Examples or tutorials?

[ekafyi]

Thanks for creating this library!

Unfortunately I could not get the indiekit server auth to work, specifically when redirecting back to /session/auth with the code query param. Based on the docs, after completing steps 1 to 4, I should be able to authorise my app:

You will then be directed to an authentication page on your Indiekit server. Here you can select which permissions you wish to grant the application before entering your password to allow access.
And that’s it, you’re all set up.

I'm hesitant to file an issue on my specific error because I suspect I might be misunderstanding the docs or missing something obvious here (should I be modifying the underlying indiekit Express app myself? should I add a middleware to get the bearer token and store it in cookies?).

Describe the solution you’d like

Being able to see a working barebones example—even with no privilege checked and no DB connected—would help immensely. It would also help to have such examples in the "Resources" section of the docs.

Describe alternatives you’ve considered

Browse github for indiekit https://github.com/topics/indiekit — no result other than the config example

---

Edit: Sorry for the inaccurate (auto) label; it should be docs instead of enhancement.

[paulrobertlloyd]

Hi @ekafyi, thanks for opening this issue. Very keen to improve the documentation where I can, so let’s try and resolve this issue, and then from that, work out which instructions can be improved or added.

A few questions to help me diagnose:

1. To confirm, have you set SECRET and PASSWORD_SECRET environment variables?
2. Are you trying to authorise a third-party application, or log in to your Indiekit server?
3. What error are you seeing?
4. Can you provide a link to your configuration file?

On this suggestion:

Being able to see a working barebones example—even with no privilege checked and no DB connected—would help immensely. It would also help to have such examples in the "Resources" section of the docs.

Do you mean like a working demo, so you can see what a server looks like when you log in? That sounds like a good idea, will need to figure out how to set that up (i.e. daily resets).

[ekafyi]

Hi Paul, thanks for the response.

(1) Yes I have both env variables set.

Sample code: https://github.com/ekafyi/coba-ik

• I use Github Codespaces, hence the .devcontainer folder and the custom server endpoints in .indiekitrc.json. Cloning it locally and replacing all codespaces URL with localhost:3000 yields the same result.
• The public-facing web page coba-ik.netlify.app is live and contains the required link tags

(2) Log in to my own server. (I presume this CMS app would be our server, is that correct?)

(3) Steps I took to reproduce the error:

• /session/login?redirect=/ "Sign in with IndieAuth to verify..."
• /auth/consent?request_uri=urn:ietf:params:oauth:request_uri:mbzFuEBFTBndxdYk "Authorize application"
  • Enter password, check/uncheck any combination of scopes/privileges
• ❗️ error 500 /session/auth?redirect=%2F&code=SOME_ENCRYPTED_CODE&iss=https%3A%2F%2Fekafyi-solid-giggle-pqjj475p7qf79j4-3000.preview.app.github.dev%2F&state=SOME_STRING&me=https%3A%2F%2Fcoba-ik.netlify.app%2F

Looks like the expected response of that last endpoint should be a redirect or stringified JSON body of some sort, but instead it renders a view (ie. HTML doc).

Not sure it's relevant, but this is the parsed value of the code query param.

{
  "client_id": "https://ekafyi-solid-giggle-pqjj475p7qf79j4-3000.preview.app.github.dev/",
  "code_challenge": "XXXXX-XXXXXXXXXXXXXXXX",
  "code_challenge_method": "S256",
  "jti": "5cd404ed-1027-4aad-abd3-87171874e5fa",
  "me": "https://coba-ik.netlify.app/",
  "redirect_uri": "https://ekafyi-solid-giggle-pqjj475p7qf79j4-3000.preview.app.github.dev/session/auth?redirect=/",
  "scope": "draft",
  "iat": 1671644141,
  "exp": 1671644741
}

Do you mean like a working demo, so you can see what a server looks like when you log in?

Yes, that would be great.

[paulrobertlloyd]

Okay, looking at your configuration files, you have values set for the following:

• application.authorizationEndpoint
• application.tokenEndpoint
• application.micropubEndpoint
• application.url

You needn’t add values for these options (application.url is useful if you’re server is behind a proxy, and the endpoint values are if you want to use entirely different services for IndieAuth/Micropub).

If you remove these values, does that fix this issue?

[paulrobertlloyd]

Closing this issue as there are others open to address creating a demo (#565) and specific tutorials (#640, #526, #527).

Feel free to reopen this issue if you are still trying to get the above to work.