search

pstuifzand / micropub-android

Android client for sending micropub posts
GNU General Public License v3.0
15 stars 0 forks source link

Can't authenticate with commentpara.de: Missing element "scope" in authorization_endpoint response #14

Closed cweiske closed 6 years ago

cweiske commented 6 years ago

After #13 was fixed in commentpara.de, I have another issue.

I get an error:

04-23 18:20:50.507 12647 12647 E micropub: android.accounts.AuthenticatorException: Could not verify authorization: Missing element "scope" in authorization_endpoint response
04-23 18:20:50.507 12647 12647 E micropub:  at android.accounts.AccountManager.convertErrorToException(AccountManager.java:2245)
04-23 18:20:50.507 12647 12647 E micropub:  at android.accounts.AccountManager.-wrap0(AccountManager.java)
04-23 18:20:50.507 12647 12647 E micropub:  at android.accounts.AccountManager$AmsTask$Response.onError(AccountManager.java:2081)
04-23 18:20:50.507 12647 12647 E micropub:  at android.accounts.IAccountManagerResponse$Stub.onTransact(IAccountManagerResponse.java:69)
04-23 18:20:50.507 12647 12647 E micropub:  at android.os.Binder.execTransact(Binder.java:565)

It posts to https://commentpara.de/auth.php:

code=ZW1vamk9JTVDMzYwJTVDMjM3JTVDMjIyJTVDMjUxJm1lPWh0dHBzJTNBJTJGJTJGY29tbWVudHBhcmEuZGUlMkZ1c2VyJTJGMy5odG0mc2NvcGU9Y3JlYXRlK2VkaXQrdXBkYXRlK3Bvc3QrZGVsZXRlJnNpZ25hdHVyZT1GSVhNRQ%3D%3D
&redirect_uri=wrimini%3A%2F%2Foauth
&client_id=https%3A%2F%2Fstuifzand.eu%2Fmicropub

and gets in return:

{"me":"https:\/\/commentpara.de\/user\/3.htm"}

The spec says in "5.4 Authorization Code Verification"

If the request is valid, then the endpoint responds with a JSON [RFC7159] object containing one property, me, with the canonical user profile URL for the user who signed in.

aaronpk commented 6 years ago

It sounds like this app is trying to post to the authorization endpoint, but it should be posting to the token endpoint instead?

pstuifzand commented 6 years ago

I uploaded a new version that fixes this problem. Can you try it?

(Originally published at: https://p83.nl/p/599)

pstuifzand commented 6 years ago

I had found this problem as well. It was fixed in f9a13363c6219e480a2ee482788cc439c46998cd

(Originally published at: https://p83.nl/p/600)

aaronpk commented 6 years ago

If this app is a Micropub client, it should be doing the authorization flow rather than the authentication flow.

https://indieauth.spec.indieweb.org/#authorization

In this flow, the client only makes a POST request to the token endpoint, not to the authorization endpoint.

cweiske commented 6 years ago

This issue does not occur in Wrimini 0.0.10-alpha.