Conversation
|
Hi @NoelDeMartin, thanks for opening this. I can see how this fixes the issue, and you're correct this is how it's done elsewhere in the codebase so I don't have an issue with this fix. However, this probably means the CSS OpenId Provider is not compliant with the Solid-OIDC specification: the ID Token |
|
Oh and also, for you commit to be merged in the upstream repo, it needs to be signed. I linked to the GH instructions to do so in #4181 (comment), could you amend the commit so that it is signed and properly attributed in the upstream history? |
NoelDeMartin
force-pushed
the
node-session
branch
from
259af96 to
90b71c8
Compare
|
Ok thanks @NSeydoux, I have updated the commmit with a verification.
Yeah, I think they're aware of that, but apparently it's not easy to fix because they are relying on another library (node-oidc-provider) to do that. They discussed it in CommunitySolidServer/CommunitySolidServer#1154 (comment), but the issue is still open. In any case, if you think it's ok to merge this, that should be good enough :). |
2 participants
I'm not entirely sure that this "fix" is correct, but I figured rather than opening an issue, I could open a PR that potentially fixes the issue.
Anyways, I've been trying to log in using a server-side node process using this library with the Community Solid Server running locally, and it wasn't working. After much debugging, I pinpointed the problem to the line I'm changing in the PR. Basically, all other places calling
buildAuthenticatedFetchare using the access token, but this one place uses the idToken. I'm not sure if that was intentional or not, but what I can say for sure is that after changing this I can run authenticated requests to the POD. Without this fix, I was getting the following error:In case it is useful, here are the contents of an idToken and an accessToken in my development environment:
Id token:
{ "azp": "http://localhost:3001/clientid.jsonld", "sub": "http://localhost:3000/noeldemartin/profile/card#me", "webid": "http://localhost:3000/noeldemartin/profile/card#me", "at_hash": "81Yz9_sBVnuoEB5xdEUF0Q", "aud": "http://localhost:3001/clientid.jsonld", "exp": 1771228285, "iat": 1771224685, "iss": "http://localhost:3000/" }Access token:
{ "webid": "http://localhost:3000/noeldemartin/profile/card#me", "jti": "uQmkNFcKQtMiQGy1-n-gz", "sub": "http://localhost:3000/noeldemartin/profile/card#me", "iat": 1771223337, "exp": 1771226937, "client_id": "http://localhost:5173/clientid.jsonld", "iss": "http://localhost:3000/", "aud": "solid", "cnf": { "jkt": "SKxzjd6YyWOr9UTvOkMnsbQbiOCA0YWCIUQCMhWdFlc" } }(I also tried running the code directly from
packages/node/examples/server/and got the same error)