search

anvilresearch / connect-cli

CLI for Anvil Connect
MIT License
3 stars 11 forks source link

Validation error when registering a new client #77

Open simonrenoult opened 8 years ago

simonrenoult commented 8 years ago

Hi there,

We're trying to automate the initialization of our AnvilConnect setup thus using the CLI quite intensively but have stumbled upon a few problems.

This is the code of the client we're trying to register:

nvl client:register \
  --trusted \
  --name "CMS" \
  --uri https://cms-test/app \
  --logo-uri http://toto.com \
  --application-type web \
  --response-type "id_token token" \
  --grant-type implicit \
  --default-max-age 3600 \
  --redirect-uri "https://cms-test/app/" \
  --redirect-uri "http://localhost:8082/app/" \
  --post-logout-redirect-uri "https://cms-test/app" \
  --post-logout-redirect-uri "http://localhost:8082/app"

This lead to a Validation Error. Since the error is not detailed, we logged the error in the connect-cli Clients API and this is the result:

{
  "valid": false,
  "errors": {
    "redirect_uris": {
      "attribute": "conform",
      "property": "redirect_uris",
      "actual": ["https://cms-test/app/","http://localhost:8082/app/"],
      "message": "Must follow guidelines in OpenID Connect Registration 1.0 specification for client metadata"
    }
  },
  "name": "ValidationError",
  "message": "Validation error.",
  "statusCode": 400
}

Nothing seems wrong to me but I might be missing something... Or is the CLI error message wrong?

Since the CLI was failing, we asked the API using POST /v1/clients with the data and the correct access token:

{
  "trusted": true,
  "client_name": "CMS",
  "client_uri": "https://cms-test/app",
  "logo_uri": "http://toto.com",
  "application_type": "web",
  "response_types": ["id_token token"],
  "grant_types": ["implicit"],
  "default_max_age": 3600,
  "redirect_uris": ["https://cms-test/app/", "http://localhost:8082/app/"],
  "post_logout_redirect_uris": ["https://cms-test/app","http://localhost:8082/app"]
}

But still got a Validation error.

Any idea or suggestion?

christiansmith commented 8 years ago

This is discussed as part of another issue, but I can't recall which. There is a bug with the flags that deal with array properties. In addition to fixing that, I think we need to add a --json flag so you can just pass in whatever you want.

simonrenoult commented 8 years ago

I guess it's related to #75, #70, #52 and #55

christiansmith commented 8 years ago

Thanks for looking those up.

JonathanLifschutz commented 8 years ago

Hi @simonrenoult I suspect that the problem is with this redirect uri: http://localhost:8082/app/. Anvil's client validation ensures that no redirect uris can have a hostname of 'localhost' or a protocol of 'http' for the implicit grant type if the server is in production mode.