Authentication issue

I am hosting a panel dashboard through Docker and Azure Kubernetes Services. For me and others in my company it can be accessed at http:// someipaddress /dashboard.

I want to add authentication to it, to control who can see what. My end goal is to use Azure Active Directory for authentication, but since I am lacking some accesses there I am currently trying to make authentication work with GitHub.

I have followed this guide, but after I (try to) authorize with GitHub it says “500: Internal server error”.

I am using http:// someipaddress /dashboard as the --oauth-redirect-uri when calling “panel serve”. I am using the same address in GitHub when registering the OAuth app. I have passed the client id and secret to “panel serve” through --oauth-id and --oauth-secret. I also pass a --cookie-secret generated with “panel secret”.

The Docker container inside Kubernetes is exposing localhost:8080.

Any idea what I’m doing wrong?

2 Likes

Hi @arelo

Welcome to the community.

I don’t know the cause. But normally when if I see 500: Internal server error in the browser the Panel server will be logging the cause in the terminal.

What does the panel server log say?

I have been trying to read it through “kubectl logs …”, but there seems to be some access related issue with that as well. I need to see if I can be granted access tomorrow if there’s no alternative way to read the server logs.

1 Like

Can you get it working on your laptop?

I will try, but this raises other questions:

  1. Is docker sufficient, or do I have to do it in minikube?
  2. Using docker I can access the app at http://localhost:8080/dashboard. In minikube I can also use the external IP of the service. Do you think it is sufficient to use http://localhost:8080/dashboard as the redirect uri both in “panel serve” and on GitHub? I am no expert in web development, so I don’t know if GitHub can communicate with/redirect to localhost.

Good questions. I don’t know the answers.

Hi @arelo.

I am using authentication similar to yours for my app. The apps is running under docker and I am authenticate it with OAuth bound with in-house Gitlab.
My impression, you already authenticated your app through Github, Github is redirecting you to your apps through your redirect URI, when you reached back your app, you got the error.
Once, I also got the internal server error, which is related to the Panel server error as @Marc said.
There are several error that could be happen, therefore it is suggested to printed out and look carefully to the Panel log to find out the reason of your error.
In my case, there was encoding problem on the Panel (and docker) site.

2021-05-27 07:16:48,184 Uncaught exception GET /login?next=%2Fdashboard%3Fcode%3D7db8792a4a6294eaf73d16f38715c55729b80ecb408acdc11c21f7097a20e695%26state%3D3da727364438451b9d52aa5d04154171 (10.67.23.208)
HTTPServerRequest(protocol=‘http’, host=‘someIP:Port’, method=‘GET’, uri=’/login?next=%2Fdashboard%3Fcode%3D7db8792a4a6294eaf73d16f38715c55729b80ecb408acdc11c21f7097a20e695%26state%3D3da727364438451b9d52aa5d04154171’, version=‘HTTP/1.1’, remote_ip=‘ipAddress’)
Traceback (most recent call last):
File “/opt/conda/envs/dashboard/lib/python3.7/site-packages/tornado/web.py”, line 1704, in _execute
result = await result
File “/opt/conda/envs/dashboard/lib/python3.7/site-packages/panel/auth.py”, line 246, in get
user = await self.get_authenticated_user(**params)
File “/opt/conda/envs/dashboard/lib/python3.7/site-packages/panel/auth.py”, line 110, in get_authenticated_user
client_secret
File “/opt/conda/envs/dashboard/lib/python3.7/site-packages/panel/auth.py”, line 453, in _fetch_access_token
user = decode_response_body(user_response)
File “/opt/conda/envs/dashboard/lib/python3.7/site-packages/panel/auth.py”, line 40, in decode_response_body
body = codecs.decode(response.body, ‘ascii’)
UnicodeDecodeError: ‘ascii’ codec can’t decode byte 0xe5 in position 18: ordinal not in range(128)

I solved this error by change the 'ascii' on panel/auth.py into 'UTF-8'. I also set the locale config in my docker image (as mentioned here), although I am not sure whether it is really helped. FYI, the version of my Panel is 0.11.3.

I am sorry if your error is different with my experience. Please share the Panel log by any chance.

2 Likes

Hi @Arifin. Apparently I had the same error and changing “ascii” to “UTF-8” in auth.py worked. Thanks a bunch!

2 Likes

Hi @Arifin and @arelo

Happy you figured it out.

Is this a bug in Panel? And if it is would you mind filing a bug report. That will help the next user. Thanks.

1 Like

Hi @arelo good to hear that!

About the panel issue, just filling it here: Authentication issue · Issue #2458 · holoviz/panel · GitHub

2 Likes