search

oidc-wp / openid-connect-generic

WordPress plugin to provide an OpenID Connect Generic client
https://wordpress.org/plugins/daggerhart-openid-connect-generic/
261 stars 155 forks source link

Can't get the plugin to work on a website - ERROR (invalid_request): No refresh token #491

Open agenceKanvas opened 1 year ago

agenceKanvas commented 1 year ago

Hey !

I've tried to configure the plugin with a keycloak install but I always end up with a ERREUR (invalid_request): No refresh token. All the keys and credentials seems correct and I have the exact same configuration than in the doc.

In keycloak, I have a session created with the right email.

In the logs, I have an invalid request : 

object(WP_Error)#28432 (3) {
["errors"]=>
array(1) {
["invalid_request"]=>
array(1) {
[0]=>
string(16) "No refresh token"
}
}
["error_data"]=>
array(1) {
["invalid_request"]=>
array(6) {
["headers"]=>
object(WpOrg\Requests\Utility\CaseInsensitiveDictionary)#28433 (1) {
["data":protected]=>
array(9) {
["date"]=>
string(29) "Wed, 05 Jul 2023 13:24:15 GMT"
["server"]=>
string(6) "Apache"
["x-xss-protection"]=>
string(13) "1; mode=block"
["x-frame-options"]=>
string(43) "ALLOW-FROM https://player.vimeo.com/video/*"
["referrer-policy"]=>
string(11) "no-referrer"
["strict-transport-security"]=>
string(35) "max-age=31536000; includeSubDomains"
["x-content-type-options"]=>
string(7) "nosniff"
["content-type"]=>
string(16) "application/json"
["content-length"]=>
string(2) "66"
}
}
["body"]=>
string(66) "{"error":"invalid_request","error_description":"No refresh token"}"
["response"]=>
array(2) {
["code"]=>
int(400)
["message"]=>
string(11) "Bad Request"
}
["cookies"]=>
array(0) {
}
["filename"]=>
NULL
["http_response"]=>
object(WP_HTTP_Requests_Response)#28434 (5) {
["data"]=>
NULL
["headers"]=>
NULL
["status"]=>
NULL
["response":protected]=>
object(WpOrg\Requests\Response)#28435 (10) {
["body"]=>
string(66) "{"error":"invalid_request","error_description":"No refresh token"}"
["raw"]=>
string(440) "HTTP/1.1 400 Bad Request
Date: Wed, 05 Jul 2023 13:24:15 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Frame-Options: ALLOW-FROM https://player.vimeo.com/video/*
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Type: application/json
Content-Length: 66
Connection: close

{"error":"invalid_request","error_description":"No refresh token"}"
["headers"]=>
object(WpOrg\Requests\Response\Headers)#28436 (1) {
["data":protected]=>
array(9) {
["date"]=>
array(1) {
[0]=>
string(29) "Wed, 05 Jul 2023 13:24:15 GMT"
}
["server"]=>
array(1) {
[0]=>
string(6) "Apache"
}
["x-xss-protection"]=>
array(1) {
[0]=>
string(13) "1; mode=block"
}
["x-frame-options"]=>
array(1) {
[0]=>
string(43) "ALLOW-FROM https://player.vimeo.com/video/*"
}
["referrer-policy"]=>
array(1) {
[0]=>
string(11) "no-referrer"
}
["strict-transport-security"]=>
array(1) {
[0]=>
string(35) "max-age=31536000; includeSubDomains"
}
["x-content-type-options"]=>
array(1) {
[0]=>
string(7) "nosniff"
}
["content-type"]=>
array(1) {
[0]=>
string(16) "application/json"
}
["content-length"]=>
array(1) {
[0]=>
string(2) "66"
}
}
}
["status_code"]=>
int(400)
["protocol_version"]=>
float(1.1)
["success"]=>
bool(false)
["redirects"]=>
int(0)
["url"]=>
string(82) "https://sso.nouveauxterritoires.fr/auth/realms/Taxe/protocol/openid-connect/logout"
["history"]=>
array(0) {
}
["cookies"]=>
object(WpOrg\Requests\Cookie\Jar)#28437 (1) {
["cookies":protected]=>
array(0) {
}
}
}
["filename":protected]=>
NULL
}
}
}
["additional_data":protected]=>
array(0) {
}
}

And the next request is a make_authentication_url

Capture d’écran 2023-07-05 à 15 32 02

I'm stuck. If anyone has some ideas ... Thanks a lot !

agenceKanvas commented 1 year ago

I don't even understand why there is a mention of vimeo in here, when the only related thing is that I have a vimeo embed on the homepage

timnolte commented 1 year ago

@agenceKanvas with the way those errors look it seems like there is a plugin misconfiguration. When the plugin is making a request to your Keycloak instance it is getting an invalid response. It seems perhaps that you don't have token refresh enabled in Keycloak. If you turn off the token refresh setting in the plugin does it work. What version of Keycloak are you using?

agenceKanvas commented 1 year ago

But I do, I really have followed all the doc :)

Capture d’écran 2023-07-05 à 16 30 31
timnolte commented 1 year ago

@agenceKanvas OK, so since you do have Refresh Tokens enabled in Keycloak then this would be some other plugin misconfiguration perhaps. Can you share your plugin settings with me excluding your client ID & client secret? You can DM me on the WordPress Slack, or send a message to timnolte via Keybase secure messaging, or send me a DM via the Fediverse using tim@mastodon.timnolte.com.