Google OAuth working but prevents hosted app from accepting UN & PW

I suddenly have an issue that’s tough to explain, so I will break it out in point form to keep it simple…

  • Hosted apps accessed locally by IP… work fine.
  • Hosted apps through a Cloudflare tunnel using email/PIN authentication… work fine.
  • Hosted apps through a tunnel using Google OAuth authentication… Authentication works and you make it to the app’s native UN & PW screen but then the app’s own UN & PW does not work. Two different apps and both behave as if you an error in UN or PW. However, it’s the same UN/PW that works in the above two examples.
  • I’ve tested using my password manager so it is definitively not a UN & PW typo problem.
  • One would think that after being authenticated by Google and you reach the hosted application, that how you got there should then be irrelevant but I’ve done many tests and it is consistent.
  • I’ve tested from several devices, PC & mobile.
  • I have not yet looked at the app’s authentication logs. I’m not sure if there even are any but I’ll investigate, (Paperless NG & Guacamole.)

I would appreciate understanding why my method of tunnel authentication effects the end-user application. Other than perhaps a delay, which doesn’t seem to be the case, it seems like it should be two separate things.

Of course, any advice on how to correct this would be appreciated as well. I prefer to use Google OAuth over email for these two apps because my Google account already uses 2FA so it adds an extra layer of security. Thanks!

Solved.
After reviewing the tunnel and access options for the 4th or 5th time, I realized that along with changing it to Google Auth, I also set the Session Duration to zero. Changing it back to x minutes resolved my issue.

I was thinking that 0 duration just meant that the next time I try to access the app, it would force me to re-authenticate again vs. automatically letting me through. I was wrong. It seems to truly mean that you will be connected for zero time.

My mistake but the fact that you do get to your UN & PW screen though was misleading for me. Also, in the case of Guacimole, it even let me into the application after doing my UN & PW. However, it just doesn’t show me any connections to choose from, which is consistent with Guacamole for a failed password. This had me convinced it was somehow effecting my application login, vs. actually being a session timeout.

Thank you if you pondered this for a while for me. Hopefully this helps someone who makes the same rookie mistake.

1 Like