ORCID + GenericOAuthenticator = 500 : Internal Server Error

JupyterHub The Littlest JupyterHub
1

Good Day - reached stumbling block in the implementation of OAuth2 implementation using oauthenticator generic setup with Authenticated ORCID iD API but now Im stuck even though the authentication passes through ORCID API the callback code and state to my TLJH shows 500 : Internal Server Error

Here is my yaml config:

sudo tljh-config show
users:
admin:

  • bgilbert
  • brendan.gilbert
    https:
    enabled: true
    tls:
    key: /opt/mycerts/redacted.key
    cert: /opt/mycerts/redacted.crt
    auth:
    type: oauthenticator.generic.GenericOAuthenticator
    GenericOAuthenticator:
    login_service: ORCID iD
    client_id: Redacted
    client_secret: Redacted
    oauth_callback_url: ://myserver/hub/oauth_callback
    authorize_url: ://orcid.org/oauth/authorize
    token_url: ://orcid.org/oauth/token
    scope: /authenticate
    userdata_url: https://orcid.org/oauth/userinfo
    username_claim: sub
    OAuthenticator:
    client_id: Redacted
    client_secret: Redacted
    os:
    environ[OAUTH2_TOKEN_URL]: ://orcid.org/oauth/token
    environ[OAUTH2_USERDATA_URL]: ://orcid.org/oauth/userinfo
    environ[OAUTH2_AUTHORIZE_URL]: ://orcid.org/oauth/authorize

user_environment:
default_app: jupyterlab
limits:
memory: 4G
cpu: 2
services:
cull:
timeout: 3600
debug:
enabled: true



**JupyerHub Log:**
> Apr 13 18:38:15 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:15.166 JupyterHub log:192] 302 GET /hub/ -> /hub/login?next=%2Fhub%2F (@192.168.2.184) 0.79ms
> Apr 13 18:38:15 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:15.190 JupyterHub log:192] 200 GET /hub/login?next=%2Fhub%2F (@192.168.2.184) 2.20ms
> Apr 13 18:38:16 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:16.827 JupyterHub oauth2:99] OAuth redirect: ://myserver/hub/oauth_callback
> Apr 13 18:38:16 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:16.828 JupyterHub log:192] 302 GET /hub/oauth_login?next=%2Fhub%2F -> https://orcid.org/oauth/authorize?response_type=code&redirect_uri=%3A%2F%2Fmyserver%2Fhub%2Foauth_callback&client_id=REDACTEDstate=[secret]&scope=%2Fauthenticate (@192.168.2.184) 1.34ms
> Apr 13 18:38:22 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:22.266 JupyterHub log:192] 302 GET / -> /hub/ (@20.236.113.29) 1.07ms
> Apr 13 18:38:22 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:22.267 JupyterHub log:192] 302 GET / -> /hub/ (@20.236.113.29) 0.47ms
> Apr 13 18:38:23 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:23.654 JupyterHub log:192] 200 GET /hub/api/ (cull-idle@127.0.0.1) 10.85ms
> Apr 13 18:38:23 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:23.659 JupyterHub log:192] 200 GET /hub/api/users?state=[secret] (cull-idle@127.0.0.1) 4.02ms
> Apr 13 18:38:26 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:26.016 JupyterHub log:192] 302 GET / -> /hub/ (@104.43.210.245) 0.60ms
> Apr 13 18:38:26 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:26.028 JupyterHub log:192] 302 GET / -> /hub/ (@104.43.211.66) 0.52ms
> Apr 13 18:38:28 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:28.631 JupyterHub log:192] 302 GET / -> /hub/ (@20.225.133.225) 0.63ms
> Apr 13 18:38:28 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:28.637 JupyterHub log:192] 302 GET / -> /hub/ (@20.225.133.225) 0.47ms
> Apr 13 18:38:35 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:35.840 JupyterHub log:192] 302 GET / -> /hub/ (@20.221.197.40) 0.58ms
> Apr 13 18:38:35 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:35.843 JupyterHub log:192] 302 GET / -> /hub/ (@20.221.197.40) 0.46ms
> Apr 13 18:38:36 svrltljhwho01 python3[481944]: [E 2024-04-13 18:38:36.075 JupyterHub oauth2:653] Error fetching 599 POST https://orcid.org/oauth/token: HTTP 599: error setting certificate verify locations:
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       CAfile: /etc/pki/tls/certs/ca-bundle.crt
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       CApath: none
> Apr 13 18:38:36 svrltljhwho01 python3[481944]: [E 2024-04-13 18:38:36.075 JupyterHub web:1875] Uncaught exception GET /hub/oauth_callback?code=doABf7&state=eyJzdGF0ZV9pZCI6ICJkYzljZmZlZTNmZjg0NDhkYjIxY2UyOWZjMDJjODBlYSJ9 (192.168.2.184)
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:     HTTPServerRequest(protocol='https', host='myserver', method='GET', uri='/hub/oauth_callback?code=doABf7&state=eyJzdGF0ZV9pZCI6ICJkYzljZmZlZTNmZjg0NDhkYjIxY2UyOWZjMDJjODBlYSJ9', version='HTTP/1.1', remote_ip='192.168.2.184')
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:     Traceback (most recent call last):
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       File "/opt/tljh/hub/lib/python3.10/site-packages/tornado/web.py", line 1790, in _execute
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:         result = await result
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       File "/opt/tljh/hub/lib/python3.10/site-packages/oauthenticator/oauth2.py", line 210, in get
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:         user = await self.login_user()
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       File "/opt/tljh/hub/lib/python3.10/site-packages/jupyterhub/handlers/base.py", line 928, in login_user
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:         authenticated = await self.authenticate(data)
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       File "/opt/tljh/hub/lib/python3.10/site-packages/jupyterhub/auth.py", line 493, in get_authenticated_user
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:         authenticated = await maybe_future(self.authenticate(handler, data))
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       File "/opt/tljh/hub/lib/python3.10/site-packages/oauthenticator/oauth2.py", line 1029, in authenticate
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:         token_info = await self.get_token_info(handler, access_token_params)
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       File "/opt/tljh/hub/lib/python3.10/site-packages/oauthenticator/oauth2.py", line 874, in get_token_info
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:         token_info = await self.httpfetch(
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       File "/opt/tljh/hub/lib/python3.10/site-packages/oauthenticator/oauth2.py", line 688, in httpfetch
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:         return await self.fetch(
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       File "/opt/tljh/hub/lib/python3.10/site-packages/oauthenticator/oauth2.py", line 654, in fetch
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:         raise e
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       File "/opt/tljh/hub/lib/python3.10/site-packages/oauthenticator/oauth2.py", line 633, in fetch
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:         resp = await self.http_client.fetch(req, **kwargs)
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:     tornado.curl_httpclient.CurlError: HTTP 599: error setting certificate verify locations:
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       CAfile: /etc/pki/tls/certs/ca-bundle.crt
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       CApath: none
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:
> Apr 13 18:38:36 svrltljhwho01 python3[481944]: [E 2024-04-13 18:38:36.100 JupyterHub log:184] {
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Host": "datamine.ahri.org",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Accept-Encoding": "gzip, deflate, br, zstd",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Accept-Language": "en-US,en;q=0.9",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Cookie": "_xsrf=[secret]; oauthenticator-state=[secret]",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Referer": "https://orcid.org/",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Sec-Ch-Ua": "\"Google Chrome\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\"",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Sec-Ch-Ua-Mobile": "?0",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Sec-Ch-Ua-Platform": "\"Windows\"",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Sec-Fetch-Dest": "document",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Sec-Fetch-Mode": "navigate",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Sec-Fetch-Site": "cross-site",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Sec-Fetch-User": "?1",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "Upgrade-Insecure-Requests": "1",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "X-Forwarded-For": "192.168.2.184",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "X-Forwarded-Host": "myserver",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "X-Forwarded-Port": "443",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "X-Forwarded-Proto": "https",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "X-Forwarded-Server": "svrltljhwho01",
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:       "X-Real-Ip": "192.168.2.184"
> Apr 13 18:38:36 svrltljhwho01 python3[481944]:     }
> Apr 13 18:38:36 svrltljhwho01 python3[481944]: [E 2024-04-13 18:38:36.100 JupyterHub log:192] 500 GET /hub/oauth_callback?code=[secret]&state=[secret] (@192.168.2.184) 56.98ms
> Apr 13 18:38:38 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:38.539 JupyterHub log:192] 302 GET / -> /hub/ (@20.225.72.176) 0.92ms
> Apr 13 18:38:38 svrltljhwho01 python3[481944]: [I 2024-04-13 18:38:38.541 JupyterHub log:192] 302 GET / -> /hub/ (@20.225.72.176) 0.63ms
1 Like
2

Managed to resolve the issue by downgrading pycurl to v7.45.2

su 
source /opt/tljh/hub/bin/activate
pip install --force-reinstall pycurl==7.45.2
tljh-config reload
1 Like