[Solved] Zapier OAuth Integration Suddenly Failing with Bad Client_id

Troubleshooting
1

Summary

Had a functioning integration with Zapier and it stopped working 4 days ago, with Zapier saying that the session expired:
Bargle. We hit an error creating a post message. :-( Error: team.ulets.us returned (401) Unauthorized and said "Invalid or expired session, please login again."

I tried to reconnect the account following the steps outlined in the Zapier/Mattermost documentation and it fails with invalid_request: Bad client_id

Steps to reproduce

  1. Install mattermost-docker 3.4.0
  2. Proxy mattermost from apache2 to nginx to docker
  3. Create an OAuth2 integration for Zapier following these steps: https://docs.mattermost.com/integrations/zapier.html
  4. Connect the account on Zapier
  5. Get error “invalid_request: Bad client_id”

Expected behavior

Zapier authorizes successfully

Observed behavior

[2016/10/26 18:21:41 UTC] [EROR] /oauth/access_token:getAccessToken code=500 rid=pqxemy1pb7dgmgb6ffwccea8za uid= ip=54.210.27.170 invalid_request: Bad client_id [details: ]

Apache VHost Config:
`<VirtualHost *:80>

   ServerName mydomain.com

  
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

<VirtualHost *:443>

    ServerName mydomain.com

SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    SSLCertificateFile    mycert.cry
    SSLCertificateKeyFile mykey.key
    SSLCertificateChainFile myccf.ca-bundle
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"

SSLCompression Off
SSLProxyEngine On

RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) wss://localhost:4343/$1 [P,L]

ProxyPreserveHost On
ProxyPass / https://0.0.0.0:4343/
ProxyPassReverse / https://0.0.0.0:4343/
#ProxyPass "/ws2/"  "https://0.0.0.0:8080/"
#ProxyPass "/wss2/"  "wss://0.0.0.0:4343/"
#ProxyPassReverse "/wss2/"  "wss://0.0.0.0:4343/"

LogLevel warn
Customlog /var/log/apache2/mattermost-access.log combined

`

Nginx config:

`server {

 listen 4343 ssl;
 server_name mydomain.com;

 ssl on;

 ssl_certificate chained.crt;
 ssl_certificate_key mykey.key;
 ssl_session_timeout 5m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
 ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:10m;

 location / {
    gzip off;
    proxy_set_header X-Forwarded-Ssl on;
    client_max_body_size 50M;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Frame-Options SAMEORIGIN;
    proxy_pass http://127.0.0.1:8065;
 }

}`

2

Hi @bennnjamin,

Sorry to hear you are having problems connecting to Zapier. I haven’t seen that error before.

  1. Can you please ensure that OAuth applications are enabled on your server (System Console > Integrations > Custom Integrations > Enable OAuth 2.0 Service Provider).
  2. You mentioned you attempted to re-connect to the OAuth app in Zapier, can you also please attempt to delete and then re-create your OAuth app in Mattermost following these instructions, then connect to the new OAuth app in Zapier?
3

@eric

You know, I did that before posting this but instead of deleting and re-creating my OAuth app, I just added a new one and tried that client/id. For some reason this time it worked and here’s the exact steps I did:

  1. Delete All OAuth apps (I only had Zapier).
  2. Turn Off OAuth applications
  3. $ docker-compose stop
  4. $ service docker restart
  5. $ docker-compose up -d
  6. Turn on OAuth applications
  7. Create a single OAuth following the instructions (note: the screenshot conflicts with the text on that page. I set “Is Trusted” to No)
  8. Reconnect my Mattermost account on Zapier using the new client id and token.
  9. Click “Allow” when asked to trust Zapier.
  10. Success!

Thanks @eric.