Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenIDConnectClientException: Cannot supply client credentials in both the Authentication header and the request-body #75

Closed
rajnisheu opened this issue Mar 3, 2017 · 2 comments

Comments

@rajnisheu
Copy link

rajnisheu commented Mar 3, 2017

Hi, I am using okat to test from my localhost xampp install on windows. First I got an error regarding phseclib which I had to include. This is my code with cert turned off for now:

include('phpseclib1.0.5/Crypt/RSA.php');
require "OpenIDConnectClient.php";

$oidc = new OpenIDConnectClient('https://myaccount.oktapreview.com',
                                'id',
                                'secret');
$oidc->setVerifyHost(false);
$oidc->setVerifyPeer(false);
$oidc->authenticate();
$name = $oidc->requestUserInfo('given_name');

Am redirected to okta and able to pass my creds. Also getting correctly redirected to local file after entering creds on okta. On callback to local am getting the following error:
OpenIDConnectClientException: Cannot supply client credentials in both the Authentication header and the request-body. in C:\xampp\htdocs\openid\OpenIDConnectClient.php on line 228

Not able to figure out if this is an okta issue or openid-connect-php issue.
Any help appreciated.

@jumbojett
Copy link
Owner

Hi @rajnisheu ! My thoughts are as follows.

  1. It appears that you're not using composer to install the library. (Thus the missing libs error.)
  2. id and secret are place holders for actual value that need to be obtained from your provider. Are you using actual values in this place?

Closing the issue for now. Feel free to re-open if you have additional questions!

@rajnisheu
Copy link
Author

rajnisheu commented Mar 10, 2017

I can't find how to re-open this for topic no 2.
There's an issue when un-setting array fields in case of client_secret_basic which is fixed by also un-setting client_id as follows:

# Consider Basic authentication if provider config is set this way
 if (in_array('client_secret_basic', $token_endpoint_auth_methods_supported)) {
   $headers = ['Authorization: Basic ' . base64_encode($this->clientID . ':' . $this->clientSecret)];
   unset($token_params['client_id']); // unset client_id as well
   unset($token_params['client_secret']);
 }

Could be Okta specific. Will run tests with other providers.
Re topic no 1, adding a line to the documentation mentioning dependency on PHPSecLib would great.
Thanks for the library!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants