FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Getting error with OIDC identity provider

    Scheduled Pinned Locked Moved
    Q&A
    oidc jwt userinfo
    0
    2
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      When I am trying to set up a OIDC identity provider, I am seeing an error after I login: invalid_origin.

      When I look at the event log I see:

      Request to the [https://REDACTED/userinfo] endpoint failed. Status code [200].Exception encountered.com.inversoft.rest.JSONException : Message: Failed to parse the HTTP response as JSON. Actual HTTP response body:
      eyJra...
      

      If I decoded the JWT in the response body, I get back a valid userinfo response.

      How can I handle this?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        That is an encoded (signed) JWT being sent in response to the user info request that the FusionAuth OIDC identity provider is making.

        This is technically allowed in the OIDC spec, but we do not currently support this response type.

        Per spec, the endpoint should support a JSON response which is the default unless the client requests a signed or encrypted response body.

        I would look at how your client is registered and see if it is asking for a JWT userinfo response at that time, and change it to be a normal JSON response. You could also file an issue detailing your needs for FusionAuth to support this user info response type.

        If that isn't an option, you could also look at using a SAML Identity Provider if the remote identity source supports that.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post