Internal server error when logging in with Google OIDC

Prev Next

Issue

Sometimes, a user authenticating with Google OIDC sees a 500 error message when logging in to the application.

ServerError500.png

An example error appears below, which is logged in the gunicorn container logs.

[2022-05-16 12:46:41.640 | INFO | hs.oidc:184 | 3c029b56-d516-11ec-b1e9-12fd3d8d8023 : 

AnonymousUser : GET : /oidc/callback/ : 127.0.0.1 : 0.195684] constructred username: [email protected]

[2022-05-16 12:46:41.649 | INFO | hs.oidc:52 | 3c029b56-d516-11ec-b1e9-12fd3d8d8023 : 

AnonymousUser : GET : /oidc/callback/ : 127.0.0.1 : 0.205099] Creating google svc object with credential file 

/etc/nginx/certs/hyperscience-343015-2969910942f8.json and user [email protected]

[2022-05-16 12:46:41.651 | ERROR | common.signals:75 | 3c029b56-d516-11ec-b1e9-12fd3d8d8023 : 

AnonymousUser : GET : /oidc/callback/ : 127.0.0.1 : 0.207201] Request failed. Handled by None.

[2022-05-16 12:46:41.660 | ERROR | MainThread | django.request:230] Internal Server Error: /oidc/callback/

Traceback (most recent call last):

  File \"/var/www/venv/lib/python3.7/site-packages/django/core/handlers/exception.py\", line 47, in inner

    response = get_response(request)

  File \"/var/www/venv/lib/python3.7/site-packages/django/core/handlers/base.py\", line 181, in _get_response

    response = wrapped_callback(request, *callback_args, **callback_kwargs)

  File \"/var/www/venv/lib/python3.7/site-packages/django/views/generic/base.py\", line 70, in view

    return self.dispatch(request, *args, **kwargs)

  File \"/var/www/venv/lib/python3.7/site-packages/django/views/generic/base.py\", line 98, in dispatch

    return handler(request, *args, **kwargs)

  File \"/var/www/forms/forms/user_profile/openid.py\", line 316, in get

    return super(OIDCAuthenticationCallbackView, self).get(request)

  File \"/var/www/venv/lib/python3.7/site-packages/mozilla_django_oidc/views.py\", line 101, in get

    self.user = auth.authenticate(**kwargs)

  File \"/var/www/venv/lib/python3.7/site-packages/django/views/decorators/debug.py\", line 42, in sensitive_variables_wrapper

    return func(*func_args, **func_kwargs)

  File \"/var/www/venv/lib/python3.7/site-packages/django/contrib/auth/__init__.py\", line 76, in authenticate

    user = backend.authenticate(request, **credentials)

  File \"/var/www/venv/lib/python3.7/site-packages/mozilla_django_oidc/auth.py\", line 289, in authenticate

    return self.get_or_create_user(access_token, id_token, payload)

  File \"/var/www/venv/lib/python3.7/site-packages/mozilla_django_oidc/auth.py\", line 328, in get_or_create_user

    user = self.create_user(user_info)

  File \"/var/www/forms/forms/user_profile/openid.py\", line 200, in create_user

    return self._sync_user(user, claims)

  File \"/var/www/forms/forms/user_profile/openid.py\", line 156, in _sync_user

    group_names = get_google_groups(user.username)

  File \"/var/www/forms/forms/user_profile/openid.py\", line 72, in get_google_groups

    google_directory = get_google_directory_service_object()

  File \"/var/www/forms/forms/user_profile/openid.py\", line 57, in get_google_directory_service_object

    subject=user_email,

  File \"/var/www/venv/lib/python3.7/site-packages/google/oauth2/service_account.py\", line 226, in from_service_account_file

    filename, require=[\"client_email\", \"token_uri\"]

  File \"/var/www/venv/lib/python3.7/site-packages/google/auth/_service_account_info.py\", line 73, in from_filename

    data = json.load(json_file)

  File \"/opt/hs/python/lib/python3.7/json/__init__.py\", line 296, in load

    parse_constant=parse_constant, object_pairs_hook=object_pairs_hook, **kw)

  File \"/opt/hs/python/lib/python3.7/json/__init__.py\", line 348, in loads

    return _default_decoder.decode(s)

  File \"/opt/hs/python/lib/python3.7/json/decoder.py\", line 337, in decode

    obj, end = self.raw_decode(s, idx=_w(s, 0).end())

  File \"/opt/hs/python/lib/python3.7/json/decoder.py\", line 353, in raw_decode

    obj, end = self.scan_once(s, idx)

json.decoder.JSONDecodeError: Invalid control character at: line 5 column 205 (char 338)

Affected versions

All versions

Affected configurations

All configurations with Google OIDC authentication

Causes

The JSON decoder cannot decode the JSON object. In most cases, this issue is due to the JSON not being in a valid format.

Solution / Workaround

Validate the JSON’s formatting and fix the error.

To learn more about configuring Google OIDC, see “External Authentication Providers” for your version of Hyperscience ( v35 | v36 | v37 | v38 | v39 | v40 ).