Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentik Client? #936

Open
danielbheyl opened this issue Feb 4, 2022 · 2 comments
Open

Authentik Client? #936

danielbheyl opened this issue Feb 4, 2022 · 2 comments

Comments

@danielbheyl
Copy link

danielbheyl commented Feb 4, 2022

Using the Basic Usage instructions for thephpleague/oath2-client, I have a php client that obatins a valid token from an Authentik server. I can use this token and expiration, etc. However no matter what I try, I cannot get user information out of Authentik. I've setup the $provider with the following:

'urlResourceOwnerDetails' => 'https://{server}/application/o/userinfo/'

After receiving a valid $accessTokem, I have called
$resourceOwner = $provider->getResourceOwner($accessToken);
var_dump($resourceOwner);

Instead of displaying anything of value, I see:

Fatal error: Uncaught UnexpectedValueException: Invalid response received from Authorization Server. Expected JSON. in {php_server}/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:787 Stack trace: #0 {php_server}/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(767): League\OAuth2\Client\Provider\AbstractProvider->fetchResourceOwnerDetails(Object(League\OAuth2\Client\Token\AccessToken))

It appears the Authntik server is not responding with valid JSON and the oath2-client is throwing an error. I cannot find the proper way to request user information from Authentik. Is there a custom Third Party Provider that I should be using? Any help would be appreciated.

@deonthomasgy
Copy link

bump

@AndrewBucklin
Copy link

AndrewBucklin commented Jun 26, 2022

Having similar issue with Authentik but in my case, I don't get any output from var_dump($resourceOwner);

EDIT: I figured it out. You must include the scopes parameter in the initialization. For example:

$provider = new \League\OAuth2\Client\Provider\GenericProvider([
    'clientId'                => 'XXXXXX',    // The client ID assigned to you by the provider
    'clientSecret'            => 'XXXXXX',    // The client password assigned to you by the provider
    'redirectUri'             => 'https://my.example.com/your-redirect-url/',
    'urlAuthorize'            => 'https://service.example.com/authorize',
    'urlAccessToken'          => 'https://service.example.com/token',
    'urlResourceOwnerDetails' => 'https://service.example.com/resource',
    'scopes'                  => 'openid profile email'
]);

Example output:

{
  "email": "email@example.com",
  "email_verified": true,
  "name": "Joe Smith",
  "given_name": "Joe Smith",
  "family_name": "Smith",
  "preferred_username": "Joe",
  "nickname": "Joe",
  "groups": [
    "group1",
    "group2",
    "group3"
  ],
  "sub": "Joe"
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants