From tstrickx at cloudflare.com  Mon Mar  2 14:33:05 2026
From: tstrickx at cloudflare.com (Tom Strickx)
Date: Mon, 2 Mar 2026 14:33:05 +0000
Subject: [PDB Tech] OAUTH OIDC provider issues
Message-ID: <CAC93g0QeyV-NFDuKOSgf6-=wNxYyeg5veMkGemajtF8B1T23hw@mail.gmail.com>

Hey,

Since the upgrade, our (peering.cloudflare.com) PeeringDB integration broke.
Specifically, it looks like we're getting 500s now from
https://auth.peeringdb.com/oauth2/token/

We do a POST to that endpoint with the following:

redirect_uri: "https://net.cloudflareaccess.com/cdn-cgi/access/callback"
code: ...
grant_type: 'authorization_code'
client_id: ...
client_secret: ...

We're not too sure what changed, given this used to work, and we
haven't touched anything on our end.

Does anyone have any idea what could be going on? Or, ideally, someone
who can look at the backend and tell us what's dying?

Any and all insights appreciated

-- 
Tom Strickx
Principal Network Engineer
AS13335 - Cloudflare
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.peeringdb.com/pipermail/pdb-tech/attachments/20260302/e519510c/attachment.htm>

From tstrickx at cloudflare.com  Mon Mar  2 15:30:17 2026
From: tstrickx at cloudflare.com (Tom Strickx)
Date: Mon, 2 Mar 2026 15:30:17 +0000
Subject: [PDB Tech] OAUTH OIDC provider issues
In-Reply-To: <CAC93g0QeyV-NFDuKOSgf6-=wNxYyeg5veMkGemajtF8B1T23hw@mail.gmail.com>
References: <CAC93g0QeyV-NFDuKOSgf6-=wNxYyeg5veMkGemajtF8B1T23hw@mail.gmail.com>
Message-ID: <CAC93g0QpB-RH9OKX-UT3q26kWxVwnBbF_cTGnOSGiFzhrR0juQ@mail.gmail.com>

To follow up on this:
If we move the client_id+client_secret into the Authorization header, we
seem to bypass the 500, but now end up with:
{"body":{"meta":{"error":"Invalid username or password"}}}}

This also seems suboptimal, especially since I know the credentials used
are correct.
-- 
Tom Strickx
Principal Network Engineer
AS13335 - Cloudflare


On Mon, Mar 2, 2026 at 2:33?PM Tom Strickx <tstrickx at cloudflare.com> wrote:

> Hey,
>
> Since the upgrade, our (peering.cloudflare.com) PeeringDB integration
> broke.
> Specifically, it looks like we're getting 500s now from
> https://auth.peeringdb.com/oauth2/token/
>
> We do a POST to that endpoint with the following:
>
> redirect_uri: "https://net.cloudflareaccess.com/cdn-cgi/access/callback"
> code: ...
> grant_type: 'authorization_code'
> client_id: ...
> client_secret: ...
>
> We're not too sure what changed, given this used to work, and we haven't touched anything on our end.
>
> Does anyone have any idea what could be going on? Or, ideally, someone who can look at the backend and tell us what's dying?
>
> Any and all insights appreciated
>
> --
> Tom Strickx
> Principal Network Engineer
> AS13335 - Cloudflare
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.peeringdb.com/pipermail/pdb-tech/attachments/20260302/879ae9a6/attachment.htm>

From tstrickx at cloudflare.com  Mon Mar  2 16:12:51 2026
From: tstrickx at cloudflare.com (Tom Strickx)
Date: Mon, 2 Mar 2026 16:12:51 +0000
Subject: [PDB Tech] OAUTH OIDC provider issues
In-Reply-To: <CAC93g0QpB-RH9OKX-UT3q26kWxVwnBbF_cTGnOSGiFzhrR0juQ@mail.gmail.com>
References: <CAC93g0QeyV-NFDuKOSgf6-=wNxYyeg5veMkGemajtF8B1T23hw@mail.gmail.com>
 <CAC93g0QpB-RH9OKX-UT3q26kWxVwnBbF_cTGnOSGiFzhrR0juQ@mail.gmail.com>
Message-ID: <CAC93g0RO2NPS+VNF2izBkTL08NjQjUfsLZznBRja05S_6n7P-w@mail.gmail.com>

It would appear the issue is the request for the openid scope.

Guess we'll see if we can work around it.
-- 
Tom Strickx
Principal Network Engineer
AS13335 - Cloudflare


On Mon, Mar 2, 2026 at 3:30?PM Tom Strickx <tstrickx at cloudflare.com> wrote:

> To follow up on this:
> If we move the client_id+client_secret into the Authorization header, we
> seem to bypass the 500, but now end up with:
> {"body":{"meta":{"error":"Invalid username or password"}}}}
>
> This also seems suboptimal, especially since I know the credentials used
> are correct.
> --
> Tom Strickx
> Principal Network Engineer
> AS13335 - Cloudflare
>
>
> On Mon, Mar 2, 2026 at 2:33?PM Tom Strickx <tstrickx at cloudflare.com>
> wrote:
>
>> Hey,
>>
>> Since the upgrade, our (peering.cloudflare.com) PeeringDB integration
>> broke.
>> Specifically, it looks like we're getting 500s now from
>> https://auth.peeringdb.com/oauth2/token/
>>
>> We do a POST to that endpoint with the following:
>>
>> redirect_uri: "https://net.cloudflareaccess.com/cdn-cgi/access/callback"
>> code: ...
>> grant_type: 'authorization_code'
>> client_id: ...
>> client_secret: ...
>>
>> We're not too sure what changed, given this used to work, and we haven't touched anything on our end.
>>
>> Does anyone have any idea what could be going on? Or, ideally, someone who can look at the backend and tell us what's dying?
>>
>> Any and all insights appreciated
>>
>> --
>> Tom Strickx
>> Principal Network Engineer
>> AS13335 - Cloudflare
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.peeringdb.com/pipermail/pdb-tech/attachments/20260302/0c0f3281/attachment.htm>

From grizz at 20c.com  Fri Mar  6 02:32:42 2026
From: grizz at 20c.com (Matt Griswold)
Date: Thu, 5 Mar 2026 20:32:42 -0600
Subject: [PDB Tech] OAUTH OIDC provider issues
In-Reply-To: <CAC93g0RO2NPS+VNF2izBkTL08NjQjUfsLZznBRja05S_6n7P-w@mail.gmail.com>
References: <CAC93g0QeyV-NFDuKOSgf6-=wNxYyeg5veMkGemajtF8B1T23hw@mail.gmail.com>
 <CAC93g0QpB-RH9OKX-UT3q26kWxVwnBbF_cTGnOSGiFzhrR0juQ@mail.gmail.com>
 <CAC93g0RO2NPS+VNF2izBkTL08NjQjUfsLZznBRja05S_6n7P-w@mail.gmail.com>
Message-ID: <aao8yi3mvRIMGde3@bone>

Hey all,

Just found this thread in my spam, so I wanted to follow up for the
record and say I had Tom report this via a different method as well, and
we fixed with 2.76.3. Also was reported as #1910 [0]

[0] https://github.com/peeringdb/peeringdb/issues/1910

Sorry for the bug and thanks for letting us know.

Cheers,

On Mon, Mar 02, 2026 at 04:12:51PM +0000, Tom Strickx wrote:
> It would appear the issue is the request for the openid scope.
> 
> Guess we'll see if we can work around it.
> -- 
> Tom Strickx
> Principal Network Engineer
> AS13335 - Cloudflare
> 
> 
> On Mon, Mar 2, 2026 at 3:30?PM Tom Strickx <tstrickx at cloudflare.com> wrote:
> 
> > To follow up on this:
> > If we move the client_id+client_secret into the Authorization header, we
> > seem to bypass the 500, but now end up with:
> > {"body":{"meta":{"error":"Invalid username or password"}}}}
> >
> > This also seems suboptimal, especially since I know the credentials used
> > are correct.
> > --
> > Tom Strickx
> > Principal Network Engineer
> > AS13335 - Cloudflare
> >
> >
> > On Mon, Mar 2, 2026 at 2:33?PM Tom Strickx <tstrickx at cloudflare.com>
> > wrote:
> >
> >> Hey,
> >>
> >> Since the upgrade, our (peering.cloudflare.com) PeeringDB integration
> >> broke.
> >> Specifically, it looks like we're getting 500s now from
> >> https://auth.peeringdb.com/oauth2/token/
> >>
> >> We do a POST to that endpoint with the following:
> >>
> >> redirect_uri: "https://net.cloudflareaccess.com/cdn-cgi/access/callback"
> >> code: ...
> >> grant_type: 'authorization_code'
> >> client_id: ...
> >> client_secret: ...
> >>
> >> We're not too sure what changed, given this used to work, and we haven't touched anything on our end.
> >>
> >> Does anyone have any idea what could be going on? Or, ideally, someone who can look at the backend and tell us what's dying?
> >>
> >> Any and all insights appreciated
> >>
> >> --
> >> Tom Strickx
> >> Principal Network Engineer
> >> AS13335 - Cloudflare
> >>
> >

> _______________________________________________
> Pdb-tech mailing list
> Pdb-tech at lists.peeringdb.com
> https://lists.peeringdb.com/cgi-bin/mailman/listinfo/pdb-tech