Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code) #5355

Open
Flowseal opened this issue Jan 9, 2025 · 3 comments
Open

[Bug] "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code) #5355

Flowseal opened this issue Jan 9, 2025 · 3 comments
Labels
🐛 Bug Something isn't working | 缺陷

Comments

@Flowseal
Copy link

Flowseal commented Jan 9, 2025
edited
Loading

📦 Environment

Docker

📌 Version

v1.45.0

💻 Operating System

Windows

🌐 Browser

Chrome

🐛 Bug Description

I am trying to deploy Lobe Chat using Domain Name Mode guide, but with Casdoor.
Let's say I have domain flowseal.com. I'm using WAF that automatically gives me SSL.

I have successfully deployed casdoor and logged in. I have created new application, copied Client ID and Secret to .env, also set Redirect URL to https://lobe.flowseal.com/api/auth/callback/casdoor.

.env

APP_URL=https://lobe.flowseal.com/
NEXTAUTH_URL=https://lobe.flowseal.com/api/auth
AUTH_CASDOOR_ID=*Client ID from created application*
AUTH_CASDOOR_SECRET=*Client Secret from created application*
AUTH_CASDOOR_ISSUER=https://casdoor.flowseal.com
CASDOOR_WEBHOOK_SECRET=rCd+N20j84bejh//OcVDaPHnrB39d+NdpvsU/NgHp/w= # gen with openssl, but idk do i really need it or not

After that I reloaded containers with docker compose down and docker compose up -d.

When I press on login/register button (on https://lobe.flowseal.com), I'm immediately being redirected to https://lobe.flowseal.com/api/auth/error?error=Configuration.

Casdoor logs:

2025/01/09 02:51:08 Starting Radius server on 0.0.0.0:1812
The old instance with pid: 1 has been stopped
2025/01/09 02:51:08 Listening on 0.0.0.0:389
2025/01/09 02:51:08.376 [I]  http server Running on http://:8000

Chat logs:

lobe-chat      | [auth][error] r3: "response" is not a conform Authorization Server Metadata response (unexpected HTTP status code)
lobe-chat      |     at r4 (/app/.next/server/chunks/18300.js:368:4893)
lobe-chat      |     at nn (/app/.next/server/chunks/18300.js:368:6924)
lobe-chat      |     at iY (/app/.next/server/chunks/18300.js:368:46968)
lobe-chat      |     at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
lobe-chat      |     at async iQ (/app/.next/server/chunks/18300.js:368:49798)
lobe-chat      |     at async i5 (/app/.next/server/chunks/18300.js:368:52440)
lobe-chat      |     at async i3 (/app/.next/server/chunks/18300.js:368:56596)
lobe-chat      |     at async tr.do (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:17558)
lobe-chat      |     at async tr.handle (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/compiled/next-server/app-route.runtime.prod.js:18:22188)
lobe-chat      |     at async doRender (/app/node_modules/.pnpm/[email protected]_@[email protected]_@[email protected]_@[email protected]_react-d_aa190866c08e6c33b25c334e88819b79/node_modules/next/dist/server/base-server.js:1452:42)
lobe-chat      |  ⨯ ReferenceError: Cannot access 'm' before initialization
lobe-chat      |     at Object.y (.next/server/chunks/10424.js:257:19183)
lobe-chat      |     at <unknown> (.next/server/chunks/10424.js:257:23459)
lobe-chat      |     at <unknown> (.next/server/chunks/39355.js:159:1345)
lobe-chat      |     at o (.next/server/chunks/39355.js:159:1740)
lobe-chat      |     at s (.next/server/chunks/39355.js:159:1766)
lobe-chat      |     at d (.next/server/chunks/39355.js:159:1943)
lobe-chat      |     at <unknown> (.next/server/chunks/10424.js:257:23405)
lobe-chat      |     at t.a (.next/server/webpack-runtime.js:1:989)
lobe-chat      |     at 955225 (.next/server/chunks/10424.js:257:23158)
lobe-chat      |     at t (.next/server/webpack-runtime.js:1:143) {
lobe-chat      |   digest: '3178542458'
lobe-chat      | }

docker-compose.yml

name: lobe-chat-database
services:
  postgresql:
    image: pgvector/pgvector:pg16
    container_name: lobe-postgres
    ports:
      - '5432:5432'
    volumes:
      - './data:/var/lib/postgresql/data'
    environment:
      - 'POSTGRES_DB=lobe'
      - 'POSTGRES_PASSWORD=RemovedPassword'
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U postgres']
      interval: 5s
      timeout: 5s
      retries: 5
    restart: always

  minio:
    image: minio/minio
    container_name: lobe-minio
    ports:
      - '9000:9000'
      - '9001:9001'
    volumes:
      - './s3_data:/etc/minio/data'
    environment:
      - 'MINIO_ROOT_USER=Flowseal'
      - 'MINIO_ROOT_PASSWORD=RemovedPassword'
      - 'MINIO_DOMAIN=lobe-s3-api.flowseal.com'
      - 'MINIO_API_CORS_ALLOW_ORIGIN=https://lobe.flowseal.com' # Your LobeChat's domain name.
    restart: always
    command: >
      server /etc/minio/data --address ":9000" --console-address ":9001"

  casdoor:
    image: casbin/casdoor:latest
    container_name: lobe-casdoor
    ports:
      - 8000:8000
    depends_on:
      postgresql:
        condition: service_healthy
    environment:
      - RUNNING_IN_DOCKER=true
      - driverName=postgres
      - dataSourceName=postgres://postgres:RemovedPassword@postgresql:5432/casdoor?sslmode=disable
    volumes:
      - ./files:/files
    entrypoint: ['sh', '-c', './server --createDatabase=true']

  lobe:
    image: lobehub/lobe-chat-database
    container_name: lobe-chat
    ports:
      - '3210:3210'
    depends_on:
      - postgresql
      - minio
      - casdoor
    env_file:
      - .env
    restart: always

volumes:
  data:
    driver: local
  s3_data:
    driver: local

nginx.conf

server {
    server_name lobe.flowseal.com;
    client_max_body_size 20M;
    listen 80;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;

        proxy_pass http://192.168.0.163:3210;
        proxy_redirect off;
    }
}

server {
    server_name casdoor.flowseal.com;
    client_max_body_size 20M;
    listen 80;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Proto https;

        proxy_pass http://192.168.0.163:8000;
        proxy_redirect off;
    }
}

I would appreciate any help!

📷 Recurrence Steps

No response

🚦 Expected Behavior

No response

📝 Additional Information

No response
@Flowseal Flowseal added the 🐛 Bug Something isn't working | 缺陷 label Jan 9, 2025
@github-project-automation github-project-automation bot moved this to Roadmap - Chat 1.x in Lobe Chat Routine Jan 9, 2025
@lobehubbot
Copy link
Member

👀 @Flowseal

Thank you for raising an issue. We will investigate into the matter and get back to you as soon as possible.
Please make sure you have given us as much context as possible.
非常感谢您提交 issue。我们会尽快调查此事,并尽快回复您。 请确保您已经提供了尽可能多的背景信息。

@dosubot DosuBot
Copy link

dosubot bot commented Jan 9, 2025

Hey @Flowseal! I'm here to help you solve bugs, answer questions, and become a contributor. If you need any assistance, feel free to ask!

To resolve the issue with the "response" not being a conform Authorization Server Metadata response, follow these steps:

  1. Protocol Matching: Ensure that the protocol (http/https) in the Casdoor callback URL matches the protocol specified in the AUTH_URL setting in your .env file. Since your setup uses SSL, make sure both are set to https://.

  2. Environment Variables: Double-check that the AUTH_CASDOOR_ISSUER is correctly set to match your Casdoor deployment. It should be https://casdoor.flowseal.com as per your setup.

  3. Casdoor Application Configuration:

    • Verify that the redirect URL in your Casdoor application is correctly set to https://lobe.flowseal.com/api/auth/callback/casdoor.
    • Ensure that the Client ID and Client Secret are correctly set in your .env file as AUTH_CASDOOR_ID and AUTH_CASDOOR_SECRET.

  4. Additional Environment Variables: Ensure all relevant environment variables are correctly configured:

    • NEXT_AUTH_SECRET: This should be a secure key for encrypting Auth.js session tokens.
    • NEXT_AUTH_SSO_PROVIDERS: Set this to casdoor to use Casdoor.
    • NEXTAUTH_URL: This should be set to https://lobe.flowseal.com/api/auth to specify the callback address for Auth.js during OAuth verification.

  5. Nginx Configuration: Since you are using SSL, ensure that your Nginx configuration listens on port 443 for HTTPS and that SSL certificates are correctly configured.

By ensuring these configurations are correct, you should be able to resolve the issue with the Authorization Server Metadata response [1][2][3].

To continue talking to Dosu, mention @dosu.

Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other

@cmx4869
Copy link

cmx4869 commented Jan 9, 2025

same issue!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛 Bug Something isn't working | 缺陷
Projects
Lobe Chat Routine
Status: Roadmap - Chat 1.x
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Flowseal @cmx4869 @lobehubbot