Issues with OpenID UsersInfo Endpoint

[BrandinArsenault]

Hi friends,

I've been working with WHMCS support on an issue I'm facing with API calls to UsersInfo but their team unfortunately isn't able to help. I'm posting here hoping that someone can either reproduce the issue or has faced it and knows a resolution. While using a PHP library (and Postman as well to simulate the calls) to connect via OpenID to WHMCS, I have no issues obtaining the JWT and Access_Token returned from the flow, but making a subsequent call to the UsersInfo endpoint with the access_token returned in the same payload as the JWT as the bearer, I get a 401 Unauthorized in both PHP and Postman. This Endpoint seems to not work as I expect it to, which is based on OpenID and OAuth 2.0 Standards.

Here is the library: https://github.com/jumbojett/OpenID-Connect-PHP

Has anyone else faced this issue and/or know how to resolve it?

Brandin.

[TRonin81]

I am currently facing something similar when trying to integrate SSO. I am testing in POSTMAN and if I set the authorization token in the header via Bearer it does not work. However, if I set a query param access_token= with the token it works as expected.

[TRonin81]

So, my solution as of now is to create my own pseduo userinfo php file in my whmcs directory.

The first thing I need to do is to reveal the authorization header via .htaccess

CGIPassAuth on

And then create oauth-intermediary.php file that takes the Bearer userinfo request and does a POST request with access_token query string

<?php
//OLD USERINFO https://www.yoursite.com/oauth/userinfo.php
//NEW USERINFO https://www.yoursite.com/oauth-intermediary.php
header('Content-Type: application/json');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://www.yoursite.com/oauth/userinfo.php?access_token=".str_replace("Bearer ","",getallheaders()["Authorization"]));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
echo $server_output;
curl_close ($ch);

 

[Thiago F. Melo]

Eu estava tendo o mesmo problema porém não consegui resolver com essa biblioteca ai, então usei essa: https://www.phpclasses.org/package/7700-PHP-Authorize-and-access-APIs-using-OAuth.html
Dentro do arquivo de configuração oauth_configuration.json  inclua:
 

"WHMCS":
                {
                        "oauth_version": "2.0",
                        "dialog_url": "https://www.YOURHOST.com.br/cliente/oauth/authorize.php?client_id={CLIENT_ID}&response_type=code&redirect_uri={REDIRECT_URI}&scope={SCOPE}&state={STATE}",
                        "access_token_url": "https://www.YOURHOST.com.br/cliente/oauth/token.php"
                }

 

--

Use o arquivo de referencia para seus códigos: login_microsfot_openid.php e edite de acordo com o que precisar.

 

Agora o problema que estou tendo é para usar as credenciais obtidas em consultas a API.

[wambomango]

this should be added in the Docs: https://docs.whmcs.com/system/authentication/openid-connect-development/#6-authenticate-the-user

after a lot of search i was able to find this.

Example: oauth/userinfo.php?access_token={access_token:}

generatet from step 4: https://docs.whmcs.com/system/authentication/openid-connect-development/#4-exchange-code-for-the-access_token-value-and-the-id-token