mikeover
commented
8 years ago @jjbohn @cmrd-senya @rdingwell Any idea?
Closed mikeover closed 8 years ago
mikeover
commented
8 years ago @jjbohn @cmrd-senya @rdingwell Any idea?
rdingwell
commented
8 years ago have you tried it with the email and profile scopes added in
mikeover
commented
8 years ago I originally had email in there, but either one of those I get an invalid_scope error.
hiyosi
commented
8 years ago Hi, Which scope values does your provider support?
Generally it follows the specification, but the value returned by the scope value depends on the provider.
http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
mikeover
commented
8 years ago There was a mixup, and they just added the :email scope. However, when I add that in, I get the same thing, a user info hash full of nil's.
hiyosi
commented
8 years ago Could you check the extra.raw_info ? There is raw data in it.
mikeover
commented
8 years ago That is empty as well.
hiyosi
commented
8 years ago If so, it seems that empty data is returned from the provider.
ummm, Does the provider support scope values such as email, profile?
mikeover
commented
8 years ago Just email
On Nov 11, 2016 6:10 PM, "Tomoya Usami" notifications@github.com wrote:
If so, it seems that empty data is returned from the provider. ummm, Does the provider support scope values such as email, profile?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jjbohn/omniauth-openid-connect/issues/66#issuecomment-260076804, or mute the thread https://github.com/notifications/unsubscribe-auth/AEz9ikMpgluNV81wqiY6oPHqNTEXZFWnks5q9PXKgaJpZM4KwFvx .
hiyosi
commented
8 years ago Could you get the response you requested with curl command?
$ curl -H "Authorization: Bearer ${YOUR_ACCESS_TOKEN}" ${USERINFO_ENDOPONT}Ok, I'm told that I need to take my id_token, split it by ".", decode each element of the array (3 elements) into Base64, and then decrypt the 3rd element. The first element should contain data indicating Type of Token=JWT, Algorithm=RSA256, a thumbprint, and keyId, while it looks like the 2nd element contains the data. Is this what the gem is doing (i.e., does sound correct)?
mikeover
commented
8 years ago Verified that the 2nd element looks like it has username, email, etc. the data that I'm looking for. However, when userinfo! is called on the AccessToken in OpenIDConnect, the get call returns an empty hash. I verified that it's setting the access token as the bearer authorization code. I suspect this could is an issue on the provider side?
hiyosi
commented
8 years ago Do you mean that id_token (2nd element) returned by the provider contains information such as username, email address, etc.?
hiyosi
commented
8 years ago I suspect this could is an issue on the provider side?
I think so too.
mikeover
commented
8 years ago Verified it was an issue on the provider end, thanks for the help.
After my callback phase I'm getting just a nil'ed out hash in my controller callback action.
info=#<OmniAuth::AuthHash::InfoHash email=nil first_name=nil gender=nil image=nil last_name=nil name=nil nickname=nil phone=nil urls=#<OmniAuth::AuthHash website=nil>>Things seem to be "working" other than this - no errors or anything. The omniauth hash does have an id_token and a token but for some reason that doesn't seem to be translating into any real data. Why might this be?
Here's my configuration:
provider :my_provider, :name => "my_provider", :scope => [:openid, :eportal], :response_type => :code, :client_signing_alg => :RS256, :client_x509_signing_key => "-----BEGIN CERTIFICATE-----.....-----END CERTIFICATE-----", :discovery => true, :issuer =>,
:client_options =>
{
:port => 443,
:scheme => "https",
:host => ,
:identifier => ,
:redirect_uri => ,
:secret =>
}
Am I missing something that is preventing it from decrypting the id_token to put the data into the omniauth info hash? There seem to be so many configuration options but I haven't been able to find in the documentation the right combination of settings to make this work.