search

inrupt / solid-client-js

Library for accessing data and managing permissions on data stored in a Solid Pod
https://docs.inrupt.com/developer-tools/javascript/client-libraries/
MIT License
231 stars 37 forks source link

ClientAuthentication login error #1855

Closed qertis closed 1 year ago

qertis commented 1 year ago

Bug description

Cannot login. HTTP 500 error.

To Reproduce

  1. Install docker compose community server and nodejs web-dev server

    version: "3.8"
services:

fuseki:
image: secoresearch/fuseki:4.7.0
container_name: 'fuseki'
ports:
  - '3030:3030'
volumes:
  - fuseki-data:/fuseki-base
environment:
  - ENABLE_UPDATE=true
  - ADMIN_PASSWORD=pw123

solid:
image: solidproject/community-server
platform: linux/amd64
container_name: 'solid'
depends_on:
  - fuseki
environment:
  - CSS_LOGGING_LEVEL=debug
  - CSS_CONFIG=@css:config/sparql-endpoint-no-setup.json
  - CSS_SPARQL_ENDPOINT=http://fuseki:3030/ds
ports:
  - '3000:3000'

redis:
container_name: redis
image: redis:7.0.7
ports:
  - '6379:6379'
command: ["redis-server", "--bind", "redis", "--port", "6379", "--maxmemory-policy", "noeviction"]

web-dev:
container_name: web-dev
restart: always
build: ./web
depends_on:
  - redis
ports:
  - '9000:9000'
expose:
  - "9000"
command: ["npm", "start"]
environment:
  - REDIS_HOST=redis
  - JENA_URL=fuseki
stdin_open: true
tty: true

web-dev server.js

const express = require('express');
const app = express();
const {
    getSessionFromStorage,
    getSessionIdFromStorageAll,
    Session
} = require("@inrupt/solid-client-authn-node");

app.get("/login", async (req, res, next) => {
  const session = new Session();
  req.session.sessionId = session.info.sessionId;
  const redirectToSolidIdentityProvider = (url) => {
    res.redirect(url);
  };
  await session.login({
    redirectUrl: 'http://web-dev:9000/redirect-from-solid-idp',
    oidcIssuer: "http://solid:3000/",
    clientName: "Demo app",
    handleRedirect: redirectToSolidIdentityProvider,
  });
});

app.listen(9000, () => {});
  1. Register new user "yyy": http://localhost:3000/idp/register/

You look data like this:

{
    "webId": "http://localhost:3000/yyy/profile/card#me",
    "email": "yyy@yyy.yyy",
    "oidcIssuer": "http://localhost:3000/",
    "podBaseUrl": "http://localhost:3000/yyy/",
    "createWebId": true,
    "register": true,
    "createPod": true,
    "controls": {
        "register": "http://localhost:3000/idp/register/",
        "index": "http://localhost:3000/idp/",
        "prompt": "http://localhost:3000/idp/prompt/",
        "login": "http://localhost:3000/idp/login/",
        "forgotPassword": "http://localhost:3000/idp/forgotpassword/",
        "credentials": "http://localhost:3000/idp/credentials/"
    },
    "apiVersion": "0.4"
}
  1. Locate web-dev server http://localhost:9000/login

Expected result

session.login function is ok.

Actual result

OPError: expected 200 OK, got: 500 Internal Server Error
    at processResponse (/usr/src/app/node_modules/openid-client/lib/helpers/process_response.js:41:11)
    at Issuer.discover (/usr/src/app/node_modules/openid-client/lib/issuer.js:179:18)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async IssuerConfigFetcher.fetchConfig (/usr/src/app/node_modules/@inrupt/solid-client-authn-node/dist/login/oidc/IssuerConfigFetcher.js:72:28)
    at async OidcLoginHandler.handle (/usr/src/app/node_modules/@inrupt/solid-client-authn-node/dist/login/oidc/OidcLoginHandler.js:22:30)
    at async ClientAuthentication.login (/usr/src/app/node_modules/@inrupt/solid-client-authn-node/dist/ClientAuthentication.js:13:33)
    at async Session.login (/usr/src/app/node_modules/@inrupt/solid-client-authn-node/dist/Session.js:16:31)
    at async /usr/src/app/server.js:205:3

Environment

  System:
    OS: macOS 13.2
    CPU: (8) arm64 Apple M1
    Memory: 64.64 MB / 16.00 GB
    Shell: 5.8.1 - /bin/zsh
  Binaries:
    Node: 18.12.1 - /usr/local/bin/node
    npm: 8.19.2 - /usr/local/bin/npm
  Browsers:
    Safari: 16.3
  npmPackages:
    @inrupt/solid-client: 1.25.0 => 1.25.0 
    @inrupt/solid-client-authn-node: 1.13.0 => 1.13.0 
    @inrupt/vocab-common-rdf: 1.0.5 => 1.0.5 
    connect-redis: 6.1.3 => 6.1.3 
    express: 4.18.2 => 4.18.2 
    express-session: 1.17.3 => 1.17.3 
    ioredis: 5.2.4 => 5.2.4 
  npmGlobalPackages:
    corepack: 0.14.2
    npm: 8.19.2
ThisIsMissEm commented 1 year ago

I do note two things straight away:

1) Your URLs do not match, in the login you're using oidcIssuer: "http://solid:3000/" with a redirectUrl (application URL) of "http://web-app:9000/" — these strings need to be exact values as advertised in the /.well-known/openid-configuration of your solid server.

2) The error seems to come from when the SDK attempts to fetch the issuer metadata, you can test this by visiting: http://localhost:3000/.well-known/openid-configuration (or for the code above, http://solid:3000/.well-known/openid-configuration). That is, we attempted to feature the information from your solid server about it's OIDC configuration, but your server gave a 500 error, when we expected a 200.

Best bet is to check the server logs of your CSS installation.

Another debugging option is to add additional logging into /usr/src/app/node_modules/openid-client/lib/helpers/process_response.js:41:11 to check what response your OIDC server (CSS) actually returned.

qertis commented 1 year ago

Thanks. Moved issue to https://github.com/CommunitySolidServer/CommunitySolidServer/issues/1562