These are chat archives for anvilresearch/connect

26th
Oct 2015
Sign in to start talking
Simon Renoult
@simonrenoult
Oct 26 2015 10:22
Hey there. I've flushed my redis instance but nvl login is still able to list the anvil instances. Where are they stored?
Greg Linklater
@EternalDeiwos
Oct 26 2015 10:22
those are stored locally in ~/.nvl
Simon Renoult
@simonrenoult
Oct 26 2015 10:37
Thanks
Simon Renoult
@simonrenoult
Oct 26 2015 13:30
Hello again! I used to automate the creation of some users with nv add user and a custom json but since nv is deprecated, I'm looking for a new solution.
I took a look at nvl but the fields are restricted (name, given name, etc.) and we can no longer pass a custom json. Should I use the API instead? There does not seem to be any documentation about it yet? Suggestions?
RhinoLoft
@RhinoLoft
Oct 26 2015 13:38

hi there, making good progress on our Anvil install, now getting it working with our PHP Laravel app..
I have tried to create a client with “id_token and token” but getting some error, maybe a combination of some other setting perhaps. Any Ideas??

? Will this be a trusted client? Yes
? Enter a name Coin ID Test 2
? Enter a URI http://test.coinid.com
? Enter a logo URI http://test.coinid.com/assets/images/CoinID.png
? Choose an application type web
? Select response types code id_token token
? Select grant types authorization_code, implicit
? Set the default max age (in seconds) 3600
? Define redirect URIs http://test.coinid.com/login
? Define redirect URIs
? Define post logout redirect URIs http://test.coinid.com/logout
? Define post logout redirect URIs
{ [StatusCodeError: 400 - [object Object]]
name: 'StatusCodeError',
statusCode: 400,
message: '400 - [object Object]',

Simon Renoult
@simonrenoult
Oct 26 2015 13:46

@RhinoLoft This is the part of the documentation about response_types and grant_types : https://github.com/anvilresearch/connect-docs/blob/master/clients.md#response-types

You might want to try a simpler version with response_types: id_token token and grant_types: implicit

Greg Linklater
@EternalDeiwos
Oct 26 2015 14:37
@simonrenoult you could try your hand at using anvilresearch/connect-nodejs which is fairly low level. effectively the cli is an abstraction of this.
take a look here and here
alternatively with the various flags available for nvl user:register you could probably get away with setting up a shell script that takes JSON, builds the relevant command and runs it
anvilbot
@anvilbot
Oct 26 2015 15:38
[tonyevans, Anvil Research] i have a quick question about the views folder. Basically, I'm trying to add our logo and text to the views, and what I'm doing doesn't seem to work. nvl init creates the a views folder, and my understanding was that if the requested view wasn't in that folder, Connect defaults to looking for them in node_modules/anvil-connect/views. Is this correct, or am a misremembering?
anvilbot
@anvilbot
Oct 26 2015 15:46
[Tom Kersten, Anvil Research] any idea when the 0.1.57 docker image will be pushed?
anvilbot
@anvilbot
Oct 26 2015 16:46
[Christian Smith, Anvil Research] @tomkersten: short answer, never. long answer...
[Christian Smith, Anvil Research] We tried making master a protected branch on github
[Christian Smith, Anvil Research] Without realizing that doing so would break our release process
[Tom Kersten, Anvil Research] ah.
[Christian Smith, Anvil Research] A few key commits are missing, and yet it got pushed to npm anyways
[Tom Kersten, Anvil Research] ok.
[Christian Smith, Anvil Research] npm doesn't allow updating or removing releases
[Christian Smith, Anvil Research] so we released 0.1.58
[Christian Smith, Anvil Research] but the story doesn't end there...
[Tom Kersten, Anvil Research] heh.
[Christian Smith, Anvil Research] Somehow, my machine has become corrupted so that I can't build the docker images on my mac, which has the credentials to push them to docker hub
[Christian Smith, Anvil Research] Have tried everything including removing every trace of docker and installing from scratch
[Christian Smith, Anvil Research] But the images build fine elsewhere
[Christian Smith, Anvil Research] So recommending temporarily for people to build their own images for use with 0.1.58 or stick with 0.1.56 until I get this sorted
Christian Smith
@christiansmith
Oct 26 2015 16:55
@simonrenoult yes, you can use the API
/v1/users[/:id]
the access token stored in ~/.nvl/sessions/ISSUER should work (if it hasn’t expired)
that’s a quick fix
in the mean time, which fields are an issue for you? most likely an omission on our part
Also, I’m slightly surprised that people still want to use json via CLI because we heard some complaints about it previously, but perhaps it makes sense to add a —json flag to each API command
Christian Smith
@christiansmith
Oct 26 2015 17:03
@RhinoLoft – it looks like you’re wanting to use the hybrid flow?
I wonder if we’ve neglected something in the recent dependent validations related to that reponse type
I noticed that your response_type selection was [“code id_token token”] vs [“code”, “id_token token”]
it may be that you can force this to work by selecting code, id_token token, and code id_token token, each of which are distinct response types
Christian Smith
@christiansmith
Oct 26 2015 17:09
If that works, we may have identified an unmet case in the validation logic
anvilbot
@anvilbot
Oct 26 2015 17:21
[Tom Kersten, Anvil Research] #discuss !
[Christian Smith, Anvil Research] @tomkersten: that's a really good question. I'm looking up the specs on that right now
[Christian Smith, Anvil Research] we recently tightened it up a bit
[Christian Smith, Anvil Research] to be closer to those requirements
[Christian Smith, Anvil Research] but perhaps we need a way to make exceptions
[Tom Kersten, Anvil Research] like i said: i think the https requirement is good. just feel like 127.x & localhost may be OK alternatives.
[Christian Smith, Anvil Research] or possibly whitelisted URIs
Tom Kersten
@tomkersten
Oct 26 2015 17:28
so, according to the spec, it appears it should be allowed to have HTTP URI's and still be "ok"
Christian Smith
@christiansmith
Oct 26 2015 17:28
This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider, with the matching performed as described in Section 6.2.1 of [RFC3986] (Simple String Comparison). When using this flow, the Redirection URI SHOULD use the https scheme; however, it MAY use the http scheme, provided that the Client Type is confidential, as defined in Section 2.1 of OAuth 2.0, and provided the OP allows the use of http Redirection URIs in this case. The Redirection URI MAY use an alternate scheme, such as one that is intended to identify a callback into a native application.
but only with confidential clients, meaning a server application using the auth code or hybrid flow
Tom Kersten
@tomkersten
Oct 26 2015 17:29
obv the redirect URI's will be different for various clients (i may use /callback you may use /cb), but a host whitelist may make sense.
Christian Smith
@christiansmith
Oct 26 2015 17:30
I have a feeling letsencrypt will eventually make all this a moot point
at least I hope so
Joris Kraak
@bauglir
Oct 26 2015 17:31
@christiansmith I believe I actually ran into that same issue when manually editing that value in redis
But I'm not 100% sure
'issue' being the code id_token token one
Christian Smith
@christiansmith
Oct 26 2015 17:31
ah, ok
Tom Kersten
@tomkersten
Oct 26 2015 17:31
setting up localhost to always run over SSL seems inconvenient.
Christian Smith
@christiansmith
Oct 26 2015 17:31
it is unless you can automatically obtain an ssl cert
Tom Kersten
@tomkersten
Oct 26 2015 17:32
obviously we aren't typically doing that.
Christian Smith
@christiansmith
Oct 26 2015 17:32
yes
I think we need to file issues for both this "SSL in development" issue and the code id_token token issue
Tom Kersten
@tomkersten
Oct 26 2015 17:34
will add one for SSL in development
Christian Smith
@christiansmith
Oct 26 2015 17:34
thanks
@bauglir thanks for confirming the hybrid response_type thing
Joris Kraak
@bauglir
Oct 26 2015 17:36
I'm not positive if it's actually a confirmation though. I'll be able to look into it once I migrate my production environment over
But I do remember trying to set it by hand to code id_token token and that not working and I believe it got fixed by selecting everything through nvl
Christian Smith
@christiansmith
Oct 26 2015 17:36
I’ll try to look into both of these today
Tom Kersten
@tomkersten
Oct 26 2015 17:38
anvilresearch/connect#286
Christian Smith
@christiansmith
Oct 26 2015 17:39
thanks @tomkersten
Tom Kersten
@tomkersten
Oct 26 2015 17:39
np!
Christian Smith
@christiansmith
Oct 26 2015 17:42
I think this is where we’d need to modify the logic: https://github.com/anvilresearch/connect/blob/master/models/Client.js#L96
RhinoLoft
@RhinoLoft
Oct 26 2015 22:01

@simonrenoult thanks, i am working thru this and experimenting, seems some issue with the cli, if i try this

ubuntu@ip-172-10-0-172:~$ nvl client:register --name Coin ID Test 2 --uri http://test.coinid.com --logo-uri http://test.coinid.com/assets/images/CoinID.png --application-type web --response-type code --grant-type authorization_code --default-max-age 3600
Selected issuer test.coinid.com (https://testanvil.coinid.com)
? Will this be a trusted client? Yes
? Define redirect URIs http://test.coinid.com/login
? Define redirect URIs
? Define post logout redirect URIs
{

it works, if i try this (and put the redirect-uri on command line) it fails

ubuntu@ip-172-10-0-172:~$ nvl client:register --name Coin ID Test 2 --uri http://test.coinid.com --logo-uri http://test.coinid.com/assets/images/CoinID.png --application-type web --response-type code --grant-type authorization_code --default-max-age 3600 --redirect-uri http://test.coinid.com/login
Selected issuer test.coinid.com (https://testanvil.coinid.com)
? Will this be a trusted client? Yes
? Define post logout redirect URIs
{ [StatusCodeError: 400 - [object Object]]

Christian Smith
@christiansmith
Oct 26 2015 22:46
@vsimonian @RhinoLoft looks like maybe we have a bug with the prompt code that accepts multiple inputs.
Or rather…
the CLI flags