Having an issue with the tutorial

DallanQ · May 20, 2020, 7:55am

I’ve been going through the tutorial. Everything has been working well, until I get to the last step: Perform Oauth2 flow. After I login, the app hangs trying to load the consent page: localhost:9020/consent?consent=…

I see the following error in the hydra logs:

time="2017-10-29T02:22:26Z" level=info msg="started handling request" method=POST remote="172.17.0.8:47430" request=/oauth2/token
time="2017-10-29T02:22:26Z" level=error msg="An error occurred" error="The client is not allowed to request scope hydra.consent.*: The requested scope is invalid, unknown, or malformed"
time="2017-10-29T02:22:26Z" level=info msg="completed handling request" measure#https://localhost:9000.latency=92605728 method=POST remote="172.17.0.8:47430" request=/oauth2/token status=400 text_status="Bad Request" took=92.605728ms

Here are the commands I used to create the consent app

hydra clients create --skip-tls-verify \
>   --id consent-app \
>   --secret consent-secret \
>   --name "Consent App Client" \
>   --grant-types client_credentials \
>   --response-types token \
>   --allowed-scopes hydra.consent
You should not provide secrets using command line flags. The secret might leak to bash history and similar systems.
OAuth2 client id: consent-app
OAuth2 client secret: consent-secret

and the policy

hydra policies create --skip-tls-verify \
>   --actions get,accept,reject \
>   --description "Allow consent-app to manage OAuth2 consent requests." \
>   --allow \
>   --id consent-app-policy \
>   --resources "rn:hydra:oauth2:consent:requests:<.*>" \
>   --subjects consent-app
Created policy consent-app-policy.

Any idea what I’m doing wrong?

dtt101 · October 30, 2017, 12:14pm

When you create the consent app client try adding ‘hydra.consent.*’ to the allowed-scopes.

--allowed-scopes hydra.consent hydra.consent.*

That might fix it for you - as right now your client is requesting a scope you have not given it access to.

As to why it is not present in the tutorial - that I am not quite sure on - it may be something that has been recently updated and the docs have not been altered to reflect.

Either way - hope that helps.

hackerman · October 30, 2017, 2:20pm

Hi, the answer @dtt101 provided is correct. However, that issue should not exist as this issue was patched with the latest release of the express-based consent app. The issue there was that the consent app required a scope that does not exist, which was my fault. Which tutorial where you running exactly (link please)?

DallanQ · October 30, 2017, 2:35pm

Here’s the link: https://ory.gitbooks.io/hydra/content/install.html#setting-up-the-consent-app, but I see now that the example consent app is version 9: oryd/hydra-consent-app-express:v0.10.0-alpha.9. I must have accidentally copied version 8 when I ran it. My mistake, sorry. Thanks for the help!

hackerman · October 30, 2017, 2:37pm

No worries, you’re welcome!