Successful auth but desktop client shows error

[tomneedham]

owncloud shows "the application was authorized successfully. you can now close this window"

however the desktop client shows "Access forbidden by server" with a popup saying "connection failed": select a different url, try http or configure client side certificate.

Apache logs

CLIENTIP - - [01/Dec/2017:15:14:39 +0100] "GET /oauth2/status.php HTTP/1.1" 200 161 "-" "Mozilla/5.0 (Macintosh) mirall/2.4.0beta1 (build 8619)" microsecs:110184 response_size:161 bytes_received:287 bytes_sent:1142 WiFjz8CodckAACJyV2sAAAA2
CLIENTIP - - [01/Dec/2017:15:14:39 +0100] "GET /oauth2/remote.php/webdav/ HTTP/1.1" 401 521 "-" "Mozilla/5.0 (Macintosh) mirall/2.4.0beta1 (build 8619)" microsecs:203918 response_size:521 bytes_received:295 bytes_sent:1422 WiFjz8CodckAACJyV2wAAAA2
CLIENTIP - - [01/Dec/2017:15:14:39 +0100] "PROPFIND /oauth2/remote.php/webdav/ HTTP/1.1" 401 521 "-" "Mozilla/5.0 (Macintosh) mirall/2.4.0beta1 (build 8619)" microsecs:214170 response_size:521 bytes_received:339 bytes_sent:1436 WiFjz8CodckAACJ2WCsAAAA3
CLIENTIP - - [01/Dec/2017:15:14:39 +0100] "GET /oauth2/index.php/apps/oauth2/authorize?response_type=code&client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&redirect_uri=http://localhost:50207 HTTP/1.1" 200 9949 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:57.0) Gecko/20100101 Firefox/57.0" microsecs:336124 response_size:9949 bytes_received:899 bytes_sent:10602 WiFjz8CodckAACHBOWIAAAAL
CLIENTIP - - [01/Dec/2017:15:14:40 +0100] "GET /oauth2/index.php/core/js/oc.js?v=57cf3b77700978f54cd327d8db3151c5 HTTP/1.1" 200 4128 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:57.0) Gecko/20100101 Firefox/57.0" microsecs:217817 response_size:4128 bytes_received:706 bytes_sent:4776 WiFj0MCodckAACHBOWMAAAAL

CLIENTIP - - [01/Dec/2017:15:14:47 +0100] "POST /oauth2/index.php/apps/oauth2/authorize?response_type=code&client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&redirect_uri=http://localhost:50207 HTTP/1.1" 303 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:57.0) Gecko/20100101 Firefox/57.0" microsecs:203731 response_size:0 bytes_received:1078 bytes_sent:761 WiFj18CodckAACHBOWcAAAAL
CLIENTIP - xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69 [01/Dec/2017:15:14:48 +0100] "POST /oauth2/index.php/apps/oauth2/api/v1/token HTTP/1.1" 200 350 "-" "Mozilla/5.0 (Macintosh) mirall/2.4.0beta1 (build 8619)" microsecs:316049 response_size:350 bytes_received:928 bytes_sent:1094 WiFj2MCodckAACHbY9oAAAAk
145.100.19.69 - - [01/Dec/2017:15:14:48 +0100] "PROPFIND /oauth2/remote.php/webdav/ HTTP/1.1" 401 521 "-" "Mozilla/5.0 (Macintosh) mirall/2.4.0beta1 (build 8619)" microsecs:183262 response_size:521 bytes_received:788 bytes_sent:1148 WiFj2MCodckAACHZX7sAAAAi
CLIENTIP - - [01/Dec/2017:15:14:48 +0100] "GET /oauth2/index.php/apps/oauth2/authorization-successful HTTP/1.1" 200 9565 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:57.0) Gecko/20100101 Firefox/57.0" microsecs:256888 response_size:9565 bytes_received:784 bytes_sent:10218 WiFj2MCodckAACHBOWgAAAAL
CLIENTIP - - [01/Dec/2017:15:14:49 +0100] "GET /oauth2/index.php/core/js/oc.js?v=57cf3b77700978f54cd327d8db3151c5 HTTP/1.1" 200 4128 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:57.0) Gecko/20100101 Firefox/57.0" microsecs:218150 response_size:4128 bytes_received:706 bytes_sent:4776 WiFj2cCodckAACHBOWkAAAAL

owncloud logs

Dec  1 15:14:48 vm-app-tst-01 ownCloud[8641]: {oauth2} An authorization code has been issued for the client "Desktop Client".
Dec  1 15:14:48 vm-app-tst-01 ownCloud[8667]: {admin_audit} User xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69 attempted to log into ownCloud from IP address: xxx [CLIENT_IP: xxx] [USER_AGENT: Mozilla/5.0 (Macintosh) mirall/2.4.0beta1 (build 8619)]
Dec  1 15:14:48 vm-app-tst-01 ownCloud[8667]: {core} Login failed: 'xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69' (Remote IP: 'xxx')
Dec  1 15:14:48 vm-app-tst-01 ownCloud[8667]: {oauth2} An authorization code has been used by the client "Desktop Client" to request an access token.

10.0.3

[ogoffart]

The 401 in the PROPFIND means that the server does not seem to accept the token that it just delivered.
What are the logs on the client?
How is the server configured?
Maybe it is again Apache stripping off some header (cf. #49 )

[SamuAlfageme]

@tomneedham yup, what @ogoffart just said:

Maybe it is again Apache stripping off some header (cf. #49 )

What's your Apache virtual-host config? Do you have the "headers" module enabled? (see https://doc.owncloud.com/server/10.0/admin_manual/installation/source_installation.html#additional-apache-configurations)

[individual-it]

I'm having the same issue
owncloud.log

{"reqId":"8eb6bfd2-2042-4150-8d20-858ea519ad22","level":1,"time":"2018-04-12T11:05:08+00:00","remoteAddr":"127.0.0.1","user":"--","app":"oauth2","method":"POST","url":"\/owncloud-core\/index.php\/apps\/oauth2\/api\/v1\/token","message":"An authorization code has been used by the client \"Desktop Client\" to request an access token."}
{"reqId":"08eba489-d62c-42e0-b0e4-9cb035bfa72b","level":0,"time":"2018-04-12T11:05:08+00:00","remoteAddr":"127.0.0.1","user":"--","app":"webdav","method":"PROPFIND","url":"\/owncloud-core\/remote.php\/webdav\/","message":"Exception: {\"Message\":\"HTTP\\\/1.1 401 No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotAuthenticated\",\"Code\":0,\"Trace\":\"#0 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#1 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#2 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(466): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#3 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#4 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(63): Sabre\\\\DAV\\\\Server->exec()\\n#5 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/remote.php(175): require_once('\\\/home\\\/artur\\\/www...')\\n#6 {main}\",\"File\":\"\\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php\",\"Line\":168,\"User\":false}"}

virtual host

<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	DocumentRoot /home/artur/www

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

all modules mentioned in https://doc.owncloud.com/server/10.0/admin_manual/installation/source_installation.html#additional-apache-configurations are enabled

[individual-it]

solution found in https://doc.owncloud.org/server/latest/admin_manual/issues/general_troubleshooting.html?highlight=trouble#oauth2
had to add

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

to the apache configuration