Test with Solid bot example

[michielbdejong]

I'm trying to use https://github.com/michielbdejong/solid-bot-example
in combination with https://github.com/pdsinterop/solid-nextcloud/blob/main/setup-test-server.sh and debuggin g the errors I run into.

[michielbdejong]

First one:

https://test.server.com/.well-known/openid-configuration redirects to https://test.server.com/apps/solid/openid with a 302 and https://www.npmjs.com/package/openid-client doesn't like that. It wants a 200 response directly.

[michielbdejong]

According to the openid spec

Redirects are allowed in the webfinger part of discovering someone's issuer:
https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery

but we're not allowed to do a redirect in the provider configuration response:
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse

[michielbdejong]

The 302 is coming from https://github.com/pdsinterop/solid-nextcloud/blob/531f6c4/init-live.sh#L6

[michielbdejong]

If I change

-sed -i '96 i\  RewriteRule ^\\.well-known/openid-configuration /apps/solid/openid [R=302,L]' /var/www/html/.htaccess
+sed -i '96 i\  RewriteRule ^\\.well-known/openid-configuration /apps/solid/openid [PT]' /var/www/html/.htaccess

I get a 404 instead of a 302, with a body {"message":"openid-configuration not supported"}
Now trying with [PT,L]

[michielbdejong]

Hm, none of the flag combinations I tried seem to work, even though https://httpd.apache.org/docs/2.4/rewrite/flags.html seems to say it should just work the same way, but with passthrough or proxy instead of redirect.

Will try with https://github.com/pdsinterop/solid-nextcloud/tree/test-server-24 now.

[michielbdejong]

That fixed it! :) Next error:

request.call https://test.server.com/.well-known/openid-configuration
(node:17930) UnhandledPromiseRejectionWarning: OPError: expected 201 Created, got: 200 OK
    at processResponse (/Volumes/Michiel Docker/gh/michielbdejong/solid-bot-example/node_modules/openid-client/lib/helpers/process_response.js:41:11)
    at Function.register (/Volumes/Michiel Docker/gh/michielbdejong/solid-bot-example/node_modules/openid-client/lib/client.js:1460:26)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async ClientRegistrar.getClient (/Volumes/Michiel Docker/gh/michielbdejong/solid-bot-example/node_modules/@inrupt/solid-client-authn-node/dist/login/oidc/ClientRegistrar.js:44:34)
    at async OidcLoginHandler.handle (/Volumes/Michiel Docker/gh/michielbdejong/solid-bot-example/node_modules/@inrupt/solid-client-authn-node/dist/login/oidc/OidcLoginHandler.js:23:28)
    at async ClientAuthentication.login (/Volumes/Michiel Docker/gh/michielbdejong/solid-bot-example/node_modules/@inrupt/solid-client-authn-node/dist/ClientAuthentication.js:13:33)
    at async Session.login (/Volumes/Michiel Docker/gh/michielbdejong/solid-bot-example/node_modules/@inrupt/solid-client-authn-node/dist/Session.js:16:31)
    at async /Volumes/Michiel Docker/gh/michielbdejong/solid-bot-example/app.js:45:3

[michielbdejong]

Fixed in the test-server-24 branch. Next error:
When clicking 'Allow' in the NC GUI you don't get redirected back to the app.

[michielbdejong]

The web console shows:

Refused to send form data to 'https://test.server.com/apps/solid/sharing/812ec203ee00103a80d847d7c3d0ace6?returnUrl=/apps/solid/authorize?client_id%3D812ec203ee00103a80d847d7c3d0ace6%26scope%3Dopenid%2520offline_access%2520webid%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A3000%252Fredirect-from-solid-idp%26code_challenge%3De_fCMrHdT4oqMNY_6CgNY6L7dO4Uy9B8Xhi6v_JWMMI%26state%3DNbgUGvU2v2q3UpPpHriCUpZaC73coXOHjVWIp0BNHNM%26code_challenge_method%3DS256%26prompt%3Dconsent' because it violates the following Content Security Policy directive: "form-action 'self' localhost".

[michielbdejong]

It does work correctly when I try to log in to https://noeldemartin.github.io/media-kraken/ with my test server.

[michielbdejong]

Hm, I put the bot example on http://test.server.com:3000 but that didn't help either. Maybe Nextcloud wants the redirect to be https?

[michielbdejong]

@ylebre any idea? (I sent you the test server URL and credentials via Slack)

[michielbdejong]

I saw in the database that it does set the client id to the domain with https, so i'll try if i can get my bot example working if i deploy it to Heroku

[michielbdejong]

Hm, same error when trying to log in to https://solid-bot-example.herokuapp.com/login :(
I'll have to leave it here, will check back when I have time next week...