search

thephpleague / oauth2-client

Easy integration with OAuth 2.0 service providers.
http://oauth2-client.thephpleague.com
MIT License
3.64k stars 751 forks source link

Authentik Client? #936

Open danielbheyl opened 2 years ago

danielbheyl commented 2 years ago

Using the Basic Usage instructions for thephpleague/oath2-client, I have a php client that obatins a valid token from an Authentik server. I can use this token and expiration, etc. However no matter what I try, I cannot get user information out of Authentik. I've setup the $provider with the following:

'urlResourceOwnerDetails' => 'https://{server}/application/o/userinfo/'

After receiving a valid $accessTokem, I have called $resourceOwner = $provider->getResourceOwner($accessToken); var_dump($resourceOwner);

Instead of displaying anything of value, I see:

Fatal error: Uncaught UnexpectedValueException: Invalid response received from Authorization Server. Expected JSON. in {php_server}/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:787 Stack trace: #0 {php_server}/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(767): League\OAuth2\Client\Provider\AbstractProvider->fetchResourceOwnerDetails(Object(League\OAuth2\Client\Token\AccessToken))

It appears the Authntik server is not responding with valid JSON and the oath2-client is throwing an error. I cannot find the proper way to request user information from Authentik. Is there a custom Third Party Provider that I should be using? Any help would be appreciated.

deonthomasgy commented 2 years ago

bump

AndrewBucklin commented 2 years ago

Having similar issue with Authentik but in my case, I don't get any output from var_dump($resourceOwner);

EDIT: I figured it out. You must include the scopes parameter in the initialization. For example:

$provider = new \League\OAuth2\Client\Provider\GenericProvider([
    'clientId'                => 'XXXXXX',    // The client ID assigned to you by the provider
    'clientSecret'            => 'XXXXXX',    // The client password assigned to you by the provider
    'redirectUri'             => 'https://my.example.com/your-redirect-url/',
    'urlAuthorize'            => 'https://service.example.com/authorize',
    'urlAccessToken'          => 'https://service.example.com/token',
    'urlResourceOwnerDetails' => 'https://service.example.com/resource',
    'scopes'                  => 'openid profile email'
]);

Example output:

{
  "email": "email@example.com",
  "email_verified": true,
  "name": "Joe Smith",
  "given_name": "Joe Smith",
  "family_name": "Smith",
  "preferred_username": "Joe",
  "nickname": "Joe",
  "groups": [
    "group1",
    "group2",
    "group3"
  ],
  "sub": "Joe"
}