solid-cli icon indicating copy to clipboard operation
solid-cli copied to clipboard
verified publisher icon solid-contrib

AssertionError: Missing scope parameter in authentication request in solid/oidc-rp

Open CxRes opened this issue 5 years ago • 21 comments

This seems to be a consequence of PR #12 that I had pushed couple of days ago. There have been more than a few breaking changes in @solid/oidc-rp. However, roll back is not preferable either because the older crypto library is now deprecated.

I get the following error when trying to login with solid-auth-cli (there was no error with the previous version):

AssertionError [ERR_ASSERTION]: Missing scope parameter in authentication request   
    at ~\node_modules\@solid\oidc-rp\src\AuthenticationRequest.js:61:9
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async SolidClient.createSession (~\node_modules\@solid\cli\src\SolidClient.js:48:21)
    at async SolidClient.login (~\@solid\cli\src\SolidClient.js:31:17)
    at async Object.login (~\node_modules\solid-auth-cli\src\index.js:69:19) {
  generatedMessage: false,
  code: 'ERR_ASSERTION',
  actual: undefined,
  expected: true,
  operator: '=='
}

I am not sure if the bug itself is in solid-cli or in oidc-rp. defaults argument to RelyingParty class does not have a authenticate.scope property or defaults are not being deeply merged in the RelyingParty constructor. Either way the property is missing...

CxRes avatar Feb 27 '20 19:02 CxRes

Is it fixed when you pass in "scope" from solid-cli? Try passing in "openid webid" as scope.

jaxoncreed avatar Feb 28 '20 12:02 jaxoncreed

@jaxoncreed Yes, after passing scope, at least it does not throw an error anymore!

Does that mean we fix it here? IMHO even if we fix it here, @solid/oidc-rp should deeply merge the defaults when creating a RelyingParty object wherein by default scope: ['openid']. Let me know and I'll PR the fix...

CxRes avatar Feb 29 '20 18:02 CxRes

I am getting this too, it breaks a lot of things. I'll keep watching here and bump the solid-auth-cli version of solid-cli when this issue is resolved.

jeff-zucker avatar Mar 05 '20 17:03 jeff-zucker

Problem was on my end. I no longer get this error, bumping solid-auth-cli now to use the new solid-cli.

jeff-zucker avatar Mar 06 '20 16:03 jeff-zucker

@jeff-zucker Good to know! Thanks!

CxRes avatar Mar 07 '20 23:03 CxRes

The problem seems not to have been resolved. It seems unclear from the changes if authenticate.scope for the RelyingParty is passed.

CxRes avatar Mar 08 '20 22:03 CxRes

Hi! So, it appears that I'm getting this exact same error when attempting login.

AssertionError [ERR_ASSERTION]: Missing scope parameter in authentication request
    at D:\OneDrive - UGent\University\Bachelor 3\Semester 2\Vakoverschrijdend project\Code\Datasaver\node_modules\@solid\oidc-rp\src\AuthenticationRequest.js:61:9
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async SolidClient.createSession (D:\OneDrive - UGent\University\Bachelor 3\Semester 2\Vakoverschrijdend project\Code\Datasaver\node_modules\@solid\cli\src\SolidClient.js:48:21)
    at async SolidClient.login (D:\OneDrive - UGent\University\Bachelor 3\Semester 2\Vakoverschrijdend project\Code\Datasaver\node_modules\@solid\cli\src\SolidClient.js:31:17)
    at async Object.login (D:\OneDrive - UGent\University\Bachelor 3\Semester 2\Vakoverschrijdend project\Code\Datasaver\node_modules\solid-auth-cli\src\index.js:105:13) {
  generatedMessage: false,
  code: 'ERR_ASSERTION',
  actual: undefined,
  expected: true,
  operator: '=='
}

But as a newbie to solid I don't really have a clue how to "pass in the scope from solid-cli". Would it be possible to explain how to do this to get this (temporarily) working until a fix arrives?

FlorSanders avatar Apr 11 '20 15:04 FlorSanders

@FlorSanders What you need to do is add a scope: ['openid'] property to options.defaults.authenticate here.

IMHO, the upstream library @solid/oidc-rp should set this by default if the user does not put it in or it should properly instruct the user to specify this property.

Trouble is @solid/oidc-rp itself has been deprecated in favour of interop-alliance/oidc-rp. See issue #16. However, none of the authors here are coming forward to do a code review, if one of us was to patch this (like I did for #12) which is the original cause for this problem. This transitively also affects which upstream library we file an issue with.

CxRes avatar Apr 11 '20 18:04 CxRes

@CxRes Thanks so much, got it working! I'll quickly explain what I did if anyone else happens to stumble upon the same thing. Editing straight in the node_modules folder to apply the fix didn't seem to have any effect on the results, so I did some googling and ended up using this tutorial. (Though I didn't open a pull request).

IMHO, the upstream library @solid/oidc-rp should set this by default if the user does not put it in or it should properly instruct the user to specify this property.

I went to take a look in that source code and it seems to me like they're doing this (here) but only if no defaults object is given at all.

Trouble is @solid/oidc-rp itself has been deprecated in favour of interop-alliance/oidc-rp.

[Off-topic] All due respect to the developers of this amazing set of technologies, but it feels like some of these things are patched together (since e.g. @solid/cli has an explicit warning not to depend on it). I just suppose these tools are still in its infancy for the most parts making them quite tricky to use by the average developer at times.

Anyway, thanks a lot for helping out!

FlorSanders avatar Apr 12 '20 06:04 FlorSanders

Could I ask what OS and node version this bug appears in? I am on Linux using node 13.6.0 and I can not reproduce the bug. Is it windows specific?

jeff-zucker avatar Apr 15 '20 21:04 jeff-zucker

Aha, I have some new information. This error only occurs for me if I specify a subdomain in the login IDP. In other words, I get the Assertion error if I try to login using "https://jeffzucker.inrupt.net" as the IDP but NOT if I login using "https://inrupt.net" as the IDP.

jeff-zucker avatar Apr 15 '20 23:04 jeff-zucker

I can directly reproduce the error like this:

/usr/bin/npx @solid/cli https://solid.community username password https://username.solid.community    
npx: Installierte 42 in 2.287s
AssertionError [ERR_ASSERTION]: Missing scope parameter in authentication request
    at /home/angelo/.npm/_npx/21454/lib/node_modules/@solid/cli/node_modules/@solid/oidc-rp/src/AuthenticationRequest.js:61:9
    at async SolidClient.createSession (/home/angelo/.npm/_npx/21454/lib/node_modules/@solid/cli/src/SolidClient.js:48:21)
    at async SolidClient.login (/home/angelo/.npm/_npx/21454/lib/node_modules/@solid/cli/src/SolidClient.js:31:17)
    at async getToken (/home/angelo/.npm/_npx/21454/lib/node_modules/@solid/cli/bin/solid-bearer-token:47:19) {
  generatedMessage: false,
  code: 'ERR_ASSERTION',
  actual: undefined,
  expected: true,
  operator: '=='
}

I initially bumped into it using solid-auth-cli. I am not using a subdomain within IDP and I am on Linux with node 13.13.0

angelo-v avatar Apr 16 '20 05:04 angelo-v

@jeff-zucker I am on Windows 10 (But again I do not understand why such an error would occur on Windows for this library).

I get this error even when I do NOT specify a sub-domain!

CxRes avatar Apr 17 '20 01:04 CxRes

@FlorSanders I am facing the same issue and editing the source code in node_modules doesn't have any effect - i am getting the same error.

(node:27318) UnhandledPromiseRejectionWarning: AssertionError [ERR_ASSERTION]: Missing scope parameter in authentication request at Promise.resolve.then (/data/web/blockchain.kmi.open.ac.uk/node/node_modules/@solid/oidc-rp/src/AuthenticationRequest.js:61:9) at process._tickCallback (internal/process/next_tick.js:68:7) [22/04/2020 02:48:46] [ERROR] (node:27318) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 5)

Can you explain what exactly you did with the link you provided? (i.e) which step(s) you exactly followed?

Leoudayan avatar Apr 22 '20 01:04 Leoudayan

@CxRes What should I do after adding the scope variable? It seems that the change is not reflecting.

Leoudayan avatar Apr 22 '20 02:04 Leoudayan

@Leoudayan I have fixed this in solid-auth-cli, you do not need to fix solid-cli

jeff-zucker avatar Apr 22 '20 02:04 jeff-zucker

Well, not fixed it, worked around it until it is fixed in oidc-rp or solid-cli.

jeff-zucker avatar Apr 22 '20 02:04 jeff-zucker

I already prepared a PR as a fix, perhaps @jaxoncreed can take a look at https://github.com/solid/solid-cli/pull/18

angelo-v avatar Apr 22 '20 07:04 angelo-v

@Leoudayan Directly editing the code in my node_modules folder didn't seem to help either, I pretty much followed that tutorial step by step.

  • Fork and clone the solid-cli library
  • Add the scope variable in a new branch
  • Creating the symbolic link using npm link
  • link package in the app. Though it appears @jeff-zucker and @angelo-v have been at work for a fix/workaround so this sketchy patch shouldn't be needed anymore to get it working.

FlorSanders avatar Apr 22 '20 08:04 FlorSanders

@FlorSanders thanks for your reply. @jeff-zucker just fixed and its all working fine now :)

Leoudayan avatar Apr 22 '20 19:04 Leoudayan

Just to clarify again : I made a work-around in solid-auth-cli which implements the PR that @angelo-v provided for solid-cli within solid-auth-cli and this DOES NOT fix solid-cli or oidc-rp which remain broken.

jeff-zucker avatar Apr 22 '20 20:04 jeff-zucker