Configuring Google SSO redirects to a 404

[SanderVerkuil]

Having installed this package and trying to configure oauth, it appears that there is a wrong redirect somewhere.

Going to https://<sentry-server>/settings/<organization>/auth/ there is a Google provider.
When clicking on configure, I am redirected to the google sign-in screen.
After clicking on my account, the browser is redirected to https://<sentry-server>/organizations/<organization>/auth/, which is a 404.

I tried to look into the source of this package, but I couldn't seem to find where this issue is.

[dcramer]

I'm pretty sure you configure this within the Google app itself, dont you?

[SanderVerkuil]

In the Google Cloud Platform the authorised javascript source is https://<sentry-server>/, and the authorized redirect url is https://<sentry-server>/auth/sso/. That appears to be correct.

Where would I configure that in the google consent screen, I'm not redirected to a 404 page?

After inspecting the Log files I found that there's an exception in the /www/sentry/local/lib/python2.7/site-packages/sentry_auth_google/utils.py file:

Traceback (most recent call last):
   File "/www/sentry/local/lib/python2.7/site-packages/sentry_auth_google/views.py", line 32, in dispatch
     _, payload, _ = map(urlsafe_b64decode, id_token.split('.', 2))
   File "/www/sentry/local/lib/python2.7/site-packages/sentry_auth_google/utils.py", line 8, in urlsafe_b64decode
     return base64.urlsafe_b64decode(padded)
   File "/usr/lib/python2.7/base64.py", line 119, in urlsafe_b64decode
     return b64decode(s.translate(_urlsafe_decode_translation))
 TypeError: character mapping must return integer, None or unicode
 19:33:49 [ERROR] sentry.auth.google: Unable to decode id_token: character mapping must return integer, None or unicode

I think that this might be the reason why it redirects to the invalid page, because it wants to show the error there?

I think there might be an error in the error handling of sentry itself, when it fails to do SSO. The error that I get on that page, which appears briefly, reads: Authentication error: Unable to fetch user information from Google. Please check the log.. Why sentry redirects to /organizations/<org>/auth/ instead of /settings/<org>/auth/ might be an issue in Sentry itself.

---

Looking at this stack overflow page, the urlsafe_b64decode requires a string. Changing the call to return base64.urlsafe_b64decode(str(padded)) works as intended. I am then being is then redirected to https://<sentry-server>/organizations/<org>/auth/configure, which allows me to configure the default roles of new members and such.

I'll create a PR for this issue, which solves this issue, but might break other installations.

[okainov]

@SanderVerkuil where did you chenge this file to "hack" it into running sentry? I have the same issue, but just changing the file inside cron/web/worker containers doesn't help :(

[SanderVerkuil]

@okainov I followed the installation guide for sentry, and the install directory was /www/sentry. It was installed in a virtual environment, so the packages were installed in /www/sentry/local/lib/python2.7. The file which I changed was, relative to the python2.7 dir: site-packages/sentry_auth_google/utils.py,