AcceptLoginRequest results in EOF

[nhh]

When accepting a login request via hydra, the rest api/ go sdk responds with an Bad Request -> EOF.

Steps to reproduce the behavior:

Server response + logs

Logs:

hydra_1          | time="2019-08-11T09:18:17Z" level=error msg="An error occurred while handling a request" code=400 debug= details="map[]" error=EOF reason= request-id= status= trace="Stack trace: \ngithub.com/ory/hydra/consent.(*Handler).AcceptLoginRequest\n\t/go/src/github.com/ory/hydra/consent/handler.go:320\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/httprouter@v1.2.0/router.go:334\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1995\ngithub.com/ory/hydra/x.RejectInsecureRequests.func1\n\t/go/src/github.com/ory/hydra/x/tls_termination.go:55\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/x/metricsx.(*Service).ServeHTTP\n\t/go/pkg/mod/github.com/ory/x@v0.0.64/metricsx/middleware.go:260\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/ory/hydra/metrics/prometheus.(*MetricsManager).ServeHTTP\n\t/go/src/github.com/ory/hydra/metrics/prometheus/middleware.go:26\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/meatballhat/negroni-logrus@v0.0.0-20170801195057-31067281800f/middleware.go:136\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/negroni@v1.0.0/negroni.go:96\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2774\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1878\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1337" writer=JSON

Response

{
    "error": "error",
    "error_description": "The error is unrecognizable.",
    "status_code": 500,
    "error_debug": "EOF",
    "request_id": ""
}

Server configuration

version: "3.7"
services:
  dbdev:
    image: "postgres:11"
    ports:
      - "5432:5432"
    environment:
      - "POSTGRES_PASSWORD=postgres"
      - "POSTGRES_USER=postgres"
      - "POSTGRES_DB=postgres"
  hydra:
    image: "oryd/hydra:v1.0.0"
    environment:
      - "URLS_SELF_ISSUER=http://localhost:4444"
      - "URLS_CONSENT=http://localhost:4200/consent"
      - "URLS_LOGIN=http://localhost:4200/login"
      - "URLS_LOGOUT=http://localhost:4200/logout"
      - "DSN=postgres://hola:hola@hydradb:5432/holadb?sslmode=disable"
      - "SECRETS_SYSTEM=youReallyNeedToChangeThis"
      - "OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise"
      - "OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis"
    ports:
      - "4444:4444"
      - "4445:4445"
      - "4446:4446"
      - "5555:5555"
    command: serve all --dangerous-force-http
    depends_on:
      - hydra-migrate
  hydradb:
    image: "postgres:11"
    environment:
      - "POSTGRES_PASSWORD=hola"
      - "POSTGRES_USER=hola"
      - "POSTGRES_DB=holadb"
    ports:
      - "5433:5432"
  hydra-migrate:
    image: oryd/hydra:latest
    environment:
      - "DSN=postgres://hola:hola@hydradb:5432/holadb?sslmode=disable"
    command:
      migrate sql -e --yes
    restart: on-failure

Expected behavior

Hydra sends the redirectTo Uri as response.

Environment

• Version: oryd/hydra:v1.0.0
• Environment: MacOS, Docker Desktop 2.1.0.1, ...

Additional context

A example User Service / Identity Provider should be implemented. The Client sends its email and password, the service should mark the request as accepted via hydra.

[aeneasr]

You need to send a JSON body with your request. It seems like you're just sending a PUT request without any content.

[nhh]

The body is, referring to the docs, optional: https://www.ory.sh/docs/hydra/sdk/api#accept-an-login-request

I also used the official Go SDK like this:

	adminURL, err := url.Parse("http://localhost:4445")
	ory := hydra.NewHTTPClientWithConfig(nil, &client.TransportConfig{Schemes: []string{adminURL.Scheme}, Host: adminURL.Host, BasePath: adminURL.Path})

	acceptLoginRequestParams := admin.NewAcceptLoginRequestParams()
	acceptLoginRequestParams.SetLoginChallenge(request.Challenge)

        resp, oryErr := ory.Admin.AcceptLoginRequest(acceptLoginRequestParams)

I guess the sdk will send a request body, but i cannot say, the response is the same wheter i use the REST API or the GO SDK.

[aeneasr]

That's a documentation issue, the body is required - otherwise hydra can not know what user authenticated.

[nhh]

Ok, so what of these is the actual body i have to send?

From Go sdk source code:

type AcceptLoginRequestParams struct {

	/*Body*/
	Body *models.HandledLoginRequest
	/*LoginChallenge*/
	LoginChallenge string

	timeout    time.Duration
	Context    context.Context
	HTTPClient *http.Client
}

And from the rest api documentation

{
  "acr": "string",
  "context": {
    "property1": {},
    "property2": {}
  },
  "force_subject_identifier": "string",
  "remember": true,
  "remember_for": 0,
  "subject": "string"
}

Appreciate your help!!

[aeneasr]

https://www.ory.sh/docs/hydra/oauth2#authenticating-users-and-requesting-consent

[ArnoSen]

I think I ran into the same issue once. Now it is working for me.

import (
  "github.com/ory/hydra/sdk/go/hydra/client/admin"
  "github.com/ory/hydra/sdk/go/hydra/models"
)

(...)

      loginOKRequest := admin.NewAcceptLoginRequestParamsWithHTTPClient(httpclient)

      b := &models.HandledLoginRequest{
        Subject: &username[0],
      }

      loginOKRequest.SetBody(b)
      loginOKRequest.SetTimeout(10 * time.Second )
      loginOKRequest.LoginChallenge = resp.Payload.Challenge

      consentOKResponse, err := hydra.Admin.AcceptConsentRequest(consentOKRequest)

(...)

I hope this helps

[nhh]

Thanks all! I solved the issue with your help.

[fpcyan]

That's a documentation issue, the body is required - otherwise hydra can not know what user authenticated.

@aeneasr I notice that this is still an issue a year later. How can we fix this documentation?

[aeneasr]

Hi there, sorry that this hasn't been fixed in the docs yet - it's probably enough to add // required: true here:

https://github.com/ory/hydra/blob/master/consent/doc.go#L83

Similar, this should also be done for consent and other request parameters that have a body. Would you be up for the challenge?