Bug #7687
openOIDC example not redirecting to authorization endpoint with Javascript enabled
0%
Description
I am interested in developing an OIDC implementation using WT. To understand better how WT works in this regard, I am using the OIDC example. The OIDC example is running with no errors indicated and the main page with the WT logo is displayed when accessing localhost:8080. As per the code, clicking on the WT logo is supposed to initiate a redirect to the authorization endpoint however this does not happen. To determine why this was occurring, I built the example code to trace the code flow. In looking at the OAuthProcess::startAuthorize() method, I noticed that there was a different implementation for when Javascript was not supported in the browser. As an experiment, I disabled the Javascript in the Chrome browser and in this configuration, the ODIC example works exactly as it should allowing the login to be successfully authenticated. As such, it would seem there may be issue with the Javascript popup but I am not yet familiar enough with the WT implementation to determine what that issue might be. To eliminate anything browser specific, I have tested with IE, Edge, Firefox and Chrome. I am using WT on a Windows 10 Professional platform. When I began testing with the OIDC example, I was using WT 4.1 but have since upgraded to WT 4.4 in case the issue was corrected in the newer version, which it was not. Below is the console output from the OIDC example. If anyone can shed any light on why the example does not work with Javascript enabled, it would be VERY much appreciated.
OIDC EXAMPLE CONSOLE OUTPUT ¶
D:\Wt-4.4.0-msvs2017-Windows-x64-SDK\lib\Wt\examples\feature\oidc>"\Wt-4.4.0-msvs2017-Windows-x64-SDK\bin\\oidc.wt" -c wt_config.xml ---docroot . ---http-port 8080 ---http-address 0.0.0.0 ---resources-dir ..\..\..\..\share\Wt\resources
[2020-Aug-17 21:51:33.393] 16472 - [info] "config: reading Wt config file: wt_config.xml (location = '\Wt-4.4.0-msvs2017-Windows-x64-SDK\bin\\oidc.wt')"
Dbo.backend.Sqlite3: begin transaction
Dbo.backend.Sqlite3: rollback transaction
Sqlite3: create table "auth_identity" (
"id" integer primary key autoincrement,
"version" integer not null,
"auth_info_id" bigint,
"provider" varchar(64) not null,
"identity" varchar(512) not null,
constraint "fk_auth_identity_auth_info" foreign key ("auth_info_id") references "auth_info" ("id") on delete cascade deferrable initially deferred
): table "auth_identity" already exists
Using existing databaseDbo.backend.Sqlite3: begin transaction
Dbo.backend.Sqlite3: rollback transaction
Sqlite3: create table "auth_identity" (
"id" integer primary key autoincrement,
"version" integer not null,
"auth_info_id" bigint,
"provider" varchar(64) not null,
"identity" varchar(512) not null,
constraint "fk_auth_identity_auth_info" foreign key ("auth_info_id") references "auth_info" ("id") on delete cascade deferrable initially deferred
): table "auth_identity" already exists
Using existing database[2020-Aug-17 21:51:33.399] 16472 - [info] "WServer/wthttp: initializing built-in wthttpd"
[2020-Aug-17 21:51:33.406] 16472 - [info] "wthttp: started server: http://0.0.0.0:8080"
[2020-Aug-17 21:51:37.171] 16472 - [info] "Wt: session created (#sessions = 1)"
[2020-Aug-17 21:51:37.172] 16472 [/ 9REzNbSJt1zX6mNQ] [info] "WEnvironment: UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
127.0.0.1 - - [2020-Aug-17 21:51:37.180] "GET / HTTP/1.1" 200 2283
[2020-Aug-17 21:51:37.185] 16472 - [info] "WebRequest: took 13.828 ms"
[2020-Aug-17 21:51:37.343] 16472 [/ 9REzNbSJt1zX6mNQ] [info] "Auth.OAuthService: deploying endpoint at /oauth2/callback"
[2020-Aug-17 21:51:37.344] 16472 [/ 9REzNbSJt1zX6mNQ] [info] "Auth.OAuthService: authorize URL: http://localhost:8080/oauth2?client_id=example_client_id&redirect_uri=http%3a%2f%2flocalhost%3a8080%2foauth2%2fcallback&scope=email%20profile&response_type=code&state=cmhjSXM1Tm1JdzJhRFlSVE0zWEZMTS9uc3dFPXxodHRwOi8vbG9jYWxob3N0OjgwODAvP3d0ZD05UkV6TmJTSnQxelg2bU5RJnJlcXVlc3Q9cmVzb3VyY2UmcmVzb3VyY2U9b2N3YW9zcyZyYW5kPTA."
127.0.0.1 - - [2020-Aug-17 21:51:37.345] "GET /?wtd=9REzNbSJt1zX6mNQ&request=style&page=1 HTTP/1.1" 200 91
[2020-Aug-17 21:51:37.345] 16472 - [info] "WebRequest: took 81.779 ms"
127.0.0.1 - - [2020-Aug-17 21:51:37.351] "GET /?wtd=9REzNbSJt1zX6mNQ&sid=11427440&webGL=true&scrW=1680&scrH=1050&tz=--240&tzS=America%2FNew_York&htmlHistory=true&deployPath=%2F&request=script&rand=3220678477 HTTP/1.1" 200 38273
[2020-Aug-17 21:51:37.352] 16472 - [info] "WebRequest: took 9.033 ms"
127.0.0.1 - - [2020-Aug-17 21:51:37.422] "POST /?wtd=9REzNbSJt1zX6mNQ HTTP/1.1" 200 48
[2020-Aug-17 21:51:37.422] 16472 - [info] "WebRequest: took 0.54 ms"
Files
Updated by Wim Dumon over 3 years ago
Hey John,
Do you have any messages logged in the javascript console? Does the network traffic show any http-related errors?
BR,
Wim.
Updated by John Young over 3 years ago
- File OIDC_Example_Javascript_Enabled.pcapng OIDC_Example_Javascript_Enabled.pcapng added
- File OIDC_Example_Javascript_Disabled.pcapng OIDC_Example_Javascript_Disabled.pcapng added
Wim,
Thank-you so much for your reply. There are no messages in the console as all. Attached are two Wireshark traces, one with JavaScript enabled and the other with JavaScript disabled. As shown in the log above, clicking on the WT logo results in a POST however the return data is an empty JavaScript request. I suspect this should be a JavaScript response that results in a popup redirect (perhaps related to js/PopupWindows.js) but I am not completely certain. With JavaScript disabled, clicking on the WT logo results in a 302 redirect.
With thanks and regards,
John
Updated by Roel Standaert over 3 years ago
- Description updated (diff)
- Target version changed from 4.5.0 to 4.6.0
Updated by Roel Standaert almost 3 years ago
- Assignee changed from John Young to Korneel Dumon
Could you take a look at this, Korneel?
Updated by Roel Standaert almost 3 years ago
- Status changed from New to InProgress
- Assignee changed from Korneel Dumon to Roel Standaert
Updated by Roel Standaert almost 3 years ago
- Status changed from InProgress to Feedback
I recently tried out this example again, and it was working fine. The only thing was that I had to change application-url in wt_config.xml, since I wasn't accessing it through localhost. It does put the application-url in the database when it's first run, so I also had to delete auth.db to make it work once I changed it.
Did a popup actually open? Because if it just doesn't open I think that it may just be blocked by the browser? It's strange that it would be blocked on all browsers you tried, though. We're working on getting this thing to work without a popup window in issue #7742.
Updated by Roel Standaert almost 3 years ago
- Target version deleted (
4.6.0)
Removing the target version while this is in Feedback status.