Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Tuple {:option, :server_only, :honor_cipher_order} being returned for error reason from OAuth2 package

Tags:

oauth-2.0

elixir

phoenix

The Phoenix application I'm supporting has OAuth authentication using two different authentication servers. Mysteriously, only in my development environment they have begun exhibiting unexpected behaviour.

The code uses the OAuth2 hex package for authentication.

When an attempt is made to get a token via OAuth2.Client.get_token/1, an error is returned with a tuple rather than a string for the reason. The value of the tuple is {:option, :server_only, :honor_cipher_order}. I haven't been able to find out why this is happening nor what the tuple means.

Any help would be appreciated.

like image 244
Keith Pitty Avatar asked Sep 23 '19 07:09

Keith Pitty

People also ask

Does Tomcat use the server's preferred cipher-suite order?

That ordering is up to you and isn't based upon fuzzy definitions like "strength", since a high-bit cipher can be worse than a lower-bit cipher in certain situations. Tomcat 8.0.21 and later on Java 8 and later will use the server's preferred cipher-suite order if useServerCipherSuitesOrder is set to "true" (the default) for Java-based connectors.

What is the preferred cipher-suite order for Java-based connectors?

Tomcat 7.0.60 and later on Java 8 and later will use the server's preferred cipher-suite order if useServerCipherSuitesOrder is set to "true" (the default) for Java-based connectors. Tomcat 6 never had this capability for Java-based connectors; server-preferred ordering of cipher suites on Tomcat 6 will require the use of the APR/native connector.

Should a server cipher order be set or not?

... a server should begin by offering the strongest ciphers first, and only then offer weaker ciphers. As long as the server only supports ciphers which are strong enough it does not actually matter in terms of security who chooses the cipher.

Is it possible to change the Order of ciphers in OpenSSL?

Using the OpenSSL connector, you get the option of using a more concise syntax for allowing or disallowing certain ciphers but no options for setting cipher order or even preferred cipher. Thanks for contributing an answer to Server Fault!

2 Answers

Discovered that this was caused by https://github.com/benoitc/hackney/issues/591 following an upgrade on my machine to Erlang 22.1.

like image 144
Keith Pitty Avatar answered Sep 22 '22 14:09

Keith Pitty

Without having to downgrade your erlang version, try:

mix deps.update hackney

like image 23
btomtom5 Avatar answered Sep 20 '22 14:09

btomtom5
Sign in to Comment

Related questions

Managing Access Token with Google Drive Oauth 2.0
Spring-boot oauth2 splitting authorization server and resource server
Oauth2; How to solve the issue with expired AccessToken during multiple async api calls , made concurrently?
Identity Server and web api for user management
Does Spring Security OAuth2 support Authorization Code Flow with PKCE for browser (Angular) clients?
Facebook Access Tokens - Server-Side Authentication
Authenticating a user with Instagram on iOS: specifying redirect_uri
Implementing OAuth 2 in a multi-tenant application using dynamic scopes
In OpenID Connect, is it okay to pass an id token instead of an access token to a resource server for authorization?
How can we send OAuth2.0 with axios in React js
How to share JWT Tokens across Multiple Applications (Web / Mobile) when using identity server 3.0 and oAuth 2.0
OAuth REST access_token and instance_url expiry time?
Spring security oauth 2 simple example
Does OAuth2 allow for authorization using non-password or custom credentials?
OAuth 2.0 in php using curl
What to do after getting oauth2 token?
OAuth2: authenticate with email instead of username
Web API Authentication with multi-tenant data access
Authenticating as a Service with Azure AD B2C
Using Spring security oauth, using a custom OAuth provider, I get [authorization_request_not_found], should I handle the callback method myself?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!