[mozillians.org] Update settings/local.py in dev

RESOLVED FIXED

Status

Infrastructure & Operations
WebOps: Community Platform
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: nemo, Assigned: danielh)

Tracking

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/4253])

(Reporter)

Description

a year ago
We need to change some config entries in mozillians-dev.allizom.org to point to the correct auth0 account.

OIDC_OP_AUTHORIZATION_ENDPOINT = 'https://auth.mozilla.auth0.com/authorize'
OIDC_OP_TOKEN_ENDPOINT = 'https://auth.mozilla.auth0.com/oauth/token'
OIDC_OP_USER_ENDPOINT = 'https://auth.mozilla.auth0.com/userinfo'
OIDC_OP_DOMAIN = 'auth.mozilla.auth0.com'
OIDC_RP_CLIENT_ID = '<client_id>'
OIDC_RP_CLIENT_SECRET = '<client_secret>'

Client ID and secret are going to be sent GPG encrypted. Please let me know when you work on that so I can send you the credentials.

Updated

a year ago
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/4253]
(Assignee)

Updated

a year ago
Assignee: server-ops-webops → dhartnell
(Assignee)

Comment 1

a year ago
Hey John,

I have taken ownership of this bug. When you're ready, go ahead and email me the GPG encrypted credentials. Once I get them, I'll make the changes for you. Thanks!
Flags: needinfo?(jgiannelos)
(Assignee)

Comment 2

a year ago
John,

I have updated the following file with the information you provided:

>/data/python-dev/src/mozillians-dev.allizom.org/mozillians/mozillians/settings/local.py

After that, I ran our deploy script to propagate out the changes. Can you confirm that everything is working for you?
(Reporter)

Comment 3

a year ago
I am still redirected to https://auth-dev.mozilla.auth0.com instead of 'https://auth.mozilla.auth0.com'. Can you send me a diff of the changes?
Flags: needinfo?(jgiannelos)
(Assignee)

Comment 4

a year ago
Hey John,

My changes to local.py were not checked into version control so I don't have a diff. I commented out the original settings and added the following (excluding the client ID and secret):

># Bug 1339820
>OIDC_OP_AUTHORIZATION_ENDPOINT = 'https://auth.mozilla.auth0.com/authorize'
>OIDC_OP_TOKEN_ENDPOINT = 'https://auth.mozilla.auth0.com/oauth/token'
>OIDC_OP_USER_ENDPOINT = 'https://auth.mozilla.auth0.com/userinfo'
>OIDC_OP_DOMAIN = 'auth.mozilla.auth0.com'

I noticed the following:

https://github.com/mozilla/mozillians/blob/master/mozillians/settings/base.py#L571-L573

On our servers, I changed line 572 to from "auth-dev.mozilla.auth0.com" to "auth.mozilla.auth0.com". I wanted to do this to test but in the long run, I'd be happy to file a pull request if you want.

After making that change, I tested with and without "OIDC_OP_DOMAIN" in local.py. This was not in the list of OIDC_OP* variables in the old configuration (I assume because of the logic in base.py mentioned above).

At this point, it's still taking the user to "auth-dev.mozilla.auth0.com" and it's unclear why. I've grepped through the website source and I have found no references to auth-dev in my current configuration (other than the original config, which I commented out).

I'll continue to look at this but I'm open to any ideas you might have.
Flags: needinfo?(jgiannelos)
(Assignee)

Comment 5

a year ago
John,

It looks like I needed to perform a graceful restart of Apache. It should work for you now. If you want me to submit that PR to update the code block in base.py, let me know.
(Reporter)

Comment 6

a year ago
Looks OK now. I will change base.py since it something that we track in our version control.
Thanks for the help.
Status: NEW → RESOLVED
Last Resolved: a year ago
Flags: needinfo?(jgiannelos)
Resolution: --- → FIXED
(Reporter)

Comment 7

a year ago
For some reason I am getting JWS verification errors.

Can you encrypt/send the OIDC related config entries that you changed? For some reason although it points to the right auth0 instance it doesn't verify correctly that the tokens we receive on authentication.
Status: RESOLVED → REOPENED
Flags: needinfo?(dhartnell)
Resolution: FIXED → ---
(Assignee)

Comment 8

a year ago
Hey John,

I just emailed you an excerpt from local.py showing the changes to OIDC related config entries. The old settings were retained and commented out. If there's anything in the new block of OIDC settings that should be changed, let me know.
Flags: needinfo?(dhartnell) → needinfo?(jgiannelos)
(Assignee)

Comment 9

a year ago
John,

I just sent you an update via email. It looks like things are working now (hopefully!).
(Reporter)

Comment 10

a year ago
Looks like its working fine. Thanks for the help!
Status: REOPENED → RESOLVED
Last Resolved: a year agoa year ago
Flags: needinfo?(jgiannelos)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.