Skip to content
This repository has been archived by the owner on Apr 11, 2022. It is now read-only.

full stack examples return Forbidden on last step #17

Closed
axife opened this issue Aug 10, 2018 · 9 comments
Closed

full stack examples return Forbidden on last step #17

axife opened this issue Aug 10, 2018 · 9 comments
Assignees
@aeneasr
Labels
bug Something isn't working

Comments

@axife
Copy link

axife commented Aug 10, 2018

I did

docker stop $(docker ps -aq)
docker rm $(docker ps -aq)
make start-full-stack

Following curls worked without errors by returning some JSON

$ curl http://localhost:4445/clients
$ curl http://localhost:4456/rules
$ curl http://localhost:4466/policies

 hydra token user --client-id example-auth-code --client-secret secret --endpoint http://localhost:4444 --port 5555

opens safari and every works fine to end page with introspection

But when I open http://127.0.0.1:4477 there are 4 example links. First 3 links fail in same way.

They ask for login then they ask for consent and then they print "Forbidden"

URL looks like http://localhost:4477/auth/callback?code=SBOIQzPSKeMy3GmtzcCOV3H0cTBfRuYzY7zlZlNvPwA.Sm5hL36-kRH2Vq9w1DYfG9BYLdkFM5UwVEW5GViAI60&scope=offline%20openid%20articles.read&state=Z2VgU7vQAmSTIsBSsGI7DrV9
@aeneasr
Copy link
Member

aeneasr commented Aug 10, 2018

I can reproduce this.

@aeneasr aeneasr added the bug Something isn't working label Aug 10, 2018
@aeneasr aeneasr self-assigned this Aug 10, 2018
@aeneasr
Copy link
Member

aeneasr commented Aug 10, 2018

Oh boy, looks like this is related to PassportJS, my eternal impossible-to-debug enemy. Not sure why passport is killing the request on callback...

@aeneasr
Copy link
Member

aeneasr commented Aug 10, 2018

Hm...the CLI works fine hydra token user --client-id example-auth-code --client-secret secret --endpoint http://localhost:4444 --port 5555, not sure what's going on here...

@aeneasr
Copy link
Member

aeneasr commented Aug 10, 2018

Actually, I think this might have to do with how the browser handles cookies...are you in incognito mode or something?

@aeneasr
Copy link
Member

aeneasr commented Aug 10, 2018

I found the issue, if you call http://127.0.0.1:4477 it redirects you to localhost which then causes the cookies to fail because the host does not have the cookies. If you call http://localhost:4477/ then it works.

@axife
Copy link
Author

axife commented Aug 10, 2018

I have not used incognito mode. But it was Chrome not safari. Safari was used when hydra started and opened some URL automatically. I am not following you. When I open http://127.0.0.1:4477 it gives just HTML page with link and final error was on http://localhost:4477/auth/callback?code=SBOIQzPSKeMy3GmtzcCOV3H0cTBfRuYzY7zlZlNvPwA.Sm5hL36-kRH2Vq9w1DYfG9BYLdkFM5UwVEW5GViAI60&scope=offline%20openid%20articles.read&state=Z2VgU7vQAmSTIsBSsGI7DrV9

@aeneasr
Copy link
Member

aeneasr commented Aug 10, 2018

Yup, you need to open http://localhost:4477, not http://127.0.0.1:4477

aeneasr pushed a commit that referenced this issue Aug 10, 2018
Force localhost in consumer app
1fccfcf 
Closes #17

Signed-off-by: arekkas <aeneas@ory.am>
@axife
Copy link
Author

axife commented Aug 11, 2018

It fixed it. Thanks!

@aeneasr
Copy link
Member

aeneasr commented Aug 31, 2018

Nice :)

@aeneasr aeneasr closed this as completed Aug 31, 2018
aeneasr pushed a commit that referenced this issue Sep 1, 2018
@aeneasr
Force localhost in consumer app
ab26244 
Closes #17

Signed-off-by: arekkas <aeneas@ory.am>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@aeneasr aeneasr

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aeneasr @axife