Openid provider returning login page html

simon.m.shapiro · February 15, 2023, 7:50pm

What I’m trying to do:

I am trying to login to an openid provider. After some hadndhaking, the provider is returning a packet of html which contains a login screen. How do I get it to the client?

This is the packet returned to the server from the openid provider:

<!DOCTYPE html>
<html lang="en">
<head><head>
    <link href="https://d3oia8etllorh5.cloudfront.net/20221014152150/css/bootstrap.min.css" rel="stylesheet"
        media="screen" />
    <link href="https://d3oia8etllorh5.cloudfront.net/20221014152150/css/cognito-login.css" rel="stylesheet"
        media="screen" />
    <link href="https://auth.inrupt.com/ALL/20221102165435/assets/CSS/custom-css.css" rel="stylesheet" media="screen" />
    <title>Signin</title>

    <script src="https://d3oia8etllorh5.cloudfront.net/20221014152150/js/amazon-cognito-advanced-security-data.min.js" ></script>
    <script>
    function getAdvancedSecurityData(formReference) {
        if (typeof AmazonCognitoAdvancedSecurityData === "undefined") {
            return true;
        }

        // UserpoolId is not available on frontend for springboard. We do not use userPoolId
        // anyway other than put in context data. 
        var userPoolId = "";
        var clientId = getUrlParameter("client_id");

        var username = "";
        var usernameInput = document.getElementsByName("username")[0];
        if (usernameInput && usernameInput.value) {
            username = usernameInput.value;
        }

        var asfData = AmazonCognitoAdvancedSecurityData.getData(username, userPoolId, clientId);
        if (typeof asfData === "undefined") {
            return true;
        }

        if (formReference && formReference.cognitoAsfData) {
            formReference.cognitoAsfData.value = asfData
        }

        return true;
    }

    function getUrlParameter(name) {
        name = name.replace(/[\[]/, '\\[').replace(/[\]]/, '\\]');
        var regex = new RegExp('[\\?&]' + name + '=([^&#]*)');
        var results = regex.exec(location.search);
        return results === null ? '' : decodeURIComponent(results[1].replace(/\+/g, ' '));
    }

    function onSubmit(evt, formRef) {
        formRef.querySelector('button[type="submit"]').disabled = true;
        if (!!formRef.submitted) {
            evt.preventDefault();
            return false;
        } else {
            formRef.submitted = true;
            return getAdvancedSecurityData(formRef);
        }
    }
</script>

    <meta name="viewport" content="width=device-width, initial-scale=1">
</head></head>
<body spellcheck="false">
    <div class="container">
        <div class="modal-dialog">
            <div class="modal-content background-customizable modal-content-mobile visible-xs visible-sm">
                <div><div>
                    <div class="banner-customizable">
                        <center>
                            <img alt="logo" class="logo-customizable" src="https://auth.inrupt.com/ALL/20221102165435/assets/images/image.jpg" />
                        </center>
                    </div>
                </div></div>
                <div class="modal-body">
                    <div><div>
    
</div></div>
                    <div>
                        <div><div>
    
</div></div>
                        <div><div>
    
</div></div>
                        <div>
                            
                            <div><div>
    
        <Span class="textDescription-customizable ">Sign in with your username and password</Span>
        <form action="/login?response_type=code&amp;client_id=291nuca1atm91cstojs8ndsbkh&amp;scope=openid+openid+profile&amp;redirect_uri=https%3A%2F%2Flogin.inrupt.com%2Fcallback&amp;state=2be2b3ac-7a0b-46b1-86fa-602fd1a9e4dd" method="POST" name="cognitoSignInForm"
              class="cognito-asf" onsubmit="getAdvancedSecurityData(this);"><input type="hidden" name="_csrf" value="55fc98f1-d3df-4ff2-a298-f41c24360219"/>

            

            
            <label for="signInFormUsername" class="label-customizable">Username</label>
            <div>
                
                
                <input id="signInFormUsername" name="username" type="text" class="form-control inputField-customizable"
                       placeholder="Username" autocapitalize="none" required>
            </div>

            <label for="signInFormPassword" class="label-customizable">Password</label>
            <div><input id="signInFormPassword" name="password" type="password" class="form-control inputField-customizable"
                   placeholder="Password"
                   required></div>
            <input type="hidden" class="form-control inputField-customizable" name="cognitoAsfData"/>
            <div>
                <a class="redirect-customizable" href="/forgotPassword?response_type=code&amp;client_id=291nuca1atm91cstojs8ndsbkh&amp;scope=openid+openid+profile&amp;redirect_uri=https%3A%2F%2Flogin.inrupt.com%2Fcallback&amp;state=2be2b3ac-7a0b-46b1-86fa-602fd1a9e4dd">Forgot your password?</a>
            </div>
            <input name="signInSubmitButton" type="Submit" value="Sign in"
                   class="btn btn-primary submitButton-customizable" aria-label="submit"/>
            <br/>
            <div>
                <p class="redirect-customizable"><span>Need an account?</span>&nbsp;<a
                        href="/signup?response_type=code&amp;client_id=291nuca1atm91cstojs8ndsbkh&amp;scope=openid+openid+profile&amp;redirect_uri=https%3A%2F%2Flogin.inrupt.com%2Fcallback&amp;state=2be2b3ac-7a0b-46b1-86fa-602fd1a9e4dd">Sign up</a></p>
            </div>
        </form>
    
</div></div>
                        </div>
                    </div>
                </div>
            </div>

            

            <div class="modal-content background-customizable modal-content-mobile visible-md visible-lg">
                <div><div>
                    <div class="banner-customizable">
                        <center>
                            <img alt="logo" class="logo-customizable" src="https://auth.inrupt.com/ALL/20221102165435/assets/images/image.jpg" />
                        </center>
                    </div>
                </div></div>
                <div class="modal-body">
                    <div><div>
    
</div></div>
                    <div>
                        <div>
                            <div><div>
    
</div></div>
                            <div><div>
    
</div></div>
                        </div>
                        <div>
                            <div><div>
    
        <Span class="textDescription-customizable ">Sign in with your username and password</Span>
        <form action="/login?response_type=code&amp;client_id=291nuca1atm91cstojs8ndsbkh&amp;scope=openid+openid+profile&amp;redirect_uri=https%3A%2F%2Flogin.inrupt.com%2Fcallback&amp;state=2be2b3ac-7a0b-46b1-86fa-602fd1a9e4dd" method="POST" name="cognitoSignInForm"
              class="cognito-asf" onsubmit="getAdvancedSecurityData(this);"><input type="hidden" name="_csrf" value="55fc98f1-d3df-4ff2-a298-f41c24360219"/>

            

            
            <label for="signInFormUsername" class="label-customizable">Username</label>
            <div>
                
                
                <input id="signInFormUsername" name="username" type="text" class="form-control inputField-customizable"
                       placeholder="Username" autocapitalize="none" required>
            </div>

            <label for="signInFormPassword" class="label-customizable">Password</label>
            <div><input id="signInFormPassword" name="password" type="password" class="form-control inputField-customizable"
                   placeholder="Password"
                   required></div>
            <input type="hidden" class="form-control inputField-customizable" name="cognitoAsfData"/>
            <div>
                <a class="redirect-customizable" href="/forgotPassword?response_type=code&amp;client_id=291nuca1atm91cstojs8ndsbkh&amp;scope=openid+openid+profile&amp;redirect_uri=https%3A%2F%2Flogin.inrupt.com%2Fcallback&amp;state=2be2b3ac-7a0b-46b1-86fa-602fd1a9e4dd">Forgot your password?</a>
            </div>
            <input name="signInSubmitButton" type="Submit" value="Sign in"
                   class="btn btn-primary submitButton-customizable" aria-label="submit"/>
            <br/>
            <div>
                <p class="redirect-customizable"><span>Need an account?</span>&nbsp;<a
                        href="/signup?response_type=code&amp;client_id=291nuca1atm91cstojs8ndsbkh&amp;scope=openid+openid+profile&amp;redirect_uri=https%3A%2F%2Flogin.inrupt.com%2Fcallback&amp;state=2be2b3ac-7a0b-46b1-86fa-602fd1a9e4dd">Sign up</a></p>
            </div>
        </form>
    
</div></div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <script src="https://d3oia8etllorh5.cloudfront.net/20221014152150/js/jquery-3.5.1.min.js" ></script>
    <script>
    var $inputs = $(":input");
    $inputs.on('input', function () {
        var self = this;
        var matches = $('input[name="' + this.name + '"]');
        var selfIndex = matches.index($(self));
        matches.each(function (index, element) {
            if (selfIndex !== index) {
                $(element).val($(self).val());
            }
        });
    });
</script>
</body>

</html>

Here is the client calling code:

  def login_click(self, **event_args):
    """This method is called when the button is clicked"""
    login_page = anvil.server.call('nss_login', self.webid.text)

jshaffstall · February 16, 2023, 7:33pm

I’d hoped someone else would reply, since my OAuth experience isn’t in Anvil. But in general, the way I’ve done third-party sign in elsewhere, it’s the client that sends the user to the third-party login URL (with appropriate query parameters to tell the third-party where to send the user when they’ve logged in).

You’re fetching that URL from the server instead of sending the user to the URL on the client.