Error while running oAuth middleware

Hello,

I am following this link to start the oAuth middleware after setting the required values, but i am getting below error message while running the command. Any idea what exactly is the issue?

daml oauth2-middleware --config /oauth-middleware.conf

daml-helper: Received ExitFailure 1 when running
Raw command: java -Dlogback.configurationFile=/home/rocky/.daml/sdk/2.6.4/daml-sdk/oauth2-middleware-logback.xml -jar /home/rocky/.daml/sdk/2.6.4/daml-sdk/daml-sdk.jar oauth2-middleware --config /oauth-middleware.conf

What happens when you run this directly?

java -Dlogback.configurationFile=/home/rocky/.daml/sdk/2.6.4/daml-sdk/oauth2-middleware-logback.xml -jar /home/rocky/.daml/sdk/2.6.4/daml-sdk/daml-sdk.jar oauth2-middleware --config /oauth-middleware.conf

The path to your config file seems a bit weird - / is usually only writable by root. I suspect that path is wrong and that’s why the middleware is not starting.

It’s a bit unfortunate that it isn’t giving a more appropriate error message.

I started the oauth2-middleware using cli-args as shown below

oauth2-middleware
–callback https://example.com/auth/cb
–address 0.0.0.0
–http-port 3265
–oauth-auth https://oauth2-provider.com/auth_uri
–oauth-token https://oauth2-provider.com/token_uri
–auth-jwt-rs256-jwks https://example.com/.well-known/jwks.json

In console it shows

12:45:41.324 [main] WARN com.daml.auth.middleware.oauth2.Cli - Using cli opts for running oauth2-middleware is deprecated
12:45:41.611 [system-akka.actor.default-dispatcher-5] INFO akka.event.slf4j.Slf4jLogger - Slf4jLogger started
12:45:42.292 [system-akka.actor.default-dispatcher-8] INFO c.daml.auth.middleware.oauth2.Main$ - Started server: ServerBinding(/0.0.0.0:3265)

My question is, how would i test endpoints in postman, I dont see any logs in the console when i hit below URL in postman-
/auth?claims=actAs:Alice+applicationId:MyApp

Just an update i am able to hit the endpoint using the postman. But getting below response. Any inputs on this. How to resolve it?

Authentication is possible but has failed or not yet been provided.

Below is the endpoint i am trying
http://localhost:3121/auth?claims=actAs:Alice+applicationId:MyApp

Hi @Rocky,

I’m unfortunately not very familiar with either Postman or the OAuth2 Middleware, so I’m not in a great position to help you. I’ll try to find someone who might be a better fit.

Hi @Rocky,

Just had a quick look over the Scala code to see if I can understand your observations within a code context.

• Top level middleware routes are defined at daml/Server.scala at cfc499fbb69f916c54f2fcb5c8094291a3b8faf0 · digital-asset/daml · GitHub

• The claims parameters are managed at daml/Server.scala at cfc499fbb69f916c54f2fcb5c8094291a3b8faf0 · digital-asset/daml · GitHub

In order for the /auth endpoint to provide an authorised response, we need:

• a valid access token to be supplied
• and for that token to provide the requested claims.

As you are observing a response that appears to be consistent with an unauthorised response, I currently feel this might be the issue being displayed here?

As I was digging around, I did note that there’s some helpful looking notes in the file daml/README.md at cfc499fbb69f916c54f2fcb5c8094291a3b8faf0 · digital-asset/daml · GitHub. Hopefully these might help you out further here?

Hope that helps,

Carl.

Rocky:

oauth2-middleware
–callback https://example.com/auth/cb
–address 0.0.0.0
–http-port 3265
–oauth-auth https://oauth2-provider.com/auth_uri
–oauth-token https://oauth2-provider.com/token_uri
–auth-jwt-rs256-jwks https://example.com/.well-known/jwks.json

example.com and oauth2-provider.com here are placeholders. If you haven’t done so, you need to populate all the URLs with real ones corresponding to your application (in place of example.com) and your token provider (in place of oauth2-provider.com. Eg use Auth0).