Got 'Unauthenticated' when using Google sign-in

#1

Hello,

We enabled Google sign-in on our metabase v0.32.4 instance, and I found when I completed sign-in process with my gmail account, metabase didn’t seem to sign me in, I got following error in logs:

2019-04-20 22:43 +08:00: 04-20 22:43:02 DEBUG middleware.log :: GET /api/user/current 401 317 µs (0 DB calls) Jetty threads: 8/50 (8 busy, 2 idle, 0 queued) (83 total active threads)
"Unauthenticated"

2019-04-20 22:43 +08:00: 04-20 22:43:02 DEBUG middleware.log :: GET /api/session/properties 200 3 ms (1 DB calls) Jetty threads: 8/50 (8 busy, 2 idle, 0 queued) (83 total active threads)
2019-04-20 22:43 +08:00: 04-20 22:43:04 DEBUG middleware.log :: GET /api/user/current 401 252 µs (0 DB calls) Jetty threads: 8/50 (7 busy, 2 idle, 0 queued) (83 total active threads)
"Unauthenticated"

I tried clear my cache and restart metabase, but failed to work.

Could you pls help?

#2

Hi @yuanfei
Are you using a reverse proxy?
Are you sure you’re using 0.32.4? I’m asking because a specific Google Auth error was fixed in that version.
Have a look in the browser console to see any errors.

#3

I’m sure I’m using v0.32.4 without reverse proxy, and there is not any errors in console for the google sign-in pop-up.

However I found another error a few, I’m not sure if it is relevant:

POST /api/session/google_auth 500 124 ms (0 DB calls) Jetty threads: 8/50 (10 busy, 2 idle, 0 queued) (81 total active threads)
{:message "Connection reset",
 :type java.net.SocketException,
 :stacktrace
 ("java.net.SocketInputStream.read(SocketInputStream.java:210)"
  "java.net.SocketInputStream.read(SocketInputStream.java:141)"
  "sun.security.ssl.InputRecord.readFully(InputRecord.java:465)"
  "sun.security.ssl.InputRecord.read(InputRecord.java:503)"
  "sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)"
  "sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)"
  "sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)"
  "sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)"
  "org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)"
  "org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)"
  "org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)"
  "org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:325)"
  "org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)"
  "org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)"
  "org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)"
  "org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)"
  "org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)"
  "org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)"
  "org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)"
  "clj_http.core$request.invokeStatic(core.clj:626)"
  "clj_http.core$request.invoke(core.clj:554)"
  "clj_http.core$request.invokeStatic(core.clj:555)"
  "clj_http.core$request.invoke(core.clj:554)"
  "clojure.lang.Var.invoke(Var.java:384)"
  "clj_http.client$wrap_request_timing$fn__41129.invoke(client.clj:1085)"
  "clj_http.headers$wrap_header_map$fn__40276.invoke(headers.clj:147)"
  "clj_http.client$wrap_query_params$fn__41019.invoke(client.clj:819)"
  "clj_http.client$wrap_basic_auth$fn__41025.invoke(client.clj:842)"
  "clj_http.client$wrap_oauth$fn__41030.invoke(client.clj:859)"
  "clj_http.client$wrap_user_info$fn__41039.invoke(client.clj:879)"
  "clj_http.client$wrap_url$fn__41111.invoke(client.clj:1037)"
  "clj_http.client$wrap_decompression$fn__40828.invoke(client.clj:420)"
  "clj_http.client$wrap_input_coercion$fn__40943.invoke(client.clj:639)"
  "clj_http.client$wrap_additional_header_parsing$fn__40968.invoke(client.clj:694)"
  "clj_http.client$wrap_output_coercion$fn__40930.invoke(client.clj:583)"
  "clj_http.client$wrap_exceptions$fn__40780.invoke(client.clj:254)"
  "clj_http.client$wrap_accept$fn__40983.invoke(client.clj:737)"
  "clj_http.client$wrap_accept_encoding$fn__40990.invoke(client.clj:759)"
  "clj_http.client$wrap_content_type$fn__40977.invoke(client.clj:720)"
  "clj_http.client$wrap_form_params$fn__41076.invoke(client.clj:961)"
  "clj_http.client$wrap_nested_params$fn__41097.invoke(client.clj:995)"
  "clj_http.client$wrap_flatten_nested_params$fn__41106.invoke(client.clj:1019)"
  "clj_http.client$wrap_method$fn__41044.invoke(client.clj:895)"
  "clj_http.cookies$wrap_cookies$fn__39479.invoke(cookies.clj:131)"
  "clj_http.links$wrap_links$fn__40608.invoke(links.clj:63)"
  "clj_http.client$wrap_unknown_host$fn__41114.invoke(client.clj:1048)"
  "clj_http.client$request_STAR_.invokeStatic(client.clj:1176)"
  "clj_http.client$request_STAR_.invoke(client.clj:1169)"
  "clj_http.client$post.invokeStatic(client.clj:1194)"
  "clj_http.client$post.doInvoke(client.clj:1190)"
  "clojure.lang.RestFn.invoke(RestFn.java:410)"
  "--> api.session$google_auth_token_info.invokeStatic(session.clj:212)"
  "api.session$google_auth_token_info.invoke(session.clj:211)"
  "api.session$fn__59715.invokeStatic(session.clj:261)"
  "api.session$fn__59715.invoke(session.clj:255)"
  "routes$fn__60869$fn__60870.doInvoke(routes.clj:113)"
  "middleware.exceptions$catch_uncaught_exceptions$fn__42871.invoke(exceptions.clj:104)"
  "middleware.exceptions$catch_api_exceptions$fn__42868.invoke(exceptions.clj:92)"
  "middleware.log$log_api_call$fn__42789$fn__42790.invoke(log.clj:168)"
  "middleware.log$log_api_call$fn__42789.invoke(log.clj:162)"
  "middleware.security$add_security_headers$fn__42832.invoke(security.clj:102)"
  "middleware.json$wrap_json_body$fn__43041.invoke(json.clj:61)"
  "middleware.json$wrap_streamed_json_response$fn__43059.invoke(json.clj:97)"
  "middleware.session$bind_current_user$fn__43173$fn__43174.invoke(session.clj:188)"
  "middleware.session$do_with_current_user.invokeStatic(session.clj:172)"
  "middleware.session$do_with_current_user.invoke(session.clj:165)"
  "middleware.session$bind_current_user$fn__43173.invoke(session.clj:187)"
  "middleware.session$wrap_current_user_id$fn__43162.invoke(session.clj:156)"
  "middleware.session$wrap_session_id$fn__43147.invoke(session.clj:118)"
  "middleware.auth$wrap_api_key$fn__42966.invoke(auth.clj:27)"
  "middleware.misc$maybe_set_site_url$fn__42932.invoke(misc.clj:54)"
  "middleware.misc$bind_user_locale$fn__42935.invoke(misc.clj:70)"
  "middleware.misc$add_content_type$fn__42922.invoke(misc.clj:29)"
  "middleware.misc$wrap_gzip$fn__42950.invoke(misc.clj:97)")}

Any ideas?

#4

I would start with trying the new 0.32.5 (released an hour ago), which fixes async issues among others.
Usually when I see Connection reset, then I would start to look at the firewall.

#5

Hi @flamber
Thanks a lot for your help!

It turns out my http proxy doesn’t work correctly for some configuration issue, after fix this, the google sign-in works perfectly!

1 Like