Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth provider: yet more client-metadata error descriptions #2719

Closed
bnewbold opened this issue Aug 16, 2024 · 5 comments
Closed

OAuth provider: yet more client-metadata error descriptions #2719

bnewbold opened this issue Aug 16, 2024 · 5 comments
Assignees
@matthieusieben
Labels
bug Something isn't working

Comments

@bnewbold
Copy link
Collaborator

We mostly have good error messages for client-metadata fetch problems, but I think there are a couple paths that result in a generic "Invalid client configuration" message, which is hard for client devs to debug.

Some specific cases I suspect (not confirmed) result in this error:

IIRC, there is also a situation where we wrap other errors with the specific client-metadata error, and that doesn't result in a specific message (?).
@bnewbold bnewbold added the bug Something isn't working label Aug 16, 2024
@PIPOGit
Copy link

PIPOGit commented Sep 14, 2024
edited
Loading

Hi!

I'm performing some tests from "localhost", using this "client_id": https://bluesky.scienceontheweb.net/oauth/client-metadata.jsony. The content is as follows:

{
	"client_id": "https://bluesky.scienceontheweb.net/oauth/client-metadata.json",
	"application_type": "web",
	"client_name": "BlueSky OAuth2 Example",
	"client_uri": "https://bluesky.scienceontheweb.net",
	"dpop_bound_access_tokens": true,
	"grant_types": [
		"authorization_code",
		"refresh_token"
	],
	"redirect_uris": [
		"https://bluesky.scienceontheweb.net/oauth/callback.php"
	],
	"response_types": [
		"code"
	],
	"scope": "atproto transition:generic",
	"token_endpoint_auth_method": "none"
}

I'm following the specs here and here.

These are the headers:

{
    "Host":  "bsky.social",
    "Accept":  "*/*",
    "Content-Type":  "application/x-www-form-urlencoded"
}

and this the request body:

{
    "login_hint":  "did:plc:yhtmtr4drtu3rsgauj3etua6",
    "redirect_uri":  "https://bluesky.scienceontheweb.net/oauth/callback.php",
    "state":  "af8c1d17-1884-4518-b2f3-d580d621da4b",
    "code_challenge_method":  "S256",
    "client_id":  "https://bluesky.scienceontheweb.net/oauth/client-metadata.json",
    "response_type":  "code",
    "scope":  "atproto",
    "code_challenge":  "Webc9WAz-mMgRm2IyNJMu0PHWvDDdSdcydjjHpY-izo"
}

Then, I perform a POST application/x-www-form-urlencoded call to PAR Endpoint: https://bsky.social/oauth/par and the server's response is: 400:

{
	"error": "invalid_client_metadata",
	"error_description": "Invalid client configuration"
}

Can somebody tell me what is wrong with the configuration file, please?

Many thanks in advance. ;^)

@matthieusieben
Copy link
Contributor

Hey @PIPOGit, it looks like the SSL certificate on your domain might be the issue here:
Capture d’écran 2024-09-16 à 19 38 39

I will look into getting better feedback in that particular case.

@PIPOGit
Copy link

PIPOGit commented Sep 16, 2024

Oh, ok!

That should be the issue.

It's a "virtual domain" in AwardSpace, so don't look any further... Unless You accept this "fuzzy" certs. 😉

Thanks!

@matthieusieben
Copy link
Contributor

This PR will return more comprehensible error messages including in this particular case.

@matthieusieben
Copy link
Contributor

#2755 was deployed. Please re-open a new issue if the error are still too vague.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matthieusieben matthieusieben

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bnewbold @matthieusieben @PIPOGit