Issue
Sometimes, a user authenticating with Google OIDC sees a 500 error message when logging in to the application.
An example error appears below, which is logged in the gunicorn container logs.
[2022-05-16 12:46:41.640 | INFO | hs.oidc:184 | 3c029b56-d516-11ec-b1e9-12fd3d8d8023 :
AnonymousUser : GET : /oidc/callback/ : 127.0.0.1 : 0.195684] constructred username: [email protected]
[2022-05-16 12:46:41.649 | INFO | hs.oidc:52 | 3c029b56-d516-11ec-b1e9-12fd3d8d8023 :
AnonymousUser : GET : /oidc/callback/ : 127.0.0.1 : 0.205099] Creating google svc object with credential file
/etc/nginx/certs/hyperscience-343015-2969910942f8.json and user [email protected]
[2022-05-16 12:46:41.651 | ERROR | common.signals:75 | 3c029b56-d516-11ec-b1e9-12fd3d8d8023 :
AnonymousUser : GET : /oidc/callback/ : 127.0.0.1 : 0.207201] Request failed. Handled by None.
[2022-05-16 12:46:41.660 | ERROR | MainThread | django.request:230] Internal Server Error: /oidc/callback/
Traceback (most recent call last):
File \"/var/www/venv/lib/python3.7/site-packages/django/core/handlers/exception.py\", line 47, in inner
response = get_response(request)
File \"/var/www/venv/lib/python3.7/site-packages/django/core/handlers/base.py\", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File \"/var/www/venv/lib/python3.7/site-packages/django/views/generic/base.py\", line 70, in view
return self.dispatch(request, *args, **kwargs)
File \"/var/www/venv/lib/python3.7/site-packages/django/views/generic/base.py\", line 98, in dispatch
return handler(request, *args, **kwargs)
File \"/var/www/forms/forms/user_profile/openid.py\", line 316, in get
return super(OIDCAuthenticationCallbackView, self).get(request)
File \"/var/www/venv/lib/python3.7/site-packages/mozilla_django_oidc/views.py\", line 101, in get
self.user = auth.authenticate(**kwargs)
File \"/var/www/venv/lib/python3.7/site-packages/django/views/decorators/debug.py\", line 42, in sensitive_variables_wrapper
return func(*func_args, **func_kwargs)
File \"/var/www/venv/lib/python3.7/site-packages/django/contrib/auth/__init__.py\", line 76, in authenticate
user = backend.authenticate(request, **credentials)
File \"/var/www/venv/lib/python3.7/site-packages/mozilla_django_oidc/auth.py\", line 289, in authenticate
return self.get_or_create_user(access_token, id_token, payload)
File \"/var/www/venv/lib/python3.7/site-packages/mozilla_django_oidc/auth.py\", line 328, in get_or_create_user
user = self.create_user(user_info)
File \"/var/www/forms/forms/user_profile/openid.py\", line 200, in create_user
return self._sync_user(user, claims)
File \"/var/www/forms/forms/user_profile/openid.py\", line 156, in _sync_user
group_names = get_google_groups(user.username)
File \"/var/www/forms/forms/user_profile/openid.py\", line 72, in get_google_groups
google_directory = get_google_directory_service_object()
File \"/var/www/forms/forms/user_profile/openid.py\", line 57, in get_google_directory_service_object
subject=user_email,
File \"/var/www/venv/lib/python3.7/site-packages/google/oauth2/service_account.py\", line 226, in from_service_account_file
filename, require=[\"client_email\", \"token_uri\"]
File \"/var/www/venv/lib/python3.7/site-packages/google/auth/_service_account_info.py\", line 73, in from_filename
data = json.load(json_file)
File \"/opt/hs/python/lib/python3.7/json/__init__.py\", line 296, in load
parse_constant=parse_constant, object_pairs_hook=object_pairs_hook, **kw)
File \"/opt/hs/python/lib/python3.7/json/__init__.py\", line 348, in loads
return _default_decoder.decode(s)
File \"/opt/hs/python/lib/python3.7/json/decoder.py\", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File \"/opt/hs/python/lib/python3.7/json/decoder.py\", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Invalid control character at: line 5 column 205 (char 338)
Affected versions
All versions
Affected configurations
All configurations with Google OIDC authentication
Causes
The JSON decoder cannot decode the JSON object. In most cases, this issue is due to the JSON not being in a valid format.
Solution / Workaround
Validate the JSON’s formatting and fix the error.
To learn more about configuring Google OIDC, see “External Authentication Providers” for your version of Hyperscience ( v35 | v36 | v37 | v38 | v39 | v40 ).