OpenIDConnect failng

hudson2010 · April 13, 2020, 12:28pm

Hello guys ,
I need some with the openId client library for Oauth2 and openId ,

> iex(1)> OpenIDConnect.authorization_uri(:google)
> ** (exit) exited in: GenServer.call(:openid_connect, {:discovery_document, :google}, 5000)
>     ** (EXIT) no process: the process is not alive or there's no process currently associated with the given name, possibly because its application isn't started
>     (elixir 1.10.2) lib/gen_server.ex:1013: GenServer.call/3
>     (openid_connect 0.2.2) lib/openid_connect.ex:89: OpenIDConnect.authorization_uri/3
> iex(1)>

I am config settings

import Config
config :elixir, :openid_connect_providers,
        google: [
                discovery_document_uri: "https://login.google.com/identity/connect/authorize",
                client_id: "XXXX",
                client_secret: "XXXX",
                redirect_uri: "https://localhost:5000/callback",
                response_type: "code",
                scope: "openid profile"
        ]

NobbZ · April 13, 2020, 12:37pm

Please generate new Application secrets, they have been leaked!

NobbZ · April 13, 2020, 12:39pm

Have you followed the installation instructions from the library and added the workerto your supervison tree?

You might need to adjust the syntax to use new childpsec syntax though:

https://hexdocs.pm/openid_connect/readme.html#worker

hudson2010 · April 13, 2020, 1:13pm

its okay those are random keys

hudson2010 · April 13, 2020, 1:19pm

defmodule Myapp.Supervisor do
  use Supervisor
  def start_link do
    Supervisor.start_link(__MODULE__, [])
  end

  def init(_) do
    children = [
      worker(OpenIDConnect.Worker, [Application.get_env(:myapp, :openid_connect_providers)])
    ]
    supervise(children, [strategy: :one_for_one])
  end
end

defmodule Myapp.Application do
  use Application
  def start(_type, _args) do
    Myapp.Supervisor.start_link
  end
end

NobbZ · April 13, 2020, 1:25pm

Does this code compile? Which version of elixir are you on?

hudson2010 · April 13, 2020, 1:31pm

yes it compiles ,

Erlang/OTP 22 [erts-10.4] [source] [64-bit] [smp:6:6] [ds:6:6:10] [async-threads:1] [hipe]

IEx **1.10.2** (compiled with Erlang/OTP 22)

NobbZ · April 13, 2020, 1:38pm

Indeed, old style worker macro is still imported when useing Supervisor, I though that got removed.

How do you start iex? Have you set Mayapp.Application as your applications entrypoint?

hudson2010 · April 13, 2020, 1:44pm

iex -S mix

NobbZ · April 13, 2020, 1:45pm

Okay, so your application should be started, lets look at

hudson2010 · April 13, 2020, 3:09pm

it was done in the mix.exs file

 def application do
    [
      extra_applications: [:logger, :httpoison, :poison, :openid_connect],
      mod: {Myapp.Application, []}
    ]
  end

NobbZ · April 13, 2020, 3:29pm

You don’t need to list any of these :extra_applications, except for :logger, all the other ones should be infered from your :deps. But that is unrelated to your problem.

Though now as I analize the provided snippets more closely together, as you clearly start your application correctly…

You write config to :elixir application, that is really something you shouldn’t do, as :elixir is not your application.

Later you read config from :myapp, where the config is not written to, so Application.get_env/2 will return nil.

nil though is not an Enumerable, which is a requirement by the OpenIDConnect.Worker.init/1. You need to make sure to read and write config of the correct application.

hudson2010 · April 13, 2020, 3:37pm

@NobbZ, could u please share some example where this library https://hexdocs.pm/openid_connect/readme.html is used , I will be able to follow it

NobbZ · April 13, 2020, 3:48pm

I have no clue where it is used, as I do not use it.

From what I can tell from the docs and from the code you have shown here, you have integrated and use it properly, though you are using configuration wrong.

In your mix.exs, as part of your project/0, you set a key :app to an atom value, thats your applications name. You might have something like app: :my_precious or app: :muggle_detector, though lets just assume its app: :foo

That is the app where you should write the config to, per the suggestion of that openID library.

So set your config like this:

config :foo, :openid_connect_providers,
  google: [
    discovery_document_uri: "https://login.google.com/identity/connect/authorize",
    client_id: "XXXX",
    client_secret: "XXXX",
    redirect_uri: "https://localhost:5000/callback",
    response_type: "code",
    scope: "openid profile"
  ]

And then you should read it like this:

children = [
  worker(OpenIDConnect.Worker, [Application.get_env(:foo, :openid_connect_providers)])
]

hudson2010 · April 13, 2020, 4:45pm

ok thanks for this ,
so add this section in the application.ex. or supervisor.ex

NobbZ · April 13, 2020, 4:55pm

Replace the appropriate parts of your current child list in the supervisor.

Basically it’s what you already have, but changed :myapp with :foo which you have to replace with whatever your applications name is.

Unless your application or a dependency of your application is really named :foo the snippets I have shown to you will actually not work!

hudson2010 · April 13, 2020, 5:27pm

iex(3)> data = Application.get_env(:foo, :openid_connect_providers)
[
  xero: [
    discovery_document_uri: "https://xero.com/identity/connect/authorize",
    client_id: "XXXXXXXXXXXXXX",
    client_secret: "XXXXXXXXXXXXXXXX",
    redirect_uri: "https://localhost:5000/callback",
    response_type: "code",
    scope: "openid profile email accounting.transactions accounting.settings offline_access"
  ]
]
iex(4)> Op
OpenIDConnect    OptionParser     
iex(4)> OpenIDConnect.Worker.start_link(data)
** (EXIT from #PID<0.244.0>) shell process exited with reason: an exception was raised:
    ** (MatchError) no match of right hand side value: {:error, :update_documents, %HTTPoison.Response{body: "", headers: [{"Location", "https://login.xero.com/identity/error?errorId=CfDJ8LpFHpnPVChPv4tC90CFl2gluwXd6b3IIlvG2GKcHl44oDEIAl53dx2NcEerCHYDwbRtI8YNySzzpOt8RzKxqB7tjEbfwBsX1WItNDJvN0_TJ9M6S9XQdqNcNYws3VtoeMryooAMTnY861QiDCfFcDw0nlZVI1yLjUTxMrw1QusDO90Zcg528n9DqBSqp9waDyvFDQe6qgf1n2PzC5vrRjrC1eKTe2kuhWAqROmGFK7w_qI6HSnZ6FIFsdR_rv3ZBm-1AoGzp5dSHh8bkdOHeKXWqmNoN81d8RHxo8FAUriV"}, {"Content-Length", "0"}, {"Server", "nginx"}, {"Xero-Origin-Id", "IdentityServer.Web"}, {"Xero-Causation-Id", "1823bc07a0ad4a409afd6092ba1fa5d0"}, {"Xero-Message-Id", "e1887cf86a5148a1a43d990931ceb711"}, {"Xero-Activity-Id", "7646e119e551496aaea23c002d2d5700"}, {"Xero-Correlation-Id", "3daf7cd466ec456e9ef88ab9c97066fc"}, {"Date", "Mon, 13 Apr 2020 17:24:47 GMT"}, {"Connection", "keep-alive"}, {"Set-Cookie", "Device=4b1abc30cab148a6bbe21df7d69e3efc; expires=Sun, 13 Apr 2025 17:24:47 GMT; SameSite=none; path=/; HttpOnly"}, {"X-Client-IP", "7071"}, {"Set-Cookie", "bm_sz=07ABF453186821E1094E84FDF95BF8B8~YAAQH582Fx9xw2BxAQAAr3SSdAfOuGVqTqX16zyaT+U8+k5ueL0YxDFY0EzNYct5jVGcJXsUkD3gyZg8vnuLVCPwDf5ErKyq+vd8VmxDl9soosSpdWOYpi/CytwCeoA+8HmzSrf/kCrWCzqBoSWtjrVKmk6H0P15+dDn7jALyafPVIg+qPJXbkxCfFwpHg==; Domain=.xero.com; Path=/; Expires=Mon, 13 Apr 2020 21:24:46 GMT; Max-Age=14399; HttpOnly"}, {"Set-Cookie", "_abck=503013C1360ABA8EEDB9AAFFDA6E548C~-1~YAAQH582FyBxw2BxAQAAr3SSdAMP2GqP4k+8awVvS1uSh1r88id7yotCddej6DNgcDlzlE9gjBEKmueOoYGNHVLWhYTPmnH5yhONrP6eNbAWNH3gUFYLBUs4pW1c6AnaF4adlg4QkUX5ghGM6XqsmP08uRFxZ/w7qsgIIAXsJj6w4D1g1fkziphDAst7LBPN2cDER0msj9nWj15lGDv04oF9eaHHycw2nBlTx3sW5DdhYyoN+X1m+kVKSeHZZAkHDICNYX+98vfHIv+eCIFZv7Tr+XL3Q3sgYB9czwbJTI41BxO0GpTkXQ==~-1~-1~-1; Domain=.xero.com; Path=/; Expires=Tue, 13 Apr 2021 17:24:47 GMT; Max-Age=31536000; Secure"}], request: %HTTPoison.Request{body: "", headers: [], method: :get, options: [], params: %{}, url: "https://login.xero.com/identity/connect/authorize"}, request_url: "https://login.xero.com/identity/connect/authorize", status_code: 302}}
        (openid_connect 0.2.2) lib/openid_connect/worker.ex:55: OpenIDConnect.Worker.update_documents/2
        (openid_connect 0.2.2) lib/openid_connect/worker.ex:23: anonymous fn/1 in OpenIDConnect.Worker.init/1
        (elixir 1.10.2) lib/enum.ex:1320: anonymous fn/4 in Enum.into/3
        (elixir 1.10.2) lib/enum.ex:2111: Enum."-into/4-lists^foldl/2-0-"/3
        (elixir 1.10.2) lib/enum.ex:2111: Enum.into/4
        (openid_connect 0.2.2) lib/openid_connect/worker.ex:22: OpenIDConnect.Worker.init/1
        (stdlib 3.9) gen_server.erl:374: :gen_server.init_it/2
        (stdlib 3.9) gen_server.erl:342: :gen_server.init_it/6

Interactive Elixir (1.10.2) - press Ctrl+C to exit (type h() ENTER for help)
iex(1)>

I think the openid_connect library is failing to start properly

NobbZ · April 13, 2020, 5:38pm

You get a 302, and the http library isn’t allowed to follow the redirect.

Therefore openID can’t start as it can’t negotiate with the providers.

I’d consider this a bug in the openID library that it will start nothing because of a single provider failure.