Upgrade from 2.2.8 to 2.3.1, SSO config issues

Hi all!

I’m updating my indico server from 2.2.8 to 2.3.1 and I’m having errors withthe autlib module
I’ve followed the updated my OAuth SSO configuration in indico.conf as follows (basically used the sample in the flask-multipass configuration sampples) before upgrading

_github_config=  {
            'client_id': 'xxxxx', 
            'client_secret': 'xxxxxx', 
            'client_kwargs': {'scope': 'user:email'},
            'authorize_url': 'https://github.com/login/oauth/authorize',
            'access_token_url': 'https://github.com/login/oauth/access_token',
            'userinfo_endpoint': 'https://api.github.com/user'
        }

AUTH_PROVIDERS = {
    'ldap': {
        'type': 'ldap',
        'title': 'Account',
        'ldap': _ldap_config,
        'default': True
    },
  'github': {
        'type': 'authlib',
        'title': 'GitHub',
        'authlib_args': _github_config
    }
}


IDENTITY_PROVIDERS = {
    'ldap': {
        'type': 'ldap',
        'title': 'Account',
        'ldap': _ldap_config,
        'mapping': {
            'first_name': 'givenName',
            'last_name': 'sn',
            'email': 'mail',
            'affiliation': 'company',
            'phone': 'telephoneNumber'
        },
        'trusted_email': True,
        'synced_fields': {'first_name', 'last_name', 'affiliation', 'phone'}
     },
'github': {
        'type': 'authlib',
        'identifier_field': 'id',
        'mapping': {
            'user_name': 'login',
            'affiliation': 'company'
        }
    }
}

PROVIDER_MAP = {
    'ldap':'ldap',
    'github': 'github'
}

but when I run the command indico db upgrade

I get the following error:

 Traceback (most recent call last):
  File "/opt/indico/.venv/bin/indico", line 8, in <module>
    sys.exit(cli())
  File "/opt/indico/.venv/lib/python2.7/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/opt/indico/.venv/lib/python2.7/site-packages/flask/cli.py", line 586, in main
    return super(FlaskGroup, self).main(*args, **kwargs)
  File "/opt/indico/.venv/lib/python2.7/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/opt/indico/.venv/lib/python2.7/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/indico/.venv/lib/python2.7/site-packages/indico/cli/util.py", line 110, in invoke
    return self._impl.invoke(ctx)
  File "/opt/indico/.venv/lib/python2.7/site-packages/click/core.py", line 1256, in invoke
    Command.invoke(self, ctx)
  File "/opt/indico/.venv/lib/python2.7/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/indico/.venv/lib/python2.7/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/opt/indico/.venv/lib/python2.7/site-packages/click/decorators.py", line 21, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/opt/indico/.venv/lib/python2.7/site-packages/click/decorators.py", line 21, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/opt/indico/.venv/lib/python2.7/site-packages/flask/cli.py", line 425, in decorator
    with __ctx.ensure_object(ScriptInfo).load_app().app_context():
  File "/opt/indico/.venv/lib/python2.7/site-packages/flask/cli.py", line 381, in load_app
    app = call_factory(self, self.create_app)
  File "/opt/indico/.venv/lib/python2.7/site-packages/flask/cli.py", line 117, in call_factory
    return app_factory(script_info)
  File "/opt/indico/.venv/lib/python2.7/site-packages/indico/cli/util.py", line 28, in _create_app
    return make_app(set_path=True)
  File "/opt/indico/.venv/lib/python2.7/site-packages/indico/web/flask/app.py", line 365, in make_app
    multipass.init_app(app)
  File "/opt/indico/.venv/lib/python2.7/site-packages/indico/core/auth.py", line 50, in init_app
    super(IndicoMultipass, self).init_app(app)
  File "/opt/indico/.venv/lib/python2.7/site-packages/flask_multipass/core.py", line 75, in init_app
    state.auth_providers = ImmutableDict(self._create_providers('AUTH', AuthProvider))
  File "/opt/indico/.venv/lib/python2.7/site-packages/flask_multipass/core.py", line 453, in _create_providers
    cls = resolve_provider_type(base, settings.pop('type'), registry)
  File "/opt/indico/.venv/lib/python2.7/site-packages/flask_multipass/util.py", line 157, in resolve_provider_type
    cls = entry_point.load()
  File "/opt/indico/.venv/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2443, in load
    return self.resolve()
  File "/opt/indico/.venv/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2449, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/opt/indico/.venv/lib/python2.7/site-packages/flask_multipass/providers/authlib.py", line 9, in <module>
    from authlib.common.errors import AuthlibBaseError
ImportError: No module named authlib.common.errors

I tried t upgrade the run the db upgrade without the Oauth settings and everything runs perfectly.

could you please let me know what I’m missing in my config?

Best regards,
Rémi

pip install 'flask-multipass[ldap,authlib]' should fix it
or maybe pip install 'flask-multipass[ldap][authlib]'; i’m never sure about the syntax for multiple extras

the pip install 'flask-multipass[ldap,authlib]' fixed the issue, thanks!

Just one additional question, I guess I’ll have to change the redirect uri in github to https://xxx.yyy.com/authlib/github in order to make it work (previously, it was xxx.yyy.com/oauth/github) ?

The default is /multipass/authlib/github (see the code above), but you can pass a custom callback_uri in the auth provider settings (next to where you pass the 'authlib_args', not inside it)

OK, I’ll keep the default uri then.
Thanks for your help.

Rémi