Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resource requests to the Enterprise Solid Server: Getting 400, Bad Request #5

Open
crspybits opened this issue Sep 24, 2021 · 4 comments
Open

Resource requests to the Enterprise Solid Server: Getting 400, Bad Request #5

crspybits opened this issue Sep 24, 2021 · 4 comments

Comments

@crspybits
Copy link
Member

I'm trying to make resource requests of the Enterprise Solid Server. I have this working (with the different relevant credentials) for the NSS (e.g., with https://crspybits.solidcommunity.net), but I'm getting 400 http responses and "Bad Request" from the ESS.

I'm able to successfully use /token requests with the ESS to refresh my access token.

This is Swift code, using my own HTTP requests. For reference, the code is here: https://github.com/SyncServerII/ServerSolidAccount

I'm attempting to create a new directory/container, and upload a file. In the request below, the access token was successfully refreshed immediately before.

My webid is: https://pod.inrupt.com/crspybits/profile/card#me

I'm making a PUT request to:
https://pod.inrupt.com/crspybits/32CD8522-D921-43DF-8B3B-8FAC4A71D3E6/13567B1B-1C4C-40C0-AE93-86DC117D04FD.txt

Request headers:
["Authorization": "DPoP <snip>", 
"Link": "<http://www.w3.org/ns/ldp#Resource>; rel=\"type\"", 
"Dpop": "<snip>", 
"Host": "pod.inrupt.com", 
"Content-Type": "text/plain"]

Response body:

 {
    "error": {
        
        "code": "400",
        "message": "Bad Request"
    }
}

Response headers:

[AnyHashable("Content-Length"): "90", AnyHashable("Connection"): "keep-alive", AnyHashable("Date"): "Fri, 24 Sep 2021 00:44:13 GMT", AnyHashable("Content-Type"): "application/json", AnyHashable("Strict-Transport-Security"): "max-age=15724800; includeSubDomains"]

 Executed 1 test, with 1 failure (0 unexpected) in 1.474 (1.474) seconds
@crspybits
Copy link
Member Author

I'm noticing that the DPoP is supposed to have a ath claim:

"ath": hash of the access token (REQUIRED). The value MUST be the
result of a base64url encoding (with no padding) the SHA-256 hash
of the ASCII encoding of the associated access token's value.

https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop-03#section-4.3

I see an ath claim referenced here too: https://github.com/solid/access-token-verifier

@crspybits
Copy link
Member Author

https://github.com/arkku/Base64URLEncoding-Swift

@crspybits
Copy link
Member Author

This is also here: https://forum.solidproject.org/t/resource-requests-to-the-enterprise-solid-server-getting-400-bad-request/4690/4

@crspybits
Copy link
Member Author

From NoelDeMartin/media-kraken#9 (comment) it sounds like there's no way to know if a DPoP (header?) can be used with a server.

"Also, DPoP is opt-in for apps (like with PKCE). As such, it is highly recommended but not required in all circumstances. If you are unsure whether to use DPoP in your authentication flows, then please use DPoP." (see https://forum.solidproject.org/t/the-use-of-dpop-in-the-token-endpoint/4664/8?u=crspybits). I wonder if this indicates that ESS does support DPoP headers, but somehow I'm getting them wrong and it's failing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@crspybits