FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Login stopped working - `missing_code` error using SDK

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    sdk login
    2
    3
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zaalbarxx
      last edited by

      Hi, another day, another problem 🙂
      Suddenly the login stopped working for some reason (no dependencies changed and I believe no settings for FusionAuth too)

      Using Vue SDK this login redirect URL is generated:
      http://localhost:9011/app/login?client_id=e9d1e58d-d076-439a-b92d-a0e5f76cceef&redirect_uri=http%3A%2F%2Flocalhost%3A3010%2Fauth%2Fcallback&scope=offline_access+openid+email&state=redirect_to%253Dtrue

      The browser redirects to this address then redirect back to http://localhost:3010/auth/callback with this query string:
      { error: 'invalid_request', error_description: 'The request is missing a required parameter: code', error_reason: 'missing_code', state: 'redirect_to%3D%2F' }

      Everything seemed to work fine up until now and I cannot find any related issue.
      Application do have PKCE set as not required as on the screenshot:
      ae102210-5b12-4c52-9b33-15f517c3bafc-image.png

      This is an event from the event log:

      Unable to complete app login. The auth code exchange has failed.
Application Id: e9d1e58d-d076-439a-b92d-a0e5f76cceef
Status code [400]

Error response is 
{
  "error" : "invalid_request",
  "error_description" : "The request is missing a required parameter: code",
  "error_reason" : "missing_code"
}

      Changing the enabled grants from Authorization code to Password changes the error query to:

      { error: 'unauthorized_client',
  error_description:
   'The [authorization_code] Authorization Code grant has been disabled for this client.',
  error_reason: 'grant_type_disabled',
  state: 'redirect_to%3D%2F' }

      but I guess since Authorization code was working previously and password grant is "legacy", I should use former.

      Edit: From what I see the problem starts to appear right after I update Terraform provider from 0.1.105 to 0.1.106. When I change to 0.1.105 to it starts to work properly.

      A 1 Reply Last reply Reply Quote 0
      • A
        Alex Patterson @zaalbarxx
        last edited by

        @zaalbarxx During this time did your FusionAuth version change with the Terraform update? Possibly pulling the latest image?

        https://fusionauth.io/docs/release-notes/#version-1-50-0

        Z 1 Reply Last reply Reply Quote 0
        • Z
          zaalbarxx @Alex Patterson
          last edited by

          @Alex-Patterson No, I've been using 1.50.1 version of FusionAuth (read from the admin panel) all the time. The only thing that changed was provider version. Like I said I can just switch between versions and it will start/stop working immediately, so I assume that version 0.1.106 may add some implicit parameter which changes something.
          I just checked it after using docker-compose down -v and docker-compose up (fresh installation) and after running the Terraform the error still persists. What's interesting is that I've checked the diff between 0.1.105 and 0.1.106 on FusionAuth Terraform repo https://github.com/FusionAuth/terraform-provider-fusionauth/compare/v0.1.105...v0.1.106 and it does not seem that anything that could be related was changed there, maybe it is related to Go client or something ?

          EDIT:
          Ok, I found the culprit, looks like between 0.1.105 and 0.1.106 there is some change that automatically sets this to either false (106) or true (105):

          Application -> Scopes -> Provided Scopes
          Here there are some default scopes, address, email, phone and profile.

          The problem here is that it looks like the Terraform provider currently does not allow to set these variables in schema, so basically we are blocked between older version with unsupported configurations like theme's oauth_consent and newer version which handles these scopes inproperly (we can change it manually, but obviously each deployment will cause the values to reset back to false).

          https://github.com/FusionAuth/terraform-provider-fusionauth/issues/277

          I hope this will get resolved quickly since right now it is quite a blocker.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post