Closed aphuang2013 closed 7 years ago
It'd be great if you could provide some more information about what you're trying to do:
below is the code excerpt. I'm just the example app (example/app/main.go) with pingFederate backend (it supports discovery protocol). the API that I have issue is ExchangeAuthCode in client.go it seems the client code support these two and my provider list those two, but it error out in my case.
AuthMethodClientSecretPost = "client_secret_post" AuthMethodClientSecretBasic = "client_secret_basic"
this is reproducible but since my setup is internal, I won't able to show it to you.
fs := flag.NewFlagSet("go-oidc-app", flag.ExitOnError)
listen := fs.String("listen", defaultListenHost, "serve traffic on this address (<host>:<port>)")
redirectURL := fs.String("redirect-url", fmt.Sprintf("https://%s%s", defaultListenHost, pathCallback), "")
clientID := fs.String("client-id","go_oidc_client","")
clientSecret := fs.String("client-secret","some_secret_ddd", "")
discovery := fs.String("discovery", "https://c4t22724.itcs.hpecorp.net:9031", "")
@aphuang2013 Did you mean to close this? It's perfectly fine if your setup is internal
sorry, I closed it inadvertently. I think my confusion related the authMethod support may be is the key
Is there way I can debug this further?
Sorry, I still need to get access to a pingFederate server to do testing.
Have you used golang.org/x/oauth2? Does that package give a similar error?
the oidc package already has a sample app with callback setup, I was hoping to debug the code exchange section. the x/oauth2 does not have a sample app, so I need to write a full app in order to try it.
On Mon, May 16, 2016 at 8:18 AM, Eric Chiang notifications@github.com wrote:
Have you used golang.org/x/oauth2? Does that package give a similar error?
— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/coreos/go-oidc/issues/82#issuecomment-219452844
peter huang
thanks for the help, I was able to get id token now. I added the TLS listener to your sample code so it will do proper cert stuff.
{ "OAuth2Token": { "access_token": "REDACTED", "token_type": "Bearer", "refresh_token": "kJM7YKzg1cqwwjTwNveexN9ZopiOZRp99EYTznSv1i", "expiry": "2016-05-17T07:32:45.317839882Z" }, "IDTokenClaims": { "sub": "peter.huang@hpe.com", "email": "peter.huang@hpe.com", "aud": "go_oidc_client", "jti": "2G1eKneAl6ddKzI7vB6EfF", "iss": "https:\/\/c4t22724.itcs.hpecorp.net:9031", "iat": 1463463166, "exp": 1463463466, "acr": "urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" } }
On Mon, May 16, 2016 at 9:13 PM, Eric Chiang notifications@github.com wrote:
try this one: https://github.com/ericchiang/oidc/blob/master/examples/idtoken/app.go
— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/coreos/go-oidc/issues/82#issuecomment-219615055
peter huang
The fork where this was fixed has now been upstreamed https://github.com/coreos/go-oidc/pull/110
"unable to verify auth code with issuer: invalid_client: The client MUST NOT use more than one authentication method in each request."
it is not clear to me why I'm seeing this error. I have the auth code returned but cannot get the access token (If I used postman, I get the AT). I switched to public cert so that PKI is not the issue. I also look at the code and the spec and not sure where I'm missing.