Mattermost, Inc.

[SOLVED] Mattermost Gitlab - Token request failed

Summary

Getting the message “Token request failed” when i try to authorize mattermost on gitlab.

Steps to reproduce

I followed the gitlab mattermost install page, i’m runing the whole gitlab environment in dockers (using official image)

Expected behavior

Describe your issue in detail

Observed behavior

Once i try to login on my mattermost env through gitlab, It keep telling my that the Token registration as been rejected.

  1. Mattermost login page
    httpsgyazo.com/f8b8bf58882361f07ba8180b897ad928

  2. Mattermost authorization
    [https]gyazo.com/5c7a05decf7640a090b7f07e069cee17

  3. Token rejected
    [https]gyazo.com/83acf34c6c2a4524381d4e1713179107

  4. Gitlab logs

==> /var/log/gitlab/gitlab-rails/production.log <==
Started POST "/oauth/authorize" for 172.17.0.4 at 2016-12-12 08:26:34 +0000 Processing by Oauth::AuthorizationsController#create as HTML  Parameters: {"utf8"=>"✓", "authenticity_token"=>"hV5Kc5q0KRgKZNmMAh49UdGSejbajoFKCIyrPtr3WkkHTReY6tES+agMno6VZcO2b3z+r0qv0pbjJaBl/VSljw==", "client_id"=>"8ff5c2c69203be0290d8e3f1f47b23781f84a544d760833bb87618da891d49ef", "redirect_uri"=>"https://mattermost.hsfactory.net/signup/gitlab/complete", "state"=>"eyJhY3Rpb24iOiJsb2dpbiIsImhhc2giOiIkMmEkMTAkV3lyOFBCNVliS05MMEJwMVZSS1BOZXJEanB2emhpR1l3YWc0NHlaaC96c252aVk5YUJFRW0ifQ==", "response_type"=>"code", "scope"=>"api"} Redirected to https://mattermost.company.com/signup/gitlab/complete?code=8426ea1804ada7bcabb0ec195e42b1817fa2ebbea65ccca1ab95ce425427b5b0&state=eyJhY3Rpb24iOiJsb2dpbiIsImhhc2giOiIkMmEkMTAkV3lyOFBCNVliS05MMEJwMVZSS1BOZXJEanB2emhpR1l3YWc0NHlaaC96c252aVk5YUJFRW0ifQ%3D%3D Completed 302 Found in 85ms (ActiveRecord: 16.0ms)

==> /var/log/gitlab/gitlab-workhorse/current <==
2016-12-12_08:26:34.73912 git.company.com 172.17.0.4:49244 - - [2016-12-12 08:26:34.63540592 +0000 UTC] "POST /oauth/authorize HTTP/1.1" 302 326 "https://git.company.com/oauth/authorize?response_type=code&client_id=8ff5c2c69203be0290d8e3f1f47b23781f84a544d760833bb87618da891d49ef&redirect_uri=https%3A%2F%2Fmattermost.company.com%2Fsignup%2Fgitlab%2Fcomplete&state=eyJhY3Rpb24iOiJsb2dpbiIsImhhc2giOiIkMmEkMTAkV3lyOFBCNVliS05MMEJwMVZSS1BOZXJEanB2emhpR1l3YWc0NHlaaC96c252aVk5YUJFRW0ifQ%3D%3D" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36" 0.103534

==> /var/log/gitlab/mattermost/current <==
2016-12-12_08:26:34.83189 [2016/12/12 08:26:34 UTC] [EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=e95id3iwztfrzdkbqk5es959ew uid= ip=xxx.xxx.xxx.xxx Token request failed [details: Post https://git.company.com/oauth/token: dial tcp 172.17.0.3:443: getsockopt: connection refused]

==> /var/log/gitlab/mattermost/mattermost.log <==
[2016/12/12 08:26:34 UTC] [EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=e95id3iwztfrzdkbqk5es959ew uid= ip=xxx.xxx.xxx.xxx Token request failed [details: Post https://git.company.com/oauth/token: dial tcp 172.17.0.3:443: getsockopt: connection refused]

  1. Gitlab config
mattermost_external_url 'https://mattermost.company.com'
mattermost['enable'] = true
mattermost['service_use_ssl'] = true
mattermost_nginx['ssl_certificate'] = "/etc/letsencrypt/live/mattermost.company.com/fullchain.pem"
mattermost_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/matteermost.company.com/privkey.pem"
mattermost['service_use_ssl'] = true
mattermost['service_address'] = "0.0.0.0"
mattermost['service_port'] = "8065"
mattermost['service_enable_incoming_webhooks'] = true
mattermost['service_enable_outgoing_webhooks'] = true
mattermost['service_enable_oauth_service_provider'] = true
mattermost['team_site_name'] = "Mattermost"
mattermost['team_enable_team_creation'] = true
mattermost['team_enable_user_creation'] = true
mattermost['team_allow_public_link'] = true
mattermost['gitlab_enable'] = true
mattermost['gitlab_secret'] = "f34a8493af9eb0f060ed767c308f890eae56a9d93e52e13e3310b502dd3f6ebe"
mattermost['gitlab_id'] = "8ff5c2c69203be0290d8e3f1f47b23781f84a544d760833bb87618da891d49ef"
mattermost['gitlab_scope'] = ""
mattermost['gitlab_auth_endpoint'] = "https://git.company.com/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "https://git.company.com/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "https://git.company.com/api/v3/user"
mattermost['email_enable_sign_up_with_email'] = true
mattermost['service_enable_insecure_outgoing_connections'] = true

I looked at every single setting again and again without success. Mail login is working.

PS: Sorry for gyazo’s link, as a new registered user, i can’"t post more than 1 image in a post, also edited links as i can only post 2 in a single post.

nobody has a clue ? :confused:

Hi @repz

By looking at the logs you posted it seems that Mattermost is not able to connect to your gitlab server Post https://git.company.com/oauth/token: dial tcp 172.17.0.3:443: getsockopt: connection refused can you ensure that the docker container for Mattermost can reach the IP address above and that the port 443 is open?

1 Like

Yes it was related to ssl. Fixed it.

Hi how did you fix it pls? I have the same issue.

The option hostname: gitlab.example.com adds the /etc/hosts record 172.xx.0.x gitlab.example.com so all requests go internally bypass the reverse proxy. It’s fine for http, but when it comes to https, you are getting https://gitlab.example./oauth/token: dial tcp 172.xx.0.x:443: getsockopt: connection refused`

I kept hostname option and specified http urls in gitlab endpoints. My config:

external_url 'https://gitlab.example.com'
nginx['listen_port'] = 80
nginx['listen_https'] = false
mattermost_external_url 'https://mattermost.example.com'
mattermost_nginx['listen_port'] = 80
mattermost_nginx['listen_https'] = false
mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"

I had the same issue after configuring GitLab Pages custom domains. GitLab requires using separate IPs for GitLab and GitLab Pages if custom domains are enabled, therefore we changed the configuration from

nginx['listen_addresses'] = ["0.0.0.0", "[::]"]

to

nginx['listen_addresses'] = ["our_public_ipv4_ip", "[our_public_ipv6_ip]"]

Afterwards we got the token request failed error message because our /etc/hosts file contains an 127.0.1.1 gitlab.example.com entry and there was no webserver listening on 127.0.1.1 anymore.

We fixed this by changing the configuration to

nginx['listen_addresses'] = ["127.0.0.1", "[::1]", "127.0.1.1", "our_public_ipv4_ip", "[our_public_ipv6_ip]"]

(I also added 127.0.0.1 and [::1], just to be sure.)