Open bnewbold opened 1 month ago
Hi!
I'm performing some tests from "localhost", using this "client_id": https://bluesky.scienceontheweb.net/oauth/client-metadata.jsony. The content is as follows:
{
"client_id": "https://bluesky.scienceontheweb.net/oauth/client-metadata.json",
"application_type": "web",
"client_name": "BlueSky OAuth2 Example",
"client_uri": "https://bluesky.scienceontheweb.net",
"dpop_bound_access_tokens": true,
"grant_types": [
"authorization_code",
"refresh_token"
],
"redirect_uris": [
"https://bluesky.scienceontheweb.net/oauth/callback.php"
],
"response_types": [
"code"
],
"scope": "atproto transition:generic",
"token_endpoint_auth_method": "none"
}
I'm following the specs here and here.
These are the headers:
{
"Host": "bsky.social",
"Accept": "*/*",
"Content-Type": "application/x-www-form-urlencoded"
}
and this the request body:
{
"login_hint": "did:plc:yhtmtr4drtu3rsgauj3etua6",
"redirect_uri": "https://bluesky.scienceontheweb.net/oauth/callback.php",
"state": "af8c1d17-1884-4518-b2f3-d580d621da4b",
"code_challenge_method": "S256",
"client_id": "https://bluesky.scienceontheweb.net/oauth/client-metadata.json",
"response_type": "code",
"scope": "atproto",
"code_challenge": "Webc9WAz-mMgRm2IyNJMu0PHWvDDdSdcydjjHpY-izo"
}
Then, I perform a POST application/x-www-form-urlencoded
call to PAR Endpoint: https://bsky.social/oauth/par and the server's response is: 400:
{
"error": "invalid_client_metadata",
"error_description": "Invalid client configuration"
}
Can somebody tell me what is wrong with the configuration file, please?
Many thanks in advance. ;^)
Hey @PIPOGit, it looks like the SSL certificate on your domain might be the issue here:
I will look into getting better feedback in that particular case.
Oh, ok!
That should be the issue.
It's a "virtual domain" in AwardSpace, so don't look any further... Unless You accept this "fuzzy" certs. 😉
Thanks!
This PR will return more comprehensible error messages including in this particular case.
We mostly have good error messages for client-metadata fetch problems, but I think there are a couple paths that result in a generic "Invalid client configuration" message, which is hard for client devs to debug.
Some specific cases I suspect (not confirmed) result in this error:
IIRC, there is also a situation where we wrap other errors with the specific client-metadata error, and that doesn't result in a specific message (?).