Kratos + Facebook SSO

anuveyatsu · May 20, 2020, 7:44am

Hey there!

I’m trying to figure out how to set up one of the generic oidc providers, e.g., I’m trying Facebook. Unfortunately, it’s not yet working for me - below I’ll give some details.

Kratos version: v0.3.0-alpha.1

Note that SSO is working ok with github and google providers in my setup.

.kratos.yml file:

selfservice:
  strategies:
    oidc:
      enabled: true
      config:
        providers:
        - id: github
          provider: github
          client_id: ...
          client_secret: ...
          mapper_url: file:///etc/config/kratos/oidc.github.jsonnet
          scope:
          - user:email
        - id: google
          provider: google
          client_id: ...
          client_secret: ...
          mapper_url: file:///etc/config/kratos/oidc.google.jsonnet
          scope:
          - email
        - id: facebook
          provider: generic
          client_id: ...
          client_secret: ...
          mapper_url: file:///etc/config/kratos/oidc.facebook.jsonnet
          scope:
          - email
          auth_url: https://www.facebook.com/v7.0/dialog/oauth
          token_url: https://graph.facebook.com/v7.0/oauth/access_token

Afaik, Facebook doesn’t support OpenID Connect Discovery so I should provide auth_url and token_url. I’m wondering if provided values are correct.

Here is the error:

[
  {
    "code": 500,
    "status": "Internal Server Error",
    "reason": "Unable to initialize OpenID Connect Provider: Get \"/.well-known/openid-configuration\": unsupported protocol scheme \"\"",
    "message": "An internal server error occurred, please contact the system administrator"
  }
]

and here is logs:

kratos_1                      | time="2020-05-19T08:32:47Z" level=info msg="started handling request" method=POST name="public#http://127.0.0.1:4455/.ory/kratos/public/" remote="172.20.0.2:55170" request=/self-service/browser/flows/strategies/oidc/auth/ecfc89ac-00ca-47de-bd2c-e42835ebb5f6
kratos_1                      | time="2020-05-19T08:32:47Z" level=warning msg="Encountered registration error." credentials_type=oidc details="rid=\nerror=An internal server error occurred, please contact the system administrator\nreason=Unable to initialize OpenID Connect Provider: Get \"/.well-known/openid-configuration\": unsupported protocol scheme \"\"\ndetails=map[]\ndebug=\n\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*ProviderGenericOIDC).provider\n\t/home/ory/selfservice/strategy/oidc/provider_generic_oidc.go:42\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*ProviderGenericOIDC).OAuth2\n\t/home/ory/selfservice/strategy/oidc/provider_generic_oidc.go:50\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).handleAuth\n\t/home/ory/selfservice/strategy/oidc/strategy.go:180\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/[email protected]/router.go:334\ngithub.com/justinas/nosurf.(*CSRFHandler).handleSuccess\n\t/go/pkg/mod/github.com/justinas/[email protected]/handler.go:187\ngithub.com/justinas/nosurf.(*CSRFHandler).ServeHTTP\n\t/go/pkg/mod/github.com/justinas/[email protected]/handler.go:180\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:261\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/reqlog.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/reqlog/middleware.go:140\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96\ngithub.com/gorilla/context.ClearHandler.func1\n\t/go/pkg/mod/github.com/gorilla/[email protected]/context.go:141\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2012\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2807\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1895\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1373\nAn internal server error occurred, please contact the system administrator\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).handleError\n\t/home/ory/selfservice/strategy/oidc/strategy.go:435\ngithub.com/ory/kratos/selfservice/strategy/oidc.(*Strategy).handleAuth\n\t/home/ory/selfservice/strategy/oidc/strategy.go:182\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/[email protected]/router.go:334\ngithub.com/justinas/nosurf.(*CSRFHandler).handleSuccess\n\t/go/pkg/mod/github.com/justinas/[email protected]/handler.go:187\ngithub.com/justinas/nosurf.(*CSRFHandler).ServeHTTP\n\t/go/pkg/mod/github.com/justinas/[email protected]/handler.go:180\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:261\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/reqlog.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/reqlog/middleware.go:140\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96\ngithub.com/gorilla/context.ClearHandler.func1\n\t/go/pkg/mod/github.com/gorilla/[email protected]/context.go:141\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2012\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2807\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1895\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1373" error="An internal server error occurred, please contact the system administrator: An internal server error occurred, please contact the system administrator" login_request="&{ecfc89ac-00ca-47de-bd2c-e42835ebb5f6 2020-05-19 10:12:37.6744853 +0000 UTC 2020-05-19 08:32:37.6745044 +0000 UTC http://kratos:4433/self-service/browser/flows/registration  map[oidc:0xc000151570 password:0xc000151500] [] 2020-05-19 08:32:37.702601 +0000 UTC 2020-05-19 08:32:37.702804 +0000 UTC jdON8ypOjzJ8fmRxqerYmjl23tvBJOpfNAyVm3Yw9BycInY6oTg44NO5gm7PpwaDnvwvXqQVO206jrd0AK6Lsg==}"
kratos_1                      | time="2020-05-19T08:32:47Z" level=error msg="An error occurred and is being forwarded to the error user interface." code=500 debug= details="map[]" error="An internal server error occurred, please contact the system administrator: An internal server error occurred, please contact the system administrator" reason="Unable to initialize OpenID Connect Provider: Get \"/.well-known/openid-configuration\": unsupported protocol scheme \"\"" request-id= status="Internal Server Error"
kratos_1                      | time="2020-05-19T08:32:47Z" level=info msg="completed handling request" method=POST name="public#http://127.0.0.1:4455/.ory/kratos/public/" remote="172.20.0.2:55170" request=/self-service/browser/flows/strategies/oidc/auth/ecfc89ac-00ca-47de-bd2c-e42835ebb5f6 status=302 text_status=Found took=107.6385ms
kratos-selfservice-ui-node_1  | POST /.ory/kratos/public/self-service/browser/flows/strategies/oidc/auth/ecfc89ac-00ca-47de-bd2c-e42835ebb5f6 302 0 - 114.933 ms
kratos_1                      | time="2020-05-19T08:32:47Z" level=info msg="started handling request" method=GET name="admin#http://kratos:4434/" remote="172.20.0.2:40576" request="/self-service/errors?error=3a6982d5-6106-4cf4-b513-296b6f4f1cc2"
kratos_1                      | time="2020-05-19T08:32:47Z" level=info msg="completed handling request" method=GET name="admin#http://kratos:4434/" remote="172.20.0.2:40576" request="/self-service/errors?error=3a6982d5-6106-4cf4-b513-296b6f4f1cc2" status=200 text_status=OK took=93.4696ms
kratos-selfservice-ui-node_1  | GET /error?error=3a6982d5-6106-4cf4-b513-296b6f4f1cc2 500 11656 - 214.052 ms

hackerman · May 19, 2020, 12:37pm

Hey, I don’t know if facebook actually supports OpenID Connect? From quickly looking over the docs I can’t seem to be able to find any reference of it or ID Tokens. If that stands true, we need to implement a provider for Facebook. It shouldn’t be super hard and would probably look very similar to the github provider. If you’re up for the challenge, I’d love to see a contribution!

anuveyatsu · May 19, 2020, 5:25pm

Hey, never done Go development but I’ve started reading the code and setting up the local environment. Hope it wouldn’t take too much effort

hackerman · May 20, 2020, 7:56am

Ok, no worries I don’t think it should be too hard though!