indiekit
indiekit copied to clipboard
getindiekit
IndieAuth error logging into monocle
Description of the bug
I tried to log into https://monocle.p3k.io/ with my IndieKit token endpoint for https://www.ciccarello.me/ but got an error from IndieKit
{
"code": 403,
"header": "HTTP/1.1 403 Forbidden\r\nServer: nginx/1.14.0\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.2.7-1+ubuntu16.04.1+deb.sury.org+1\r\nCache-Control: no-cache, private\r\nDate: Sat, 18 Nov 2023 07:33:26 GMT",
"body": {
"error": "forbidden",
"error_description": "The token endpoint could not verify this access token",
"token_endpoint": {
"url": "https://indiekit.ciccarello.me/auth/token",
"code": 404,
"response": {
"error": "not_found",
"error_description": "If you entered a web address please check it was correct",
"stack": "NotFoundError: If you entered a web address please check it was correct\n at IndiekitError.notFound (file:///ciccarello-indiekit/node_modules/@indiekit/error/index.js:24:12)\n at notFound (file:///ciccarello-indiekit/node_modules/@indiekit/indiekit/lib/middleware/error.js:12:31)\n at Layer.handle [as handle_request] (/ciccarello-indiekit/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/ciccarello-indiekit/node_modules/express/lib/router/index.js:328:13)\n at /ciccarello-indiekit/node_modules/express/lib/router/index.js:286:9\n at Function.process_params (/ciccarello-indiekit/node_modules/express/lib/router/index.js:346:12)\n at next (/ciccarello-indiekit/node_modules/express/lib/router/index.js:280:10)\n at /ciccarello-indiekit/node_modules/express/lib/router/index.js:646:15\n at next (/ciccarello-indiekit/node_modules/express/lib/router/index.js:265:14)\n at file:///ciccarello-indiekit/node_modules/@indiekit/indiekit/lib/indieauth.js:229:9"
}
}
},
"error": "",
"error_description": "",
"url": "https://aperture.p3k.io/microsub/581?action=channels",
"debug": "HTTP/1.1 403 Forbidden",
"headers": {
"Server": "nginx/1.14.0",
"Content-Type": "application/json",
"Transfer-Encoding": "chunked",
"Connection": "keep-alive",
"X-Powered-By": "PHP/7.2.7-1+ubuntu16.04.1+deb.sury.org+1",
"Cache-Control": "no-cache, private",
"Date": "Sat, 18 Nov 2023 07:33:26 GMT"
},
"rels": []
}
Steps to reproduce
Expected behaviour
Able to login without error
Environment
- Version: @indiekit/indiekit@^1.0.0-beta.7
- Server: indiekit.ciccarello.me (hosted locally)
- Site: https://www.ciccarello.me/
Additional context
No response
I’m seeing a similar error logging into Monocle using an Aperture Microsub endpoint:
{
"code": 403,
"header": "HTTP/1.1 403 Forbidden\r\nServer: nginx/1.14.0\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.2.7-1+ubuntu16.04.1+deb.sury.org+1\r\nCache-Control: no-cache, private\r\nDate: Sat, 18 Nov 2023 17:09:18 GMT",
"body": {
"error": "forbidden",
"error_description": "The token endpoint could not verify this access token",
"token_endpoint": {
"url": "https://tokens.indieauth.com/token",
"code": 400,
"response": {
"error": "unauthorized",
"error_description": "The token provided was malformed"
}
}
},
"error": "",
"error_description": "",
"url": "https://aperture.p3k.io/microsub/32?action=channels",
"debug": "HTTP/1.1 403 Forbidden\r\nServer: nginx/1.14.0\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.2.7-1+ubuntu16.04.1+deb.sury.org+1\r\nCache-Control: no-cache, private\r\nDate: Sat, 18 Nov 2023 17:09:18 GMT\r\n\r\n{\"error\":\"forbidden\",\"error_description\":\"The token endpoint could not verify this access token\",\"token_endpoint\":{\"url\":\"https:\\/\\/tokens.indieauth.com\\/token\",\"code\":400,\"response\":{\"error\":\"unauthorized\",\"error_description\":\"The token provided was malformed\"}}}",
"headers": {
"Server": "nginx/1.14.0",
"Content-Type": "application/json",
"Transfer-Encoding": "chunked",
"Connection": "keep-alive",
"X-Powered-By": "PHP/7.2.7-1+ubuntu16.04.1+deb.sury.org+1",
"Cache-Control": "no-cache, private",
"Date": "Sat, 18 Nov 2023 17:09:18 GMT"
},
"rels": []
}
What’s interesting here is that it’s trying to get a token from https://tokens.indieauth.com/token even though that’s not the value for token_endpoint or in the response from the indieauth-metadata endpoint.
It seems like in your case the right token endpoint is being looked up.
This error could be coming from a few places:
- Indiekit’s IndiaAuth endpoint
- Aperture’s Microsub server endpoint
- Monocles’s Microsub client endpoint
I wonder if there’s a similar issue signing in with other IndieAuth servers? I’m inclined to think this might not be an Indiekit issue… however Indiekit does follow the latest version of the IndieAuth spec, so there may be some incompatibilities for services that are following an older version of the specification.
I just tried logging in again and I'm able to log into https://aperture.p3k.io/ but not https://monocle.p3k.io/. I also tried https://alltogethernow.io/ which lets me login but gets an error from aperture about the token endpoint. Will have to investigate more.
Thanks for taking a look and trying to debug. I saw some of the conversation in chat. Hopefully we can figure out what's going on with the p3k side to identify the core issue.
I’ve just checked this based on the most recent set of changes I made to the IndieAuth endpoint, and this now works! Proof:
I think it was likely the result of the fix documented in #716, namely restoring support for the older method of verifying tokens using GET /auth/token, in addition to providing support for the newer POST /auth/introspect method.
Also, the reason why I still couldn’t get Monocle to work when I last tried to, and with this fix in place, is that I had the wrong Microsub endpoint listed in the head of my sandbox testing website (it was using an endpoint registered to paulrobertlloyd.com, not indiekit-sandbox.netlify.app).
I finally got this version up on my site and it also works for me. Thanks for figuring it out.