invalid_token after success login
rjcpereira opened this issue · comments
I'm trying to login, using id_token response type, I receive the token after the login, but every time that I call fetchUserInfo methods, I get the following error:
OPError: invalid_token (The access token provided is expired, revoked, malformed, or invalid for other reasons)
at throwAuthenticateErrors (/Users/xxxx/node_modules/openid-client/lib/helpers/process_response.js:18:11)
at processResponse (/Users/xxxx/node_modules/openid-client/lib/helpers/process_response.js:41:7)
at Client.userinfo (/Users/xxxx/node_modules/openid-client/lib/client.js:1135:18)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async file:///Users/xxxx/server/admin.js:99:18 {
error: 'invalid_token',
error_description: 'The access token provided is expired, revoked, malformed, or invalid for other reasons'
}
This is my code:
import oidc from 'express-openid-connect';
import express from 'express'
const server = express();
server.use((req, res, next) => {
res.set("Strict-Transport-Security", "max-age=31536000; preload");
res.set("Content-Security-Policy", "upgrade-insecure-requests; block-all-mixed-content;");
res.set("X-Frame-Options", "SAMEORIGIN");
res.set("X-XSS-Protection", "1; mode=block");
res.set("X-Content-Type-Options", "nosniff");
res.set("Referrer-Policy", "strict-origin-when-cross-origin");
res.set("Feature-Policy", "camera 'none'; microphone 'none'");
res.set("Permissions-Policy", "camera=(), microphone=()");
res.set("Access-Control-Allow-Origin", "*");
res.set("Access-Control-Allow-Methods", "GET, POST, OPTIONS, DELETE");
res.set("Access-Control-Allow-Headers", "DNT, Origin, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Accept, Content-Range, Range, Pragma, Upgrade-Insecure-Requests");
res.set("Access-Control-Allow-Credentials", true);
next();
});
server.use(oidc.auth({
issuerBaseURL: 'https://xxxx.xxxxxxx.xxx',
baseURL: 'http://localhost:3000',
clientID: 'XXXXXXXXXXXXXXXXXXXXXXXX',
secret: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
attemptSilentLogin: true,
idpLogout: true,
authRequired: false,
routes: {
login: false
},
authorizationParams: {
grant_type: "refresh_token",
response_type: 'id_token',
redirect_uri: `http://localhost:3000/auth`,
scope: 'openid role email profile corporate_username'
}
}));
const page = (req, name) => `<html><head><title>${name}</title></head><body><h1>${name}</h1><pre>${JSON.stringify(req.oidc.user || {})}</pre></body></html>`;
server.get('/', async (req, res) => {
console.log(req.oidc.user || {});
res.send(page(req, 'home'));
});
server.get('/required', oidc.requiresAuth(), async (req, res) => {
console.log(req.oidc.user || {});
res.send(page(req, 'required'));
});
server.get('/auth', async (req, res) => {
console.log(req.oidc.user || {});
res.send(page(req, 'auth'));
});
server.get('/check', async (req, res) => {
console.log(req.oidc.user || {});
res.send(req.oidc.user);
});
server.get('/info', async (req, res) => {
console.log(req.oidc.user || {});
const data = await req.oidc.fetchUserInfo();
res.send(data);
});
server.get('/login', async (req, res) => {
console.log(req.oidc.user || {});
res.oidc.login({ returnTo: '/' });
});
server.get('/logout', async (req, res) => {
console.log(req.oidc.user || {});
res.oidc.logout();
res.send({
success: true
});
});
server.listen(3000);
Hi @rjcpereira - thanks for raising this
You need an access token to access the user info endpoint and you're trying to access it with an id token.
You need a response_type of code or code id_token to get an access token, then you can use this to access the user info endpoint.
Closing as I believe ☝️ answers your question, feel free to ping me if you want to reopen.