Auth doesn't seem to be working properly in cloud

[GuyShane]

• EdgeDB Version: 6.4+34508d3
• EdgeDB CLI Version: Gel CLI 7.1.1+45ade47
• OS Version: Ubuntu 24.04.2

I'm having some trouble getting auth working in my cloud instance, even though everything is working as expected in dev. I've tried using the builtin auth as well as setting up my own UI and they give the same results. Here are some of the issues I'm having:

• Attempting to sign up using a magic link to a new email gives a 500 error

{
  error: {
    message: '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)',
    type: 'InternalServerError'
  }
}

Although it does seem to create an EmailFactor in the database

• No emails are sent. I've tried with my SMTP provider and with the cloud SMTP and neither one have ever sent an email. I've checked my SMTP setup and it is working properly
• OAuth gives an error every once in a while. If I haven't used the site in some time, OAuth will throw a 500 error at first, and then if I try again it will work

{
  error: {
    message: 'Expecting value: line 1 column 1 (char 0)',
    type: 'InternalServerError'
  }
}

• I got the following error when trying to sign in using a magic link

{"error": {"message": "cannot access local variable 'email' where it is not associated with a value", "type": "InternalServerError"}}

Basically, magic link auth and SMTP don't seem to be working at all for me, and OAuth sometimes fails. And these errors seem to be happening in the Gel Cloud side. They never reach my app and there's nothing I can do to mitigate / handle them.

Any help would be greatly appreciated!

[scotttrinh]

Hey, sorry I missed this earlier! I'll take a look and see if it's easy to reproduce: are you using a pro or free instance in this case? How are you implementing the server side? Can you provide a sample of the code and payload that you're sending to help reproduce this?

In the meantime, I have a minimal setup that I can point at a Cloud instance myself to see if I can hit these errors myself just based on your description so far.

[GuyShane]

All good, thanks so much for looking into this!

• I'm on a free instance. I just got started trying out Gel Cloud
• It's a SvelteKit app deployed to Netlify
• I get the same results using the builtin auth UI or implementing my own, but I can definitely share some samples of what I've tried

Here's a basic example of some test auth requests I've tried sending

import crypto from 'crypto';

export const load = async () => {
	console.log('loading');
	const info = generatePKCE();
	await sendMagicLink(info.challenge);
	await oauth(info.challenge);
};

function generatePKCE() {
	const verifier = crypto.randomBytes(32).toString('base64');
	const challenge = crypto.createHash('sha256').update(verifier).digest('base64url');

	return { verifier, challenge };
}

async function sendMagicLink(challenge: string) {
	const email = '<new email>';
	const provider = 'builtin::local_magic_link';
	const callback_url = '<site url>';
	const redirect_on_failure = callback_url;
	const gelURL = '<db url>/ext/auth/magic-link/register';
	const resp = await fetch(gelURL, {
		method: 'POST',
		headers: {
			accept: 'application/json',
			'content-type': 'application/json'
		},
		body: JSON.stringify({
			challenge,
			email,
			provider,
			callback_url,
			redirect_on_failure
		})
	});
	console.log(resp);
	const json = await resp.json();
	console.log(json);
}

async function oauth(challenge: string) {
	const q = new URLSearchParams({
		provider: 'builtin::oauth_google',
		challenge,
		redirect_to: '<site url>',
		redirect_to_on_signup: '<site url>'
	});
	const gelURL = '<db url>/ext/auth/authorize?' + q;
	const resp = await fetch(gelURL);
	console.log(resp);
	if (resp.status === 500) {
		console.log(await resp.json());
	}
}

[GuyShane]

I realized it could be helpful to have a link to the project :p Here's this github and the app page
https://github.com/thetinkerinc/squid
https://squid.thetinkerinc.com/