Merge pull request #759 from solid/fix/oidc-wrong-issuer

Warn and log out when OIDC issuer is not set correctly

Author: RubenVerborgh

default-views/auth/login-required.hbs

@@ -27,7 +27,11 @@
     const session = await SolidAuthClient.popupLogin({ popupUri })
     if (session) {
       // Make authenticated request to the server to establish a session cookie
-      await SolidAuthClient.fetch(location)
+      const { status } = await SolidAuthClient.fetch(location)
+      if (status === 401) {
+        alert(`Invalid login.\n\nDid you set ${session.idp} as your OIDC provider in your profile ${session.webId}?`);
+        await SolidAuthClient.logout();
+      }
       // Now that we have a cookie, reload to display the authenticated page
       location.reload()
     }

lib/api/authn/webid-oidc.js

@@ -46,6 +46,7 @@ function initialize (app, argv) {
       .catch(err => {
         let error = new Error('Could not verify Web ID from token claims')
         error.statusCode = 401
+        error.statusText = 'Invalid login'
         error.cause = err
 
         next(error)

lib/handlers/error-pages.js

@@ -29,7 +29,7 @@ function handler (err, req, res, next) {
   switch (statusCode) {
     case 401:
       setAuthenticateHeader(req, res, err)
-      renderLoginRequired(req, res)
+      renderLoginRequired(req, res, err)
       break
     case 403:
       renderNoPermission(req, res)
@@ -130,9 +130,10 @@ function sendErrorPage (statusCode, res, err, ldp) {
  * @param req {IncomingRequest}
  * @param res {ServerResponse}
  */
-function renderLoginRequired (req, res) {
+function renderLoginRequired (req, res, error) {
   const currentUrl = util.fullUrlForReq(req)
   debug(`Display login-required for ${currentUrl}`)
+  res.statusMessage = error.statusText
   res.status(401)
   res.render('auth/login-required', { currentUrl })
 }