openid-connect-generic icon indicating copy to clipboard operation
openid-connect-generic copied to clipboard

Published 20 hours ago verified publisher icon oidc-wp

Can't get the plugin to work on a website - ERROR (invalid_request): No refresh token

Open agenceKanvas opened this issue 2 years ago • 4 comments

Hey !

I've tried to configure the plugin with a keycloak install but I always end up with a ERREUR (invalid_request): No refresh token. All the keys and credentials seems correct and I have the exact same configuration than in the doc.

In keycloak, I have a session created with the right email.

In the logs, I have an invalid request :

object(WP_Error)#28432 (3) {
["errors"]=>
array(1) {
["invalid_request"]=>
array(1) {
[0]=>
string(16) "No refresh token"
}
}
["error_data"]=>
array(1) {
["invalid_request"]=>
array(6) {
["headers"]=>
object(WpOrg\Requests\Utility\CaseInsensitiveDictionary)#28433 (1) {
["data":protected]=>
array(9) {
["date"]=>
string(29) "Wed, 05 Jul 2023 13:24:15 GMT"
["server"]=>
string(6) "Apache"
["x-xss-protection"]=>
string(13) "1; mode=block"
["x-frame-options"]=>
string(43) "ALLOW-FROM https://player.vimeo.com/video/*"
["referrer-policy"]=>
string(11) "no-referrer"
["strict-transport-security"]=>
string(35) "max-age=31536000; includeSubDomains"
["x-content-type-options"]=>
string(7) "nosniff"
["content-type"]=>
string(16) "application/json"
["content-length"]=>
string(2) "66"
}
}
["body"]=>
string(66) "{"error":"invalid_request","error_description":"No refresh token"}"
["response"]=>
array(2) {
["code"]=>
int(400)
["message"]=>
string(11) "Bad Request"
}
["cookies"]=>
array(0) {
}
["filename"]=>
NULL
["http_response"]=>
object(WP_HTTP_Requests_Response)#28434 (5) {
["data"]=>
NULL
["headers"]=>
NULL
["status"]=>
NULL
["response":protected]=>
object(WpOrg\Requests\Response)#28435 (10) {
["body"]=>
string(66) "{"error":"invalid_request","error_description":"No refresh token"}"
["raw"]=>
string(440) "HTTP/1.1 400 Bad Request
Date: Wed, 05 Jul 2023 13:24:15 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Frame-Options: ALLOW-FROM https://player.vimeo.com/video/*
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Type: application/json
Content-Length: 66
Connection: close

{"error":"invalid_request","error_description":"No refresh token"}"
["headers"]=>
object(WpOrg\Requests\Response\Headers)#28436 (1) {
["data":protected]=>
array(9) {
["date"]=>
array(1) {
[0]=>
string(29) "Wed, 05 Jul 2023 13:24:15 GMT"
}
["server"]=>
array(1) {
[0]=>
string(6) "Apache"
}
["x-xss-protection"]=>
array(1) {
[0]=>
string(13) "1; mode=block"
}
["x-frame-options"]=>
array(1) {
[0]=>
string(43) "ALLOW-FROM https://player.vimeo.com/video/*"
}
["referrer-policy"]=>
array(1) {
[0]=>
string(11) "no-referrer"
}
["strict-transport-security"]=>
array(1) {
[0]=>
string(35) "max-age=31536000; includeSubDomains"
}
["x-content-type-options"]=>
array(1) {
[0]=>
string(7) "nosniff"
}
["content-type"]=>
array(1) {
[0]=>
string(16) "application/json"
}
["content-length"]=>
array(1) {
[0]=>
string(2) "66"
}
}
}
["status_code"]=>
int(400)
["protocol_version"]=>
float(1.1)
["success"]=>
bool(false)
["redirects"]=>
int(0)
["url"]=>
string(82) "https://sso.nouveauxterritoires.fr/auth/realms/Taxe/protocol/openid-connect/logout"
["history"]=>
array(0) {
}
["cookies"]=>
object(WpOrg\Requests\Cookie\Jar)#28437 (1) {
["cookies":protected]=>
array(0) {
}
}
}
["filename":protected]=>
NULL
}
}
}
["additional_data":protected]=>
array(0) {
}
}

And the next request is a ** make_authentication_url** Capture d’écran 2023-07-05 à 15 32 02

I'm stuck. If anyone has some ideas ... Thanks a lot !

agenceKanvas avatar Jul 05 '23 13:07 agenceKanvas

I don't even understand why there is a mention of vimeo in here, when the only related thing is that I have a vimeo embed on the homepage

agenceKanvas avatar Jul 05 '23 13:07 agenceKanvas

@agenceKanvas with the way those errors look it seems like there is a plugin misconfiguration. When the plugin is making a request to your Keycloak instance it is getting an invalid response. It seems perhaps that you don't have token refresh enabled in Keycloak. If you turn off the token refresh setting in the plugin does it work. What version of Keycloak are you using?

timnolte avatar Jul 05 '23 14:07 timnolte

But I do, I really have followed all the doc :) Capture d’écran 2023-07-05 à 16 30 31

agenceKanvas avatar Jul 05 '23 14:07 agenceKanvas

@agenceKanvas OK, so since you do have Refresh Tokens enabled in Keycloak then this would be some other plugin misconfiguration perhaps. Can you share your plugin settings with me excluding your client ID & client secret? You can DM me on the WordPress Slack, or send a message to timnolte via Keybase secure messaging, or send me a DM via the Fediverse using [email protected].

timnolte avatar Jul 05 '23 15:07 timnolte