-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lost 'code' during token request in OpenID Connect #547
Comments
@lokzzor if you didn't update the permalink permalinks and actually saw it working then what is it that makes you think that it isn't working? I will do some checks in our testing environment with some of our IDPs. Also, which IDP are you using? |
IDP - OAuth |
I need to double check the logging settings as it's possible that:
You mention that your IDP is using OAuth, are you certain your IDP actually supports OpenID Connect? This plugin is not just an OAuth plugin and a provider that supports/uses OAuth doesn't mean they actually support OpenID Connect. Can you confirm what IDP you are using? If the IDP is something not a large platform like Google/Microsoft/AWS then it is also possible that your IDP is not properly implementing OpenID Connect or the Authorization Code Flow. |
Describe the bug
After authentication through the OIDC provider, when requesting a token, the
code
is lost.To Reproduce
Steps to reproduce the behavior:
Screenshots
Not applicable.
Expected behavior
The code should be correctly received and used to request the token.
Isolating the problem (mark completed items with an [x]):
WordPress Environment
Additional Logs
Here are the relevant logs:
Date: 2024-06-11 12:51:06
Type: make_authentication_url
User: 0
URI: /wp-login.php?login-error=invalid-token-response&message=Invalid+token+response
Response Time (sec):
string(205) "https:/hide/cgi-bin/authorize?response_type=code&scope=email%20userinfo&client_id=hide&state=hide&redirect_uri=http%3A%2F%2Fhide%2Fopenid-connect-authorize"
Date: 2024-06-11 12:51:06
Type: invalid-token-response
URI: /openid-connect-authorize?code=&state=hide
Response Time (sec):
string(22) "Invalid token response"
Date: 2024-06-11 12:51:06
Type: request_authentication_token
URI: /openid-connect-authorize?code=&state=hide
Response Time (sec):
string(35) "https://hide/cgi-bin/token"
Type: make_authentication_url
string(205) "https://hide/cgi-bin/authorize?response_type=code&scope=email%20userinfo&client_id=hide&state=hide&redirect_uri=hide%2Fopenid-connect-authorize"
P.s
I enabled the Alternate Redirect URI without updating the permalinks, which redirected to a non-existent page with /openid-connect-authorize?code=*&state=**. At this point, I realized that the code is being sent to the application.
The text was updated successfully, but these errors were encountered: