HyperSpaceOut/IRC-kosmi-relay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dd398c9a8c4e11eb7f3170c51c7daa24b58684a1
IRC-kosmi-relay/AUTHENTICATION_ISSUE.md
cottongin dd398c9a8c sync
2025-11-01 21:00:16 -04:00

4.7 KiB
Raw Blame History

Authentication Issue - Bot Appears as Anonymous

Problem

The bot successfully authenticates via browser automation and joins the Kosmi room, but appears in the user list as an anonymous user (e.g., "Anonymous Donkey") instead of as the authenticated account.

What We Know

Working Correctly

  1. Browser authentication: Successfully logs in and obtains JWT token
  2. Token format: Valid JWT with correct structure and claims
  3. Token transmission: Correct token is sent in connection_init
  4. Server acceptance: Server accepts the token (returns connection_ack)
  5. Room joining: Successfully joins the room (joinRoom mutation returns ok: true)

🔍 Investigation Results

Token Claims Analysis

The authenticated JWT token contains:

{
  "aud": "kosmi",
  "exp": 1761874131,
  "iat": 1730338131,
  "iss": "kosmi",
  "sub": "e410acc0-e4bd-4694-8498-f20b9aa033fc",
  "typ": "access"
}

Key finding: The token only contains the user ID (sub), but NO display name, username, or email. This is just an authentication token, not a profile token.

GraphQL API Queries

Tested the following queries with the authenticated token:

  • query { me { ... } } - Field doesn't exist
  • query { currentUser { ... } } - Field doesn't exist
  • query { user { ... } } - Field doesn't exist
  • query { viewer { ... } } - Field doesn't exist

Conclusion: There's no GraphQL query to fetch the current user's profile.

WebSocket Flow

Current flow:

  1. connection_init with authenticated token → Server accepts
  2. connection_ack → Server acknowledges
  3. Subscribe to newMessage → Working
  4. joinRoom mutation → Returns ok: true
  5. Bot appears in user list as "Anonymous [Animal]"

Hypotheses

1. Missing Profile Fetch

The server might need a separate API call (REST or GraphQL) to fetch the user profile using the user ID from the token.

2. Missing Display Name Mutation

There might be a GraphQL mutation to set the display name after joining:

  • mutation { setDisplayName(name: "...") }
  • mutation { updateProfile(displayName: "...") }

3. Server-Side Bug

The server might not be correctly associating the authenticated token with the user profile when joining via WebSocket.

4. Additional WebSocket Message

The browser might be sending an additional WebSocket message after joinRoom that we're not aware of.

Next Steps

  1. Check connection_ack payload: See if the server returns user info
  2. Monitor browser WebSocket traffic: Watch what messages the browser sends after successful login and room join
  3. Test GraphQL introspection: Query the schema to see all available mutations
  4. Compare anonymous vs authenticated flow: See if there are any differences in the WebSocket message sequence

Logs

Successful Authentication and Join

time="2025-11-01T14:48:51-04:00" level=info msg="✅ Successfully obtained token via browser automation" prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="   Email used: d2bkvqnh0@mozmail.com" prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="   Token (first 50 chars): eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJrb..." prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="   Token user ID (sub): e410acc0-e4bd-4694-8498-f20b9aa033fc" prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="   Token type (typ): access" prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="✓ getToken: Using manually provided token" prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="  Length: 371" prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="  First 50: eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJrb..." prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="Sending connection_init with token (length: 371, first 20 chars: eyJhbGciOiJIUzUxMiIs...)" prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="✅ WebSocket connection established and authenticated" prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="✅ Successfully joined room" prefix=kosmi
time="2025-11-01T14:48:51-04:00" level=info msg="Join response payload: {"data":{"joinRoom":{"ok":true}}}" prefix=kosmi

Result: Bot appears as "Anonymous [Animal]" in the user list despite successful authentication.

Files Modified for Debugging

  • bridge/kosmi/browser_auth.go: Added comprehensive token logging
  • bridge/kosmi/kosmi.go: Added token setting confirmation
  • bridge/kosmi/graphql_ws_client.go: Added token source and connection_ack payload logging
  • cmd/decode-token/main.go: Tool to decode and analyze JWT tokens
  • cmd/test-profile-query/main.go: Tool to test GraphQL profile queries
Reference in New Issue View Git Blame Copy Permalink