Penny config: error 400 when trying to browser freshly created pod

[joeitu]

After creating a new account, trying to browse the new Pod with penny UI return error 400

step to reproduce

1. start a recipe instance with:
   npx community-solid-server -c config-penny.json -f ~/Documents/ -p 3005

2. go to localhost:3005/idp/register/ and create a new account, choose the option " Create a new WebID for my Pod." and fill up the form, choose bar as a pod name

3. after registration, the "You've been signed up" page shows a link to the Pod URL localhost:3005/bar/ , click the URL

4. Now you should be back on Penny UI, click the Connect button and enter your freshly created credential

Expected behaviour

Can explore the pod as we can do when using penny as an external app

Current

get a 400 error

related bug

After a successful login to penny UI, clicking the "Your profile" button, bump into #4

[RubenVerborgh]

Seems to be a Penny bug; can you try upgrading Penny to the latest version in your package.json?

[joeitu]

I believe already using the latest version:
in my package.json and package-lock.json

  "dependencies": {
    "@solid/community-server": "2.0.1",
    "penny-pod-inspector": "^0.408340065.1779949331"
  }

Matches the latest version on:
https://www.npmjs.com/package/penny-pod-inspector

After the login, when redirecting to the pod address with the penny UI, the first URL that appear in the browser URL bar is one we can see in penny pod address bar:
localhost:3005/bar/?code=5hDmv9KIHmPPn_odO98FIYkW0_hx1GC7Fi4SdoUf_Ki&state=116c74e7319645a888db15e98fc3f541

Then the page reload itself to
localhost:3005/bar/
but the ?code=5hDmv9KIHmPPn_odO98FIYkW0_hx1GC7Fi4SdoUf_Ki&state=116c74e7319645a888db15e98fc3f541 remain in penny's pod adress bar.

Maybe the bug comes from that redirection not being properly handled by penny.

When I launch SCS and penny as two separate app and go through the same procedure, penny has a different behaviour:
after creating a new pod in scs, I login in my penny instance. after the successful login on my SCS instance, I get redirected to penny but the podname doesn't appear in the URL.

• I get first redirected to http://localhost:3000/?code=....&state=... ( instead of http://localhost:3000/podname/?code=....&state=... in the recipe)

• And secondly I the page refreshes to http://localhost:3000
  

[RubenVerborgh]

Then the page reload itself to localhost:3005/bar/ but the ?code=5hDmv9KIHmPPn_odO98FIYkW0_hx1GC7Fi4SdoUf_Ki&state=116c74e7319645a888db15e98fc3f541 remain in penny's pod adress bar.

Maybe the bug comes from that redirection not being properly handled by penny.

I think I know what it is. You might be running into CommunitySolidServer/CommunitySolidServer#1091; could you open up the inspector window and see if you have an error such as cannot call xxx of undefined?

[joeitu]

Not exactly, here is a screenshot of all the errors that prompt in my console after the login redirection:

( aba is the podname )

[RubenVerborgh]

Mhm I still see the [[...slug]] bug (https://gitlab.com/vincenttunru/penny/-/issues/15), but the localhost/:1 confused me too; that is not expected.

Could you please show details of one of the 400 errors? (Go to Network and look for the response; the CSS output might also tell you more if you start it with -l debug.)

[joeitu]

400 response:

errorCode: "H400"
message: "Error verifying WebID via DPoP-bound access token: The DPoP proof htu parameter doesn't match the HTTP request URI without query and fragment parts.\nActual: http://localhost:3006/\nExpected: http://localhost:3006/?code=7_PfnFXySLZxgLIpMq4B8Elvg5mJolA28JqSFBMJ8eG&state=b5ef9fc60b9d47b6a70e6ac730da14e9"
name: "BadRequestHttpError"
statusCode: 400

For the debug log, I get a lot of noise but I have spoted the related warning

2021-12-09T17:28:41.566Z [DPoPWebIdExtractor] warn: Error verifying WebID via DPoP-bound access token: The DPoP proof htu parameter doesn't match the HTTP request URI without query and fragment parts.
Actual: http://localhost:3006/
Expected: http://localhost:3006/?code=7_PfnFXySLZxgLIpMq4B8Elvg5mJolA28JqSFBMJ8eG&state=b5ef9fc60b9d47b6a70e6ac730da14e9

[joachimvh]

This error is thrown by the access-token-verifier library because the htu field in the access token does not match the actual URL: https://github.com/solid/access-token-verifier/blob/main/src/algorithm/verifyDpopProofHttpUri.ts#L14-L16

This means the access token is invalid (since it should contain the stripped URL), which might indicate an issue with the authn library. I did some digging and I'm quite sure this is an issue with the authn library, I've opened an issue: inrupt/solid-client-authn-js#1842

[RubenVerborgh]

I second this.

I had seen the bug occur when the query string was not removed in a HTTP/HTTPS context, but this is not the issue here.

[joeitu]

The main issue have is that:

1. after login I get redirected to a broken page
2. after login when clicking "Your profile" I get directed to a broken page ( created a separate issue Penny: Clicking "Your profile" after login redirect to a broken page #4 )

But otherwise, if I browse the pod using Penny's top "path bar" I have no problem navigating the pod.
So in my perspective, it seems to be just a wrong redirection and linking problem, but maybe the origin of the problem goes deeper than that.