Can not write after login
jeff-zucker opened this issue · 8 comments
Bug description
A simple script to login and write a text file using token from generate-oidc-token fails in nodejs with 401 even though session.info.isLoggedIn is true.
To Reproduce
import { Session } from "@inrupt/solid-client-authn-node";
// retrieve token,id,secret as sent from @inrupt/generate-oidc-token
//
const {credentials} = require('/home/jeff/.solid-identities.js');
const loginProfile = credentials.inruptCom
const session = new Session();
const testFile = "https://pod.inrupt.com/jeff-zucker/public/test-file.txt"
const content = "hello world";
async function test() {
await session.login({
clientName: loginProfile.clientName,
clientId: loginProfile.clientId,
clientSecret: loginProfile.clientSecret,
refreshToken: loginProfile.token,
oidcIssuer: loginProfile.oidcIssuer,
});
if( session.info.isLoggedIn ){
let writeResource = await session.fetch( testFile, {
method : "PUT",
body : content,
headers:{"Content-type":"text/plain"}
});
console.log( 'write resource ', writeResource.status )
}
else {
console.log("Could not login! ",session);
}
}
test();
// ENDS Expected result
write resource 201
Actual result
write resource 401
Environment
System:
OS: Linux 5.4 Linux Mint 20.1 (Ulyssa)
CPU: (4) x64 Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
Memory: 1.87 GB / 11.61 GB
Container: Yes
Shell: 5.0.17 - /bin/bash
Binaries:
Node: 14.15.1 - ~/.nvm/versions/node/v14.15.1/bin/node
npm: 6.14.8 - ~/.nvm/versions/node/v14.15.1/bin/npm
Browsers:
Chrome: 88.0.4324.150
Firefox: 85.0
npmPackages:
@inrupt/generate-oidc-token: ^0.0.1 => 0.0.1
@inrupt/solid-client-authn-node: ^1.2.0 => 1.2.0
@solid-rest/file: ^2.0.4 => 2.0.4
rdflib: ^2.1.7 => 2.1.7
solid-auth-fetcher: ^1.3.5 => 1.3.5
typescript: 4.1.2 => 4.1.2
npmGlobalPackages:
esm: 3.2.25
nodemon: 2.0.6
npm-check-updates: 10.2.2
npm: 6.14.8
rdflib: 2.1.3
solid-auth-fetcher: 1.3.5
typedoc: 0.19.2
typescript: 4.1.2
Hi @jeff-zucker , thanks for reporting this. Can you confirm that the client id and secret that you are using have been generated less than three days ago ? Until we move to client IDs being WebIDs (we are working on it), we still have to go through DCR, which unfortunately issues non-permanent client identifiers.
Yep, I generated the id and secret moments before running the test last night.
Ok. And when the session is logged in, are you authorized to read https://pod.inrupt.com/jeff-zucker/ ?
I get 200 on read of https://pod.inrupt.com/jeff-zucker/public/ but 401 on read of https://pod.inrupt.com/jeff-zucker/.
With freshly generated credentials, I cannot reproduce... Can you share an obfuscated version of the content of /home/jeff/.solid-identities.js, or verify that credentials.inruptCom matches the latest generated credentials ? I know this sounds trivial, but getting a 401 after session.login has returned could indicate that the refreshToken parameter could be undefined.
Argh, I was loading the wrong credentials file. It works now. Sorry. But I don't understand why session.info.isLoggedIn was true when I used the bad credentials.
The script offers the option to use a static token but if that option is chosen it asks for a "registered client ID". Has this been implemented? If so how do I register a client ID?
@NSeydoux I'm also wondering if the idToken or codeVerifier fields are of any use to the client or should be ignored.