Possible bug: Authorization: DPoP undefined

[woutslabbinck]

I've installed the signed version of the extension, using Mozilla for Ubuntu (version 111.0.1).

Then I've tried to access https://data.knows.idlab.ugent.be/person/office/wiki/html/home , to which I have access with the following webID https://woslabbi.pod.knows.idlab.ugent.be/profile/card#me.

Sometimes it works, with the following HTTP request information:

GET /person/office/wiki/home HTTP/2
Host: data.knows.idlab.ugent.be
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
authorization: DPoP eyJhbGciOiJFUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6IkJUeUcwUlBfQU41ODN6aGFRbjBlaWlNMXRVV2t0enZoVVhFSW9DajMteFUifQ.eyJ3ZWJpZCI6Imh0dHBzOi8vd29zbGFiYmkucG9kLmtub3dzLmlkbGFiLnVnZW50LmJlL3Byb2ZpbGUvY2FyZCNtZSIsImp0aSI6InhPV3JGWnZXa0FsOVFMVG05dWtWZyIsInN1YiI6ImV4dGVuc2lvbi10b2tlbl9hNmNjZjllZS00OGIwLTQ5MTgtYjM3OC02ZWE4OGY0NTgxZDMiLCJpYXQiOjE2ODA3NzM3NTgsImV4cCI6MTY4MDc3NDM1OCwic2NvcGUiOiJ3ZWJpZCIsImNsaWVudF9pZCI6ImV4dGVuc2lvbi10b2tlbl9hNmNjZjllZS00OGIwLTQ5MTgtYjM3OC02ZWE4OGY0NTgxZDMiLCJpc3MiOiJodHRwczovL3dvc2xhYmJpLnBvZC5rbm93cy5pZGxhYi51Z2VudC5iZS8iLCJhdWQiOiJzb2xpZCIsImNuZiI6eyJqa3QiOiJVMno2V1hTb1pydjNYdGhpOWh2ZWpnZWY1R0U0U0hmbGFJbGE3TllhdWV3In19.DlTC6cV-uNkdzJGVA9aG7q6l2KRAddNkSyFArQ3iLwDHL4Ox5ZsownAgxWoDMInLZz-pSDb5nK5hHN_JwLIEkQ
dpop: eyJhbGciOiJFUzI1NiIsImp3ayI6eyJjcnYiOiJQLTI1NiIsImt0eSI6IkVDIiwieCI6IjNDMWNVM09YQ0tkd0tWVGQ3MFYxS3ZZTzA3b25iMkZDSU5YXzZia2tBcHciLCJ5IjoiaG9hT0ZvQ05xbndlajk3VGVKUjJIaENLY0doRTVfSGRWQ3BSNnQzMnhqMCIsImFsZyI6IkVTMjU2In0sInR5cCI6ImRwb3Arand0In0.eyJodHUiOiJodHRwczovL2RhdGEua25vd3MuaWRsYWIudWdlbnQuYmUvcGVyc29uL29mZmljZS93aWtpL2hvbWUiLCJodG0iOiJHRVQiLCJqdGkiOiJlZGI5YWVmMi0zNzdmLTRkY2YtYTlhMi0wYjYxMDdkZWQ1N2UiLCJpYXQiOjE2ODA3NzM3NTh9.JQjeLFZH1Cyeryft0mu4iys1rDxCwdyWCTn-r8KsfNhwu2IdSe7j1zIouVxUJp4a6TDTSZD_i88mDqYjH3-rTw
TE: trailers

But other times, it fails:

GET /person/office/wiki/html/home HTTP/2
Host: data.knows.idlab.ugent.be
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
authorization: DPoP undefined
dpop: eyJhbGciOiJFUzI1NiIsImp3ayI6eyJjcnYiOiJQLTI1NiIsImt0eSI6IkVDIiwieCI6ImRUS09sQTBjU0JLZnpkOHVSbUpBN0NzWHpObFNFZlltS2tka2R2TFVocVkiLCJ5IjoicXVrZWZfZjdmMlFaelRtb2xoaXVmSHk2SGthM29KVUx6LWEtWnZqajg0QSIsImFsZyI6IkVTMjU2In0sInR5cCI6ImRwb3Arand0In0.eyJodHUiOiJodHRwczovL2RhdGEua25vd3MuaWRsYWIudWdlbnQuYmUvcGVyc29uL29mZmljZS93aWtpL2h0bWwvaG9tZSIsImh0bSI6IkdFVCIsImp0aSI6ImYzMzhiNmYxLTE5MGEtNGNmNS1hM2Y1LTZmOTE4NDQ3NjI5OCIsImlhdCI6MTY4MDc3Mzk1NX0.nlyOvoZEquzZUTuq5dM0AfUcRch7B3wmy6q3O7N00zv-TgB6_HvqmbvUeBXPkgo0RL_DmJelJhmTyCiw9m960Q
If-None-Match: W/"1680771547000"
TE: trailers

The reason that it fails is because the authorization header is: authorization: DPoP undefined.

Is this issue due to the extension and if so, can it be fixed so this never happens on my machine?

[pheyvaer]

Can you be more specific in the steps that you take? For example,

1. Open resource in tab. The works
2. Refresh tab. That doesn't work.
3. Open new tab with same resource. That doesn't work.
4. Refresh newly opened tab. That works.

What version of CSS is connected to your WebID?

That way we can try to replicate the issue. Thanks!

[woutslabbinck]

Step 1: open https://data.knows.idlab.ugent.be/person/office/wiki/html/home. That works Step 2: open new tab with https://data.knows.idlab.ugent.be/person/office/wiki/html/home. I get a not Logged in Error.

CSS: version 5.1.0

[pheyvaer]

@woutslabbinck Could have a try with the branch feature/oidc-login and use the OIDC option for logging in instead of client credentials? All instructions on how to get this working is in the README.

[woutslabbinck]

Logging in with the OIDC option works perfectly on branch feature/oidc-login! I've executed the above workflow multiple times and had zero not authorized errors.