Github as a generic OAuth20 IDP Token Parse Exception
11 views
Skip to first unread message
Dominic Cohrs
Mar 8, 2023, 8:25:52 AM3/8/23
to CAS Community
Hi,
2023-03-08 12:43:47,966 WARN [org.apereo.cas.util.function.FunctionUtils] - <Error getting token:Unrecognized token 'access_token': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
at [Source: (String)"access_token=********; line: 1, column: 13]>
org.pac4j.core.exception.HttpCommunicationException: Error getting token:Unrecognized token 'access_token': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
at [Source: (String)"access_token=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&scope=user&token_type=bearer"; line: 1, column: 13]
at org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.retrieveAccessToken(OAuth20Authenticator.java:38) ~[pac4j-oauth-6.0.0-RC5.jar:?]
at org.pac4j.oauth.credentials.authenticator.OAuthAuthenticator.validate(OAuthAuthenticator.java:41) ~[pac4j-oauth-6.0.0-RC5.jar:?]
at org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.validate(OAuth20Authenticator.java:22) ~[pac4j-oauth-6.0.0-RC5.jar:?]
at org.pac4j.core.client.BaseClient.internalValidateCredentials(BaseClient.java:99) ~[pac4j-core-6.0.0-RC5.jar:?]
at org.pac4j.core.client.BaseClient.validateCredentials(BaseClient.java:88) ~[pac4j-core-6.0.0-RC5.jar:?]
at org.apereo.cas.authentication.principal.DefaultDelegatedAuthenticationCredentialExtractor.lambda$getCredentialsFromDelegatedClient$1(DefaultDelegatedAuthenticationCredentialExtractor.java:52) ~[cas-server-support-pac4j-core-7.0.0-RC4.jar:7.0.0-RC4]
at java.util.Optional.map(Optional.java:260) ~[?:?]
I use the Github Identity Provider from CAS for Delegated Authentication and this works fine.
Now i have a use case where i have to define multiple Github IDPs. So I started to define a generic OAuth20 IDP for Github in my cas.properties.
cas.authn.pac4j.oauth2[0].enabled=true
cas.authn.pac4j.oauth2[0].client-name=github
cas.authn.pac4j.oauth2[0].auth-url=https://github.com/login/oauth/authorize
cas.authn.pac4j.oauth2[0].id=
cas.authn.pac4j.oauth2[0].profile-url=https://api.github.com/user
cas.authn.pac4j.oauth2[0].secret=
cas.authn.pac4j.oauth2[0].token-url=https://github.com/login/oauth/access_token
cas.authn.pac4j.oauth2[0].profile-verb=GET
cas.authn.pac4j.oauth2[0].scope=user
That works fine until the token has to be pasred. I got following Stacktrace:
Now i have a use case where i have to define multiple Github IDPs. So I started to define a generic OAuth20 IDP for Github in my cas.properties.
cas.authn.pac4j.oauth2[0].enabled=true
cas.authn.pac4j.oauth2[0].client-name=github
cas.authn.pac4j.oauth2[0].auth-url=https://github.com/login/oauth/authorize
cas.authn.pac4j.oauth2[0].id=
cas.authn.pac4j.oauth2[0].profile-url=https://api.github.com/user
cas.authn.pac4j.oauth2[0].secret=
cas.authn.pac4j.oauth2[0].token-url=https://github.com/login/oauth/access_token
cas.authn.pac4j.oauth2[0].profile-verb=GET
cas.authn.pac4j.oauth2[0].scope=user
That works fine until the token has to be pasred. I got following Stacktrace:
2023-03-08 12:43:47,966 WARN [org.apereo.cas.util.function.FunctionUtils] - <Error getting token:Unrecognized token 'access_token': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
at [Source: (String)"access_token=********; line: 1, column: 13]>
org.pac4j.core.exception.HttpCommunicationException: Error getting token:Unrecognized token 'access_token': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
at [Source: (String)"access_token=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&scope=user&token_type=bearer"; line: 1, column: 13]
at org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.retrieveAccessToken(OAuth20Authenticator.java:38) ~[pac4j-oauth-6.0.0-RC5.jar:?]
at org.pac4j.oauth.credentials.authenticator.OAuthAuthenticator.validate(OAuthAuthenticator.java:41) ~[pac4j-oauth-6.0.0-RC5.jar:?]
at org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.validate(OAuth20Authenticator.java:22) ~[pac4j-oauth-6.0.0-RC5.jar:?]
at org.pac4j.core.client.BaseClient.internalValidateCredentials(BaseClient.java:99) ~[pac4j-core-6.0.0-RC5.jar:?]
at org.pac4j.core.client.BaseClient.validateCredentials(BaseClient.java:88) ~[pac4j-core-6.0.0-RC5.jar:?]
at org.apereo.cas.authentication.principal.DefaultDelegatedAuthenticationCredentialExtractor.lambda$getCredentialsFromDelegatedClient$1(DefaultDelegatedAuthenticationCredentialExtractor.java:52) ~[cas-server-support-pac4j-core-7.0.0-RC4.jar:7.0.0-RC4]
at java.util.Optional.map(Optional.java:260) ~[?:?]
It seems that the generic OAuth20 Implementation can not parse the default payload from Github that is like:
"access_token=gho_16C7e42F292c6912E7710c838347Ae178B4a&scope=repo%2Cgist&token_type=bearer"
It is also possible to get the response as JSON from Github, if the header "Accept: application/json" is set and this should work fine.
Is there a possibility to configure a Header for that? Or another way to parse the token as it is?
Thanks for help in advance
"access_token=gho_16C7e42F292c6912E7710c838347Ae178B4a&scope=repo%2Cgist&token_type=bearer"
It is also possible to get the response as JSON from Github, if the header "Accept: application/json" is set and this should work fine.
Is there a possibility to configure a Header for that? Or another way to parse the token as it is?
Thanks for help in advance
Reply all
Reply to author
Forward
0 new messages