search

indigo-iam / iam

INDIGO Identity and Access Management Service
https://indigo-iam.github.io/
Other
102 stars 43 forks source link

Error when trying to access the `userinfo` endpoint with an active client access token #569

Open aldbr opened 1 year ago

aldbr commented 1 year ago

Hello,

I was doing some (weird) tests with the IAM API (using the docker container provided in the documentation) when I found this "bug". I know it makes no sense to use a client access token to access the userinfo endpoint, but I find different responses regarding whether the client access token is active or expired.

Here is the result with an expired client access token:

$ curl -H "Authorization: Bearer $OLD_CLIENT_ACCESS_TOKEN" http://localhost:8080/userinfo

{
  "error":"invalid_token",
  "error_description":"Invalid access token: <old_client_access_token>"
}

Now, here is the result with an active client access token:

$ curl -H "Authorization: Bearer $CLIENT_ACCESS_TOKEN" http://localhost:8080/userinfo

<!DOCTYPE html>
<html lang="en_US">

<head>

<base href="http://localhost:8080/">
<title>INDIGO IAM for indigo-dc-An unexpected error occurred</title>

<meta charset="utf-8">
<meta
  name="viewport"
  content="width=device-width, initial-scale=1.0">

<link
  rel="stylesheet"
  href="/webjars/bootstrap/css/bootstrap.min.css"></link>

<link
  rel="stylesheet"
  href="/webjars/angular-ui-select/select.min.css"></link>

<link
  rel="stylesheet"
  href="/webjars/font-awesome/css/font-awesome.css"></link>

<link
  rel="stylesheet"
  href="/resources/iam/css/AdminLTE.css"></link>

<link
  rel="stylesheet"
  href="/resources/iam/css/skins/skin-blue.css"></link>

<link
  rel="stylesheet"
  href="/resources/iam/css/ionicons/ionicons.min.css"></link>

<link
  rel="stylesheet"
  href="/resources/iam/css/toaster.min.css" />

<link
  rel="stylesheet"
  href="/resources/iam/css/iam.css"></link>

  <style type="text/css">
    #logo-container {
       margin: auto;
        margin-top: 10px;
        width: 200px;
        height: 150px;
        background-size: 200px;
        background-image: url('resources/images/indigo-logo.png');
        background-repeat: no-repeat;
        background-position: center;
    }
  </style>

</head>

<script type="text/javascript">
    //get the info of the currently authenticated user, if available (null otherwise)
    function getUserInfo() {
        return ;
    }

    // get the authorities of the currently authenticated user, if available (null otherwise)
    function getUserAuthorities() {
        return ["ROLE_CLIENT"];
    }

    function getIamVersion() {
        return '1.8.0';
    }

    function getIamGitCommitId() {
        return 'c01e02a';
    }

    function getRegistrationEnabled() {
        return true;
    }

    function getAccountLinkingEnabled() {
        return true;
    }

    function getExternalAuthenticationEnabled() {
        return true;
    }

    function getOrganisationName() {
        return 'indigo-dc';
    }
</script>

<body>
  <div class="container">
    <div class="absolute-center">
      <div id="logo-container" style="background-image: url(resources/images/indigo-logo.png)">
        <a href="/"></a>
      </div>
      <div class="container-fluid page-content">

  <h2 class="text-center text-danger">403. Forbidden</h2>

  <div id="register-confirm-back-btn" class="row text-center">
    <a class="btn btn-primary" href='/login'>Back to Login Page</a>
  </div>

      </div>
    </div>
  </div>

</body>

</html>

Probably nothing harmful here, just that it seems to generate an error in IAM: An unexpected error occurred.

Thanks

aldbr commented 3 days ago

Problem solved from what I can see (I tested with v1.10.2).

aldbr commented 3 days ago

Nevermind, I had to fix my test due to the upgrade, and I actually still see this "issue"