Closed jsorge closed 2 years ago
truggeri
commented
2 years ago @jsorge Thank you so much for writing in with this issue. It appears that I did not update a script source reference when doing some of the front end work. I'll publish an update right now and it should be good to go.
jsorge
commented
2 years ago Thank you! I see the login area now. But when I try to log in I get an error on the grant endpoint. Here's the request:
POST /oauth/grant HTTP/1.1
Host: testoauth.com
X-Csrf-Token:
Origin: https://testoauth.com
Content-Type: application/json
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Accept: application/json
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Mobile/15E148 Safari/604.1
Referer: https://testoauth.com/oauth/authorize?response_type=code&client_id=rZlv9pui841llqSYkFlmZcI0QGqUx0vV&redirect_uri=io.taphouse.httpdotswift://redirect&scope=read&state=63A89C50-C186-4FEE-BCB8-B44F877C2CA3&code_challenge=246B394F03471001C99F2803BC72C95E7EC4EFD05C3D7CD53E2F8B71D4331B01&code_challenge_method=S256
Content-Length: 67
Accept-Language: en-US,en;q=0.9
{"client_id":"rZlv9pui841llqSYkFlmZcI0QGqUx0vV","username":"benny"}Here's the response:
HTTP/1.1 401 Unauthorized
Connection: keep-alive
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/plain; charset=utf-8
Function-Execution-Id: rzwvyrtzkrfh
Server: Google Frontend
X-Cloud-Trace-Context: 127daaa4cb295b5bc89e945164dd9269;o=1
X-Content-Type-Options: nosniff
X-Fh-No-Setcookie-Unroll: true
Accept-Ranges: bytes
Date: Tue, 28 Dec 2021 23:37:50 GMT
X-Served-By: cache-sea4459-SEA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1640734669.294711,VS0,VE1083
Vary: x-fh-requested-host, accept-encoding
transfer-encoding: chunked
csrf token is missing(If it helps, I'm running this in the iOS simulator on my Mac)
truggeri
commented
2 years ago The issue appears to be that the CSRF token was not properly transferred from the cookie to a request header as indicated by this request header,
X-Csrf-Token: I will continue to debug this.
truggeri
commented
2 years ago Appears my set cookie is invalid in some way
truggeri
commented
2 years ago I believe I found the issue 🙃 . My apologies, it was a missed config update with the domain purchase. Pushing that fix now.
jsorge
commented
2 years ago It works! Thank you so much!
truggeri
commented
2 years ago @jsorge Fantastic, I truly hope that you find it useful. Thanks so much for reporting the bugs and sticking with me while I fix them.
truggeri
commented
2 years ago Also as a reference, I've made one more fix for a CORS issue on the POST to /oauth/grant. If for any reason you see this, you'll likely have a mismatch between www and root domain.
jsorge
commented
2 years ago Oh it's most definitely useful for me. I'm putting together a little HTTP library for my iOS & Mac apps and it's great to test against.
I'm trying this service out, but getting a 404 when the login.js file is being searched for. Here's what I'm seeing as the request:
And the response:
The request to the
/authorizeendpoint appears to be working since that returns a 200, but the embedded async script seems to be where things are falling down.