500 error on "Authorization Code" flow since upgrade from 4.2.0 to 4.2.4 #3
Description
Hi,
we have updated some dependencies in our orocommerce application and face issues with oauth2 "Authorization Code" flow now. Logins are not possible and hit a 500 error
Summary
We updated "oro/oauth2-server" from 4.2.0 to 4.2.4 (4.2.0...4.2.4) and now get a "500 internal server error" when vising https://orocommerce.local/oauth2-token/login
Steps to reproduce
- have an orocommerce setup with 4.2.X where "oro/oauth2-server:4.2.4" is used
- Storefront Oauth2 Application is setup with type Authorization Code
- visit orocommerce with an oauth2 URL (matching client and redirect uri), i.e https://orocommerce.local/oauth2-token/authorize?response_type=code&client_id=-UF69HzSGkVYfSKXfAr8c6AWGUztsztu&scope=user&state=qNuVKvpht0R-u6CLe1RVXypj2z-Lw776cgpMirZZbtY=&redirect_uri=https://myservuce.local/login/oauth2/code/orocommerce
-- just visiting https://orocommerce.local/oauth2-token/login seems to cause the 500 too - error does not occur if user already has a valid session of the storefront
Actual Result
500 error
Expected Result
Not 500 error, get a login-screen
Details about your environment
- OroPlatform version: 4.2.5
- PHP version: 7.4.19
- Database (MySQL, PostgreSQL) version
Additional information
Logs in var/logs/prod.log
[2021-08-09 19:57:39] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2021-08-09 19:57:39] request.INFO: Matched route "oro_oauth2_server_frontend_login_form". {"route":"oro_oauth2_server_frontend_login_form","route_parameters":{"_route":"oro_oauth2_server_frontend_login_form","type":"frontend","_controller":"Oro\\Bundle\\OAuth2ServerBundle\\Controller\\LoginController::loginAction"},"request_uri":"https://dev.vinnoplace.com/oauth2-token/login","method":"GET"} []
[2021-08-09 19:57:39] request.CRITICAL: Uncaught PHP Exception Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException: "Service "oro_oauth2_server.client_manager" not found: even though it exists in the app's container, the container inside "Oro\Bundle\OAuth2ServerBundle\Controller\LoginController" is a smaller service locator that only knows about the "Symfony\Component\Security\Csrf\CsrfTokenManagerInterface", "Symfony\Component\Security\Http\Authentication\AuthenticationUtils", "doc
trine", "form.factory", "http_kernel", "parameter_bag", "request_stack", "router", "security.authorization_checker", "security.csrf.token_manager", "security.token_storage", "serializer", "session", "templating" and "twig" services. Try using dependency injection instead." at /var/www/orocommerce/vendor/symfony/dependency-injection/ServiceLocator.php line 129 {"exception":"[object] (Symfony\\Component\\DependencyInjection\\Exception\\ServiceNotFoundException(code: 0): Service \"oro_oauth2_server.client_
manager\" not found: even though it exists in the app's container, the container inside \"Oro\\Bundle\\OAuth2ServerBundle\\Controller\\LoginController\" is a smaller service locator that only knows about the \"Symfony\\Component\\Security\\Csrf\\CsrfTokenManagerInterface\", \"Symfony\\Component\\Security\\Http\\Authentication\\AuthenticationUtils\", \"doctrine\", \"form.factory\", \"http_kernel\", \"parameter_bag\", \"request_stack\", \"router\", \"security.authorization_checker\", \"security.csrf.token
_manager\", \"security.token_storage\", \"serializer\", \"session\", \"templating\" and \"twig\" services. Try using dependency injection instead. at /var/www/orocommerce/vendor/symfony/dependency-injection/ServiceLocator.php:129)"} []
I believe that this change is the cuplrit:
(taken from here 4.2.0...4.2.4 )