[SOLVED] Cannot retrieve OAuth Client Credentials: Getting client tokens for host peertube.slat.org is forbidden

Franklin · Juillet 25, 2023, 1:41

(Following this post, this post and this issue)

Special thanks to Chocobozzz’s efforts, the problem of no new videos in my Recently-added videos, and the following problem that I could not follow any other instances was solved. That was because I added a :443 in my nginx site location @api section proxy_set_header Host $host;

However, I added that :443 after $host because I kept getting this error when visiting my peertube instance:

錯誤: 無法擷取 OAuth 客戶端憑證：Getting client tokens for host peertube.slat.org is forbidden。請確保您已正確設定 PeerTube（config/ 目錄），特別是 "webserver" 部份。

(Error: Cannot retrieve OAuth Client credentials: Getting client tokens for host peertube.slat.org is forbidden. Ensure you have correctly configured PeerTube (config/ directory), in particular the « webserver » section.)

I could eliminate that error by adding :443 after $host in the proxy_set_header Host. However it broke the feature of following other instances.

What’s wrong with this error? What can I do to solve this? Any suggestion is appreciated.

Chocobozzz · Juillet 25, 2023, 1:53

Can you also paste the server log error? It should log the expected host header

Franklin · Juillet 25, 2023, 2:10

Not sure if this is what you want:

{"tags":["client"],"username":"franklin","userA
gent":"Mozilla/5.0 (X11; Linux x86_64; rv:101.0
) Gecko/20100101 Firefox/101.0","url":"https://
peertube.slat.org/admin/follows/following-list"
,"level":"error","message":"Client log: Backend
 returned code 403, errorMessage is: Getting cl
ient tokens for host peertube.slat.org is forbi
dden","label":"peertube.slat.org:443","timestam
p":"2023-07-25T13:24:02.480Z"}

{"tags":["http"],"level":"info","message":"122.
116.0.0 - - [25/Jul/2023:13:24:02 +0000] \"POST
 /api/v1/server/logs/client HTTP/1.0\" 204 - \"
https://peertube.slat.org/admin/follows/followi
ng-list\" \"Firefox\"","label":"peertube.slat.o
rg:443","timestamp":"2023-07-25T13:24:02.482Z"}

{"tags":["client"],"username":"franklin","userA
gent":"Mozilla/5.0 (X11; Linux x86_64; rv:101.0
) Gecko/20100101 Firefox/101.0","url":"https://
peertube.slat.org/admin/follows/following-list"
,"level":"error","message":"Client log: 錯 誤 : >
無 法 擷 取  OAuth 客 戶 端 憑 證 ： Getting client tokens for host peertube.slat.org is forbidden。 請 確 保 您 已 正 確 設 定  PeerTube（ config/ 目 錄 ） ， 特 別 是 \"webserver\" 部 份 。 ","label":"peertube.slat.org:443","timestamp":"2023-07-25T13:24:02.486Z"}

Chocobozzz · Juillet 26, 2023, 6:15

The message I’m searching for should be above these errors.

It starts with Getting client tokens for host

Franklin · Juillet 26, 2023, 6:29

{« level »:« info »,« message »:« Getting client tokens for host peertube.slat.org is forbidden (expected peertube.slat.org:443). »,« label »:« peertube.slat.org:443 »,« timestamp »:« 2023-07-25T22:59:17.084Z »}

Is this one?

Chocobozzz · Juillet 26, 2023, 6:48

Can you paste the webserver part of your production.yaml?

Franklin · Juillet 26, 2023, 6:50

webserver:
  https: true
  hostname: 'peertube.slat.org'
  port: 443

Chocobozzz · Juillet 26, 2023, 7:09

Please edit dist/server/controllers/api/oauth-clients.js

Replace line 23 by

logger_1.logger.info('Getting client tokens for host %s is forbidden (expected %s).', req.get('host'), headerHostShouldBe, { webserverConfig: config_1.CONFIG.WEBSERVER });

Restart peertube and check the error again

Franklin · Juillet 26, 2023, 7:22

is there another %s in the end (since you have 3 parameters)?
The error was gone! I guess it was caused because I changed the nginx setting to remove the :443 and restart nginx… but I didn’t restart peertube service at that time. So it was inconsistent and hence showed the error. Now I changed that message and restart peertube… the error is no longer there.

So the solution: Even just modify nginx settings, always restart both nginx AND peertube service.

Thank you @Chocobozzz for your support !!