Error when verifying the SSL of my website during OAuth flow

I’m getting this weird error related to verifying the SSL of my website. Does anyone have any idea how to fix it?

I’m using ueberauth_google to sign in with Google.

During the OAuth flow in the callback URL, ueberauth_google is trying to verify the ssl from my fly.io website and failing.

This is the error I get from the fly logs:

 yul [info]14:56:30.156 request_id=F5Lqcz4fu8ivHd4AAAGx [info] GET /auth/google
 yul [info]14:56:30.156 request_id=F5Lqcz4fu8ivHd4AAAGx [info] Sent 302 in 336µs
 yul [info]14:56:33.262 request_id=F5Lqc_dBAe62stIAAAHB [info] GET /auth/google/callback
 yul [info]14:56:33.264 request_id=F5Lqc_dBAe62stIAAAHB [info] Sent 500 in 2ms
 yul [info]14:56:33.264 [error] #PID<0.2143.0> running AppWeb.Endpoint (connection #PID<0.2142.0>, stream id 1) terminated
 yul [info]Server: alguemrecomenda.ca:80 (http)
 yul [info]Request: GET /auth/google/callback?state=eeeee&code=4%rrrrrr&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=none
 yul [info]** (exit) an exception was raised:
 yul [info]    ** (MatchError) no match of right hand side value: {:error, :enoent}
 yul [info]        (public_key 1.14.1) pubkey_os_cacerts.erl:38: :pubkey_os_cacerts.get/0
 yul [info]        (inets 9.0.2) httpc.erl:476: :httpc.ssl_verify_host_options/1
 yul [info]        (inets 9.0.2) httpc.erl:1015: anonymous fn/0 in :httpc.http_options_default/0
 yul [info]        (inets 9.0.2) httpc.erl:961: :httpc.http_options/3
 yul [info]        (inets 9.0.2) httpc.erl:771: :httpc.handle_request/9
 yul [info]        (tesla 1.8.0) lib/tesla/adapter/httpc.ex:52: Tesla.Adapter.Httpc.request/2
 yul [info]        (tesla 1.8.0) lib/tesla/adapter/httpc.ex:22: Tesla.Adapter.Httpc.call/2
 yul [info]        (oauth2 2.1.0) lib/oauth2/request.ex:37: OAuth2.Request.request/6

config.exs

config :ueberauth, Ueberauth,
  providers: [
    google: {Ueberauth.Strategy.Google, [default_scope: "email profile"]}
  ]

runtime.exs

  host = "alguemrecomenda.ca"
  port = String.to_integer(System.get_env("PORT") || "4000")

  config :app, AppWeb.Endpoint,
    url: [host: host, port: 443, scheme: "https"],
    http: [
      # Enable IPv6 and bind on all interfaces.
      # Set it to  {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.
      # See the documentation on https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html
      # for details about using IPv6 vs IPv4 and loopback vs public addresses.
      ip: {0, 0, 0, 0, 0, 0, 0, 0},
      port: port
    ],
    secret_key_base: secret_key_base
    # check_origin: ["//alguemrecomenda.ca"]
    # added that, but didn't see any difference so I removed it

  config :ueberauth, Ueberauth.Strategy.Google.OAuth,
    client_id: System.fetch_env!("GOOGLE_CLIENT_ID"),
    client_secret: System.fetch_env!("GOOGLE_CLIENT_SECRET")

prod.exs

# Copied from the docs: https://hexdocs.pm/phoenix/using_ssl.html#force-ssl
config :app, AppWeb.Endpoint, force_ssl: [rewrite_on: [:x_forwarded_proto], host: nil]

Posting here as a last resource after spending the weekend trying to fix this thing.

Thank you for any insight

Sounds like the problem was coming from the OAuth2 package.

There is an option to add config :oauth2, debug: true to see the request it makes to Google, but that wasn’t helpful for me.

I was able to copy/past the request details and make the request manually with no problems.

I ended replacing ueberauth with elixir_auth_google last night and that is working fine without any change in my TLS configs.

Hey man.

I ha the same error, looks like it is a problem with OTP 26. If you use OTP 25 it should work.

Bets regards

Moving back to OTP 25 fixed this for me too.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.