getAccessTokenPayload fails for specific OP

[abulhol]

E.g. for Auth0, the access token only consists of one string without dots, e.g. [access_token] => SSh4skEA2DMPimIBbe0E2YRkGq4r_DCj, so

public function getAccessTokenPayload() {
    return $this->decodeJWT($this->accessToken, 1);
}

throws an ErrorException: Undefined offset: 1.

[JuliusPC]

Since the OIDC / OAuth 2 spec doesn’t specify a specific access token format, there are two types of access token:

1. opaque or reference token
2. parseable or self-contained token, commonly using the JWT format

Your access token seems to be a reference token, so this library can’t parse it.

See also https://auth0.com/docs/tokens/access-tokens

[abulhol]

@JuliusPC yes I understand that, but the reason I have started using the JumboJett library is that it can be used as a generic client for any OIDC endpoint. So it would be important that the access token format is handled generically as well.

[JuliusPC]

[…] but the reason I have started using the JumboJett library is that it can be used as a generic client for any OIDC endpoint.

This is an understandable desire. Since OIDC doesn’t mandate specific formats (it does with the id token), no OIDC library will be able to provide this feature with any OIDC compatible provider.

Why do you need to parse the access token?

So it would be important that the access token format is handled generically as well.

Since there is no standard for token formats, this is not possible. You need to catch the exception (which should be more specific) and handle the difference by your code, e. g. by calling introspectToken which depends on OAuth token introspection (RFC 7662) and may be not supported by your OpenID provider. Another problem with the introspection endpoint is the fact that the means how your client authenticates to it is not mandated by RFC 7662.