I’m experimenting (as part of my MSc project / dissertation) with deploying Community Solid Server on an intranet-only server, i.e. it is not externally accessible. As part of this work, I’m also trying to get one of the pod browsing apps (Penny, Mashlib etc.) running locally as well, so that I can check what my own app is adding to a pod.
I seem to be hitting issues with OAuth2 via user name and password with any web-based app that I try. Which ever one I use, when I try to authenticate the login screen for the Solid server is displayed correctly, but when I enter my details and hit login then the redirect ends up back at the application home page rather than being logged in.
My own app can connect and interact with Solid with no problems, using an application ID and secret, so it would seem that there’s no problem with CSS itself.
I suspect this is an issue with the pod browsing app itself running locally, because the same thing happens if I try to connect to a public facing pod at (say) solidweb.me.
Things I’ve tried:
Running Penny standalone on the same server as Solid.
Using the standard recipes to add either Penny or Mashlib to the CSS server.
Adding an entry for the external IP address of intranet server to /etc/hosts, both on the server itself and on my Mac client.
Adding an entry to my intranet DNS server for the intranet server (it’s also running Avahi / mDNS so technically that shouldn’t be necessary.)
Possibly you could record the flow with something like https://www.replay.io? Then we can inspect the web requests that are made to see if anything looks wrong there.
Note that that can also include e.g. credentials, so make sure to use a test account with dummy credentials that you don’t use anywhere else.
OK, here’s the two of the three recordings that cover the attempt to authenticate from my local instance of Penny (running on port 4000 on the intranet server).
Hmm, I was hoping for a single recording covering the full flow from app to Solid server and back, but maybe that’s not possible.
But if I understand it correctly, it looks like what you’re trying to do is run (in this case) Penny locally, and then have it connect to a Solid Pod on solidweb.me, rather than to your locally-running Pod - is that correct?
Whereas what you actually want, if I understand correctly, is:
so that I can check what my own app is adding to a pod.
Would it work if instead you connect to your locally-running Pod using https://penny.vincenttunru.com, i.e. without running Penny yourself? Or am I misunderstanding what you’re trying to do?
Yes, I was hoping to get a single recording, but it seems that as it hops from server to server it starts a new recording.
My end goal is to run both Penny and CSS locally, which seems like something that anyone running an intranet-only Solid service would want to do before proceeding much further.
However, to eliminate possible issues such as my local CSS instance not being configured for OAuth correctly, I’m trying a simpler combination first - local Penny instance connecting to a publicly visible pod, in this case over at solidweb.me.
The cloud version of Penny doesn’t even start the authentication process, it merely reports “Could not find a Solid Pod at http://codex-pi5.martiningram.uk:3000. Please check the name and try again.” That was what I was expecting as I presume it tries to resolve that and can’t find a public DNS entry for my server.
OK, and do you want Penny to be hosted by CSS, or run separately?
I’m trying a simpler combination first - local Penny instance connecting to a publicly visible pod, in this case over at solidweb.me.
Could you share how you’re running Penny? As in, what steps did you take to start the app, what commands did you run, those kinds of things?
“Could not find a Solid Pod at http://codex-pi5.martiningram.uk:3000. Please check the name and try again.” That was what I was expecting as I presume it tries to resolve that and can’t find a public DNS entry for my server.
The requests to discover your Pod are sent by your browser, so I would expect it to have access to everything in your network. Possibly it checks for the connection to be over https, but I can’t remember off the top of my head. Can you visit http://codex-pi5.martiningram.uk:3000 directly in your browser and share what you see?
#!/bin/sh
export PORT=4000
cd /home/penny/server
npm run dev
where the server directory is a straight clone of the main git repo for the app. I’ve configured this to run as a systemd service, but while I’ve been running diagnostics I’ve just been running it manually as the penny user.
I did wonder about setting CSS to run under HTTPS, indeed that makes sense because aren’t HTTPS to HTTP redirects blocked by most browsers? I generated a key and cert for it but it’s not implemented yet. I’ll give it a try and see if that makes any difference.
(Just to note: as a new user posting a lot of URLs some of the posts were marked as spam. I’ve released them, and I think you should be able to post more now.
OK, I just double-checked, and Penny itself doesn’t enforce an HTTPS Pod, but indeed your browser may block it. If could be interesting to look at the network console while connecting to your Pod.
One other thing you could check is, if you start both CSS and Penny, is if you can at least use them over localhost - i.e. open http://localhost:4000 to open Penny, then enter http://localhost:3000 as your Pod location. I just tried that (so all with plain HTTP), and that worked for me. If it does, then indeed it might be an issue with HTTPS.
)