OIDC example not redirecting to authorization endpoint with Javascript enabled
Added by John Young over 3 years ago
I am interested in developing an OIDC implementation using WT. To understand better how WT works in this regard, I am using the OIDC example. The OIDC example is running with no errors indicated and the main page with the WT logo is displayed when accessing localhost:8080. As per the code, clicking on the WT logo is supposed to initiate a redirect to the authorization endpoint however this does not happen. To determine why this was occurring, I built the example code to trace the code flow. In looking at the OAuthProcess::startAuthorize() method, I noticed that there was a different implementation for when Javascript was not supported in the browser. As an experiment, I disabled the Javascript in the Chrome browser and in this configuration, the ODIC example works exactly as it should allowing the login to be successfully authenticated. As such, it would seem there may be issue with the Javascript popup but I am not yet familiar enough with the WT implementation to determine what that issue might be. To eliminate anything browser specific, I have tested with IE, Edge, Firefox and Chrome. I am using WT on a Windows 10 Professional platform. When I began testing with the OIDC example, I was using WT 4.1 but have since upgraded to WT 4.4 in case the issue was corrected in the newer version, which it was not. Below is the console output from the OIDC example. If anyone can shed any light on why the example does not work with Javascript enabled, it would be VERY much appreciated.
OIDC EXAMPLE CONSOLE OUTPUT ¶
D:\Wt-4.4.0-msvs2017-Windows-x64-SDK\lib\Wt\examples\feature\oidc>"\Wt-4.4.0-msvs2017-Windows-x64-SDK\bin\\oidc.wt" -c wt_config.xml ---docroot . ---http-port 8080 ---http-address 0.0.0.0 ---resources-dir ..\..\..\..\share\Wt\resources
[2020-Aug-17 21:51:33.393] 16472 - [info] "config: reading Wt config file: wt_config.xml (location = '\Wt-4.4.0-msvs2017-Windows-x64-SDK\bin\\oidc.wt')"
Dbo.backend.Sqlite3: begin transaction
Dbo.backend.Sqlite3: rollback transaction
Sqlite3: create table "auth_identity" (
"id" integer primary key autoincrement,
"version" integer not null,
"auth_info_id" bigint,
"provider" varchar(64) not null,
"identity" varchar(512) not null,
constraint "fk_auth_identity_auth_info" foreign key ("auth_info_id") references "auth_info" ("id") on delete cascade deferrable initially deferred
): table "auth_identity" already exists
Using existing databaseDbo.backend.Sqlite3: begin transaction
Dbo.backend.Sqlite3: rollback transaction
Sqlite3: create table "auth_identity" (
"id" integer primary key autoincrement,
"version" integer not null,
"auth_info_id" bigint,
"provider" varchar(64) not null,
"identity" varchar(512) not null,
constraint "fk_auth_identity_auth_info" foreign key ("auth_info_id") references "auth_info" ("id") on delete cascade deferrable initially deferred
): table "auth_identity" already exists
Using existing database[2020-Aug-17 21:51:33.399] 16472 - [info] "WServer/wthttp: initializing built-in wthttpd"
[2020-Aug-17 21:51:33.406] 16472 - [info] "wthttp: started server: http://0.0.0.0:8080"
[2020-Aug-17 21:51:37.171] 16472 - [info] "Wt: session created (#sessions = 1)"
[2020-Aug-17 21:51:37.172] 16472 [/ 9REzNbSJt1zX6mNQ] [info] "WEnvironment: UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"
127.0.0.1 - - [2020-Aug-17 21:51:37.180] "GET / HTTP/1.1" 200 2283
[2020-Aug-17 21:51:37.185] 16472 - [info] "WebRequest: took 13.828 ms"
[2020-Aug-17 21:51:37.343] 16472 [/ 9REzNbSJt1zX6mNQ] [info] "Auth.OAuthService: deploying endpoint at /oauth2/callback"
[2020-Aug-17 21:51:37.344] 16472 [/ 9REzNbSJt1zX6mNQ] [info] "Auth.OAuthService: authorize URL: http://localhost:8080/oauth2?client_id=example_client_id&redirect_uri=http%3a%2f%2flocalhost%3a8080%2foauth2%2fcallback&scope=email%20profile&response_type=code&state=cmhjSXM1Tm1JdzJhRFlSVE0zWEZMTS9uc3dFPXxodHRwOi8vbG9jYWxob3N0OjgwODAvP3d0ZD05UkV6TmJTSnQxelg2bU5RJnJlcXVlc3Q9cmVzb3VyY2UmcmVzb3VyY2U9b2N3YW9zcyZyYW5kPTA."
127.0.0.1 - - [2020-Aug-17 21:51:37.345] "GET /?wtd=9REzNbSJt1zX6mNQ&request=style&page=1 HTTP/1.1" 200 91
[2020-Aug-17 21:51:37.345] 16472 - [info] "WebRequest: took 81.779 ms"
127.0.0.1 - - [2020-Aug-17 21:51:37.351] "GET /?wtd=9REzNbSJt1zX6mNQ&sid=11427440&webGL=true&scrW=1680&scrH=1050&tz=--240&tzS=America%2FNew_York&htmlHistory=true&deployPath=%2F&request=script&rand=3220678477 HTTP/1.1" 200 38273
[2020-Aug-17 21:51:37.352] 16472 - [info] "WebRequest: took 9.033 ms"
127.0.0.1 - - [2020-Aug-17 21:51:37.422] "POST /?wtd=9REzNbSJt1zX6mNQ HTTP/1.1" 200 48
[2020-Aug-17 21:51:37.422] 16472 - [info] "WebRequest: took 0.54 ms"
Replies (8)
RE: OIDC example not redirecting to authorization endpoint with Javascript enabled - Added by John Spears about 3 years ago
Did you figure out the issue? I'm experiencing the same thing now...
Thanks!!
RE: OIDC example not redirecting to authorization endpoint with Javascript enabled - Added by Korneel Dumon about 3 years ago
Do you see any javascript errors? Or failing HTTP requests?
RE: OIDC example not redirecting to authorization endpoint with Javascript enabled - Added by John Spears about 3 years ago
No errors except can't find favicon.ico. No errors in the Wt log either (haven't enabled debug yet to get more messages). It does log the redirect URL and it looks correct and works if I copy and paste to a browser. Like the OP, if I disable javascript, it will redirect. Strange.
RE: OIDC example not redirecting to authorization endpoint with Javascript enabled - Added by Korneel Dumon about 3 years ago
For me the example works. A popup is opened directly from the onclick handler of the image. Do you perhaps have a browser-extension that blocks popups?
RE: OIDC example not redirecting to authorization endpoint with Javascript enabled - Added by John Spears about 3 years ago
Don't see the usual "Popups Blocked" messages from the browser (I've tried Edge, Chrome, FireFox, etc.).
The issue seems to be here:
OAuthService::startAuthenticate is called.
Which then calls OAuthService::startAuthorize:
void OAuthProcess::startAuthorize()
{
WApplication *app = WApplication::instance();
if (!app->environment().javaScript()) {
startInternalPath_ = app->internalPath();
app->redirect(authorizeUrl());
} else {
redirectEndpoint_->url(); // Make sure it is exposed
}
}
As you can see, if Javascript is disabled, then a redirect happens. Otherwise, it's just call the url method of a WResource. So nothing happens.
RE: OIDC example not redirecting to authorization endpoint with Javascript enabled - Added by Korneel Dumon almost 3 years ago
The code is a rather misleading, so I understand your confusion. If you look at this code in OAuthService:
WStringStream js;
js << WT_CLASS ".PopupWindow(" WT_CLASS
<< "," << WWebWidget::jsStringLiteral(authorizeUrl())
<< ", " << service.popupWidth()
<< ", " << service.popupHeight() << ");";
implementJavaScript(&OAuthProcess::startAuthorize, js.str());
implementJavaScript(&OAuthProcess::startAuthenticate, js.str());
Under the hood, this will redirect any signals that would trigger startAuthorize() to also run some javascript (if it's available).
RE: OIDC example not redirecting to authorization endpoint with Javascript enabled - Added by John Spears almost 3 years ago
My goal was to use redirect instead of popups. But redirect is only called if javascript is disabled. Finally gave up and used an Auth SDK javascript library to handle the Auth2 process in my Wt app and dumped the Wt Auth library. Works like a champ now. Thanks for your help.
RE: OIDC example not redirecting to authorization endpoint with Javascript enabled - Added by Roel Standaert almost 3 years ago
For redirect to properly work with JavaScript, we'd need to implement this feature: https://redmine.emweb.be/issues/7742.