Error "Cannot retrieve OAuth Client credentials" on Webservice with other port than 443

PeerTube
1

Hi guys,

Recently I got an error, that I can’t identify the problem.
I read the posts with same error, I reviewed but not applicable at this case.

This error occurs when webserver is running on other port than 443.
I’m not using docker, and the ports are open on UFW Firewall.

When I try to enter on login page, I receive the error:

Cannot retrieve OAuth Client credentials: Getting client tokens for host [videos.slackjeff.com.br (http:// videos.slackjeff.com.br) is forbidden.

I’m listening nginx webserver on port 9443 (not 443).
And peertube node service on port 9000 (default)

When I set peertube log to ‹ debug › level, I got the message log:

« message »:« Getting client tokens for host videos.slackjeff.com.br is forbidden (expected videos.slackjeff.com.br:9443). »,« label »:« videos.slackjeff.com.br:9443 »

« Client log: Backend returned code 403, errorMessage is: Getting client tokens for host videos.slackjeff.com.br is forbidden »,« label »:« videos.slackjeff.com.br:9443 »

I don’t know why, but it seems service is trying to communicate on port 443, not 9443

So, only for testing purposes, I configured nginx webserver (nginx.conf) on port 443 and changed the production.yaml to port 443 as well; and everything runs fine!

The problem is specifically using another port other than 443. I tried 3 times a fresh installations, but same problem occurs.

My partial nginx.conf:

upstream backend {
  server 127.0.0.1:9000;
}

server {
  listen 9443 ssl http2;
  server_name videos.slackjeff.com.br;

...

My partial production.yaml:

listen:
  hostname: '127.0.0.1'
  port: 9000

# Correspond to your reverse proxy server_name/listen configuration (i.e., your public PeerTube instance URL)
webserver:
  https: true
  hostname: 'videos.slackjeff.com.br'
  port: 9443

...

Thanks in advance,
Grether

2

Hi,

From « Cannot retrieve OAuth Client credentials: Getting client tokens for host [videos.slackjeff.com.br (http:// videos.slackjeff.com.br) is forbidden. » I see http:// and not https://.

Try to set https: false

3

Hi,
Thanks for your reply!

I already tried this, but without success. Now « Bad HTTP request ».

As new user, I cannot paste more than 2 links. So, I pastebin the log:

4

Please use pastebin.com.

5

Ok, sorry.

6

I’m also having the same problem.
maybe req.get(‹ host ›) not contained port number, always failed.
I commented out next line, and this problem fixed.

dist/server/controllers/api/oauth-clients.js
line 19-21

    const serverHostname = config_1.CONFIG.WEBSERVER.HOSTNAME;
    const serverPort = config_1.CONFIG.WEBSERVER.PORT;
    let headerHostShouldBe = serverHostname;
    //if (serverPort !== 80 && serverPort !== 443) {
    //    headerHostShouldBe += ':' + serverPort;
    //}
    if (!(0, core_utils_1.isTestOrDevInstance)() && req.get('host') !== headerHostShouldBe) {

found related thread. (Additionally, fixed uploading error)

7

@momo-i , yes. I tried it and worked.
BUT no video was uploaded with « Unknown Error », . Using on port 443, everything works.

About « Unknown Error », I get this debug log:

{"level":"debug","message":"Checking POST - /api/v1/server/logs/client parameters","label":"videos.slackjeff.com.br:9443","body":{"message":"Upload failed: Unknown error","userAgent":"Mozilla/5.0 (Macintosh; Int
el Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15","url":"https://videos.slackjeff.com.br:9443/videos/upload#upload","level":"error"},"params":{},"query":{},"tags":[],"ti
mestamp":"2023-04-02T21:09:59.134Z"}

How you can see, « params » and « query » are blank.

8

@devnull
you must edit uploadx.js too. (It’s not 7-8 line)

Add: useRelativeLocation: true
dist/server/lib/uploadx.js

const logger = (0, logger_1.buildLogger)(‹ uploadx ›);
const uploadx = new core_1.Uploadx({
useRelativeLocation: true,
directory: (0, upload_1.getResumableUploadPath)(),
expiration: { maxAge: undefined, rolling: true },