search

stevenmaguire / oauth2-keycloak

Keycloak Provider for OAuth 2.0 Client
MIT License
204 stars 151 forks source link

I can't fetchUserFromToken #78

Open Eoras opened 6 months ago

Eoras commented 6 months ago

Hi, when i'm trying to fetUserFromToken, i got an error :

Invalid response received from Authorization Server. Expected JSON.

My token is valid before : 

[League\OAuth2\Client\Token\AccessToken](file:///D:/Paul%20DOS%20SANTOS/Bureau/ApsideCSE/vendor/league/oauth2-client/src/Token/AccessToken.php#L25) {#581 ▼
  #accessToken: "
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJpRko2YnA5Q0cwQW5HbXE5NVpRbGw5UGFsQVJxVU81YzN4aGpjWFlkZ3pBIn0.eyJleHAiOjE3MDkyOTM5NjksImlhdCI6MTcwOTI5MzkwOSwiYXV0aF90aW1lIjoxNzA5MjkzNDUyLCJqdGkiOiIzYTljOTZhNy1jMTcxLTQ3YjMtODA1MS1mY2JlMzU1NzY2NDkiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwOTAvcmVhbG1zL21hc3RlciIsImF1ZCI6WyJtYXN0ZXItcmVhbG0iLCJhY2NvdW50Il0sInN1YiI6IjQ2OGRkMWMxLWFkMDUtNGYyZS1hNmYzLTk2OWZlZTU1MzFjNSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImFwc2lkZS1jb25uZWN0Iiwic2Vzc2lvbl9zdGF0ZSI6Ijg4Nzg1OGRmLWQyMmItNGEyYS04ZTVmLWI2NWE2MjBhZWJkNiIsImFjciI6IjAiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9sb2NhbGhvc3Q6ODAwMC8qIiwiaHR0cDovL2xvY2FsaG9zdDo4MDAwLyoiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImNyZWF0ZS1yZWFsbSIsImRlZmF1bHQtcm9sZXMtbWFzdGVyIiwib2ZmbGluZV9hY2Nlc3MiLCJhZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsibWFzdGVyLXJlYWxtIjp7InJvbGVzIjpbInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwiY3JlYXRlLWNsaWVudCIsIm1hbmFnZS11c2VycyIsInF1ZXJ5LXJlYWxtcyIsInZpZXctYXV0aG9yaXphdGlvbiIsInF1ZXJ5LWNsaWVudHMiLCJxdWVyeS11c2VycyIsIm1hbmFnZS1ldmVudHMiLCJtYW5hZ2UtcmVhbG0iLCJ2aWV3LWV2ZW50cyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtYXV0aG9yaXphdGlvbiIsIm1hbmFnZS1jbGllbnRzIiwicXVlcnktZ3JvdXBzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJzaWQiOiI4ODc4NThkZi1kMjJiLTRhMmEtOGU1Zi1iNjVhNjIwYWViZDYiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.FPa-uhYGv1vhsyn5MhiPM7wqYqW_orwWDjHB4QsfBVKvNokNCBA84xLUvnIlAyQcvPUotwmi84KZROtE_ZU7TTtBhhPqf8fQgrs1fkjrPMrqZqRFHGoleYqTg6uyXp_IWH_8Tp-9JX0fN88wKTjaYoKywf23WiUHk5R73Rv304rzNuVH9urGXuwsa27CSORHd5v0IrbILV_w_mii_h7FK6uuXY6Ish17yyBE5TA1JJESE4w1C9JjVCjrJfxFWfeEwbsw2_hOo2_H9VUKHS_66Cq2eRqmilBX9y9NXZ_UZOOk1tVc4__6Kb0Q3xmhHO39thhBc3t-9tiPWkAuvNrhng
 ◀
"
  #expires: 1709293969
  #refreshToken: "
eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3MTE5MGIzYS1hOGQxLTQyMTItYTI0OC02ZDNmM2M4Yjk3YWQifQ.eyJleHAiOjE3MDkyOTU3MDksImlhdCI6MTcwOTI5MzkwOSwianRpIjoiNDcwYzY4NzQtOWE1Yi00YTJmLThiN2EtMzkyMDljYTk5YWU1IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDkwL3JlYWxtcy9tYXN0ZXIiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgwOTAvcmVhbG1zL21hc3RlciIsInN1YiI6IjQ2OGRkMWMxLWFkMDUtNGYyZS1hNmYzLTk2OWZlZTU1MzFjNSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJhcHNpZGUtY29ubmVjdCIsInNlc3Npb25fc3RhdGUiOiI4ODc4NThkZi1kMjJiLTRhMmEtOGU1Zi1iNjVhNjIwYWViZDYiLCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJzaWQiOiI4ODc4NThkZi1kMjJiLTRhMmEtOGU1Zi1iNjVhNjIwYWViZDYifQ.W-hzuo5rtY4hk1Sn9Ioe9wv8uBSkzRVi-Ay7GeQ_Rlo
 ◀
"
  #resourceOwnerId: null
  #values: array:5 [▼
    "refresh_expires_in" => 1800
    "token_type" => "Bearer"
    "not-before-policy" => 0
    "session_state" => "887858df-d22b-4a2a-8e5f-b65a620aebd6"
    "scope" => "email profile"
  ]
}

I use Keycloak 23.0.7 with Docker with this conf : 

KC_HOSTNAME=localhost
KC_PORT=8090
KC_REALM_NAME=master
KC_LOG_LEVEL=INFO
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=keycloak

I use WAMP last version on windows with php 8.3.2

I use Symfony 7.0 with : stevenmaguire/oauth2-keycloak v5.1.0 knpuniversity/oauth2-client-bundle v2.18.1

I think something wrong, with other project with same configuration but with Keycloak 16.1 this work fine.

I change the keycloak server url and removed /auth (v18 of keycloak)

I've got the redirect to login screen, i can login, but after when i'm back to symfony on my authenticate function from my Authenticator, i can't fetchUserFromToken.

Someone can help me ?

thank

Eoras commented 6 months ago

Until v19 of keycloak this work fine, but at v20 of keycloak this don't work.

aless673 commented 5 months ago

@Eoras add "openid" to the scope and it will works (I struggled on it)

kilianpelissier commented 3 months ago

@aless673 where do you change the scope ?

aless673 commented 3 months ago

@aless673 where do you change the scope ?

I do it in my custom authenticator

    #[Override]
    public function start(Request $request, AuthenticationException $authException = null): RedirectResponse
    {
        return $this->getClient()->redirect(['openid', 'email', 'profile'], []);
    }
kilianpelissier commented 3 months ago

Ok thanks,

Finally just specify the version in the conf yaml file worked for me