openid-connect-generic icon indicating copy to clipboard operation
openid-connect-generic copied to clipboard

Published 20 hours ago verified publisher icon oidc-wp

invalid-user-claim error ($user_claim is not array)

Open amysticool opened this issue 5 years ago • 7 comments

Hello everyone,

I have an invalid-user-claim error after successfull authentification with the provider. spend fews days on it with no success. (At least if someone can explain how $user_claim work on is filled).

After investigation i found that this is due to an array check failed here :

if ( ! is_array( $user_claim ) ){

	/**
	 * Make sure the user_claim has all required values, and that the subject
	 * identity matches of the id_token matches that of the user_claim.
	 * 
	 * @param $user_claim
	 * @param $id_token_claim
	 *
	 * @return \WP_Error
	 */
	function validate_user_claim( $user_claim, $id_token_claim ) {
		// must be an array
		if ( ! is_array( $user_claim ) ){  //THIS IS GIVING TRUE
			var_dump($user_claim);
			return new WP_Error( 'invalid-user-claim', __( 'Invalid user claim array' ), $user_claim );
		}

Message log error is : Type: invalid-user-claim Date: 2019-11-14 19:49:35 Utilisateur: 0 URI : /wp-admin/admin-ajax.php?action=openid-connect-authorize&code=791c2b33-7847-443f-8f6d-3393cfe2bdf0&state=7a202dd525e3ef4182e4e4a27775855c

object(WP_Error)#23862 (2) {
  ["errors"]=>
  array(1) {
    ["invalid-user-claim"]=>
    array(1) {
      [0]=>
      string(24) "Invalid user claim array"
    }
  }
  ["error_data"]=>
  array(0) {
  }
}

My OpenId Scope : openid gender birthdate birthcountry birthplace family_name given_name email Idenity Key : openid (i also tried sub)

Don't know if it is linked but in an other hand i had some modification to do because of the following provider server side error

{"status":"fail","message":"The following fields are missing or empty : nonce"}

by adding a nonce value.

	/**
	 * Create a single use authentication url
	 * @return string
	 */
	function make_authentication_url() {
		$separator = '?';
		if ( stripos( $this->endpoint_login, '?' ) !== FALSE ) {
			$separator = '&';
		}
		$url = sprintf( '%1$s%2$sresponse_type=code&scope=%3$s&nonce=12344354597459&client_id=%4$s&state=%5$s&redirect_uri=%6$s', //HERE

amysticool avatar Nov 14 '19 20:11 amysticool

I getting the same error @amysticool, did you solve that?

image

here is the code that is raising that error

image

Or did someone has a hint to help us?

leandroquinger avatar Jan 22 '20 23:01 leandroquinger

I'm getting the same error as @leandroquinger "Invalid user claim". have someone solved it ?

giovannigenna avatar Jan 31 '20 10:01 giovannigenna

Solved by setting blank "Userinfo Endpoint URL"

giovannigenna avatar Jan 31 '20 14:01 giovannigenna

Solved! thanks @giovannigenna

leandroquinger avatar Feb 05 '20 16:02 leandroquinger

Hi, setting blank "Userinfo Endpoint URL" field does not work for me, i have the following error message "incorrect user claim". May i have some help about it :'(

amysticool avatar May 28 '21 16:05 amysticool

@giovannigenna thanks for the hack. Not sure whether its the right way to leave "Userinfo Endpoint URL" blank, but it works for me too!

backpackingseries avatar Aug 15 '22 07:08 backpackingseries

Solved by setting blank "Userinfo Endpoint URL"

but which field is username?

geekyouth avatar May 08 '23 10:05 geekyouth