The token request host header should include the port number in the same way it is handled on the userinfo request. This is causing token validation to fail on my auth server when running on a non-standard port because the host without the port is not in my list of valid issuers.
add the following to request_authentication_token() just like is done in request_userinfo()
The token request host header should include the port number in the same way it is handled on the userinfo request. This is causing token validation to fail on my auth server when running on a non-standard port because the host without the port is not in my list of valid issuers.
add the following to request_authentication_token() just like is done in request_userinfo()
if ( ! empty( $parsed_url['port'] ) ) { $host .= ":{$parsed_url['port']}"; }