search

Inklings-io / selfauth

self-hosted auth_endpoint using simple login mechanism
Creative Commons Zero v1.0 Universal
81 stars 15 forks source link

invalid "client_id" field when loggin in with selfauth #49

Closed lafleurdeboum closed 4 years ago

lafleurdeboum commented 4 years ago

Hello ; I'm experimenting with indieauth and trying to get this to work. I followed the README instructions to setup my personal domain, www.lafleur.marsnet.org , in www.lafleur.marsnet.org/auth . If I try to login at https://indielogin.com/ using URL https://www.lafleur.marsnet.org, the page is redirected to my domain as expected, and then I get an error saying the "client_id" field is invalid. The erroring URL is

http://www.lafleur.marsnet.org/auth/?me=https%253A%252F%252Fwww.lafleur.marsnet.org%252F&redirect_uri=https%253A%252F%252Findielogin.com%252Fredirect%252Findieauth&client_id=https%253A%252F%252Findielogin.com%252F&state=3a1d436510f7b8ebcaf56809&response_type=id

I just don't get it. I'm not even sure that I setup selfauth the right way. Any help would be welcome.

Zegnat commented 4 years ago

That URL looks wrong, it looks like it is double encoded. You can see this directly in your value for me. It starts with https%253A%252F%252Fwww and I would expect it to be either https://www (not-encoded) or https%3A%2F%2F (once encoded). The same problem seems to be in effect in the other parameters. As it stands, Selfauth is doing the "right" thing, because it is being presented with non-valid URLs.

Did IndieLogin send you straight to that or was there some sort of step/redirect happening in the middle?

lafleurdeboum commented 4 years ago

Oh that seems to be the problem, indeed ; I switched to a self-hosted site and re-created an URL ID with selfauth, and it now works fine.

Thank you very much for the quick and efficient insight !

Le samedi 24 octobre 2020 à 08:47 -0700, Martijn van der Ven a écrit :

That URL looks wrong, it looks like it is double encoded. You can see this directly in your value for me. It starts with https%253A%252F%252Fwww and I would expect it to be either https://www (not-encoded) or https%3A%2F%2F (once encoded). The same problem seems to be in effect in the other parameters. As it stands, Selfauth is doing the "right" thing, because it is being presented with non-valid URLs. Did IndieLogin send you straight to that or was there some sort of step/redirect happening in the middle? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.