Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] external/custom OAuth config does not work on Tableau Server #1147

Closed
xsgao-github opened this issue Jun 27, 2023 · 4 comments
Closed

[BUG] external/custom OAuth config does not work on Tableau Server #1147

xsgao-github opened this issue Jun 27, 2023 · 4 comments

Comments

@xsgao-github
Copy link

xsgao-github commented Jun 27, 2023
edited
Loading

About You:
Name: Song Gao
Company: Starburst Data

Your question:

We added external/custom OAuth config support based on the doc https://tableau.github.io/connector-plugin-sdk/docs/oauth. It works in Tableau Desktop and on Tableau Server (2023.1.2) when selecting embedded/default OAuth Config Id. However, if I select an external/custom OAuth config id, it errors out with the following message:

Can’t connect to Starburst Enterprise by Starburst
Detailed Error Message
Tableau detected that your OAuth refresh token is expired. Reauthenticate with new credentials. Ask your Tableau admin if you need help.
Unable to connect to the Starburst Enterprise by Starburst server "sgaoatstarburst-sample.trino.galaxy-dev.io". Check that the server is running and that you have access privileges to the requested database.

In the nativeapi_vizqlserver... log, I can see this message:

{"ts":"2023-06-27T18:12:18.200","pid":22860,"tid":"5d34","sev":"warn","req":"ZJsmglPGyJ-x31e-o1esWAAAAdg","sess":"833A2DF8CDEB47A5BDE5FC8E9DE1EF7E-1:0","site":"song","user":"sgao","k":"msg","v":"OAuthConfig with id custom_galaxydev does not exist, returning an empty one by default"}
...
{"ts":"2023-06-27T18:12:18.200","pid":22860,"tid":"5d34","sev":"info","req":"ZJsmglPGyJ-x31e-o1esWAAAAdg","sess":"833A2DF8CDEB47A5BDE5FC8E9DE1EF7E-1:0","site":"song","user":"sgao","k":"connect-using-keychain","v":{"xml":"<validate-connection><connection ACCESSTOKEN='********' CLIENTID='********' CLIENTSECRET='********' REFRESHTOKEN='********' access-token-expires-in='600' authentication='oauth' class='trino_jdbc' id-token='********' name='trino_jdbc.1mwts9u0i7r5q712cif9v0b41zjt' oauth-client='server-custom' oauth-config-id='custom_galaxydev' port='443' server='104.18.18.186' server-oauth='server-custom' sslmode='require' username='[email protected]' v-role='' vendor1='FULL' /><matches>"}}
...
{"ts":"2023-06-27T18:12:19.299","pid":22860,"tid":"5d34","sev":"warn","req":"ZJsmglPGyJ-x31e-o1esWAAAAdg","sess":"833A2DF8CDEB47A5BDE5FC8E9DE1EF7E-1:0","site":"song","user":"sgao","k":"excp","e":{"excp-error-code":"0x0A5B1BDC","excp-source":"System","excp-status-code":"INTERNAL"},"v":{"class":"","connectivity_stage":"ConnectivityStage::Unknown","dse-type":"Unknown","excp-msg":"Unknown error: Unsuccessful attempt to refresh the access token (code=13)\n","excp-type":"ConnectivityException","is-bad-request":false,"is-capability-probe-failure":false,"is-local-configuration-error":false,"is-remote-configuration-error":false,"msg":"ConnectivityException::Init","server_version":"","sql_state":""}}

Seems like Tableau Server was able to get tokens from Galaxy but it eventually failed.

To eliminate other factors, I use the same OAuth configuration file, except that they use different oauthConfigId (embedded one is galaxydev, external one is custom_galaxydev).

And I used the same Client ID and Redirect URL when configuring them.

image

I used Fiddler to track the requests/responses between the web client and Tableau Server, and I can tell there is no problem with calling authorization url and callback/redirect url. The error happened when the Tableau server talked to the Galaxy server via token url - I saw two calls (same as I saw in Tableau Desktop), but I wasn't able to decrypt the messages or tell why Tableau Server failed.

Would you please help us with this issue?
@lukewrites
Copy link
Member

Internal tracking: W-13667623

@xsgao-github xsgao-github mentioned this issue Jun 27, 2023
Open
@xsgao-github xsgao-github changed the title external/custom OAuth config does not work on Tableau Server [BUG] external/custom OAuth config does not work on Tableau Server Jun 28, 2023
@xsgao-github
Copy link
Author

This is related to #1148, which has a Fiddler log showing why there is a 401 error/OAuth refresh token is expired error.

@jkoskela
Copy link
Collaborator

jkoskela commented Jul 17, 2023
edited
Loading

The log message "OAuthConfig with id custom_galaxydev does not exist" is misleading. We have two locations where those are stored, and one location didn't find it. This is expected for the custom IDP case. Based on our other discussions this was from a single use refresh token issue. We don't support those yet.

@xsgao-github
Copy link
Author

OAuthConfig with id custom_galaxydev does not exist is just a msg.

The error is Unknown error: Unsuccessful attempt to refresh the access token (code=13), and that caused the front-end error.

This error is very similar to what I reported in #1148 - the error happens because Tableau Prep Builder uses an expired refresh_token. Would you please take a look at Tableau Server as well to make this will be addressed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkoskela @lukewrites @xsgao-github