[HELP] New Deployment Not working
diabl0w opened this issue · comments
Hi, I had to redeploy my homeautio instance on a new machine. I thought that I had transferred everything fine, but it seems like I am getting some kind of authentication error or something when trying to do any command via google home:
[17:37:49 INF] Request starting HTTP/1.1 POST http://192.168.111.101:5000/google/home/smarthome application/json;charset=UTF-8 79
[17:37:50 INF] Request starting HTTP/1.1 GET http://192.168.111.101:5000/google/home/.well-known/openid-configuration
[17:37:50 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
[17:37:50 INF] Request finished in 50.3988ms 200 application/json; charset=UTF-8
[17:37:50 ERR] Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
---> System.ArgumentException: IDX20108: The address specified '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' is not valid as per HTTPS scheme. Please specify an https address for security reasons. If you want to test with http address, set the RequireHttps property on IDocumentRetriever to false. (Parameter 'address')
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
[17:37:50 ERR] Connection id "0HM44QOMSSKR2", Request id "0HM44QOMSSKR2:00000001": An unhandled exception was thrown by the application.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
---> System.ArgumentException: IDX20108: The address specified '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' is not valid as per HTTPS scheme. Please specify an https address for security reasons. If you want to test with http address, set the RequireHttps property on IDocumentRetriever to false. (Parameter 'address')
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy policy, HttpContext context)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at HomeAutio.Mqtt.GoogleHome.RequestResponseLoggingMiddleware.Invoke(HttpContext context) in /app/HomeAutio.Mqtt.GoogleHome/RequestResponseLoggingMiddleware.cs:line 46
at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
[17:37:50 INF] Request finished in 209.8529ms 500
[17:37:50 INF] Request starting HTTP/1.1 POST http://192.168.111.101:5000/google/home/smarthome application/json;charset=UTF-8 551
[17:37:50 ERR] Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
[17:37:50 ERR] Connection id "0HM44QOMSSKR4", Request id "0HM44QOMSSKR4:00000001": An unhandled exception was thrown by the application.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authorization.Policy.PolicyEvaluator.AuthenticateAsync(AuthorizationPolicy policy, HttpContext context)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at HomeAutio.Mqtt.GoogleHome.RequestResponseLoggingMiddleware.Invoke(HttpContext context) in /app/HomeAutio.Mqtt.GoogleHome/RequestResponseLoggingMiddleware.cs:line 46
at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
I can successfully get to the /google/home endpoint from a webrowser to see the webui, its just communications that come from google seem to be failing. Can you offer any insight? I have spent a few hours trying to debug myself, and at this point I need some help.
more info: if i unlink homeautio from my google home settings, it no longer seems to appear at the top in order to readd it (I am talking about the screen when you try to add a device and it gives you a list of all the accounts you can link, and usually the custom one from google actions console is at the top). If I go to my google actions console into the homeautio project, and try to redeploy the test... nothing new happens. It just says "try talking to homeautio"
If you just upgraded, did you see #103
The error you are getting makes me think you might need to mess with the ASPNETCORE_PATHBASE piece mentioned there. I moved that into the config file instead so you dont have to mess with ENV vars on the docker container for that.
If you just upgraded, did you see #103
The error you are getting makes me think you might need to mess with the ASPNETCORE_PATHBASE piece mentioned there. I moved that into the config file instead so you dont have to mess with ENV vars on the docker container for that.
Thanks for the response, yes I did see the release notes and as far as I can tell I would only be effected by that change you pointed out. However, I had already made that adjustment, and I also tried "/google/home" along with "/google/home/" because I had an issue with that leading slash in the past, but neither has helped. I am going to double check everything related to that ...
update: there seems to be nothing wrong with my config:
{
"deviceConfigFile": "config/googleDevices.json",
"logPII": false,
"appPathBase": "/google/home",
in the google actions console, when I am on my homeautio project, I see header tabs for "Overview" "Develop" "Test" "Deploy" and "Analytics". To make homeautio available in my google app to add, I should be going to "Test" > "Simulator" and hitting start test or whatever was there (I cant see anymore because I already pressed it). That is the proper way that should be making it available in my google app, correct?
and more info: from logs, it says its trying to access things in ".well-known/*" ... when i go into homeautio docker shell, there is no folder called .well-known in /app/wwroot... is this expected?
Yeah thats expected, that is an OAuth config published by the underlying IdentityServer automatically. Your config looks right. Make sure your docker command is no longer including -e ASPNETCORE_PATHBASE as an argument.
- Does the URL its complaining about contain the
/google/homein it correctly? (Note: You may have to set configlogPIIto true to see this URL) - Did you remember to set the X-Forward headers correctly in the proxy? If you were running an older version you might not have had that requirement before, as it changed within the last month or two.
It's actually complaining, I think, because the app itself is trying to request the its own oauth config from that .well-known location, but I'd wager the URL it's trying to hit is missing the /google/home piece. Unfortunately you have to tell both the app (appPathBase) and the underlying framework (x-forward headers) about the right locations for it to generate the right URLs for it to hit.
I also just changed some pieces here around the IdentityServer, so Ill try rejoining my own instance at home too tonight and see if that messed something up with this. With the latest upgrade they CHANGED some things, and Im trying to catch up with them because I don't want to be too far behind their current version, but that means I totally could have messed up the config.
okay, I am still working on this so hopefully I will be able to report it is fixed before having you have to go through that. I like to thinkI know what I am doing for the most part, but I can definitely miss some things
Ok, I was able to unlink and relink at home ok, so I am FAIRLY confident it CAN work 😄
Note, I left a backwards compatible support for the ENV variable to provide this config value too... it'll take the ENV variable preferentially (this is temporary to try and help the transition).
My gut is leaning toward this being an X-Forward header issue though... I'm pretty sure that .well-known URL is effected by that specifically. What's your proxy setup look like?
you are correct! It was an issue with X-blah-blah-blah headers in the proxy! I had some of them, but was missing quite a few! I didn't realize that had changed. Thank you!
Glad to hear it! That at least gives me confidence I didn't mess up the auth too bad with this upgrade 😄
Glad to hear it! That at least gives me confidence I didn't mess up the auth too bad with this upgrade smile
I've been using this for at least 2 years now, and I love it. If you have any donation links please post them. I don't have a lot, but I'd like to give some.
Nah, just pay it forward some day man. Just happy some people find this useful.
Thanks!