solid-client-authn-js
solid-client-authn-js copied to clipboard
inrupt
Cannot restore session because of invalid redirect url
Search terms you've used
InvalidRedirectUri, redirect url, iss
Impacted package
Which packages do you think might be impacted by the bug ?
- [x] solid-client-authn-browser
- [ ] solid-client-authn-node
- [ ] solid-client-authn-core
- [ ] oidc-client-ext
- [ ] Other (please specify): ...
Bug description
When trying to use the restorePreviousSession feature, it fails with an InvalidRedirectUri error, because it tries to redirect to http://localhost:3001/?iss=http%3A%2F%2Flocalhost%3A3000%2F instead of http://localhost:3001/. I've encountered this issue with CSS v4.0 and v3.0 using the podbrowser or the demoClientApp example.
At the end of the session restore attempt it ends at following URL: http://localhost:3000/.oidc/auth?client_id=SkTaQc0wSHmF3KCWhi8Z6&redirect_uri=http%3A%2F%2Flocalhost%3A3001%2F%3Fiss%3Dhttp%253A%252F%252Flocalhost%253A3000%252F&response_type=code&scope=openid%20offline_access%20webid&state=459c8142d71d45aaaf9e373a2aa41129&code_challenge=4scIzERWRIsHezdViVzZVAwxjyvAY8gZkXgPQSYfvzI&code_challenge_method=S256&prompt=none&response_mode=query
The query params in a more legible version:
{
"client_id": "SkTaQc0wSHmF3KCWhi8Z6",
"redirect_uri": "http://localhost:3001/?iss=http%3A%2F%2Flocalhost%3A3000%2F",
"response_type": "code",
"scope": "openid offline_access webid",
"state": "459c8142d71d45aaaf9e373a2aa41129",
"code_challenge": "4scIzERWRIsHezdViVzZVAwxjyvAY8gZkXgPQSYfvzI",
"code_challenge_method": "S256",
"prompt": "none",
"response_mode": "query"
}
To Reproduce
Using cypress test
I've created a fork where I added a cypress test for this: https://github.com/Otto-AA/solid-client-authn-js/tree/reproduce-restore-session
Here is the log of the cypress run: https://github.com/Otto-AA/solid-client-authn-js/runs/6160231424?check_suite_focus=true
If you want to run the test yourself, you'll need to npm install. Then start the application with npm run dev and the CSS with npm run css:start. And finally run the test with either npm run cypress:open (interactive) or npm run test (non-interactive).
Here is a video of such a test run:
https://user-images.githubusercontent.com/21040751/165124345-c9672c7f-e0e5-45ed-8109-d37a22ae350e.mp4
manually
- Install and start CSS v4.0
- Create an account at http://localhost:3000/
- Install and start the demoClientApp
- Login using the account at http://localhost:3000
- Accept everything and wait until redirected to the demoClientApp
- Refresh the page to trigger the session restore
Expected result
I would have expected, that the session restore works and returns to the demo client app.
Actual result
CSS throws an error on the refresh:
InvalidRedirectUri: invalid_redirect_uri - redirect_uri did not match any of the client's registered redirect_uris
at checkRedirectUri (/home/oaie/coding/solid/solid-client-authn-js/packages/browser/examples/demoClientApp/node_modules/oidc-provider/lib/actions/authorization/check_redirect_uri.js:10:11)
at dispatch (/home/oaie/coding/solid/solid-client-authn-js/packages/browser/examples/demoClientApp/node_modules/koa-compose/index.js:42:32)
at checkOpenIdScope (/home/oaie/coding/solid/solid-client-authn-js/packages/browser/examples/demoClientApp/node_modules/oidc-provider/lib/actions/authorization/check_openid_scope.js:28:12)
at dispatch (/home/oaie/coding/solid/solid-client-authn-js/packages/browser/examples/demoClientApp/node_modules/koa-compose/index.js:42:32)
at checkScope (/home/oaie/coding/solid/solid-client-authn-js/packages/browser/examples/demoClientApp/node_modules/oidc-provider/lib/actions/authorization/check_scope.js:54:10)
at dispatch (/home/oaie/coding/solid/solid-client-authn-js/packages/browser/examples/demoClientApp/node_modules/koa-compose/index.js:42:32)
at checkResource (/home/oaie/coding/solid/solid-client-authn-js/packages/browser/examples/demoClientApp/node_modules/oidc-provider/lib/shared/check_resource.js:77:10)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async parseBodyIfPost (/home/oaie/coding/solid/solid-client-authn-js/packages/browser/examples/demoClientApp/node_modules/oidc-provider/lib/shared/conditional_body.js:7:5)
Environment
$ npx envinfo --system --npmPackages --binaries --npmGlobalPackages --browsers
System:
OS: Linux 5.13 Ubuntu 21.10 21.10 (Impish Indri)
CPU: (12) x64 AMD Ryzen 5 5500U with Radeon Graphics
Memory: 9.00 GB / 13.52 GB
Container: Yes
Shell: 5.1.8 - /bin/bash
Binaries:
Node: 16.14.2 - /usr/bin/node
npm: 8.5.0 - /usr/bin/npm
Browsers:
Chromium: 100.0.4896.127
Firefox: 99.0.1
npmPackages:
@babel/core: ^7.16.7 => 7.16.7
@babel/preset-env: ^7.16.8 => 7.16.8
@babel/preset-react: ^7.16.7 => 7.16.7
@solid/community-server: ^4.0.0 => 4.0.0
babel-loader: ^8.2.3 => 8.2.3
cypress: ^9.5.4 => 9.5.4
html-loader: ^3.1.0 => 3.1.0
html-webpack-plugin: ^5.5.0 => 5.5.0
react: ^17.0.2 => 17.0.2
react-dom: ^17.0.2 => 17.0.2
regenerator-runtime: ^0.13.9 => 0.13.9
source-map-loader: ^3.0.1 => 3.0.1
uuid: ^8.3.2 => 8.3.2
wait-on: ^6.0.1 => 6.0.1
webpack: ^5.66.0 => 5.66.0
webpack-cli: ^4.9.1 => 4.9.1
webpack-dev-server: ^4.7.3 => 4.7.3
npmGlobalPackages:
@angular/cli: 13.3.0
firefox-profile: 4.2.2
q: 1.5.1
serve: 13.0.2
truffle: 5.5.6
Additional information
I've initially opened an issue at CSS (https://github.com/CommunitySolidServer/CommunitySolidServer/issues/1276), where some background about the specification was explained by @joachimvh
Hi! This is currently happening due to an updated dependency in CSS — it looks like you've installed the dependencies with npm install instead of npm ci, and as such, you've gotten oidc-provider 7.11.0, which started using RFC9207 by default.
We'll be working on a fix, but it'll take some time due to other work going on at present, for now, we suggest downgrading oidc-provider to ~7.10.6 (you'll get this if you rm node_modules and reinstall with npm ci.
There's a gitter thread here: https://gitter.im/CommunitySolidServer/community?at=62791ae2cd35b566afd89410
Thanks for the update! I can confirm, that this error does not occur when using npm ci for the community solid server.
sweet! Okay, hopefully that helps for now, and we'll get to fixing this soon.
v4.0.1 of CSS forces the oidc-provider dependency to 7.10.6 to prevent this issue when installing.
Please note: this feature hasn't shipped yet, but will ship in the next release.