Generic authentication fails following oAuth2 authorisation, and produces an uncontextualised and unhandled HTTP/500 error.
Context
The hub and the authentication servers are run on separate Docker containers. They are both served through Nginx, which itself is housed on a a container that is independent of the two servers.
The hub runs on a subdomain, and all proxies are handled by Nginx.
The authorization is handled through the Spring oauth
The authentication server has been tested separately and is fully operational.
Журналы хаб-сервера
[JupyterHub] [INFO] [302 GET /hub/oauth_login?next= -> http://localhost/oauth2/authorize/?redirect_uri=http%3A%2F%2Flab.localhost%2Fhub%2Foauth_callback&client_id=[secret]&response_type=code&state=[secret] (@XXX.XXX.XXX.XXX) 1.87ms]
[JupyterHub] [ERROR] [Uncaught exception GET /hub/oauth_callback?code=[secret]&state=[secret] (XXX.XXX.XXX.XXX)
HTTPServerRequest(protocol='http', host='lab.localhost', method='GET', uri='/hub/oauth_callback?code=[secret]&state=[secret]', version='HTTP/1.1', remote_ip='XXX.XXX.XXX.XXX')]
Traceback (most recent call last):
File "[...]/tornado/web.py", line 1543, in _execute
result = yield result
File "[...]/oauthenticator/oauth2.py", line 182, in get
user = yield self.login_user()
File "[...]/jupyterhub/handlers/base.py", line 473, in login_user
authenticated = await self.authenticate(data)
File "[...]/jupyterhub/auth.py", line 257, in get_authenticated_user
authenticated = await maybe_future(self.authenticate(handler, data))
File "[...]/oauthenticator/generic.py", line 116, in authenticate
resp = yield http_client.fetch(req)
tornado.curl_httpclient.CurlError: HTTP 599: Failed to connect to localhost port 80: Connection refused
[JupyterHub] [DEBUG] [No template for 500]
[JupyterHub] [ERROR] [{
"X-Forwarded-Host": "lab.localhost",
"X-Forwarded-Proto": "http",
"X-Forwarded-Port": "80",
"Cookie": "oauthenticator-state=[secret]:oauthenticator-state|120:[secret]"",
"Accept-Language": "en-GB,en-US;q=0.9,en;q=0.8",
"Accept-Encoding": "gzip, deflate, br",
"Referer": "http://localhost/oauth2/authorize/?redirect_uri=http%3A%2F%2Flab.localhost%2Fhub%2Foauth_callback&client_id=[secret]&response_type=code&state=[secret]",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.37",
"Upgrade-Insecure-Requests": "1",
"Cache-Control": "max-age=0",
"Connection": "close",
"X-Nginx-Proxy": "true",
"X-Forwarded-For": "XXX.XXX.XXX.XXX,::XXXX:XXXX.XXXX.XXX.XXX",
"X-Real-Ip": "XXX.XXX.XXX.XXX.1",
"Host": "lab.localhost"
}]
[JupyterHub] [ERROR] [500 GET /hub/oauth_callback?code=[secret]&state=[secret] (@XXX.XXX.XXX.XXX)
Хаб-сервер никогда не проходит авторизацию для того, чтобы он начал работать с токеном и данными пользователя. Видите ли, эта ошибка возникает, когда хаб-сервер пытается разрешить обратный вызов сервером аутентификации, а не при запросе токена. Запрос GET - это запрос, который следует за авторизацией на сервере авторизации. Вот что делает это довольно странным.