OAuth2 endpoint 404's after upgrade 14.0.1 -> 14.0.3

amenthes · October 22, 2018, 8:59am

Nextcloud version: 14.0.3 from docker

The issue you are facing:
After upgrading my docker containers to 14.0.3, i can no longer use other applications to authenticate against Nextcloud. The previously correct and working /apps/oauth2/authorize now returns a 404 error.

Is this the first time you’ve seen this error?: No, it worked fine before upgrading. The requests also still end up in the right place, I can see the 404 in the apache logfiles, they end up in the right place.

Steps to replicate it:

Have Nextcloud 14.0.3
navigate to $yourServer/apps/oauth2/authorize
receive 404.

The output of your Nextcloud log in Admin > Logging: (nothing)
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

$CONFIG = array (
  'trusted_proxies' =>
  array (
    0 => '--my proxy--',
  ),
  'htaccess.RewriteBase' => '/',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'installed' => true,
  'instanceid' => 'o----z',
  'passwordsalt' => 'A----T',
  'secret' => '8----E',
  'trusted_domains' =>
  array (
    0 => 'n----n',
  ),
  'remember_login_cookie_lifetime' => 2592000,
  'session_lifetime' => 604800,
  'datadirectory' => '/var/www/html/data',
  'version' => '14.0.3.0',
  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => 'https://n----n',
  'activity_expire_days' => 30,
  'dbtype' => 'mysql',
  'dbuser' => 'nextcloud',
  'dbpassword' => 'W----f',
  'dbname' => 'n----d',
  'dbhost' => 'db',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'skeletondirectory' => '',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'redis',
    'port' => 6379,
  ),
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'tls',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_from_address' => 's----s',
  'mail_domain' => 'c----e',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'm----t',
  'mail_smtpport' => '587',
  'mail_smtpname' => 's----e',
  'mail_smtppassword' => 'I----8',
  'maintenance' => false,
  'loglevel' => 2,
);

The output of your Apache/nginx/system log in /var/log/____:

app_1    | 1----1 - - [22/Oct/2018:08:56:36 +0000] "GET /apps/oauth2/authorize?client_id=D------O&redirect_uri=https%3A%2F%2Fg-----c HTTP/1.1" 404 512 "https://g----s/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0"

amenthes · October 22, 2018, 9:48am

the oauth2 app is installed and active (it can’t be deactivated anyway), and I can see its settings in the admin security settings. I cann add and delete tokens there. I can’t figure out why this would 404.

amenthes · October 22, 2018, 10:30am

I had a friend double check with their 14.0.3 and it’s not the problem. The expected result is an error 500 which he gets on his installation. I still get a 404 not found. I can’t figure out, why.

Can anyone help me debug this?

amenthes · October 22, 2018, 10:44am

It would appear that some of my .htaccess rules got lost in the upgrade, and now I’m either missing those or a index.php/ -> $yourServer/index.php/apps/oauth2/authorize

Not ideal.

amenthes · October 22, 2018, 10:59am

my config.php was wrong: especially this:

'overwrite.cli.url' => 'https://n-----n',

should be this:

'overwrite.cli.url' => 'https://n-----n/',
                                       ^-- here we go :-)

Note the added trailing slash. This worked before the update (but was wrong even then, judging from this issue). It’s all fine and resolved now.