search

eu-digital-identity-wallet / eudi-srv-web-issuing-eudiw-py

APIs and code of the eudiw provider backend PID, mDL and EAA issuer following OID4VCI
Apache License 2.0
5 stars 6 forks source link

Authorization error: KeyError: 'eu.europa.ec.eudi.pid.1 openid' #28

Closed ionutciobanuCS closed 1 week ago

ionutciobanuCS commented 1 week ago

We are testing the server connected to the Android application, and when issuing a PID, after some screens (I have determined from the API docs it is the Authorization part) we get the following error:

2024-06-28 08:40:53,447 app.app INFO At the "authorization" endpoint
2024-06-28 08:40:53,447 app.app INFO http_info: {'headers': {'host': '172.30.8.188:14430', 'accept-encoding': 'gzip, deflate', 'accept': '*/*', 'connection': 'keep-alive'}, 'method': 'GET', 'url': 'https://172.30.8.188:14430/oidc/authorization?redirect_uri=eu.europa.ec.euidi://authorization&response_type=code&scope=eu.europa.ec.eudi.pid.1%20openid&client_id=wallet-dev&request_uri=urn:uuid:489cf495-94d2-4f9c-8d6f-430aab3398e3', 'cookie': []}
2024-06-28 08:40:53,448 idpyoidc.server.endpoint DEBUG - authorization_endpoint -
2024-06-28 08:40:53,448 idpyoidc.server.endpoint INFO Request: {'redirect_uri': 'eu.europa.ec.euidi://authorization', 'response_type': 'code', 'scope': 'eu.europa.ec.eudi.pid.1 openid', 'client_id': 'wallet-dev', 'request_uri': 'urn:uuid:489cf495-94d2-4f9c-8d6f-430aab3398e3'}
2024-06-28 08:40:53,448 idpyoidc.server.client_authn INFO Verifying client authentication using public
2024-06-28 08:40:53,448 idpyoidc.server.endpoint DEBUG authn_info: {'client_id': 'wallet-dev', 'method': 'public'}
2024-06-28 08:40:53,449 idpyoidc.server.endpoint INFO Parsed and verified request: {'redirect_uri': 'eu.europa.ec.euidi://authorization', 'response_type': 'code', 'scope': 'eu.europa.ec.eudi.pid.1 openid', 'client_id': 'wallet-dev', 'request_uri': 'urn:uuid:489cf495-94d2-4f9c-8d6f-430aab3398e3'}
2024-06-28 08:40:53,449 app.app INFO request: {'client_id': 'wallet-dev', 'response_type': 'code', 'redirect_uri': 'eu.europa.ec.euidi://authorization', 'scope': 'eu.europa.ec.eudi.pid.1 openid', 'state': 'Fzj18ZpladAK2DSheul8oIu35AU-cirM0FSK61RI3gU', 'code_challenge': 'yPNGuaQ9zYm8LGM5QQSq-acw-FPQqjbfRxYqQ2K7q5w', 'code_challenge_method': 'S256'}
2024-06-28 08:40:53,450 idpyoidc.server.oauth2.authorization DEBUG Max age: 0
2024-06-28 08:40:53,450 idpyoidc.server.user_authn.user DEBUG Value cookies: {}
2024-06-28 08:40:53,450 idpyoidc.server.user_authn.user INFO Failed to find session based on cookie
2024-06-28 08:40:53,450 idpyoidc.server.oauth2.authorization INFO No active authentication
2024-06-28 08:40:53,450 idpyoidc.server.user_authn.user INFO User Authorization Args:
2024-06-28 08:40:53,451 cryptojwt.jwx DEBUG Picking key by key type=RSA
2024-06-28 08:40:53,451 cryptojwt.jwx DEBUG Picking key based on alg=RS256, kid=None and use=sig
2024-06-28 08:40:53,451 cryptojwt.jwx DEBUG Picked: kid:andTMHFPNUxuZVh2MHV2MmwtcWZQdGpmSWhHTE9idGx0akJGbFlfaVZHOA, use:sig, kty:RSA
2024-06-28 08:40:53,451 root DEBUG (pack) JWT header: {'alg': 'RS256', 'kid': 'andTMHFPNUxuZVh2MHV2MmwtcWZQdGpmSWhHTE9idGx0akJGbFlfaVZHOA'}
2024-06-28 08:40:53,456 cryptojwt.jws.jws DEBUG Signed message using key with kid=andTMHFPNUxuZVh2MHV2MmwtcWZQdGpmSWhHTE9idGx0akJGbFlfaVZHOA
2024-06-28 08:40:53,457 idpyoidc.server.oauth2.authorization ERROR 'eu.europa.ec.eudi.pid.1 openid'
Traceback (most recent call last):
  File ".../app/.venv/lib/python3.10/site-packages/idpyoidc/server/oauth2/authorization.py", line 1148, in process_request
    "http_response": _function(**info["args"]),
  File ".../app/.venv/lib/python3.10/site-packages/idpyoidc/server/user_authn/user.py", line 390, in __call__
    url = cfgoidc.country_redirect[scope_value]
KeyError: 'eu.europa.ec.eudi.pid.1 openid'
2024-06-28 08:40:53,458 app.app INFO Response args: {'http_response': "Internal error: 'eu.europa.ec.eudi.pid.1 openid'"}

After this, some redirects and further errors:

2024-06-28 08:40:53,459 werkzeug INFO 172.30.8.188 - - [28/Jun/2024 08:40:53] "GET /oidc/authorization?redirect_uri=eu.europa.ec.euidi://authorization&response_type=code&scope=eu.europa.ec.eudi.pid.1%20openid&client_id=wallet-dev&request_uri=urn:uuid:489cf495-94d2-4f9c-8d6f-430aab3398e3 HTTP/1.1" 200 -
2024-06-28 08:40:53,471 urllib3.connectionpool DEBUG https://172.30.8.188:14430 "GET /oidc/authorization?redirect_uri=eu.europa.ec.euidi://authorization&response_type=code&scope=eu.europa.ec.eudi.pid.1%20openid&client_id=wallet-dev&request_uri=urn:uuid:489cf495-94d2-4f9c-8d6f-430aab3398e3 HTTP/11" 200 48
2024-06-28 08:40:53,472 info ERROR - WARN - Error 500
Traceback (most recent call last):
  File ".../app/.venv/lib/python3.10/site-packages/requests/models.py", line 974, in json
    return complexjson.loads(self.text, **kwargs)
  File "/usr/lib/python3.10/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.10/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.10/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File ".../app/.venv/lib/python3.10/site-packages/flask/app.py", line 1484, in full_dispatch_request
    rv = self.dispatch_request()
  File ".../app/.venv/lib/python3.10/site-packages/flask/app.py", line 1469, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File ".../app/route_oidc.py", line 323, in authorizationV3
    params = {"token": response.json()["token"]}
  File ".../app/.venv/lib/python3.10/site-packages/requests/models.py", line 978, in json
    raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
2024-06-28 08:40:53,493 werkzeug INFO 172.29.45.16 - - [28/Jun/2024 08:40:53] "GET /oidc/authorizationV3?client_id=wallet-dev&state=Fzj18ZpladAK2DSheul8oIu35AU-cirM0FSK61RI3gU&request_uri=urn:uuid:489cf495-94d2-4f9c-8d6f-430aab3398e3 HTTP/1.1" 500 -

We have kept everything as it is, we only modified the IP of the issuer in the Android application. I do not know if it's an error or a different key should be obtained for testing purposes.

ionutciobanuCS commented 1 week ago

It was an issue caused by using the wrong version of the Android application. I noticed the mismatch in the scope.

Can be closed.

pinamiranda commented 1 week ago

Comment closed as the issue has been addressed. If further feedback is needed, the comment can be reopened.