Error creating token

[Darnal Philippe]

Hi,

After upgrading iTop and mail to ticket extension, my new OAuth client give me trouble.
I've got an error when I click "Generate Access Token" => HTTP ERROR 504.

I've got something in /var/log/apache2/access.log :
10.60.22.67 - - [13/Feb/2023:12:41:50 +0100] "POST /pages/exec.php?exec_module=itop-oauth-client&exec_page=ajax.php&exec_env=production HTTP/1.1" 500 7933 "https://my-app/pages/UI.php?operation=details&class=OAuthClientAzure&id=2&c[menu]=OAuthClient" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"

But no detail in /var/log/apache2/error.log or /var/www/html/log/error.log
Even if I put display_errors = On in php.ini

I've reproduced the error with postman and don't know why https://my-app/pages/exec.php?exec_module=itop-oauth-client&exec_page=ajax.php&exec_env=production fail

If someone could help me

Regards,

[Jeffrey Bostoen]

Have you tried this?
https://www.itophub.io/wiki/page?id=2_7_0%3Aadmin%3Aoauth#troubleshooting

504 is a gateway timeout. You'd need to investigate where exactly it happens.

[Darnal Philippe]

Hi,

504 error has turned to 500 error.
login.microsoftonline was blocked by the security network policy.

But I still have no error in my logs.
php.ini :
display_errors = On
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

iTop configuration file :
'log_level_min' => ['OAuth' => 'Debug'],

I tryed 'log_level_min' => LogAPI::LEVEL_DEBUG
But no logs :(

Regards,

[Darnal Philippe]

I started puting print in code to find out the culprit
I ended in a Guzzle send call and I don't know why the error can't be catched

In AbstractProvider.php :

public function getParsedResponse(RequestInterface $request) {
  file_put_contents('php://stderr', print_r(date("[D M d H:i:s.u Y] ")."In getParsedResponse".PHP_EOL, TRUE));
  try {
    $response = $this->getResponse($request);
  } catch (BadResponseException $e) {
    file_put_contents('php://stderr', print_r(date("[D M d H:i:s.u Y] ")."BadResponseException : ".print_r($e, TRUE).PHP_EOL, TRUE));
    $response = $e->getResponse();
  }
  ...
}

I tryed with BadResponseException, with TransferException, with Exception and everytime the exception is never catched.
I'm from the Java world maybe I missed something but how it's possible!?

[Darnal Philippe]

God I found it!

cURL error 35: OpenSSL SSL_connect: Connection reset by peer in connection to login.microsoftonline.com:443 (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)

It wasn't a BadResponseException but a ConnectException.
Why Guzzle ? Why ? Why this exception tree ? :(

Now, if anyone knows how to get ride of error 35 ....

[Jeffrey Bostoen]

You'll need to find out why there's a connectivity issue. That's a more generic issue than iTop. :)

[Darnal Philippe]

Hi,

Like you said it was a connectivity issue.
New policy rules have been added to the firewall to solve the curl error.
Now eveything works nice!

But, I think iTop maintainers should find a workaround to that buggy league library.
In getParsedResponse function (AbstractProvider.php), 2 catch clauses are missing.
One for ConnectException and one for TooManyRedirectsException.

Regards,

[Pierre Goiffon]

Hello,

But, I think iTop maintainers should find a workaround to that buggy league library.
In getParsedResponse function (AbstractProvider.php), 2 catch clauses are missing.

You are talking about a library we are not maintaining. But a catch in the itop-oauth-client might be added ?
We are opened to contributions !