Oauth and api with Custom UI Forge app

JasonDunn · April 28, 2022, 12:04am

Hey all, relatively new developer working on a forge application that will be using external Oauth connecting to my companies IdP and using external api within jira.

ERROR 22:00:48.753 ba72d2d9e507131d Fetch failed for remote ‘myIpro-IdP’, provider ‘myIpro’, path ‘/connect/userinfo’ no credentials previously requested
is the error I have received.

resolver.define('getCurrentUser', async (req) =>{
  const user = api.asUser().withProvider('myIpro', 'myIpro-IdP');
  console.log("user", user)
  console.log("user", await user.hasCredentials())
  if(!await user.hasCredentials()){
    await user.hasCredentials();
  };
  const res = await user.fetch('/connect/userinfo');
  console.log('res from user?', res)
  if(res.ok){
    return res.json();
  };
  
  return {
    status: res.status,
    statusText: res.statusText,
    text: await res.text()
  };
})

The above is the code in the main app index.js. I believe the actions and remotes have all been set up correctly in the manifest, I have provided the correct permission scopes namely read:user:jira, as well as
defined external fetch client and backend scopes to include the url to the remote.

what am I missing? I have been following along with the guide on Oauth for google apis and modifying this to suit my companies IdP provider.

thanks in advance!

JackA · April 28, 2022, 8:31am

In your code snippet, this:

should be:

  if(!await user.hasCredentials()){
    await user.requestCredentials();
  };

JasonDunn · April 28, 2022, 3:35pm

Good catch! Missed that one for sure.

After updating the code to use requestCredentials() I received a new error:

ERROR 15:28:50.242 0d104bc55cff67aa [NEEDS_AUTHENTICATION_ERR: Authentication required] {
serviceKey: ‘myIpro’
}

after reviewing the solution here: Getting error trying to load panel during Forge tutorial

It seems that other users have found that this error only happens due to the tunnel being active?
Im not so sure. Following along with the google example I used the retrieveProfile action in my fetch. here are my other actions:

MichaelCooper · May 3, 2022, 12:01pm

That “error” is normal, and is what happens when you call requestCredentials(). It raises an exception that is caught by the runtime to show the button.

Other than the error log line, what else is happening?

JasonDunn · May 3, 2022, 3:16pm

After that requestCredentials method is run it looks like it just fails. I have console statements after that call that dont run, and when I check our companies IdP logs we dont log any sort input / request from our Jira client, so it doesnt seem to be sending the request to auth like it should be.

MichaelCooper · May 5, 2022, 5:43am

Does it show a red error screen on the frontend after you call requestCredentials?

One potential cause of that: Have you included the provider reference on your function definition?

function:
  - key: ...
    handler: ...
    providers:
      auth:
        - [providerKey]

I think that may have to be deployed before it will work in forge tunnel as well.

JasonDunn · May 5, 2022, 3:24pm

 const user = await api.asUser().withProvider('myIpro', 'myIpro-IdP');
  console.log("user", user)
  const userBool = await user.hasCredentials()
  console.log("user cred?", await user.hasCredentials())
  // console.log("req user cred?", await user.requestCredentials())
  if(!userBool){
    console.log("before request cred")
    await user.requestCredentials();
    console.log("after request cred")
  };

INFO 15:21:55.778 c57310f8152ab583 user cred? false
INFO 15:21:55.778 c57310f8152ab583 before request cred
ERROR 15:21:55.780 c57310f8152ab583 [NEEDS_AUTHENTICATION_ERR: Authentication required] {
serviceKey: ‘myIpro’
}

function:
    - key: resolver
      handler: index.handler
      providers:
        auth:
          - myIpro

Part of the issue indeed was my function for the resolver was missing the provider, adding this yesterday allowed my companies IdP to begin to log. It looks like its establishing auth correctly on our side

MichaelCooper · May 10, 2022, 4:01am

Hi @JasonDunn, thanks for persisting with this issue you are having!

That last screenshot shows an error is happening during the exchange step (where the system exchanges the authorization token for an access token).

From the manifest screenshot you provided before, this would be an issue talking to the /connect/token endpoint.
From the logs on our side, I can see it is getting a HTTP 503 response back, suggesting an issue with a load balancer, or the service being down.

I hope this helps!

JasonDunn · May 11, 2022, 12:04am

Thanks for the response Michael,
any chance you would be able to share those logs? Id like to see the URL were sending where we are generating a 503

ccurti · May 11, 2022, 12:34am

Hi @JasonDunn ,

I’ve shared the logs in the support ticket yesterday. Let us know if that helps.

Caterina