Hi.
I’m trying to register the app on a pod (0.7.18.1), but it won’t register, and instead of the authorization confirmation page it gives me empty page and http error 400.
I’m stuck at the receiving the authenticity_token
Tried it on another pod (0.7.15.0), and app registration okay there.
Details:
Let’s say I register an application:
client_name="myapp_uzver@diasp.online"
I’m successfully getting:
client_id="..."
client_secret="..."
via request:
curl -ksS https://diasp.online/api/openid_connect/clients \
-d "redirect_uris[]=https://diasp.online/" \
-d "client_name=${client_name}"
And I’m successfully getting:
x-csrf-token="..."
via request:
curl -ksS -L https://diasp.online/api/openid_connect/authorizations/new \
-d "client_id=${client_id}" \
-d "redirect_uri=https://diasp.online/" \
-d "response_type=code" \
-d "scope=openid%20read%20write" \
-d "nonce=hi" \
-d "state=hi" \
--cookie-jar /tmp/cookie
But when I try to get an authenticity_token
(by sending login information to the login page)
via request:
curl -ksS -L https://diasp.online/users/sign_in \
-H "X-CSRF-TOKEN: ${x-csrf-token}" \
-d "user[username]=${username}" \
-d "user[password]=${password}" \
-d "user[remember_me]=1" \
--cookie-jar /tmp/cookie --cookie /tmp/cookie
The login failed, and
I get a empty response with http error 400 (like a bad request):
HTTP/2 400
server: nginx/1.18.0 (Ubuntu)
date: Wed, 25 Jan 2023 07:26:07 GMT
content-type: text/html; charset=UTF-8
content-length: 0
strict-transport-security: max-age=31536000
x-request-id: 42bcaffe-9f66-42a6-90ea-9065ddcd3979
x-runtime: 0.003256
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
Whereas the login should have been successful and the application authorization confirmation page should have been loaded.
And after confirmation, the remaining tokens would be available and the registration of the app would be complete. But something goes wrong.
I have a bash script that i can give for testing. With it you can test app registration via curl.