Can't demo

[ghstahl]

Windows 11 docker

fails on the first step;

docker compose up -d --build

MariaDB is up. uyulala is complaining about an /etc/uyulala

2024-05-06 08:36:32 {"time":"2024-05-06T15:36:32.140838706Z","level":"ERROR","msg":"Unable to read configuration","error":"Config File \"uyulala\" Not Found in \"[/ /etc/uyulala]\""}
2024-05-06 08:36:32 {"time":"2024-05-06T15:36:32.140994314Z","level":"INFO","msg":"Waiting for database to be ready"}
2024-05-06 08:37:32 {"time":"2024-05-06T15:37:32.136624505Z","level":"ERROR","msg":"Database did not become available within 60 seconds","error":"timeout"}
2024-05-06 08:38:05 {"time":"2024-05-06T15:38:05.855489471Z","level":"ERROR","msg":"Unable to read configuration","error":"Config File \"uyulala\" Not Found in \"[/ /etc/uyulala]\""}
2024-05-06 08:38:05 {"time":"2024-05-06T15:38:05.855603671Z","level":"INFO","msg":"Waiting for database to be ready"}
2024-05-06 08:39:05 {"time":"2024-05-06T15:39:05.853418288Z","level":"ERROR","msg":"Database did not become available within 60 seconds","error":"timeout"}

The yaml file is mounted.

[Daedaluz]

Curious why there is a directory named "uyulala.yml". Should only be the file.

Should be noted that i mainly use linux and haven't really tested this on windows.

[Daedaluz]

One idea though, is that i utilize ${PWD} in docker compose. perhaps windows enviroments doesn't like this?

[Daedaluz]

I changed the docker compose files to use relative paths instead. Mind try this version?

[ghstahl]

getting further.

docker compose up -d --build

2024-05-07 06:17:06 {"time":"2024-05-07T13:17:06.562158031Z","level":"INFO","msg":"Waiting for database to be ready"}
2024-05-07 06:17:17 {"time":"2024-05-07T13:17:17.573245483Z","level":"INFO","msg":"Database is ready"}
2024-05-07 06:17:17 {"time":"2024-05-07T13:17:17.573281984Z","level":"INFO","msg":"Migrating database"}
2024-05-07 06:17:17 {"time":"2024-05-07T13:17:17.882611897Z","level":"INFO","msg":"Database migrated"}
2024-05-07 06:17:17 {"time":"2024-05-07T13:17:17.882681499Z","level":"INFO","msg":"Populating fido alliance metadata..."}
2024-05-07 06:17:19 {"time":"2024-05-07T13:17:19.415016556Z","level":"INFO","msg":"Populated!"}
2024-05-07 06:17:19 {"time":"2024-05-07T13:17:19.41541147Z","level":"INFO","msg":"Starting server"}
2024-05-07 06:17:19 {"time":"2024-05-07T13:17:19.415464772Z","level":"INFO","msg":"Server started","addr":":8080"}

docker exec -ti uyulala uyulala create key

{"time":"2024-05-07T13:23:06.180469749Z","level":"INFO","msg":"Mysql","dsn":"root:root@tcp(mariadb:3306)/uyulala?charset=utf8mb4&parseTime=True&multiStatements=true"}
{"time":"2024-05-07T13:23:06.363682704Z","level":"INFO","msg":"Key created","kid":"A1D7CDFD787B7CBC"}

What's next?
  Try Docker Debug for seamless, persistent debugging tools in any container or image → docker debug uyulala
  Learn more at https://docs.docker.com/go/debug-cli/

docker exec -ti uyulala uyulala create app --demo demo

{"time":"2024-05-07T13:23:49.974787422Z","level":"INFO","msg":"Mysql","dsn":"root:root@tcp(mariadb:3306)/uyulala?charset=utf8mb4&parseTime=True&multiStatements=true"}
{"time":"2024-05-07T13:23:49.985828104Z","level":"INFO","msg":"Created app","appId":"demo","appSecret":"demo"}

What's next?
  Try Docker Debug for seamless, persistent debugging tools in any container or image → docker debug uyulala
  Learn more at https://docs.docker.com/go/debug-cli/

[ghstahl]

I have a problem with Bitwarden, which is my password manager when doing a registration and login ceremony. In your example, bitwarden doesn't come up, only the windows security one does. I have an example with bitwarden comes up during registration, but not during login. When I cancel the bitwarden one during registration the windows security one pops up as the next in line.

When I use the hanko.io login bitwarden does popup for registration and login.

Maybe we are using the wrong apis in the browser?

[Daedaluz]

I'll do some tests and come back to you. I also use bitwarden, although not as much with passkeys as i use a yubikey for them.

But i do remember bitwarden asking me to create a passkey my hosted authenticator.

[Daedaluz]

So, I think I found the issue; Apparently, neither keepassxc or bitwarden pop up unless the site is "secure" - served over https, not even on localhost.

I redid the demo with self-signed certs, if you are willing to try again. Could be good to start from scratch for you, since the demo app has to be created with https redirect urls, which wasn't done before.

docker compose down
docker compose up -d --build
docker exec -ti uyulala uyulala create key
docker exec -ti uyulala uyulala create app --demo demo

[ghstahl]

I was using NGROK which is https and had it forward to my localhost. I set my RPID and orgin to that ngrok https://blah url.
I was getting the same result.

Let me give yours another go.

That worked going to https://localhost/demo Bitwarden came up for both registration and login.

[Daedaluz]

Good to hear!

Does forwarding from NGROK do any origin / host alterations between browser and upstream perhaps?

Just guessing here.

[ghstahl]

Of all the things to make my stuff fail.

I am no javascript guy, so I got some bad code off of github.
this little snippet got me.

const base64 = base64URL.replace(/\-/g, "+").replace(/\_/g, "/");

NGROK wasn't the issue, it was my bufferDecode function.
That is why sometimes bitwarden popped up.

BAD

function bufferDecode(base64URL) {
  const base64 = base64URL.replace(/\-/g, "+").replace(/\_/g, "/");
  return Uint8Array.from(atob(base64), (c) => c.charCodeAt(0));
}

function bufferEncode(value) {
  return btoa(String.fromCharCode.apply(null, new Uint8Array(value)))
    .replace(/\+/g, "-")
    .replace(/\//g, "_")
    .replace(/=/g, "");
}

GOOD

// Base64 to ArrayBuffer
function bufferDecode(value) {
  value = value.replace(/-/g, "+").replace(/_/g, "/");
  return Uint8Array.from(atob(value), (c) => c.charCodeAt(0));
}

// ArrayBuffer to URLBase64
function bufferEncode(value) {
  return btoa(String.fromCharCode.apply(null, new Uint8Array(value)))
    .replace(/\+/g, "-")
    .replace(/\//g, "_")
    .replace(/=/g, "");
}

[Daedaluz]

Yeah... I got tired of the one-liners and quirks; https://github.com/Daedaluz/basejs

[ghstahl]

I spoke to soon, still have the issue when running my stuff in docker with traefik.
Was working consistently locally using ngrok but back to bitwarden coming up during registration and NOT during the login.

I am going to use your basejs

I have a custom OIDC Identity app that was written to fullfill the user experience that a github enterprise user goes through.
Mainly what happens when a user is challenged when trying to go to an orgs private resources.

I am exploring offloading the passkey stuff to a sidecar.

[Daedaluz]

I tried your provider, but i'm stuck at the fact that there is no user and sign-up doesn't seem to work (no errors at least).

any username and password will work

but entering "test@localhost" gives me The username test@localhost was not found.

there was another tls error. rebuild container and now it works.

However, I seem to be unable to register a passkey. Finalize fails with 403

[Daedaluz]

I managed to get it working reliably with bitwarden and traefik. Not sure what the 403 was about though.

[Daedaluz]

Can we close this? =)