[QA] token renewal after 10 min fails

[jnweiger]

Seen with openidconnect 2.1.0-rc1 against kopano IDP

• connect with testpilotcloud-client 2.9.0 -- using a kopano user
• oidc authenticates via web browser
• wait 10 minutes
• after ca 10 Minutes the browser re-opens, the client waits for re-login

Expected behaviour: the auth token refreshes, without user interaction.

testpilotcloud-logdir.zip
owncloud.log.zip

[DeepDiver1975]

More something for the client team to look into.
Refreshing the token is a flow between client and idp.

[michaelstingl]

Desktop client tries to register 2x without success:

09-15 03:21:22:371 [ info sync.httplogger ]:	"ac8d6266-46e9-40c8-9a91-543f4829ea8c: 
Request: POST https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/register 
Header: { Content-Type: application/json, Authorization: Bearer [redacted], User-Agent: Mozilla/5.0 (Linux) mirall/2.9.0rc2 (build 5135) (testpilotcloud, linuxmint-5.4.0-81-generic ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: ac8d6266-46e9-40c8-9a91-543f4829ea8c, Original-Request-ID: ac8d6266-46e9-40c8-9a91-543f4829ea8c, Content-Length: 222, } 
Data: [{\n    \"application_type\": \"native\",\n    \"client_name\": \"ownCloud Testpilot Edition 2.9.0rc2 (build 5135)\",\n    \"redirect_uris\": [\n        \"http://127.0.0.1\"\n    ],\n    \"token_endpoint_auth_method\": \"client_secret_basic\"\n}\n]"

09-15 03:21:22:676 [ info sync.httplogger ]:	"ac8d6266-46e9-40c8-9a91-543f4829ea8c: 
Response: POST 400 https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/register 
Header: { Cache-Control: no-cache, no-store, must-revalidate, Content-Length: 127, Content-Type: application/json; encoding=utf-8, Date: Wed, 15 Sep 2021 01:21:22 GMT, Pragma: no-cache, Referrer-Policy: origin, Server: Caddy, X-Content-Type-Options: nosniff, } 
Data: [{\n  \"error\": \"invalid_redirect_uri\",\n  \"error_description\": \"native clients must only use localhost redirect_uris with http\"\n}\n]"

09-15 03:21:23:280 [ info sync.httplogger ]:	"b7e18bf0-ef3c-42dd-8a09-7e1435601ff5: 
Request: POST https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/register 
Header: { Content-Type: application/json, User-Agent: Mozilla/5.0 (Linux) mirall/2.9.0rc2 (build 5135) (testpilotcloud, linuxmint-5.4.0-81-generic ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: b7e18bf0-ef3c-42dd-8a09-7e1435601ff5, Original-Request-ID: b7e18bf0-ef3c-42dd-8a09-7e1435601ff5, Content-Length: 222, } 
Data: [{\n    \"application_type\": \"native\",\n    \"client_name\": \"ownCloud Testpilot Edition 2.9.0rc2 (build 5135)\",\n    \"redirect_uris\": [\n        \"http://127.0.0.1\"\n    ],\n    \"token_endpoint_auth_method\": \"client_secret_basic\"\n}\n]"

09-15 03:21:23:543 [ info sync.httplogger ]:	"b7e18bf0-ef3c-42dd-8a09-7e1435601ff5: 
Response: POST 400 https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/register 
Header: { Cache-Control: no-cache, no-store, must-revalidate, Content-Length: 127, Content-Type: application/json; encoding=utf-8, Date: Wed, 15 Sep 2021 01:21:23 GMT, Pragma: no-cache, Referrer-Policy: origin, Server: Caddy, X-Content-Type-Options: nosniff, } 
Data: [{\n  \"error\": \"invalid_redirect_uri\",\n  \"error_description\": \"native clients must only use localhost redirect_uris with http\"\n}\n]"

3 Minutes later it falls back to builtin client ID xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69:

09-15 03:24:26:873 [ info sync.httplogger ]:	"369a2244-2dbb-44f0-ad0c-06d5a8dfa7d6: 
Request: POST https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/token 
Header: { Authorization: Basic [redacted], Content-Type: application/x-www-form-urlencoded; charset=UTF-8, User-Agent: Mozilla/5.0 (Linux) mirall/2.9.0rc2 (build 5135) (testpilotcloud, linuxmint-5.4.0-81-generic ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 369a2244-2dbb-44f0-ad0c-06d5a8dfa7d6, Original-Request-ID: 369a2244-2dbb-44f0-ad0c-06d5a8dfa7d6, Content-Length: 448, } 
Data: [client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&client_secret=UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh&scope=openid%20offline_access%20email%20profile&grant_type=authorization_code&code=_3LBI6X6U4j27Ljcho-gQ3gJzojdNCkP&redirect_uri=http://127.0.0.1:37419&code_verifier=JdwAXHT-H6CmDQHwSdQBhv7V9KokOn0V7A2VUbZbsINse1TScOVJnnDmh3iAsHYwWK3tiwUA1hEjk20RNOIQinJnr2TuP75coMjU5qlEBxY9ZeX-EGgo7kpGDMs3rzmG]"

09-15 03:24:27:209 [ info sync.httplogger ]:	"369a2244-2dbb-44f0-ad0c-06d5a8dfa7d6: 
Response: POST 200 https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/token 
Header: { Cache-Control: no-store, Content-Type: application/json; encoding=utf-8, Date: Wed, 15 Sep 2021 01:24:27 GMT, Pragma: no-cache, Server: Caddy, Vary: Origin, Transfer-Encoding: chunked, } 
Data: [{\n  \"access_token\": \"eyJhbGciOiJQUzI1NiIsImtpZCI6Imtvbm5lY3RkLXRva2Vucy1zaWduaW5nLWtleSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ4ZFhPdDEzSkt4eW0xQjFRY0VuY2YyWERrTEFleE1CRndpVDlqNkVmaGhIRkpoczJLTTlqYmpUbWY4SkJYRTY5IiwiZXhwIjoxNjMxNjY5NjY3LCJqdGkiOiI3bGR6NmFOUmgxZ09VZUpKYV8xWURHcXpnMXItRFcwWSIsImlhdCI6MTYzMTY2OTA2NywiaXNzIjoiaHR0cHM6Ly9rb25uZWN0LW9pZGMtMjEwcmMxLTIwMjEwOTE0Lmp3LXFhLm93bmNsb3VkLndvcmtzIiwic3ViIjoiQXRfbnAzMjI2eUJhbm9FbUtxQWw1bFdkVjZhdDVtb0dwNVRRRXFoTzFsZklXSUdsMDNvRW1XX3hYRFpFa01tUklNaE1SNExHMzRrWEI1alNmYUppREFAa29ubmVjdCIsImtjLmlzQWNjZXNzVG9rZW4iOnRydWUsImtjLmF1dGhvcml6ZWRTY29wZXMiOlsib3BlbmlkIiwib2ZmbGluZV9hY2Nlc3MiLCJlbWFpbCIsInByb2ZpbGUiXSwia2MuaWRlbnRpdHkiOnsia2MuaS5kbiI6ImFhbGl5YWgiLCJrYy5pLmlkIjoidWlkPWFhbGl5YWhfYmVlcixvdT1wZW9wbGUsZGM9b3duY2xvdWRxYSxkYz1jb20iLCJrYy5pLnVuIjoiYWFsaXlhaF9iZWVyIn0sImtjLnByb3ZpZGVyIjoiaWRlbnRpZmllci1sZGFwIn0.nGVFoyrB0m033DHyWRuwuPXWMsXXXyNxVu9u-waz882nA1cySjkRz9wzzfLT9H6c2Qq3T8epiXGnDxMMNGzimxvQNkLzOlgTobRIS-VoiGKeTzifaDvQM1hXpdkq-tB_kAQS-5KevtdSfhdW8A5CqWH37yNtJdNEnGljfN9kCuM8xJwstyqruQ2P9vjAFb5dxWXj-C5skjfjVDlQR9Yy0HfAT-ooC0ch9QsqI-uUThBLD7BgiVJMTl7UHOgLJgt_L3frJ2HubfwPg488Bk2Mm0Ds93kD7eucdIp2kpOalR2YwN8Z3wNzJd4qEez5XxYdxMGfumxdUhdflr_scUFwOd8H_ENwNrq7ns-FAIvMiotKWNiQWSVBBIxdVoS69sero53hu1PgOx__66g8tM8iwRiFot9AIO46tv1Io_LNKaE10Tvq5XL4M9uXJ2GHNrXiMDeo4pm8KQL15J985apOQNjmYDynohDLK8cB8T1gPsAdaHPeviYQQWFbzadWHWG0WQFTasa5_lnTtWf6UE9tl2Uebhb1TW8XRNXwLM9b7BHAKK0H32g7DIpJ1OG0_wV-cIcM_fpODNcoV2XXwyHjaqewGHSTFsy3fSbzbh-bydI3x39NtNF6ZL77U01FtSsqEmLvpmbhb1ynSpqO9gq-Nzs5nmjzCvTTbPsz6H7GUIY\",\n  \"token_type\": \"Bearer\",\n  \"id_token\": \"eyJhbGciOiJQUzI1NiIsImtpZCI6Imtvbm5lY3RkLXRva2Vucy1zaWduaW5nLWtleSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ4ZFhPdDEzSkt4eW0xQjFRY0VuY2YyWERrTEFleE1CRndpVDlqNkVmaGhIRkpoczJLTTlqYmpUbWY4SkJYRTY5IiwiZXhwIjoxNjMxNjcyNjY3LCJpYXQiOjE2MzE2NjkwNjcsImlzcyI6Imh0dHBzOi8va29ubmVjdC1vaWRjLTIxMHJjMS0yMDIxMDkxNC5qdy1xYS5vd25jbG91ZC53b3JrcyIsInN1YiI6IkF0X25wMzIyNnlCYW5vRW1LcUFsNWxXZFY2YXQ1bW9HcDVUUUVxaE8xbGZJV0lHbDAzb0VtV194WERaRWtNbVJJTWhNUjRMRzM0a1hCNWpTZmFKaURBQGtvbm5lY3QiLCJhdF9oYXNoIjoiZWxUWTlCZy1oa0tWRUpLbkZmSmlzUSIsInNpZCI6IkgybE14ZGdkbExwSzBDbHJpamRkX1hKRzVubWVHaC14bXpMNjA3NTlOejA9In0.co7HltpuaWXRkHr6aSAmN4d9oSlrmMQfA_0wbtqKWr7xMLihmSW929qhaPSLNLSen2Iz8R_WYlSTKPv2V28jk10MyOCLhY3MFWezDaxJz_PDCt1NfScI0Rb-l6_qD2NLvGwYfArIpUHSwanWvXcHHUqOmb7pf-Q1xMAjHK6A7mzEBOVIpsIaoIhNjrRpcZev7IdUvXA0ZrYJyRQLMjhXXqmDH8Now2A5yGQ5ir8OHV1WWvWI5DGeWb_EfAsPh-7ipMtJoMLSM3rUaPvKXbGcqfjQI7hEXQAZZuJ8l9ObeHgOyIx2_iH82kiIKIWwLJgu8M5kdF_lgx5lEauLzcbhWPBGCoIhKh19Tsm8Ebk2x29gfMUapK5uxhxoceNL_2yyFWSxkuvFqifKRGibYg4Sha63pb0ZkayArcfvY70lZxOUWrBT-xiv0JsXHLgS9zUNXhNOVzMqlEsUfQT8Ktejkb2K_rpVxVrwoGPbvKFfUSvGy1Xwm2Wvt_X1t9UunqKh1ZMnUI-Bt_D9Z_oUgUiZVp5iRyXMgIStCxq-w8nbSveehjMpmuaM16sWPYJxUG_KocWtz9R4bQuUc3vO-jt0EO8Rde94-JLOjATuu6l-WUEcKjPw24VOlIH1s8kSeymoQdStfmh4_e-7SwMo7dLx2-xDPda-zg_Bd6YUIRp7edQ\",\n  \"refresh_token\": \"eyJhbGciOiJQUzI1NiIsImtpZCI6Imtvbm5lY3RkLXRva2Vucy1zaWduaW5nLWtleSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ4ZFhPdDEzSkt4eW0xQjFRY0VuY2YyWERrTEFleE1CRndpVDlqNkVmaGhIRkpoczJLTTlqYmpUbWY4SkJYRTY5IiwiZXhwIjoxNzI2Mjc3MDY3LCJqdGkiOiJ3R21IemQxclk0cHVDY1VzYzdFOVJMZUxRYlFXenRoWiIsImlhdCI6MTYzMTY2OTA2NywiaXNzIjoiaHR0cHM6Ly9rb25uZWN0LW9pZGMtMjEwcmMxLTIwMjEwOTE0Lmp3LXFhLm93bmNsb3VkLndvcmtzIiwic3ViIjoiQXRfbnAzMjI2eUJhbm9FbUtxQWw1bFdkVjZhdDVtb0dwNVRRRXFoTzFsZklXSUdsMDNvRW1XX3hYRFpFa01tUklNaE1SNExHMzRrWEI1alNmYUppREFAa29ubmVjdCIsImtjLmlzUmVmcmVzaFRva2VuIjp0cnVlLCJrYy5hcHByb3ZlZFNjb3BlcyI6WyJwcm9maWxlIiwib3BlbmlkIiwib2ZmbGluZV9hY2Nlc3MiLCJlbWFpbCJdLCJrYy5yZWYiOiIyQzB4ZjdzV0NwczlDeHd2aVNOM2dPVmhRNmktMFhDajZ2UTFtRUN6Uk9zPSIsImtjLmlkZW50aXR5Ijp7ImtjLmkuZG4iOiJhYWxpeWFoIiwia2MuaS5pZCI6InVpZD1hYWxpeWFoX2JlZXIsb3U9cGVvcGxlLGRjPW93bmNsb3VkcWEsZGM9Y29tIiwia2MuaS51biI6ImFhbGl5YWhfYmVlciJ9LCJrYy5wcm92aWRlciI6ImlkZW50aWZpZXItbGRhcCJ9.w-dngA6E0vxtsTs8n84kCzB8Ex8fU3eB1tgYTdJa9hNlfjxh8_lh_Bv_TrbmSvFkYXafrYgYakYM6PGUKIblwvQae4T8n1Fggu_iDIv5c_w7TD8xg0YHFaHBmtvwpMvtNNJaiN1szKkgRBGfnu1u-WoqQ06bDkZ2yWYwClEV-St4cY-coTn44ALXxISLVblcCLfVC2XvLueiHEAOi8412Dc3eQY2ielpBW3TolXPHQcbgQUeGTql8uBJbDv7F3esoBmGL-oWfUq6Lhhb85bSQBYknqqzBz0wOj9lr8NHKZoJyl0jnZTewm913lnKX8Y4uwm8rRKezkhkRJVe71SRkpFvKPD4EssAi0Y_RC6qkM1fUwLMlTzCUtg0bxZHRoUj_p2_NNeD2Hy2Pnit3AEYrmJDqiaiw2iThEGH3-nTfTamnWiyZrJrePT3Z0Umi3TR9jQ-yVgMkdMPZsjw_Tj0OXX2WAJX0Fm9tLKRg7sqgFUR5A1XFMtbJzJ-W3JYjFnuZX9oPBb-Ds7CDa7KT9exNSQMFWGMY1r5pFD7dImDpXG-Un4LH0AoByEnk9JjcnN3HFTEz4hLfYADEYgDIjCeBYyUIS08-mGzixP8ILNKBonyd6xL7M39Jl9Yrxr5iEl3pVfYmNcaLBIsivNl6q9NiLGqHqFvpnWrmpUJ3BJ4mDI\",\n  \"expires_in\": 600\n}\n]"

At renewal, desktop sync client tries to register again 2x without success:

09-15 03:34:36:567 [ info sync.httplogger ]:	"d8686658-9053-4489-a35d-4d46dece6ed2: 
Request: POST https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/register 
Header: { Content-Type: application/json, Authorization: Bearer [redacted], User-Agent: Mozilla/5.0 (Linux) mirall/2.9.0rc2 (build 5135) (testpilotcloud, linuxmint-5.4.0-81-generic ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: d8686658-9053-4489-a35d-4d46dece6ed2, Original-Request-ID: d8686658-9053-4489-a35d-4d46dece6ed2, Content-Length: 222, } 
Data: [{\n    \"application_type\": \"native\",\n    \"client_name\": \"ownCloud Testpilot Edition 2.9.0rc2 (build 5135)\",\n    \"redirect_uris\": [\n        \"http://127.0.0.1\"\n    ],\n    \"token_endpoint_auth_method\": \"client_secret_basic\"\n}\n]"

09-15 03:34:36:866 [ info sync.httplogger ]:	"d8686658-9053-4489-a35d-4d46dece6ed2: 
Response: POST 400 https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/register 
Header: { Cache-Control: no-cache, no-store, must-revalidate, Content-Length: 127, Content-Type: application/json; encoding=utf-8, Date: Wed, 15 Sep 2021 01:34:36 GMT, Pragma: no-cache, Referrer-Policy: origin, Server: Caddy, X-Content-Type-Options: nosniff, } 
Data: [{\n  \"error\": \"invalid_redirect_uri\",\n  \"error_description\": \"native clients must only use localhost redirect_uris with http\"\n}\n]"

09-15 03:34:37:443 [ info sync.httplogger ]:	"15d8a57a-68e1-44a9-b3af-5b80295187dd: 
Request: POST https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/register 
Header: { Content-Type: application/json, User-Agent: Mozilla/5.0 (Linux) mirall/2.9.0rc2 (build 5135) (testpilotcloud, linuxmint-5.4.0-81-generic ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 15d8a57a-68e1-44a9-b3af-5b80295187dd, Original-Request-ID: 15d8a57a-68e1-44a9-b3af-5b80295187dd, Content-Length: 222, } 
Data: [{\n    \"application_type\": \"native\",\n    \"client_name\": \"ownCloud Testpilot Edition 2.9.0rc2 (build 5135)\",\n    \"redirect_uris\": [\n        \"http://127.0.0.1\"\n    ],\n    \"token_endpoint_auth_method\": \"client_secret_basic\"\n}\n]"

09-15 03:34:37:692 [ info sync.httplogger ]:	"15d8a57a-68e1-44a9-b3af-5b80295187dd: 
Response: POST 400 https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/register 
Header: { Cache-Control: no-cache, no-store, must-revalidate, Content-Length: 127, Content-Type: application/json; encoding=utf-8, Date: Wed, 15 Sep 2021 01:34:37 GMT, Pragma: no-cache, Referrer-Policy: origin, Server: Caddy, X-Content-Type-Options: nosniff, } 
Data: [{\n  \"error\": \"invalid_redirect_uri\",\n  \"error_description\": \"native clients must only use localhost redirect_uris with http\"\n}\n]"

3 Minutes later it falls back to builtin client ID again xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69:

09-15 03:37:37:735 [ info sync.httplogger ]:	"6790142c-6cec-4913-905a-36641a85b465: 
Request: POST https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/token 
Header: { Authorization: Basic [redacted], Content-Type: application/x-www-form-urlencoded; charset=UTF-8, User-Agent: Mozilla/5.0 (Linux) mirall/2.9.0rc2 (build 5135) (testpilotcloud, linuxmint-5.4.0-81-generic ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 6790142c-6cec-4913-905a-36641a85b465, Original-Request-ID: 6790142c-6cec-4913-905a-36641a85b465, Content-Length: 448, } 
Data: [client_id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69&client_secret=UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh&scope=openid%20offline_access%20email%20profile&grant_type=authorization_code&code=zA5ifVfhSkR-Lavt59Nmw7lPw1RQ7vn0&redirect_uri=http://127.0.0.1:39491&code_verifier=aXbK2eljLNoBqhnQ2Xjqf5mC0PEF0EnD3URlCrEMsJwe5pAf-3zjMzR7Kv3aStus2dB45tDw5cvDxbgX1iNgzSzmunCfK3QtSudeHFFcn9P30vRyyWPf514wIVcM55M2]"

09-15 03:37:38:093 [ info sync.httplogger ]:	"6790142c-6cec-4913-905a-36641a85b465: 
Response: POST 200 https://konnect-oidc-210rc1-20210914.jw-qa.owncloud.works/konnect/v1/token 
Header: { Cache-Control: no-store, Content-Type: application/json; encoding=utf-8, Date: Wed, 15 Sep 2021 01:37:38 GMT, Pragma: no-cache, Server: Caddy, Vary: Origin, Transfer-Encoding: chunked, } 
Data: [{\n  \"access_token\": \"eyJhbGciOiJQUzI1NiIsImtpZCI6Imtvbm5lY3RkLXRva2Vucy1zaWduaW5nLWtleSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ4ZFhPdDEzSkt4eW0xQjFRY0VuY2YyWERrTEFleE1CRndpVDlqNkVmaGhIRkpoczJLTTlqYmpUbWY4SkJYRTY5IiwiZXhwIjoxNjMxNjcwNDU3LCJqdGkiOiItNkJVYWZ1NnlieWI2dndOa1pnQktPYVdORjZtc0JXRiIsImlhdCI6MTYzMTY2OTg1NywiaXNzIjoiaHR0cHM6Ly9rb25uZWN0LW9pZGMtMjEwcmMxLTIwMjEwOTE0Lmp3LXFhLm93bmNsb3VkLndvcmtzIiwic3ViIjoiQXRfbnAzMjI2eUJhbm9FbUtxQWw1bFdkVjZhdDVtb0dwNVRRRXFoTzFsZklXSUdsMDNvRW1XX3hYRFpFa01tUklNaE1SNExHMzRrWEI1alNmYUppREFAa29ubmVjdCIsImtjLmlzQWNjZXNzVG9rZW4iOnRydWUsImtjLmF1dGhvcml6ZWRTY29wZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJlbWFpbCIsInByb2ZpbGUiLCJvcGVuaWQiXSwia2MuaWRlbnRpdHkiOnsia2MuaS5kbiI6ImFhbGl5YWgiLCJrYy5pLmlkIjoidWlkPWFhbGl5YWhfYmVlcixvdT1wZW9wbGUsZGM9b3duY2xvdWRxYSxkYz1jb20iLCJrYy5pLnVuIjoiYWFsaXlhaF9iZWVyIn0sImtjLnByb3ZpZGVyIjoiaWRlbnRpZmllci1sZGFwIn0.xEGfOJk2zfSN-NMJAtqQ8S1iqkl221ZBI6PhFWfatrIAKcXcEt79DUqFzi8PY7ZiIbJ-Jqw7XL7UUq8MdYVuNjtGrKyJ-piupujMnlSO22LCOimjrTaamM3jOvrG1XBo2AUSd0tsyBp7CsfFUJPVC6c5tLTPeYXwtVcKsKB6By2RUttpXqVZPG0bDhJ_TO704_PeXTtnprSL5CfCQaupIwFoaAnukPzDIWqpQGOco0HLd_yS6K5eeO0_SnFYsLwG2W0W8AGWP-8-jhMYqYZJxtlDIUtAzFvS-h1OSaZrV7jFrSICH6ANKUJsUEjCYeOB4jR-F14sbzNYD-SPhuWRfd9luSPP8ffh16gWSuVSgR0HelDOExLaSP56o3iSDXNn68anre9VPEFWHFbDmAZzFUri2iPOqkQBvCGPDXQ5-DG1jRoNQmYhXN1Zs1cS-6XNqV5CpxxahVk9tsuEL5XyiUnPos6V8ZFPxJ1lDvPV_jLXXzDgsqqkFPGM6Q2eR_t9OKPW_ZlGeLLTk6jPpv8Eha5RIBihZ8LTowjKc_Z4WzO2UkWO27Ar-J9c4O1UL5RpboQPGK-kuhOV8bcGkzvVNK0Bqp3CFEKJFLwGHnidNwR9eYyjogD9K_Wht3Gvkfe7c5hUW7Ai99EiWRiojSRPryjY4LkWS5Yq-eI1D4mtVPc\",\n  \"token_type\": \"Bearer\",\n  \"id_token\": \"eyJhbGciOiJQUzI1NiIsImtpZCI6Imtvbm5lY3RkLXRva2Vucy1zaWduaW5nLWtleSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ4ZFhPdDEzSkt4eW0xQjFRY0VuY2YyWERrTEFleE1CRndpVDlqNkVmaGhIRkpoczJLTTlqYmpUbWY4SkJYRTY5IiwiZXhwIjoxNjMxNjczNDU4LCJpYXQiOjE2MzE2Njk4NTgsImlzcyI6Imh0dHBzOi8va29ubmVjdC1vaWRjLTIxMHJjMS0yMDIxMDkxNC5qdy1xYS5vd25jbG91ZC53b3JrcyIsInN1YiI6IkF0X25wMzIyNnlCYW5vRW1LcUFsNWxXZFY2YXQ1bW9HcDVUUUVxaE8xbGZJV0lHbDAzb0VtV194WERaRWtNbVJJTWhNUjRMRzM0a1hCNWpTZmFKaURBQGtvbm5lY3QiLCJhdF9oYXNoIjoiSFNtUk9kLVFnWVZpNlVZTVdhaEszUSIsInNpZCI6IkgybE14ZGdkbExwSzBDbHJpamRkX1hKRzVubWVHaC14bXpMNjA3NTlOejA9In0.SFMZbZ6HGDIO3X4lzQ0uaw_UaDx6bTPJWpQ1qEOve6HhQ80wOV2ixcIj7RQqDFAQOO2hFm0rSF09ny5_jzrCsTmIoyQDaGEPKGEr005s7uo7u3yuIj7NJZTu5LNOOqWn1LIIwTQA1gP9e_J6Dub0WS_g741m4pdXBzlMQSIkkdpWyDrfaMzXDsdSDijBpHgvpmdu782YQYR4XUvncXHMESyV5MtVZUSy82mxEzTRxSqv-onH-F266j90O9aDLgc4QYIxS93tKOsXOLdQKPCoWpWVsRZkdMb64Wr6jJs_rjTe8MRTbmJar_yAuHEYsuJLeYKCplLn_OE5Q5l_tDpBJeU1luuHTizMsXM330pbPeVD7h5-FXWjBBwvJaOXpM3ROMcOgU1Z2lRtbIrY204yRRoxRQlKMu7sYMyc_mAqar3cKVimdMNB3c6UKiJ_PLJTJaAT_plxsqsxQ-XVh2e1GBb9h5NaVKRqJ0PtFc6gzd5uIneHJd5JdiQZT4oh0aM2ap82HW55xlHmE1cSx_C8T4vmAEWaU0M1EaXjzCTpah0WTNIoH8kQDwfACZAl1Gk4-Ac-3ZFclgRh2T3KZ7WZmNJeng9c7r3NFCqT_CNKVjI-n5Gw08BvQZ4INLbJGmuUxwpWUPFUzfxz71xZabZQlvi46mAJK5AoOwWnbcLEz3c\",\n  \"refresh_token\": \"eyJhbGciOiJQUzI1NiIsImtpZCI6Imtvbm5lY3RkLXRva2Vucy1zaWduaW5nLWtleSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ4ZFhPdDEzSkt4eW0xQjFRY0VuY2YyWERrTEFleE1CRndpVDlqNkVmaGhIRkpoczJLTTlqYmpUbWY4SkJYRTY5IiwiZXhwIjoxNzI2Mjc3ODU4LCJqdGkiOiJZTzI4QmVDcWxrWXVjZWt5WlZTT2pBNVhiNWMwbVZDSCIsImlhdCI6MTYzMTY2OTg1OCwiaXNzIjoiaHR0cHM6Ly9rb25uZWN0LW9pZGMtMjEwcmMxLTIwMjEwOTE0Lmp3LXFhLm93bmNsb3VkLndvcmtzIiwic3ViIjoiQXRfbnAzMjI2eUJhbm9FbUtxQWw1bFdkVjZhdDVtb0dwNVRRRXFoTzFsZklXSUdsMDNvRW1XX3hYRFpFa01tUklNaE1SNExHMzRrWEI1alNmYUppREFAa29ubmVjdCIsImtjLmlzUmVmcmVzaFRva2VuIjp0cnVlLCJrYy5hcHByb3ZlZFNjb3BlcyI6WyJlbWFpbCIsInByb2ZpbGUiLCJvcGVuaWQiLCJvZmZsaW5lX2FjY2VzcyJdLCJrYy5yZWYiOiJmQzgyelVYc1JvX1JNcXlYVGRhSlNSRld1Qm5jSGdldFZoTDlyWnFLR1RzPSIsImtjLmlkZW50aXR5Ijp7ImtjLmkuZG4iOiJhYWxpeWFoIiwia2MuaS5pZCI6InVpZD1hYWxpeWFoX2JlZXIsb3U9cGVvcGxlLGRjPW93bmNsb3VkcWEsZGM9Y29tIiwia2MuaS51biI6ImFhbGl5YWhfYmVlciJ9LCJrYy5wcm92aWRlciI6ImlkZW50aWZpZXItbGRhcCJ9.Js2RF-EMB3ivsr4Vlc3c-WXfMjW6lBpakt_mOOwSbqE2kSEV_wG8U_VN5PDqwa5OtK8DZDFEvYCqGM9J73HN3Vz0Vj4ZYBMCKoxt860LciKj1v4UYAf3Kp9gKiqPxJf7eIdltISumSFZnwb1wVVetwfl44GUw3aDXK4v8SHeJLdh0YBgyDLqqNAEwphX-yQVhlXalda3v0wlQxOdXRWTdOH6GSH2s-QLOi90Xyf_bQbQ1mpDdQ_FKBeYfeOXToiVlkMp9UpKSBB6R1_mffrL64gyHU4NEKz84jBQdIOGUTN5_vulHG6TYSop_nLIBy15cTMrZDbvQQLMytsUKVuTzPewAY9Z4xi1bX8MojbjB3VWAB-1PFb9H7grxdMx90Vqmv-nB-SmLtMSvyPtXipTnBRbh6cAVJvzI_gvbPpFEFXmxR74hKkcWr5Ssnk77AXVv10c2w4K25LD0bvRqOLuANnt6IYj4LOSB1PrGpPgiqnMKzU8KNoncaHsS5bflRKXICqn3U4qmLWmG3mcUVntn5ECe-hegKB3goEyyzVSD3kvkkYhOI9GzsJaXPVSsU2mHUBNSas6Rx5awxi3-hUi7wvgQDIE8hQ7UjuYtItGzrJiDYgwNKDGccwS7wzADaZcG51hgtyULDuPvSdz50e5iXsd1ZVp1rzQD2OfLZctCcU\",\n  \"expires_in\": 600\n}\n]"

Registration error sounds like #8968

Data: [{
  \"error\": \"invalid_redirect_uri\",
  \"error_description\": \"native clients must only use localhost redirect_uris with http\"
  }
  ]"

But RFC 8252 is very clear about localhost vs. 127.0.0.1:
https://datatracker.ietf.org/doc/html/rfc8252#section-7.3
https://datatracker.ietf.org/doc/html/rfc8252#section-8.3

Can be fixed in Kopano Konnect config? Or Kopano Konnect bug? @longsleep any thoughts?

[DeepDiver1975]

Please transfer this to the client repo - it is unrelated to the openidconnect app. THX

[longsleep]

Can be fixed in Kopano Konnect config? Or Kopano Konnect bug? @longsleep any thoughts?

This has been relaxed in February - see libregraph/lico@3e79432 (this commit is also released as part of Konnect v0.34.0). Please make sure to use the current version and it should be fine @michaelstingl

[jnweiger]

@longsleep That is good news. Thank you!

We use docker for this test. I believe the docker image needs a gentle nudge.

docker run --rm kopano/kopano_konnect:latest konnectd version
Unable to find image 'kopano/kopano_konnect:latest' locally
latest: Pulling from kopano/kopano_konnect
...
Digest: sha256:94b6bf86a6cce85acf65a84dd4ac56c156e92041b430e6b0a48a3d69b9dd8440
Status: Downloaded newer image for kopano/kopano_konnect:latest
Version    : 0.33.11
Build date : reproducible
Built with : go1.14.10 linux/amd64

latest points to kopano/kopano_konnect:0.33 -- there is no kopano/kopano_konnect:0.34 at dockerhub.

[jnweiger]

@longsleep latest still points to kopano/kopano_konnect:0.33 -- there is no kopano/kopano_konnect:0.34 at dockerhub -- redoing the above commands. Am I doing something wrong?

[jnweiger]

@longsleep can you please doublecheck, why there is no new docker image?

docker pull kopano/kopano_konnect:latest still pulls the 0.33 release.
We have a new owncloud openidconnect release pending, the issue is still present.

Is there an update procedure that I could run from within the 0.33 docker image?