-
|
Hi, I am currently evaluating the Ory Hydra service for my company. I also already successfully tested kratos for user authentication. My Setup:
What I`m trying to do is making Postman requests to verify the API is working as I would expect in a sample scenario following the guide at https://www.ory.sh/docs/hydra/concepts/login. I can initialize the login flow, using The response is the expected redirect to the login page of my app including the login_challenge from Hydra. Next I just accept the login request using {
"context": {"target":"backend"},
"remember": true,
"remember_for": 0,
"subject": "zipunrar"
}The response is a 200 Ok, including a json body with a "redirect_to" URL like {
"redirect_to": "http://localhost:4444/oauth2/auth?login_verifier=205b59e8c3d64de6907b06d25a7b4357"
}However, calling this URL will result in 302 - Found with this error message: I don't understand why the client should not exists if all other requests work well. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 5 replies
-
|
Hello @Zipunrar, Can you try running this through something like cURL instead of Postman? Let me know if that does not help and I will see to reproduce, |
Beta Was this translation helpful? Give feedback.
-
|
Hi, thanks. I will try and report back. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @vinckr, sadly using cURL does not solve the problem. The requests are the same, as well as the responses.
$> curl -i localhost:4445/clients/frontend
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Date: Tue, 13 Sep 2022 04:47:33 GMT
Content-Length: 1518Response Body {"client_id":"frontend","client_name":"Frontend","redirect_uris":["http://localhost:8080/public/index.html","http://localhost:8080"],"grant_types":["authorization_code","client_credentials","refresh_token"],"response_types":["code","id_token","token"],"scope":"ADMIN USER offline openid","audience":["backend","frontend"],"owner":"DIN Software","policy_uri":"","allowed_cors_origins":[],"tos_uri":"","client_uri":"http://localhost:8080/public/index.html","logo_uri":"","contacts":[],"client_secret_expires_at":0,"subject_type":"public","jwks":{},"token_endpoint_auth_method":"none","userinfo_signed_response_alg":"none","created_at":"2022-08-25T11:33:17Z","updated_at":"2022-08-26T11:12:01.432246Z","post_logout_redirect_uris":["http://localhost:8080/public/index.html"],"backchannel_logout_uri":"http://localhost:4444/oauth2/sessions/logout","metadata":{"sample":true,"apps":2,"project":"security"},"authorization_code_grant_access_token_lifespan":"30m0s","authorization_code_grant_id_token_lifespan":"30m0s","authorization_code_grant_refresh_token_lifespan":"1h0m0s","client_credentials_grant_access_token_lifespan":"5m0s","implicit_grant_access_token_lifespan":"5m0s","implicit_grant_id_token_lifespan":"10m0s","jwt_bearer_grant_access_token_lifespan":"5m0s","password_grant_access_token_lifespan":"5m0s","password_grant_refresh_token_lifespan":"1h0m0s","refresh_token_grant_id_token_lifespan":"30m0s","refresh_token_grant_access_token_lifespan":"5m0s","refresh_token_grant_refresh_token_lifespan":"1h0m0s"}
$> curl -i -X POST -H "Authorization: Basic ZnJvbnRlbmQ6MTIzNDU2Nw==" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client_id=frontend" \
--data-urlencode "response_type=code" \
--data-urlencode "redirect_uri=http://localhost:8080" \
--data-urlencode "state=test-for-initialize-login-flow" \
--data-urlencode "scope=openid offline ADMIN"
localhost:4444/oauth2/auth
HTTP/1.1 302 Found
Location: http://localhost:8080/security/login?login_challenge=287b0936ea064eb8ad79cc1dfcbda8ed
Set-Cookie: oauth2_authentication_csrf_insecure=MTY2MzA0Mzk3N3xEdi1CQkFFQ180SUFBUkFCRUFBQVB2LUNBQUVHYzNSeWFXNW5EQVlBQkdOemNtWUdjM1J5YVc1bkRDSUFJRFZrTVRaaU9USTJNR1JrT1RReVlUWmhaR0UyTjJaaFpUTmlaamMxWXpOanw6LXT5LXBr1yT_XK5xf9r6kosJjQU62ZgcJIWeVGodeQ==; Path=/; HttpOnly; SameSite=Lax
Date: Tue, 13 Sep 2022 04:39:37 GMT
Content-Length: 0
$> curl -i localhost:4445/oauth2/auth/requests/login?login_challenge=287b0936ea064eb8ad79cc1dfcbda8ed
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Date: Tue, 13 Sep 2022 04:40:51 GMT
Content-Length: 1806Response Body: {"challenge":"287b0936ea064eb8ad79cc1dfcbda8ed","requested_scope":["openid","offline","ADMIN"],"requested_access_token_audience":[],"skip":false,"subject":"","oidc_context":{},"client":{"client_id":"frontend","client_name":"Frontend","redirect_uris":["http://localhost:8080/public/index.html","http://localhost:8080"],"grant_types":["authorization_code","client_credentials","refresh_token"],"response_types":["code","id_token","token"],"scope":"ADMIN USER offline openid","audience":["backend","frontend"],"owner":"DIN Software","policy_uri":"","allowed_cors_origins":[],"tos_uri":"","client_uri":"http://localhost:8080/public/index.html","logo_uri":"","contacts":[],"client_secret_expires_at":0,"subject_type":"public","jwks":{},"token_endpoint_auth_method":"none","userinfo_signed_response_alg":"none","created_at":"2022-08-25T11:33:17Z","updated_at":"2022-08-26T11:12:01.432246Z","post_logout_redirect_uris":["http://localhost:8080/public/index.html"],"backchannel_logout_uri":"http://localhost:4444/oauth2/sessions/logout","metadata":{"sample":true,"apps":2,"project":"security"},"authorization_code_grant_access_token_lifespan":"30m0s","authorization_code_grant_id_token_lifespan":"30m0s","authorization_code_grant_refresh_token_lifespan":"1h0m0s","client_credentials_grant_access_token_lifespan":"5m0s","implicit_grant_access_token_lifespan":"5m0s","implicit_grant_id_token_lifespan":"10m0s","jwt_bearer_grant_access_token_lifespan":"5m0s","password_grant_access_token_lifespan":"5m0s","password_grant_refresh_token_lifespan":"1h0m0s","refresh_token_grant_id_token_lifespan":"30m0s","refresh_token_grant_access_token_lifespan":"5m0s","refresh_token_grant_refresh_token_lifespan":"1h0m0s"},"request_url":"http://localhost:4444/oauth2/auth","session_id":"622fa30f-ebd4-4126-860f-42de54bdfa67"}
curl -i -X PUT -H "Content-Type:application/json" --data-raw "{\"context\": {\"target\":\"backend\"},\"remember\": true,\"remember_for\": 0,\"subject\": \"foo.bar\"}" localhost:4445/oauth2/auth/requests/login/accept?login_challenge=287b0936ea064eb8ad79cc1dfcbda8ed
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Date: Tue, 13 Sep 2022 04:44:17 GMT
Content-Length: 100Response Body: {"redirect_to":"http://localhost:4444/oauth2/auth?login_verifier=dcfd2dbf588c4061a1060069c4fae67e"}
curl -i http://localhost:4444/oauth2/auth?login_verifier=dcfd2dbf588c4061a1060069c4fae67e
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: http://localhost:8080/security/login?error=invalid_client&error_description=Client+authentication+failed+%28e.g.%2C+unknown+client%2C+no+client+authentication+included%2C+or+unsupported+authentication+method%29.&error_hint=The+requested+OAuth+2.0+Client+does+not+exist.
Date: Tue, 13 Sep 2022 04:44:50 GMT
Content-Length: 300Response Body: I hope the detailed information helps to find the problem. Maybe I missed a parameter? |
Beta Was this translation helpful? Give feedback.
-
|
Hi @vinckr, its now 25 days without a solution and 7 days without an update. We really would like to use the ory components for our setup, but without a working login flow, that seems not to be a good choice. |
Beta Was this translation helpful? Give feedback.
-
|
The auth endpoint does not take POST, only GET. |
Beta Was this translation helpful? Give feedback.
-
|
Thx. Indeed this little change did the trick. |
Beta Was this translation helpful? Give feedback.
Hello @Zipunrar,
apologies for the late answer!
Can you try running this through something like cURL instead of Postman?
Postman is a fully fledged electron browser under the hood and that sometimes causes issues.
Let me know if that does not help and I will see to reproduce,
thanks!