By: Steve Lam user 28 Jun 2018 at 5:07 p.m. CDT

6 Responses
Steve Lam gravatar
Trying to run the AppAuth-Android demo against Gluu Server 3.1.3 installed on AWS Ubuntu 16.04 VM. App shows "Not authorized" "Authorization Code exchange failednull". Client Configuration in Gluu: ``` dn: inum=@!E737.2539.FD80.2437!0001!F277.1447!0008!FAAB.683A.A9E7.0791,ou=client s,o=@!E737.2539.FD80.2437!0001!F277.1447,o=gluu objectClass: oxAuthClient objectClass: top oxAuthLogoutSessionRequired: false oxAuthTrustedClient: true oxAuthScope: inum=@!E737.2539.FD80.2437!0001!F277.1447!0009!F0C4,ou=scopes,o=@!E 737.2539.FD80.2437!0001!F277.1447,o=gluu oxAuthScope: inum=@!E737.2539.FD80.2437!0001!F277.1447!0009!764C,ou=scopes,o=@!E 737.2539.FD80.2437!0001!F277.1447,o=gluu oxAuthScope: inum=@!E737.2539.FD80.2437!0001!F277.1447!0009!43F1,ou=scopes,o=@!E 737.2539.FD80.2437!0001!F277.1447,o=gluu oxAuthResponseType: code oxAuthRedirectURI: net.openid.appauthdemo://oauth2redirect oxAuthTokenEndpointAuthMethod: none oxPersistClientAuthorizations: false oxAuthGrantType: authorization_code inum: @!E737.2539.FD80.2437!0001!F277.1447!0008!FAAB.683A.A9E7.0791 oxAuthAppType: web oxDisabled: false oxIncludeClaimsInIdToken: false displayName: AppAuthAndroidApp oxAuthClientSecret: 2CCnV5W0z8T0UD1LQEuYFD9lgn7vAVFKpdd6SJUPkLw= oxAuthSubjectType: pairwise oxLastAccessTime: 20180628214052.791Z ``` Log: ``` 2018-06-28 21:40:14,430 INFO [qtp1744347043-9] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:217) - Authentication success for Client: '@!E737.2539.FD80.2437!0001!F277.1447!0008!3CBC.032A' 2018-06-28 21:40:52,652 ERROR [qtp1744347043-9] [org.xdi.oxauth.service.SessionIdService] (SessionIdService.java:271) - Faces context returns null for http request object. 2018-06-28 21:40:52,653 INFO [qtp1744347043-9] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:498) - Attempting to redirect user: SessionUser: SessionState {dn='oxAuthSessionId=d61515f1-5b7e-44ec-9c19-e2b91e23bee4,ou=session,o=@!E737.2539.FD80.2437!0001!F277.1447,o=gluu', id='d61515f1-5b7e-44ec-9c19-e2b91e23bee4', lastUsedAt=Thu Jun 28 21:40:52 UTC 2018, userDn='inum=@!E737.2539.FD80.2437!0001!F277.1447!0000!EF32.7513.4D56.C958,ou=people,o=@!E737.2539.FD80.2437!0001!F277.1447,o=gluu', authenticationTime=Thu Jun 28 21:40:52 UTC 2018, state=authenticated, sessionState='89851d09-83a2-42b7-800b-556fb1d9c806', permissionGranted=null, isJwt=false, jwt=null, permissionGrantedMap=org.xdi.oxauth.model.common.SessionIdAccessMap@2f2e911f, involvedClients=null, sessionAttributes={auth_step=1, acr=auth_ldap_server, login_hint=slam, remote_ip=12.15.229.66, auth_external_attributes=[], scope=openid email profile, response_type=code, redirect_uri=net.openid.appauthdemo://oauth2redirect, state=EoJV30zrLHUpBsc06tf-Qw, code_challenge_method=S256, client_id=@!E737.2539.FD80.2437!0001!F277.1447!0008!FAAB.683A.A9E7.0791, code_challenge=SvwhtB28NYoQ5FAShHL6SNMGZNMP-43FOV7EDL_1VLg}, persisted=true} 2018-06-28 21:40:52,654 INFO [qtp1744347043-9] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:506) - Attempting to redirect user: User: org.xdi.oxauth.model.common.User@6465c2e5 2018-06-28 21:40:52,657 INFO [qtp1744347043-9] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:357) - Authentication success for User: 'slam' ```

By Thomas Gasmyr Mougang staff 29 Jun 2018 at 3:15 a.m. CDT

Thomas Gasmyr Mougang gravatar
Hi Steve, We just tested the AppAuthDemo app against a Gluu server 3.1.3 and it works well. See the video in attachment. Can you provide a video like that where we can monitor the process step by step and sees at which point it fail. Another quick way to tackle that will be to provide us the following information so that we that test directly against your AWS instance: 1. The hostname of your gluu instance 1. A test user we can use to login 1. Client detail(clientID, redirecturi)

By Michael Schwartz Account Admin 29 Jun 2018 at 7:48 a.m. CDT

Michael Schwartz gravatar
Also, apparently the docs we prepared weren't properly migrated. Please see: [https://gluu.org/docs/ce/3.1.3/integration/native-apps/appauth-android/](https://gluu.org/docs/ce/3.1.3/integration/native-apps/appauth-android/)

By Steve Lam user 29 Jun 2018 at 3:07 p.m. CDT

Steve Lam gravatar
@Michael Schwartz - thank you for the link to the docs. These are better, but still have broken images at the bottom where it references gihub files. I was able to work around this by hacking the image src and added "?raw=true" to the end of each URL. @Thomas - I create a video reply (attached). It shows another challenge with the demo client app as it says "Failed to retrieve discovery document: Network error" 1. https://auth.illuma-labs.com 2. Username: gluusupport Password: P@ssw0rd 3. ClientID: @!E737.2539.FD80.2437!0001!F277.1447!0008!FAAB.683A.A9E7.0791 Redirect: appscheme://client.example.com

By Thomas Gasmyr Mougang staff 29 Jun 2018 at 3:58 p.m. CDT

Thomas Gasmyr Mougang gravatar
Hi, Thanks for that video. I just write some custom code to tackle that issue. I have to polish that code before. I will send you a fix for that problem tomorrow morning. Meanwhile check the video in attachment to see how it is working with your instance. Thanks, Gasmyr.

By Thomas Gasmyr Mougang staff 30 Jun 2018 at 1:04 a.m. CDT

Thomas Gasmyr Mougang gravatar
Hi **Steve**, Use the modified code provide below. Note that the issue was cert related, the error is throw because the discovery endpoint is in **https** format and the certificate of that hostname(https://auth.illuma-labs.com) is not trusted.

By Steve Lam user 02 Jul 2018 at 3:06 p.m. CDT

Steve Lam gravatar
Thank you. This worked.