500 internal server error

It's a carry over from the first post. What is happening is I'm trying to access Args.Token.Claims.Items['nonce'] in OnConfigureToken, which I think may have worked for IdToken, but as it's generating access_token on the 1st round and that does not have nonce, it bombs out.

Can Args.Token.Claims generally be accessed there, in OnConfigureToken?
Is there a way to know if it's building access_ or id_token when OnConfigureToken is called?
Is there any way in OnConfigureToken to get to the nonce without accessing Args.Token.Claims?

Yes, Args.Token.Claims can be accessed there, but of course, if such claim does not exist, an exception will be raised.

It's always safer to check if the claim exist before trying to access it, using Args.Token.Claims.Exists(ClaimName) or Args.Token.Claims.Find(ClaimName) which returns nil if no claim exists.

Yes:

if Args.Token.TokenType = TokenTypes.AccessToken then
...
else
if Args.Token.TokenType = TokenTypes.IdentityToken then
...

Easiest way is to access Args.Token.Claims, the nonce value will be there if a nonce value exists. If the claim is not there, it means nonce is an empty string.

Wagner, is there any way of getting better error messages than just "{"error":"server_error","error_description":"Internal server error: RsVK4KYp58yS21jlzTShfW3YncjRS5jqJ6VBVzpdfaM"}"? A stack trace would be really helpful.

I am facing an issue, where the same code works interactive, but bombs out in a Windows service and of course, I cannot debug into it easily.

From the logs, I can see that it's processing a new Access Token - I do not need/touch those, so I do nothing there. Then it proceeds to GetSigningData and I am returning an RSA key there - seemingly all fine. And then no more logs and this error pops up in the calling application.

I'm running in x64 and using OpenSSL 3.2.1 for key operations on my side. Does Sphinx need any OpenSSL DLL's too? Perhaps Indy's v.1 DLL's, which I may not have there?

Yes, it was indeed Indy's v.1 DLL's, fixed now. But my point is that the returned error should be improved. In this case, it should have expressly mentioned the missing SSL DLL's, but generally, it should have tried to include a stack trace or something.

Because as far as I can tell, those codes like "RsVK4KYp58yS21jlzTShfW3YncjRS5jqJ6VBVzpdfaM" above mean nothing to anyone...

This is the error message that goes to the client, for security purposes. The real error is logged as Error level, if you configure any log output with error level (for example, to a log file), you will get the detailed, real error message.

It's possible to log the stack trace, but you will have to use a library that provides it, like JclDebug unit from JEDI library, or madExpect/EurekaLog.

You can do that by setting LogExceptions property of logging middleware to false. In this case, the real internal error will propagate to the client. It's useful for debugging and testing, but I would not set it for production environments, if security is a high concern.

Ok, thanks, I'll need to figure out how to plug that in, I do not have it yet.

Should I be using Sparkle.Comp.LoggingMiddleware or Sparkle.Middleware.Logging? Which class? And where can I add that and to what? - in SphinxServer1ModuleCreate? Just with a Module.AddMiddleware()?

I could see no Sphinx examples doing it...

So, basically like this? -

procedure TDM.SphinxServer1ModuleCreate(Sender: TObject; Module: TSphinxServerModule);
var
log : TLoggingMiddleware;
begin
log := TLoggingMiddleware.Create;
log.LogLevel := TLogLevel.Trace; // TLogLevel = (Trace, Debug, Info, Warning, Error);
log.LogExceptions := FALSE;

Module.AddMiddleware(log);
end;

Well, actually it was you who added the logging middleware, it doesn't get added by default and without having a logging middleware the "internal server error" won't appear.

So you should just set the mentioned property, if you have not added it from code, maybe you have added from design-time, in TSphinxServer component?

No, I'm pretty sure I didn't. And I cannot see it anywhere. And even the unit wasn't in the "uses". And I do not see that in the design time palette and do not see any "modules" or similar properties in SphinxServer to add anything at design time.

But now that I have added the code above, I'm still getting the same "{"error":"server_error","error_description":"Internal server error: CGQfeKHsMgfl9o-K3LH15B9h_YYeydaEkcRQRW3J8_0"}" message back.

And at the same time I'm trying to figure out exactly where it's logging all this? - there are no properties pointing to files or directories anywhere that I can see... And it's not logging anything in the Event Log.

And it's not clear how I can make it log stack trace? I do have JclDebug included, of course.

And if I log exceptions in the OnModuleException (I'm testing it with missing OpenSSL v.1 DLL's, hoping to see some references to loading the DLL's or similar), I get this bogus message "TwoFactorRequired", which should not even pop up in here at all, because it's supposed to be handled internally and I am actually already past that 2FA verification at this point:

13/02/2025 11:47:39:430 (PID: 12272) (TID: 0x1524) Module Exception: [ESphinxHttpException] / [TwoFactorRequired] / [
(0000000000B15D62){XpreSSO_svc.exe} [0000000001456D62] Sphinx.LoginAppService.Impl.Sphinx.Loginappservice.Impl.TSphinxLoginAppService.Login (Line 242, "Sphinx.LoginAppService.Impl.pas" + 14) + $37
(000000000035534C){XpreSSO_svc.exe} [0000000000C9634C] JclDebug.Jcldebug.TJclStackInfoList (Line 5682, "JclDebug.pas" + 2) + $0
(00000000003583C5){XpreSSO_svc.exe} [0000000000C993C5] JclDebug.Jcldebug.GetExceptionStackInfo (Line 7990, "JclDebug.pas" + 39) + $3B
(000000000004E467){XpreSSO_svc.exe} [000000000098F467] System.SysUtils.System.Sysutils.Exception.RaisingException (Line 24340, "System.SysUtils.pas" + 3) + $9
(000000000004F51B){XpreSSO_svc.exe} [000000000099051B] System.SysUtils.System.Sysutils.RaiseExceptObject (Line 24902, "System.SysUtils.pas" + 3) + $0
(000000000000FAA6){XpreSSO_svc.exe} [0000000000950AA6] System._RaiseAtExcept (Line 22420, "System.pas" + 31) + $0
(000000000000FAE1){XpreSSO_svc.exe} [0000000000950AE1] System._RaiseExcept (Line 22510, "System.pas" + 2) + $0
(0000000000B15D62){XpreSSO_svc.exe} [0000000001456D62] Sphinx.LoginAppService.Impl.Sphinx.Loginappservice.Impl.TSphinxLoginAppService.Login (Line 242, "Sphinx.LoginAppService.Impl.pas" + 14) + $37
(00000000000C2BAB){XpreSSO_svc.exe} [0000000000A03BAB] System.Rtti.RawInvoke (Line 8944, "System.Rtti.pas" + 34) + $0
(00000000000C311D){XpreSSO_svc.exe} [0000000000A0411D] System.Rtti.Invoke (Line 9085, "System.Rtti.pas" + 47) + $0
(00000000000C604C){XpreSSO_svc.exe} [0000000000A0704C] System.Rtti.TRttiIntfMethod.DispatchInvoke (Line 10714, "System.Rtti.pas" + 27) + $36
(00000000000C375D){XpreSSO_svc.exe} [0000000000A0475D] System.Rtti.TRttiMethod.Invoke (Line 10154, "System.Rtti.pas" + 1) + $26
(0000000000955BD8){XpreSSO_svc.exe} [0000000001296BD8] XData.Server.Module.Xdata.Server.Module.TActionExecuter.Execute (Line 2896, "XData.Server.Module.pas" + 22) + $0
(000000000094F7C4){XpreSSO_svc.exe} [00000000012907C4] XData.Server.Module.Xdata.Server.Module.TXDataRequestHandler.ExecuteAction (Line 1708, "XData.Server.Module.pas" + 6) + $0
(00000000008B7967){XpreSSO_svc.exe} [00000000011F8967] XData.Module.Base.Xdata.Module.Base.TXDataBaseRequestHandler.TryExecuteAction (Line 1089, "XData.Module.Base.pas" + 2) + $11
(00000000008B64C4){XpreSSO_svc.exe} [00000000011F74C4] XData.Module.Base.Xdata.Module.Base.TXDataBaseRequestHandler.InnerProcessRequest (Line 819, "XData.Module.Base.pas" + 149) + $27
(00000000008B6D20){XpreSSO_svc.exe} [00000000011F7D20] XData.Module.Base.Xdata.Module.Base.TXDataBaseRequestHandler.ProcessRequest (Line 907, "XData.Module.Base.pas" + 2) + $E
(00000000008B454C){XpreSSO_svc.exe} [00000000011F554C] XData.Module.Base.Xdata.Module.Base.TXDataBaseModule.ProcessRequest (Line 332, "XData.Module.Base.pas" + 16) + $0
(00000000003C6D66){XpreSSO_svc.exe} [0000000000D07D66] Sparkle.HttpServer.Module. (Line 261, "Sparkle.HttpServer.Module.pas" + 0) + $26
(0000000000A2D819){XpreSSO_svc.exe} [000000000136E819] Sphinx.Server.Module.TInjectionMiddleware__1 (Line 64984, "Bcl.Types.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000A2DC59){XpreSSO_svc.exe} [000000000136EC59] Sphinx.Server.Module.TInjectionMiddleware__1 (Line 65054, "Sparkle.HttpServer.Context.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000A2DEF9){XpreSSO_svc.exe} [000000000136EEF9] Sphinx.Server.Module.TInjectionMiddleware__1 (Line 65054, "Sparkle.HttpServer.Context.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000A2E10D){XpreSSO_svc.exe} [000000000136F10D] Sphinx.Server.Module.TSingletonInjectionMiddleware__1 (Line 65078, "Sparkle.HttpServer.Context.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000A2E2ED){XpreSSO_svc.exe} [000000000136F2ED] Sphinx.Server.Module.TSingletonInjectionMiddleware__1 (Line 65078, "Sparkle.HttpServer.Context.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000A19115){XpreSSO_svc.exe} [000000000135A115] Sparkle.Middleware.Jwt.TJwtMiddleware.ProcessRequest (Line 273, "Sparkle.Middleware.Jwt.pas" + 71) + $1B
(0000000000A2A5FE){XpreSSO_svc.exe} [000000000136B5FE] Sphinx.Server.Module. (Line 253, "Sphinx.Server.Module.pas" + 0) + $0
(00000000003C7A18){XpreSSO_svc.exe} [0000000000D08A18] Sparkle.HttpServer.Module.Sparkle.Httpserver.Module.TAnonymousMiddleware.ProcessRequest (Line 325, "Sparkle.HttpServer.Module.pas" + 1) + $19
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000A2E559){XpreSSO_svc.exe} [000000000136F559] Sphinx.Server.Module.TInjectionMiddleware__1 (Line 65054, "Sparkle.HttpServer.Context.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000B1BCBD){XpreSSO_svc.exe} [000000000145CCBD] Sphinx.Comp.Server.Sphinx.Server.Module.TSingletonInjectionMiddleware__1 (Line 193, "Sphinx.Server.Module.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000B1BF29){XpreSSO_svc.exe} [000000000145CF29] Sphinx.Comp.Server.Sphinx.Server.Module.TInjectionMiddleware__1 (Line 169, "Sphinx.Server.Module.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000A2E2ED){XpreSSO_svc.exe} [000000000136F2ED] Sphinx.Server.Module.TSingletonInjectionMiddleware__1 (Line 65078, "Sparkle.HttpServer.Context.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000B1C13D){XpreSSO_svc.exe} [000000000145D13D] Sphinx.Comp.Server.Sphinx.Server.Module.TSingletonInjectionMiddleware__1 (Line 193, "Sphinx.Server.Module.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(0000000000B1C31D){XpreSSO_svc.exe} [000000000145D31D] Sphinx.Comp.Server.Sphinx.Server.Module.TSingletonInjectionMiddleware__1 (Line 193, "Sphinx.Server.Module.pas" + 5) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(00000000010BF1BE){XpreSSO_svc.exe} [0000000001A001BE] Sparkle.Middleware.Forward.TForwardMiddleware.ProcessRequest (Line 282, "Sparkle.Middleware.Forward.pas" + 2) + $12
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(00000000010B6029){XpreSSO_svc.exe} [00000000019F7029] Sparkle.Middleware.Logging.TLoggingMiddleware.ProcessRequest (Line 482, "Sparkle.Middleware.Logging.pas" + 18) + $0
(00000000003C779D){XpreSSO_svc.exe} [0000000000D0879D] Sparkle.HttpServer.Module. (Line 305, "Sparkle.HttpServer.Module.pas" + 0) + $0
(00000000003C6F4C){XpreSSO_svc.exe} [0000000000D07F4C] Sparkle.HttpServer.Module.Sparkle.Httpserver.Module.TBaseHttpServerModule.Execute (Line 277, "Sparkle.HttpServer.Module.pas" + 17) + $0
(0000000000A3C049){XpreSSO_svc.exe} [000000000137D049] Sparkle.HttpServer.Dispatcher.Sparkle.Httpserver.Dispatcher.THttpDispatcher.ProcessRequest (Line 166, "Sparkle.HttpServer.Dispatcher.pas" + 7) + $D
(0000000000A3BBD1){XpreSSO_svc.exe} [000000000137CBD1] Sparkle.HttpServer.Dispatcher.Sparkle.Httpserver.Dispatcher.THttpDispatcher.DispatchRequest (Line 121, "Sparkle.HttpServer.Dispatcher.pas" + 5) + $0
(0000000000B24F91){XpreSSO_svc.exe} [0000000001465F91] Sparkle.HttpSys.Server.Sparkle.Httpsys.Server.TCustomHttpSysServer.DoProcessRequest (Line 143, "Sparkle.HttpSys.Server.pas" + 2) + $0
(0000000000B25922){XpreSSO_svc.exe} [0000000001466922] Sparkle.HttpSys.Server.Sparkle.Httpsys.Server.TCustomHttpSysServer.WorkItemCallBack (Line 245, "Sparkle.HttpSys.Server.pas" + 7) + $0
(0000000000B23B77){XpreSSO_svc.exe} [0000000001464B77] Sparkle.Sys.ThreadPool.Sparkle.Sys.Threadpool.WorkItemFunction (Line 79, "Sparkle.Sys.ThreadPool.pas" + 6) + $0
(0000000000004522){ntdll.dll } [00007FFE88025522] Unknown function at RtlQueueWorkItem + $5D2
(000000000000AB26){ntdll.dll } [00007FFE8802BB26] Unknown function at RtlInitializeResource + $D16
(0000000000013CB0){KERNEL32.DLL} [00007FFE86574CB0] BaseThreadInitThunk + $10
(000000000007DCEB){ntdll.dll } [00007FFE8809ECEB] RtlUserThreadStart + $2B
]

Unless it logs it before the actual error happens and when the actual error happens, it logs nothing here. - because this was the last and the only logged error.

I'm sorry, my mistake. Sphinx also logs internal server errors directly, due to security purposes. Indeed, the real error will only appear in the logs. Please enable logging errors to a file and you will see the errors there.

Ok, done, thanks!

Now it does show the actual "Unable to load OpenSSL libraries" error in the Event Log on missing DLL's ;-)

Can it be configured to dump stack trace automatically on exceptions?

We will review this to make it possible to log the stack trace.