[SOLVED] Mattermost Gitlab - Token request failed

repz · December 12, 2016, 8:46am

Summary

Getting the message “Token request failed” when i try to authorize mattermost on gitlab.

Steps to reproduce

I followed the gitlab mattermost install page, i’m runing the whole gitlab environment in dockers (using official image)

Expected behavior

Describe your issue in detail

Observed behavior

Once i try to login on my mattermost env through gitlab, It keep telling my that the Token registration as been rejected.

Mattermost login page
httpsgyazo.com/f8b8bf58882361f07ba8180b897ad928
Mattermost authorization
[https]gyazo.com/5c7a05decf7640a090b7f07e069cee17
Token rejected
[https]gyazo.com/83acf34c6c2a4524381d4e1713179107
Gitlab logs

==> /var/log/gitlab/gitlab-rails/production.log <==
Started POST "/oauth/authorize" for 172.17.0.4 at 2016-12-12 08:26:34 +0000 Processing by Oauth::AuthorizationsController#create as HTML  Parameters: {"utf8"=>"✓", "authenticity_token"=>"hV5Kc5q0KRgKZNmMAh49UdGSejbajoFKCIyrPtr3WkkHTReY6tES+agMno6VZcO2b3z+r0qv0pbjJaBl/VSljw==", "client_id"=>"8ff5c2c69203be0290d8e3f1f47b23781f84a544d760833bb87618da891d49ef", "redirect_uri"=>"https://mattermost.hsfactory.net/signup/gitlab/complete", "state"=>"eyJhY3Rpb24iOiJsb2dpbiIsImhhc2giOiIkMmEkMTAkV3lyOFBCNVliS05MMEJwMVZSS1BOZXJEanB2emhpR1l3YWc0NHlaaC96c252aVk5YUJFRW0ifQ==", "response_type"=>"code", "scope"=>"api"} Redirected to https://mattermost.company.com/signup/gitlab/complete?code=8426ea1804ada7bcabb0ec195e42b1817fa2ebbea65ccca1ab95ce425427b5b0&state=eyJhY3Rpb24iOiJsb2dpbiIsImhhc2giOiIkMmEkMTAkV3lyOFBCNVliS05MMEJwMVZSS1BOZXJEanB2emhpR1l3YWc0NHlaaC96c252aVk5YUJFRW0ifQ%3D%3D Completed 302 Found in 85ms (ActiveRecord: 16.0ms)

==> /var/log/gitlab/gitlab-workhorse/current <==
2016-12-12_08:26:34.73912 git.company.com 172.17.0.4:49244 - - [2016-12-12 08:26:34.63540592 +0000 UTC] "POST /oauth/authorize HTTP/1.1" 302 326 "https://git.company.com/oauth/authorize?response_type=code&client_id=8ff5c2c69203be0290d8e3f1f47b23781f84a544d760833bb87618da891d49ef&redirect_uri=https%3A%2F%2Fmattermost.company.com%2Fsignup%2Fgitlab%2Fcomplete&state=eyJhY3Rpb24iOiJsb2dpbiIsImhhc2giOiIkMmEkMTAkV3lyOFBCNVliS05MMEJwMVZSS1BOZXJEanB2emhpR1l3YWc0NHlaaC96c252aVk5YUJFRW0ifQ%3D%3D" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36" 0.103534

==> /var/log/gitlab/mattermost/current <==
2016-12-12_08:26:34.83189 [2016/12/12 08:26:34 UTC] [EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=e95id3iwztfrzdkbqk5es959ew uid= ip=xxx.xxx.xxx.xxx Token request failed [details: Post https://git.company.com/oauth/token: dial tcp 172.17.0.3:443: getsockopt: connection refused]

==> /var/log/gitlab/mattermost/mattermost.log <==
[2016/12/12 08:26:34 UTC] [EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=e95id3iwztfrzdkbqk5es959ew uid= ip=xxx.xxx.xxx.xxx Token request failed [details: Post https://git.company.com/oauth/token: dial tcp 172.17.0.3:443: getsockopt: connection refused]

Gitlab config

mattermost_external_url 'https://mattermost.company.com'
mattermost['enable'] = true
mattermost['service_use_ssl'] = true
mattermost_nginx['ssl_certificate'] = "/etc/letsencrypt/live/mattermost.company.com/fullchain.pem"
mattermost_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/matteermost.company.com/privkey.pem"
mattermost['service_use_ssl'] = true
mattermost['service_address'] = "0.0.0.0"
mattermost['service_port'] = "8065"
mattermost['service_enable_incoming_webhooks'] = true
mattermost['service_enable_outgoing_webhooks'] = true
mattermost['service_enable_oauth_service_provider'] = true
mattermost['team_site_name'] = "Mattermost"
mattermost['team_enable_team_creation'] = true
mattermost['team_enable_user_creation'] = true
mattermost['team_allow_public_link'] = true
mattermost['gitlab_enable'] = true
mattermost['gitlab_secret'] = "f34a8493af9eb0f060ed767c308f890eae56a9d93e52e13e3310b502dd3f6ebe"
mattermost['gitlab_id'] = "8ff5c2c69203be0290d8e3f1f47b23781f84a544d760833bb87618da891d49ef"
mattermost['gitlab_scope'] = ""
mattermost['gitlab_auth_endpoint'] = "https://git.company.com/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "https://git.company.com/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "https://git.company.com/api/v3/user"
mattermost['email_enable_sign_up_with_email'] = true
mattermost['service_enable_insecure_outgoing_connections'] = true

I looked at every single setting again and again without success. Mail login is working.

PS: Sorry for gyazo’s link, as a new registered user, i can’"t post more than 1 image in a post, also edited links as i can only post 2 in a single post.

repz · December 13, 2016, 7:46pm

nobody has a clue ?

elias · December 19, 2016, 12:01pm

Hi @repz

By looking at the logs you posted it seems that Mattermost is not able to connect to your gitlab server Post https://git.company.com/oauth/token: dial tcp 172.17.0.3:443: getsockopt: connection refused can you ensure that the docker container for Mattermost can reach the IP address above and that the port 443 is open?

repz · December 19, 2016, 12:51pm

Yes it was related to ssl. Fixed it.

ElNovi · January 19, 2017, 11:27am

Hi how did you fix it pls? I have the same issue.

karser · October 30, 2017, 5:57am

The option hostname: gitlab.example.com adds the /etc/hosts record 172.xx.0.x gitlab.example.com so all requests go internally bypass the reverse proxy. It’s fine for http, but when it comes to https, you are getting https://gitlab.example./oauth/token: dial tcp 172.xx.0.x:443: getsockopt: connection refused`

I kept hostname option and specified http urls in gitlab endpoints. My config:

external_url 'https://gitlab.example.com'
nginx['listen_port'] = 80
nginx['listen_https'] = false
mattermost_external_url 'https://mattermost.example.com'
mattermost_nginx['listen_port'] = 80
mattermost_nginx['listen_https'] = false
mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"

siwal · November 27, 2019, 11:31am

I had the same issue after configuring GitLab Pages custom domains. GitLab requires using separate IPs for GitLab and GitLab Pages if custom domains are enabled, therefore we changed the configuration from

nginx['listen_addresses'] = ["0.0.0.0", "[::]"]

to

nginx['listen_addresses'] = ["our_public_ipv4_ip", "[our_public_ipv6_ip]"]

Afterwards we got the token request failed error message because our /etc/hosts file contains an 127.0.1.1 gitlab.example.com entry and there was no webserver listening on 127.0.1.1 anymore.

We fixed this by changing the configuration to

nginx['listen_addresses'] = ["127.0.0.1", "[::1]", "127.0.1.1", "our_public_ipv4_ip", "[our_public_ipv6_ip]"]

(I also added 127.0.0.1 and [::1], just to be sure.)

Topic		Replies	Views
Token request failed Troubleshooting	3	4771	May 5, 2016
"Token request failed" error on GitLab Mattermost Troubleshooting	7	5933	April 5, 2020
Gitlab/Mattermost login error - Bad response from token request Troubleshooting	3	3847	July 25, 2022
Configure stand-alone mattermost with gitlab sign-on Troubleshooting	16	7354	August 29, 2019
Unable get token in Gitlab SSO GitLab Mattermost	0	434	June 2, 2023

[SOLVED] Mattermost Gitlab - Token request failed

Summary

Steps to reproduce

Expected behavior

Observed behavior

Related topics