Server crashes when using OCID connection + Sign in with Apple #4701
Comments
piscis
changed the title
|
Hi there Picture isn't required but every user needs a username, so that they can be identified in the community. It's listed as "required" in our SSO docs for that reason. You can see a list of required fields in the JWT in our SSO docs, as well as information on how to successfully connect SSO providers: https://docs.coralproject.net/sso |
|
Hi @losowsky thanks for taking the time to look into this. And yes you are correct if we would use jwt via sso integration we could handle this from our side but we are trying to use the ocid connector and in case of apple signin there is no username or name but if I patch coraltalk to convert the null values into an empty string a user gets ask to pick a username during registration. So I thing it’s fine in case a username is not available because coraltalk is asking for one to be created before finishing the registration. Also there is the point that if the ocid connector throws the Joi validation error the server crashes afaik would you accept a pr with the change's above to make it possible to use something like logto.io or keycloak together with apple signin via ocid ? |
|
@piscis we would take a look at a small change to the OIDC integration! |
|
@piscis can you confirm the name or company you used in the form? Not sure which submission is yours. |
|
@tessalt my colleagues from all3dp.com tried to get a quote |
We're currently trying to setup CoralTalk together with a OCID ID provider (https://logto.io) using AppleID as a connector. It turns out when OCID token exchange is done the server crashes with a ValidationError: stating that name and picture must be a string and not null.
Because Apple SignIn does not return a "name" or "picture" logto returns a null instead of an empty string. The error seems to be caused in this two lines:
talk/server/src/core/server/services/oidc/oidc.ts
Lines 53 to 54 in 317fe8b
When forcing null values into empty strings before validation everything seams to work:
Example of the user user info provided to CoralTalk from LogTo.io after successful authentication via Apple SignIn:
{ "sub": "lxa7wl57jyjf", "name": null, "picture": null, "updated_at": 1732302616720, "username": null, "created_at": 1732291345221, "organizations": [], "organization_data": [], "organization_roles": [] }When forcing null values into empty strings everything seems to work. In case a new user registers and the name is an empty string CoralTalk asks for the username during the registration.
But I do not know if this could have some other implications for CoralTalk. Would be nice if someone could clarify.
Expected behavior:
It would be great if CoralTalk would allow null values for "picture" or "name" to make it possible to connect via login providers like "SignIn with Apple".
At least validation errors in the OCID connector should not crash the server.
Actual behavior:
It crashes the server and makes it impossible to use providers that do not provide name or picture information.
Related Issues:
no
Versions:
coralproject/talk:7The text was updated successfully, but these errors were encountered: