-
Notifications
You must be signed in to change notification settings - Fork 690
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to Authenticate Wrangler in any Remote Development Environment #2874
Comments
My assumption is this has something to do with either Proof of Key Code Exchange (PKCE) and/or state for Cross Site Request Forgery (CSRF) protection, where after I authenticate via the UI, my local browser has something that running curl on the remote machine doesn't |
Afaict the state is always a query parameter on the redirect URL from the Identity Provider (Cloudflare) and it matches what was sent initially by wrangler (the Referring Provider) |
Not sure what I did differently this time but following this code https://github.com/cloudflare/workers-sdk/blob/main/packages/wrangler/src/user/auth-variables.ts#L14 I was able to do export CLOUDFLARE_API_TOKEN="API token generated from the Edit Workers template"
npx wrangler whoami And that appears to have worked Still not clear to me why the OAuth2 flow isn't working |
*Oh sorry I split this off of an issue comment and Github didn't give me the template. Lmk if I should fix that up |
It sounds like you've got this working with API tokens? That's what we'd recommend for environments like Stackblitz and Codespaces. The remote machine authentication flow should work though (or should be removed from the docs), and so I'll leave this open to track investigating that. |
Correct yeah, I think I found a comment on a closed issue that clued me in to trying that, and it's worked so far |
@Grunet So how it works is basically you are doing the same steps no change in that,
|
hi @Grunet :) sounds like you've got things working and that @mishra-saksham is able to get the the remote machine authentication flow (https://developers.cloudflare.com/workers/wrangler/commands/#use-wrangler-login-on-a-remote-machine) going (thanks for the write up!). given this, i will close the issue now, thanks both! |
Thanks for sharing, I tried and curl could connect and send its GET request: * Trying 127.0.0.1:8976...
* connect to 127.0.0.1 port 8976 failed: Connection refused
* Trying ::1:8976...
* Connected to localhost (::1) port 8976 (#0)
> GET /oauth/callback?code=[redacted]
> Host: localhost:8976
> User-Agent: curl/7.81.0
> Accept: */* but wrangler login replied with:
when I ran curl with the url in quotes I got: /home/[redacted]/node_modules/wrangler/wrangler-dist/cli.js:29573
throw a;
^
SyntaxError: Unexpected token '<', "<!DOCTYPE "... is not valid JSON
at JSON.parse (<anonymous>)
at parseJSONFromBytes (/home/[redacted]/node_modules/wrangler/wrangler-dist/cli.js:5121:19)
at successSteps (/home/[redacted]node_modules/wrangler/wrangler-dist/cli.js:5092:27)
at fullyReadBody (/home/[redacted]/node_modules/wrangler/wrangler-dist/cli.js:3590:9)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async specConsumeBody (/home/[redacted]/node_modules/wrangler/wrangler-dist/cli.js:5101:7)
at async exchangeAuthCodeForAccessToken (/home/[redacted]/node_modules/wrangler/wrangler-dist/cli.js:120821:31)
at async Server.<anonymous> (/home/[redacted]/node_modules/wrangler/wrangler-dist/cli.js:120983:30)
Node.js v20.12.1 wrangler version: |
where did u git "API token generated from the Edit Workers template" from? |
@thewaleed Go to My Profile > API Tokens > Create Token > Use Template for "Edit Cloudflare Workers" |
Had this same issue and resolved it by forwarding port 8976 to my local machine when ssh-ing to the remote environment. |
Still the same issue with 3.78.3 tried: |
adding on to mishra's explanation, I had to change the host from |
that is by far the most straight forward route, thanks! (using .devcontainer) |
https://developers.cloudflare.com/workers/wrangler/commands/#using-wrangler-login-on-a-remote-machine outlines how to authenticate the Wrangler CLI when using a remote development environment (e.g. Codespaces).
However it doesn't seem to work. The original shell always puts out this error message at the end
Received query string parameter doesn't match the one sent! Possible malicious activity somewhere.
I've seen this on Gitpod, Codespaces, Stackblitz, and Codesandbox so far so I don't think it's specific to any of them.
Is there an alternative form of authentication that could be used in the meantime? I haven't gotten api key-based authentication to work either
The text was updated successfully, but these errors were encountered: