Resolved: Auth error with freshly installed community server

Hi all,

this is my first contact with solid,

With a freshly installed community server (tried the current node version, git branches main and 2.0.0) I get a 400 Bad Request error while trying to authenticate.

I can register myself as a new user, my pod is created, but every application I try can not login, and looking at the network traffic the last request is:

Request

POST /idp/reg HTTP/2
Host: solid.virtual-earth.de
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: */*
Accept-Language: de-DE,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
content-type: application/json
Origin: https://notepod.vincenttunru.com
Content-Length: 220
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

{
    "issuer": "https://solid.virtual-earth.de/mathiasp/profile/card#me",
    "grant_types": [
        "implicit"
    ],
    "redirect_uris": [
        "https://notepod.vincenttunru.com/popup.html"
    ],
    "response_types": [
        "id_token token"
    ],
    "scope": "openid profile"
}

Response:

HTTP/2 400 Bad Request
access-control-allow-credentials: true
access-control-allow-origin: https://notepod.vincenttunru.com
access-control-expose-headers: Accept-Patch,Link,Location,MS-Author-Via,Updates-Via,WAC-Allow
cache-control: no-cache, no-store
content-type: application/json; charset=utf-8
date: Wed, 22 Sep 2021 16:54:16 GMT
pragma: no-cache
updates-via: wss://solid.virtual-earth.de/
vary: Accept,Authorization,Origin
www-authenticate: Bearer realm="https://solid.virtual-earth.de/", error="invalid_client_metadata", error_description="response_types can only contain 'code id_token', 'code', 'id_token', or 'none'"
x-powered-by: Community Solid Server
content-length: 136
X-Firefox-Spdy: h2

I do not understand this error, and googling does not lead to an explanation…

Any help would be apreciated!

Logging gives no additional info:

2021-09-22T16:54:16.614Z [BaseHttpServerFactory] info: Received GET request for /idp/jwks
2021-09-22T16:54:16.615Z [IdentityProviderHttpHandler] debug: Sending request to oidc-provider: /idp/jwks
2021-09-22T16:54:16.736Z [BaseHttpServerFactory] info: Received OPTIONS request for /idp/reg
2021-09-22T16:54:16.763Z [BaseHttpServerFactory] info: Received POST request for /idp/reg
2021-09-22T16:54:16.763Z [IdentityProviderHttpHandler] debug: Sending request to oidc-provider: /idp/reg

Thanks, Mathias

Unfortunately there were security issues with the old authentication protocol, so a breaking change was introduced with a new authentication protocol - but many apps unfortunately have not been updated to support that, and the community server doesn’t support the old one. Try e.g. Media Kraken, which does implement the new protocol.

Hi Mathias, I am not privy to technically solving this issue, but I know there’s a Report A Bug link at the bottom of the GitHub Community Solid Server repo.

Thank you, this shows that the server is working as expected.

Now I have to understand it

Hmmm, is there a way to mark this issue as solved or edit the title?
I can find none…?

If you want, I am a moderator. I can edit the title to say solved.

Hi Marelle, that would be great!

BTW: Where is this auth change documented?

Thanks, Mathias

I don’t think there’s a changelog somewhere, unfortunately, but the spec proposal references Solid OIDC, which I think describes the current auth mechanism.