https://www.ory.sh/ logo
Join Slack
Powered by
Hey folks. We are pretty new to using Ory. We’re l...
# ory-network
f
Hey folks. We are pretty new to using Ory. We’re looking to migrate to Ory as the auth service for our company. First, we are trying out a POC in which we build a light website using weweb.io. weweb supports both oidc and token based authentication. Does anyone know the best way to proceed here, or have a specific guide for weweb-ory integration?
s
You can set up oidc clients, as Ory Oauth2 is fully oidc compliant https://www.ory.sh/docs/oauth2-oidc/ Not sure how weweb works, and what kind of tokens it supports.
f
We set up an oidc client, but are having trouble with the integration. We think we might be providing the wrong domain. We tried providing the custom domain we linked, along with the domains listed in to oauth tab. Still, we just get an error from we web when we try to use the integration. Here is a screenshot of our attempt to configure weweb:
s
Does the client have the right scope and response type? Maybe try to find what domain exactly it needs in their docs. What error do you get?
f
the client has the same scope and response type as in that screenshot. thats why we suspect it might be the domain. they have no documentation on their oidc plugin. This is the error they throw, which is totally unhelpful: Action started Action Login with Redirect Failed 🚨 Error: Network Error Error: name: “Error” stack: “Error: Network Error at s.onerror (https://cdn.weweb.io/components/01af5352-af71-4382-844b-2ec141ff243b/83be2748-aa22-4d69-9812-1cefc8f2c1aa/dist/manager.js:1:18579)” message: “Network Error”
Ive reached out to them for help but i thought you folks might know off the top of your head which domain is likely needed or if there was some common gotcha in oidc integration
s
Hm no, sorry
You could try without a scheme, with the oidc discovery path added, or other variations...
@magnificent-energy-493 maybe we can add a native Ory plugin to weweb, they have auth0 and supertokens currently Or at least figure out the oidc plugin settings and add it to their docs, or ours
Try 
<https://auth.plantbid.com/.well-known/openid-configuration|https://auth.plantbid.com/.well-known/openid-configuration>
<https://auth.plantbid.com/.well-known/openid-configurationauth.plantbid.com/.well-known/openid-configuration|auth.plantbid.com/.well-known/openid-configuration>
<http://auth.plantbid.com|auth.plantbid.com>
Or something similar
f
I gave this a shot, but it didn’t work.
I’ve reached out to them on their forums. Hopefully they can provide some guidance
I think we might have figured it out
I think it might have been a cors issue
their test doesnt come through our domain it comes through theirs (weweb.io)
we added weweb.io to the cors and are making progress
s
Ok nice
f
still not sure exactly what domain to use but at least now they load
ill let you know if we figure it out. probably would be worth having docs somewhere
s
Thanks a lot
f
is there any chance i could pair with you or someone from ory for 10 min? i think we could work it out quickly, i just dont know whats normal here.
we have a discord server for pairing
For example, the base url auth.plantbid.com works but we just get our getting started flow from ory. other urls like the login url give a 404
s
Not on Sunday evening 😅
@rich-thailand-93889 can help you to get more support
f
Yeah happy to do it Monday. Would appreciate any support you folks can render.
s
on the URL, I would assume the base URL is 
<https://auth.plantbid.com>
with no path, based on the 404 when trying to load the openid configuration
f
when we use the base url we get this:
Copy code
{
  "error": {
    "code": 403,
    "status": "Forbidden",
    "request": "2a78711a-2165-9907-880d-f1b851d5a0de",
    "message": "Access credentials are not sufficient to access this resource"
  }
}
we used to get the getting-started ui for ory but after we disable the getting-started ui we started getting the above
and, indeed, the url shows: https://auth.plantbid.com/ui/welcome
so it looks like ory is redirecting from the base path to the welcome url
s
Is this after the login?
f
no this is just attempting to use the openidc integration. im not sure what should be happening but i think the login page should be loading here
Any someone might be able to pair today at ory?
s
where are you based? we basically just finished for today, we are in CET 😅
however I can take a look now into some stuff as I'm on a train, but call will be a bit more difficult
f
i am pacific standard
i think this will be quick
i think there is either a problem with the weweb implementation of oidc or the ory implementation
its not clear to me which
i suspect it is the ory implementation
s
hm as Ory Oauth2 is used in production by quite a lot of companies for years now, I would assume it is either weweb or the config
could you by now get some hands on the documentation?
or maybe a reference config with another provider?
f
that makes sense, but this path https://auth.plantbid.com/.well-known/openid-configuration should be the path to connect per oidc standards, and when used ory performs a redirect to /ui/welcome
im trying to get weweb to provide me some direct support
s
yeah but on what action?
f
i could be misunderstanding oidc easily
i am executing the login action, or at least i assume i am
its hard to know exactly what weweb is doing
s
so you have a "Login with Ory" button on your weweb app, you click on it, and you end up on 
/ui/welcome
?
f
basically yes
s
can you get me a list of all the redirects that are happening, so bascially all network requests in the dev tools
f
one sec
this is what happens when we click the login button on our page which is attached to “login with redirect via oidc” using the credentials provided by ory and our base url
s
ok so there is some error returned, can you get me that payload?
or is the app available anywhere for me to try?
the third request with 
error?error=invalid_request...
f
i tried to publish but i cant atm
need a paid plan
s
ok that looks like you have to add the weweb redirect URI to your client
but it looks like the flow is working in general
you should see where they want to redirect you in the previous request, as the 
redirect_uri
query parameter
f
can i ask what value i should put into that?
oh i misunderstood
s
what the 
auth?client_id...
request has as a 
redirect_uri
in the query
and then add it to the redirect URIs of the client on the Ory console
f
so: https%3A%2F%2Feditor.weweb.io%2F8a988495-835e-4be5-a6cc-4a5f729f4587%2F00d8f97e-2186-4254-8503-19fb85a462ec
i assume reformat it
s
yes, should be 
<https://editor.weweb.io/8a988495-835e-4be5-a6cc-4a5f729f4587/00d8f97e-2186-4254-8503-19fb85a462ec>
not sure if those ID's are static
f
wow
it works.
i super concerned that uri is going to change.
but for now it works.
s
nice, it might be static, but check with weweb
f
thanks for your help appreciate your time
s
can you send your client & weweb configs, so we can add it to our docs?
f
weweb:
i dont see an easy way to capture my ory config
but you can presumably access it directly
6 Views
Open in Slack
PreviousNext
Powered by