Using reconsile api to get access token
-
Hi,
i am using /api/jwt/reconcile api to get access token, it is working fine with google idp, but when i try to use it with linkedin i am getting following error:{ "fieldErrors": { "data.code": [ { "code": "[missing]data.code", "message": "Required" } ], "data.redirect_uri": [ { "code": "[missing]data.redirect_uri", "message": "Required" } ] } }
and here is my request body:
{ "applicationId": "1406e0a4-8a15-4181-a0d6-56d8ab14f144", "data": { "token": "AQXC8dwBpr5MgJ6QFLvoGgv_..." }, "identityProviderId": "6177c09d-3f0e-4d53-966564-3600b1b23f46" }
As per the documentation of api i only have to pass token, not sure why its asking for code and redirect_uri, code as already been exchanged to get access token
Any help would be appreciated.
-
@adil Can you share what your request looks like for the google call that works, please?
-
@dan ,than you for your reply , here is the request for google
curl --location --request POST 'https://example.com/api/jwt/reconcile' \ --header 'Authorization: API_KEY' \ --header 'Content-Type: application/json' \ --header 'Cookie: fusionauth.locale=en' \ --data-raw '{ "applicationId": "3453f0a4-8a15-4181-a0d6-88d2ab14566", "data": { "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Im9aMG..." }, "identityProviderId": "32339786-3dff-42a6-aac6-1f1fffffffff" }'
where token is the id_token we receive from google.
-
@dan ,same think is happening with apple idp as well, this is what i am getting for apple idp.
{ "fieldErrors": { "data.code": [ { "code": "[missing]data.code", "message": "Required" } ], "data.id_token": [ { "code": "[missing]data.id_token", "message": "Required" } ], "data.redirect_uri": [ { "code": "[missing]data.redirect_uri", "message": "Required" } ] } }
It looks like its asking for required fields which are required for following api
https://fusionauth.io/docs/v1/tech/apis/identity-providers/apple/#complete-the-apple-login, and i think same thing is happening for linkedin as well, but this one and reconcile api are two different api's. -
@adil I'm going to look into this further, but it is possible that the JWT reconcile operation isn't compatible with those other IdPs (in which case the documentation is incorrect). Will let you know what I find in the next few days.
As a workaround, would suggest using the 'complete login' API call as documented in each of those providers individual docs:
https://fusionauth.io/docs/v1/tech/apis/identity-providers/apple/#complete-the-apple-login
https://fusionauth.io/docs/v1/tech/apis/identity-providers/linkedin/#complete-the-linkedin-login
-
Seems like a bug, filed an issue: https://github.com/FusionAuth/fusionauth-issues/issues/1503