Jump to content

Issues with OpenID UsersInfo Endpoint


Recommended Posts

Hi friends,

I've been working with WHMCS support on an issue I'm facing with API calls to UsersInfo but their team unfortunately isn't able to help. I'm posting here hoping that someone can either reproduce the issue or has faced it and knows a resolution. While using a PHP library (and Postman as well to simulate the calls) to connect via OpenID to WHMCS, I have no issues obtaining the JWT and Access_Token returned from the flow, but making a subsequent call to the UsersInfo endpoint with the access_token returned in the same payload as the JWT as the bearer, I get a 401 Unauthorized in both PHP and Postman. This Endpoint seems to not work as I expect it to, which is based on OpenID and OAuth 2.0 Standards.

Here is the library: https://github.com/jumbojett/OpenID-Connect-PHP

Has anyone else faced this issue and/or know how to resolve it?

Brandin.

Link to comment
Share on other sites

  • 1 year later...

I am currently facing something similar when trying to integrate SSO. I am testing in POSTMAN and if I set the authorization token in the header via Bearer it does not work. However, if I set a query param access_token= with the token it works as expected.

Link to comment
Share on other sites

So, my solution as of now is to create my own pseduo userinfo php file in my whmcs directory.

The first thing I need to do is to reveal the authorization header via .htaccess

CGIPassAuth on

And then create oauth-intermediary.php file that takes the Bearer userinfo request and does a POST request with access_token query string

<?php
//OLD USERINFO https://www.yoursite.com/oauth/userinfo.php
//NEW USERINFO https://www.yoursite.com/oauth-intermediary.php
header('Content-Type: application/json');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://www.yoursite.com/oauth/userinfo.php?access_token=".str_replace("Bearer ","",getallheaders()["Authorization"]));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
echo $server_output;
curl_close ($ch);

 

Link to comment
Share on other sites

  • 3 weeks later...

Eu estava tendo o mesmo problema porém não consegui resolver com essa biblioteca ai, então usei essa: https://www.phpclasses.org/package/7700-PHP-Authorize-and-access-APIs-using-OAuth.html
Dentro do arquivo de configuração oauth_configuration.json  inclua:
 

"WHMCS":
                {
                        "oauth_version": "2.0",
                        "dialog_url": "https://www.YOURHOST.com.br/cliente/oauth/authorize.php?client_id={CLIENT_ID}&response_type=code&redirect_uri={REDIRECT_URI}&scope={SCOPE}&state={STATE}",
                        "access_token_url": "https://www.YOURHOST.com.br/cliente/oauth/token.php"
                }

 

--

Use o arquivo de referencia para seus códigos: login_microsfot_openid.php e edite de acordo com o que precisar.

 

Agora o problema que estou tendo é para usar as credenciais obtidas em consultas a API.

Link to comment
Share on other sites

  • 3 years later...

this should be added in the Docs: https://docs.whmcs.com/system/authentication/openid-connect-development/#6-authenticate-the-user

after a lot of search i was able to find this.

Example: oauth/userinfo.php?access_token={access_token:}

generatet from step 4: https://docs.whmcs.com/system/authentication/openid-connect-development/#4-exchange-code-for-the-access_token-value-and-the-id-token

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated