openid-connectpac4j

pac4j Bad User Info response allows user to login


I am trying to use https://www.pac4j.org/docs/clients/openid-connect.html docs to integrate my application but if access token destroyed(session destroyed in case of keycloak) using header client like below:

HeaderClient client = new HeaderClient("Authorization", "Bearer ", oidcClient.getProfileCreator());

allows client to login. It just prints a debug log like:

ERROR o.p.o.p.creator.OidcProfileCreator -- Bad User Info response, error=invalid_token

Previously there was UserInfoOidcAuthenticator for header client but it was deprecated and removed in pac4j 6.x. So how should i configure headerclient to achieve same functionality when we were using UserInfoOidcAuthenticator? Or am i missing something?


Solution

  • You're not missing anything:

    new HeaderClient("Authorization", "Bearer ", new UserInfoOidcAuthenticator(oidcConfig));
    

    should be replaced by:

    new HeaderClient("Authorization", "Bearer ", oidcClient.getProfileCreator());
    

    But there is a bug in the latest pac4j v6.0.0-RC6. I just committed a fix. Can you check again with the 6.0.0-RC7-SNAPSHOT (available in the Sonatype snapshots repo)? Thanks