:

https://192.168.4.33/oauth2/authorize/?response_type=code&client_id=0434fdf60897479588c3c31cfc957b6d&state=xyz&redirect_uri=http://192.168.4.180:81/auth

And that is ok.But then, when i click on button authorize it leads me to this url:

http://192.168.4.180:81/auth?state=xyz&code=NVfyZUov1KuQ8yTw498oItHgYC2l9Z

and at that moment cosmos-gui application crashes and everything that i get from the log is this:

/home/cosmos-gui/fiware-cosmos/cosmos-gui/src/app.js:138
    req.session.access_token = results.access_token;
                                      ^
TypeError: Cannot read property 'access_token' of undefined
at /home/cosmos-gui/fiware-cosmos/cosmos-gui/src/app.js:138:43
at /home/cosmos-gui/fiware-cosmos/cosmos-gui/src/oauth2.js:168:22
at ClientRequest.<anonymous> (/home/cosmos-gui/fiware-cosmos/cosmos-  gui/src/oauth2.js:140:9)
at ClientRequest.emit (events.js:95:17)
at CleartextStream.socketErrorListener (http.js:1548:9)
at CleartextStream.emit (events.js:95:17)
at SecurePair.<anonymous> (tls.js:1400:19)
at SecurePair.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:980:10)
at CleartextStream.read [as _read] (tls.js:472:13)

On the side of keystone everything looks ok.This is from keystones log:

2015-08-24 16:34:02.604 27693 INFO keystone.contrib.oauth2.controllers [-] OAUTH2: Created Authorization Code to consumer 0434fdf60897479588c3c31cfc957b6d                 for user idm with scope [u'all_info']. Redirecting to http://192.168.4.180:81/auth?state=xyz&code=NVfyZUov1KuQ8yTw498oItHgYC2l9Z
2015-08-24 16:34:02.606 27693 INFO eventlet.wsgi.server [-] 127.0.0.1 - -   [24/Aug/2015 16:34:02] "POST /v3/OS-OAUTH2/authorize HTTP/1.1" 302 208 0.121336

Answer 1

After a bit of debugging and printing arguments that were going into the app.get('/auth', function(req, res)

i found this Error: DEPTH_ZERO_SELF_SIGNED_CERT

It seems it doesn't recognize self signed certificates as valid. Anyway as first line in file:

cosmos-gui/src/app.js i added

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

and now it is working.

Answer 2

When you authorize the Cosmos app in Keystone, the callback URL is called and this piece of software is executed:

// Handles requests from IDM with the access code

app.get('/auth', function(req, res) {
    // Using the access code goes again to the IDM to obtain the access_token
    oa.getOAuthAccessToken(req.query.code, function (e, results){
    // Stores the access_token in a session cookie
        req.session.access_token = results.access_token;
        res.redirect('/');
    });
});

Ie Keystone calls the callback with an access code (a soft piece of security) that can be used to retrieve the final access token (a hard security element).

It seems your Keystone is generating the access code but it is not returning the access token when asked for it. Can you check the Keystone logs in order to find the access token request? May you print any error returned by this call?

oa.getOAuthAccessToken(req.query.code, function (e, results)