I have been attempting to develop an API and client which communicate to each other via an implementation of ThePHPLeague's OAuth2 server and client. Using the curl command in a CLI, I am able to generate a token and use it to gain access to protected resources.
User authentication relies on a bespoke PHP solution with Slim framework, which accepts a username and encrypted password stored in a database table. The same table is used for the OAuth2 implementation's user management.
When a user login attempt is successfully validated, the AbstractProvider 's getAccessToken() method is called and an access token is requested from the API. Here is where the problem lies.
I have tested functionality using the GenericProvider class. I've also extended the provider to create my own class. Using the both providers, I see the following error when I attempt to login:
Slim Application Error
Type: UnexpectedValueException
Code: 0
Message: An OAuth server error was encountered that did not contain a JSON body
File: /var/www/sloth2-client-php/vendor/league/oauth2-client/src/Provider/AbstractProvider.php
Line: 693
#0 /.../vendor/league/oauth2-client/src/Provider/AbstractProvider.php(626):
League\OAuth2\Client\Provider\AbstractProvider->parseResponse(Object(GuzzleHttp\Psr7\Response))
#1 /.../src/SlothProvider.php(113): League\OAuth2\Client\Provider\AbstractProvider->getParsedResponse(Object(GuzzleHttp\Psr7\Request))
#2 /.../src/Controller/AuthenticationController.php(69): App\SlothProvider->getAccessToken(Object(League\OAuth2\Client\Grant\ClientCredentials))
#3 /.../vendor/slim/slim/Slim/Handlers/Strategies/RequestResponse.php(42): App\Controller\AuthenticationController->authenticate(Object(Slim\Psr7\Request), Object(Slim\Psr7\Response), Array)
#4 /.../vendor/slim/slim/Slim/Routing/Route.php(372): Slim\Handlers\Strategies\RequestResponse->__invoke(Array, Object(Slim\Psr7\Request), Object(Slim\Psr7\Response), Array)
#5 /.../vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): Slim\Routing\Route->handle(Object(Slim\Psr7\Request))
#6 /.../vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): Slim\MiddlewareDispatcher->handle(Object(Slim\Psr7\Request))
#7 /.../vendor/slim/slim/Slim/Routing/Route.php(333): Slim\MiddlewareDispatcher->handle(Object(Slim\Psr7\Request))
#8 /.../vendor/slim/slim/Slim/Routing/RouteRunner.php(65): Slim\Routing\Route->run(Object(Slim\Psr7\Request))
#9 /.../vendor/slim/slim/Slim/Middleware/RoutingMiddleware.php(58): Slim\Routing\RouteRunner->handle(Object(Slim\Psr7\Request))
#10 /.../vendor/slim/slim/Slim/MiddlewareDispatcher.php(132): Slim\Middleware\RoutingMiddleware->process(Object(Slim\Psr7\Request), Object(Slim\Routing\RouteRunner))
#11 /.../vendor/slim/slim/Slim/Middleware/ErrorMiddleware.php(89): class@anonymous->handle(Object(Slim\Psr7\Request))
#12 /.../vendor/slim/slim/Slim/MiddlewareDispatcher.php(132): Slim\Middleware\ErrorMiddleware->process(Object(Slim\Psr7\Request), Object(class@anonymous))
#13 /.../vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): class@anonymous->handle(Object(Slim\Psr7\Request))
#14 /.../vendor/slim/slim/Slim/App.php(206): Slim\MiddlewareDispatcher->handle(Object(Slim\Psr7\Request))
#15 /.../vendor/slim/slim/Slim/App.php(190): Slim\App->handle(Object(Slim\Psr7\Request))
#16 /.../public/index.php(8): Slim\App->run()
#17 {main}
The SlothProvider class mentioned in the stack trace is as follows:
<?php
namespace App;
use League\OAuth2\Client\Provider\AbstractProvider;
use League\OAuth2\Client\Token\AccessToken;
use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
use Psr\Http\Message\ResponseInterface;
use UnexpectedValueException;
class SlothProvider extends AbstractProvider
{
use BearerAuthorizationTrait;
public function __construct()
{
$this->clientId = getenv('OAUTH2_CLIENT_ID');
$this->clientSecret = getenv('OAUTH2_CLIENT_SECRET');
$this->redirectUri = getenv('OAUTH2_REDIRECT_URI');
}
/**
* Get authorization url to begin OAuth flow
*
* @return string
*/
public function getBaseAuthorizationUrl()
{
return getenv('OAUTH2_AUTHORIZATION_URL');
}
/**
* Get access token url to retrieve token
*
* @param array $params
*
* @return string
*/
public function getBaseAccessTokenUrl(array $params)
{
return getenv('OAUTH2_ACCESS_TOKEN_URL');
}
/**
* Get provider url to fetch user details
*
* @param AccessToken $token
*
* @return string
*/
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
// You don't have one. You might consider throwing an exception here so
// that, when this is called, you get an error and can code your
// application to ensure that nothing calls this.
//
// Note that $this->getResourceOwner() is the most likely culprit for
// calling this. Just don't call getResourceOwner() in your code.
}
/**
* Get the default scopes used by this provider.
*
* This should not be a complete list of all scopes, but the minimum
* required for the provider user interface!
*
* @return array
*/
protected function getDefaultScopes()
{
return ['basic'];
}
/**
* Check a provider response for errors.
*
* @throws IdentityProviderException
* @param ResponseInterface $response
* @param array $data Parsed response data
* @return void
*/
protected function checkResponse(ResponseInterface $response, $data)
{
// Write code here that checks the response for errors and throws
// an exception if you find any.
}
/**
* Generate a user object from a successful user details request.
*
* @param array $response
* @param AccessToken $token
* @return \League\OAuth2\Client\Provider\ResourceOwnerInterface
*/
protected function createResourceOwner(array $response, AccessToken $token)
{
// Leave empty. You can't use this, since you don't have a clear
// resource owner details URL. You might consider throwing an
// exception from here, as well. See note on
// getResourceOwnerDetailsUrl() above.
}
/**
* Requests an access token using a specified grant and option set.
*
* @param mixed $grant
* @param array $options
* @throws IdentityProviderException
* @return AccessTokenInterface
*/
public function getAccessToken($grant, array $options = [])
{
$grant = $this->verifyGrant($grant);
$params = [
'client_id' => $this->clientId,
'client_secret' => $this->clientSecret,
'redirect_uri' => $this->redirectUri,
];
$params = $grant->prepareRequestParameters($params, $options);
$request = $this->getAccessTokenRequest($params);
$response = $this->getParsedResponse($request);
if (false === is_array($response)) {
throw new UnexpectedValueException(
'Invalid response received from Authorization Server. Expected JSON.'
);
}
$prepared = $this->prepareAccessTokenResponse($response);
$token = $this->createAccessToken($prepared, $grant);
return $token;
}
}
I would like to know what this error means and how to solve it.
The server is responded with a 500 status code with a body that couldn't be decoded by json_decode(). the actual decoding message from json_last_error_msg() can be found in the UnexpectedValueException's previous exception's `getMessage().
To find out what it is, try catching the exception from $response = $this->getParsedResponse($request); and then throwing the previous exception. e.g.
try {
$response = $this->getParsedResponse($request);
} catch (UnexpectedValueException $e) {
if ($e->getPrevious()) {
// json_decode() error message is in $e->getPrevious()->getMessage().
// An easy way to see it is to throw the previous exception:
throw $e->getPrevious();
}
}
Hopefully the error message will give you a clue as to what went wrong. Otherwise, you need to look at the Request and Response objects that were sent/received. You'll need to inspect the getParsedResponse() method within League\OAuth2\Client\Provider\AbstractProvider to do that.