Closed jsorge closed 2 years ago
@jsorge Thank you so much for writing in with this issue. It appears that I did not update a script source reference when doing some of the front end work. I'll publish an update right now and it should be good to go.
Thank you! I see the login area now. But when I try to log in I get an error on the grant
endpoint. Here's the request:
POST /oauth/grant HTTP/1.1
Host: testoauth.com
X-Csrf-Token:
Origin: https://testoauth.com
Content-Type: application/json
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Accept: application/json
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Mobile/15E148 Safari/604.1
Referer: https://testoauth.com/oauth/authorize?response_type=code&client_id=rZlv9pui841llqSYkFlmZcI0QGqUx0vV&redirect_uri=io.taphouse.httpdotswift://redirect&scope=read&state=63A89C50-C186-4FEE-BCB8-B44F877C2CA3&code_challenge=246B394F03471001C99F2803BC72C95E7EC4EFD05C3D7CD53E2F8B71D4331B01&code_challenge_method=S256
Content-Length: 67
Accept-Language: en-US,en;q=0.9
{"client_id":"rZlv9pui841llqSYkFlmZcI0QGqUx0vV","username":"benny"}
Here's the response:
HTTP/1.1 401 Unauthorized
Connection: keep-alive
Cache-Control: private
Content-Encoding: gzip
Content-Type: text/plain; charset=utf-8
Function-Execution-Id: rzwvyrtzkrfh
Server: Google Frontend
X-Cloud-Trace-Context: 127daaa4cb295b5bc89e945164dd9269;o=1
X-Content-Type-Options: nosniff
X-Fh-No-Setcookie-Unroll: true
Accept-Ranges: bytes
Date: Tue, 28 Dec 2021 23:37:50 GMT
X-Served-By: cache-sea4459-SEA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1640734669.294711,VS0,VE1083
Vary: x-fh-requested-host, accept-encoding
transfer-encoding: chunked
csrf token is missing
(If it helps, I'm running this in the iOS simulator on my Mac)
The issue appears to be that the CSRF token was not properly transferred from the cookie to a request header as indicated by this request header,
X-Csrf-Token:
I will continue to debug this.
Appears my set cookie is invalid in some way
I believe I found the issue 🙃 . My apologies, it was a missed config update with the domain purchase. Pushing that fix now.
It works! Thank you so much!
@jsorge Fantastic, I truly hope that you find it useful. Thanks so much for reporting the bugs and sticking with me while I fix them.
Also as a reference, I've made one more fix for a CORS issue on the POST to /oauth/grant
. If for any reason you see this, you'll likely have a mismatch between www
and root domain.
Oh it's most definitely useful for me. I'm putting together a little HTTP library for my iOS & Mac apps and it's great to test against.
I'm trying this service out, but getting a 404 when the login.js file is being searched for. Here's what I'm seeing as the request:
And the response:
The request to the
/authorize
endpoint appears to be working since that returns a 200, but the embedded async script seems to be where things are falling down.