Solve issue with login failing (#6077)

farhatahmad · web-flow · commit 251c307b8bb7 · 2025-05-23T14:01:50.000-04:00
* Solve issue with login failing

* rspec
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -73,7 +73,7 @@ Metrics/ClassLength:
 # A calculated magnitude based on number of assignments,
 # branches, and conditions.
 Metrics/AbcSize:
-  Max: 105
+  Max: 110
 
 Metrics/ParameterLists:
   CountKeywordArgs: false
diff --git a/app/controllers/external_controller.rb b/app/controllers/external_controller.rb
@@ -83,7 +83,7 @@ def create_user
     handle_session_timeout(session_timeout.to_i, user) if session_timeout
 
     session[:session_token] = user.session_token
-    session[:oidc_id_token] = credentials.dig('credentials', 'id_token')
+    session[:oidc_id_token] = credentials.dig('credentials', 'id_token') if ENV['OPENID_CONNECT_LOGOUT_PATH'].present?
 
     # TODO: - Ahmad: deal with errors
 
diff --git a/greenlight-v3.nginx b/greenlight-v3.nginx
@@ -24,6 +24,10 @@ location @bbb-fe {
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header Connection "";
+
+    proxy_buffer_size 128k;
+    proxy_buffers 4 256k;
+    proxy_busy_buffers_size 256k;
 }
 
 location ~ '/api/v1/rooms/\w{3}-\w{3}-\w{3}-\w{3}.json$' {
diff --git a/sample.env b/sample.env
@@ -46,6 +46,9 @@ REDIS_URL=
 #OPENID_CONNECT_ISSUER=
 #OPENID_CONNECT_REDIRECT=
 #OPENID_CONNECT_UID_FIELD=sub
+# The next variable is optional and should only be set if you explicitly know the logout url for your authentication provider
+# You may also need to make changes to your nginx if you experience troubles logging in
+# See: https://github.com/bigbluebutton/greenlight/issues/6065#issuecomment-2905131224
 #OPENID_CONNECT_LOGOUT_PATH="/protocol/openid-connect/logout"
 
 # Uncomment the following flag if you want to use EMAIL as a Unique ID backup, useful for setups with existing users who want to switch to an IDP setup.
diff --git a/spec/controllers/external_controller_spec.rb b/spec/controllers/external_controller_spec.rb
@@ -101,6 +101,14 @@
       get :create_user, params: { provider: 'openid_connect' }
 
       expect(session[:session_token]).to eq(User.find_by(email: OmniAuth.config.mock_auth[:openid_connect][:info][:email]).session_token)
+    end
+
+    it 'sets oidc id token if OPENID_CONNECT_LOGOUT_PATH is set' do
+      request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+      ENV['OPENID_CONNECT_LOGOUT_PATH'] = '/logout'
+
+      get :create_user, params: { provider: 'openid_connect' }
+
       expect(session[:oidc_id_token]).to eq(OmniAuth.config.mock_auth[:openid_connect][:credentials][:id_token])
     end
 
