search

ory / hydra

The most scalable and customizable OpenID Certified™ OpenID Connect and OAuth Provider on the market. Become an OpenID Connect and OAuth2 Provider over night. Broad support for related RFCs. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
https://www.ory.sh/?utm_source=github&utm_medium=banner&utm_campaign=hydra
Apache License 2.0
15.5k stars 1.49k forks source link

docs: followed the installation guide and was unable to get a successful consent #623

Closed abusaidm closed 6 years ago

abusaidm commented 6 years ago

Hello,

I followed the installation guide https://ory.gitbooks.io/hydra/content/install.html#perform-oauth-20-flow and was unable to get a successful run.

The issue seems to come from consent app saying Unhandled rejection Error: Bad Request and From hydra level=error msg="An error occurred" error="The client is not allowed to request scope hydra.consent: The requested scope is invalid, unknown, or malformed"

i have also noticed different versions in the guide so on my last attempt I used the version v0.10.0-alpha.8 for:

  1. hydra migration
  2. hydra cli
  3. hydra server

I noticed that this gave me an extra migration that was not available in the v0.9.x so I thought this might have been a mistake in the guide.

I will try to diagnose the issue further to see where the complain is from and dig deeper.

Thank you.

aeneasr commented 6 years ago

Hey, I found the error, it's a typo here:

$ hydra clients create --skip-tls-verify \
  --id consent-app \
  --secret consent-secret \
  --name "Consent App Client" \
  --grant-types client_credentials \
  --response-types token \
  --allowed-scopes hydra.consent*

specifically

  --allowed-scopes hydra.consent*

that line should read

  --allowed-scopes hydra.consent
abusaidm commented 6 years ago

Hey, I got it working thank you. This turned out to be one part of the problem, the other part is in the the consent app demo https://github.com/ory/hydra-consent-app-express/blob/master/routes/index.js. I changed the following: const scope = 'hydra.consent hydra.consent.*' to const scope = 'hydra.consent'

and this removed the follwing error:

level=error msg="An error occurred" error="The client is not allowed to request scope hydra.consent.*: The requested scope is invalid, unknown, or malformed"

It seems there are many breaking changes in the new 0.10 and you stated in the change log that I think it warrants a re-write of the installation guide to better explain the concepts.

aeneasr commented 6 years ago

Oh yes absolutely! Would you mind updating that in the consent app as well? Thank you so much for this, you are helping a lot of people!

abusaidm commented 6 years ago

no problem.

I wanted to find out where hydra stores its core scopes as I didn't find them in the database, and if I could pick your brains a little to better understand the system when I have question, I would like to write a documentation detailing this and we could publish it if you wanted.

aeneasr commented 6 years ago

The scopes are stored in this SQL column - and I always welcome docs! :)

abusaidm commented 6 years ago

I mean, how does hydra know about hydra.consent ?

aeneasr commented 6 years ago

They are defined in the http handlers, for example here or here.

aeneasr commented 6 years ago

I hope all your questions are answered and thus closing this issue. If questions remain feel free to come back here.