Kill user Session

Hello, everyone.

I’m new to Corteza.

In one of my workflows, I tried to disconnect the user after an action.

So I proceeded to delete their session via the API.

But since then, I have been getting this error in my URL after authentication:

client does not support authorization_code flow

{{baseURL}}/api/system/users/{userID}/sessions

Did you also clear out authentication tokens or just the auth session?

1 Like

I only deleted the authentication sessions.

1 Like

I can’t seem to reproduce it on my end, could you please share a little bit more please?

  • Are you using an external auth provider (such as Google, Facebook, …)
  • Could you screenshot your auth client configuration (in the admin webapp, Auth Clients, Corteza Web Apps)
1 Like

Hello @tjerman ,

I am unable to log in, regardless of which user I try.
After logging in, I am redirected to my profile page with this error message in the URL: client does not support authorization_code flow&state=ka2grr1q5w.
However, when I click on the “Menu” button, I am redirected to a blank page.

Ahh… you’re hard stuck out of Corteza… This is username & password login or is it SSO? I’m assuming you have access to the database, correct?

Yes, it’s a username and password login, and I have access to the database.

Can you run this SQL and see if it resolves it (also clear your cache or run it in a private window)?

Since you’re on localhost I’m assuming this is a dev instance, so there is no harm in running this.
This would basically remove all auth sessions and auth tokens (it’ll log everyone out).
If I’m wrong, please add some filters

delete from auth_oa2tokens;
delete from auth_sessions;
1 Like

Thank you for these suggested solutions, but I am still getting the same errors.

Can you share the contents of your auth_clients table? You can send it via DMs here or omit sensitive information before posting publicly

I just shared the table with you in a private message.

1 Like

Ah… I see, ok…

You’ve changed your default auth client (the one all our webapps use for authentication shipped out of the box) to use client_credentials.

I’m assuming you wanted to connect some external system, so you’ve made this change.

To fix the issue of not being able to log in, run this SQL query (this query is personalised for your scenario):

UPDATE auth_clients SET valid_grant = 'authorization_code' WHERE id = 450865199757918209;

You might need to restart Corteza. I’m not sure if authentication clients are cached internally or not.

After you’re able to log in again, configure a new auth client (this resource should be of use Authentication of External Applications :: Corteza Docs)

1 Like

Thank you.

I was able to resolve the issue with the query you shared!
Thank you for your support. Users are able to authenticate.

2 Likes

Awesome, glad we got it fixed. Probably for the best we prevent modifications to these auth clients :sweat_smile:

2 Likes