8:54 p.m.
Where should I look for the code for token exchange?
I am getting an invalid token error for one particular identity provider,
and wI want to see what sort of logic the code uses to decide whether to
validate and swap tokens.
I have my code working ok for a standard Google oauth provider, so I have
already fixed issues with users not being enabled when I try to exchange
tokens, and making sure I have a valid userinfo url.
My suspicion is I have an error with the userinfo url - which is not a
standard oidc endpoint, but it is returning a 200 OK status when I hit it
by hand with the access token.
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
9:06 p.m.
After checking out the code from github I found the file TokenEndpoint.java
which has the controller for the token endpoint, including the token
exchange.
Then I saw the function tokenExchange() which is exactly what I need to
check.
First thing I see is the event logging - so I use the GUI to enable logging
of the events to database and immediately see my problem
"sub claim is null from user info json"
so I think the call does expect a normal oidc userinfo response
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
On Mon, 30 Sep 2019 at 14:54, James Mitchell <jamesm(a)suitebox.com> wrote:
Where should I look for the code for token exchange?
I am getting an invalid token error for one particular identity provider,
and wI want to see what sort of logic the code uses to decide whether to
validate and swap tokens.
I have my code working ok for a standard Google oauth provider, so I have
already fixed issues with users not being enabled when I try to exchange
tokens, and making sure I have a valid userinfo url.
My suspicion is I have an error with the userinfo url - which is not a
standard oidc endpoint, but it is returning a 200 OK status when I hit it
by hand with the access token.
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
1927
days inactive
1927
days old
1 comments
1 participants
participants (1)
-
James Mitchell