BrandinArsenault Posted July 8, 2020 Share Posted July 8, 2020 Hi friends, I've been working with WHMCS support on an issue I'm facing with API calls to UsersInfo but their team unfortunately isn't able to help. I'm posting here hoping that someone can either reproduce the issue or has faced it and knows a resolution. While using a PHP library (and Postman as well to simulate the calls) to connect via OpenID to WHMCS, I have no issues obtaining the JWT and Access_Token returned from the flow, but making a subsequent call to the UsersInfo endpoint with the access_token returned in the same payload as the JWT as the bearer, I get a 401 Unauthorized in both PHP and Postman. This Endpoint seems to not work as I expect it to, which is based on OpenID and OAuth 2.0 Standards. Here is the library: https://github.com/jumbojett/OpenID-Connect-PHP Has anyone else faced this issue and/or know how to resolve it? Brandin. 0 Quote Link to comment Share on other sites More sharing options...
TRonin81 Posted July 21, 2021 Share Posted July 21, 2021 I am currently facing something similar when trying to integrate SSO. I am testing in POSTMAN and if I set the authorization token in the header via Bearer it does not work. However, if I set a query param access_token= with the token it works as expected. 0 Quote Link to comment Share on other sites More sharing options...
TRonin81 Posted July 21, 2021 Share Posted July 21, 2021 So, my solution as of now is to create my own pseduo userinfo php file in my whmcs directory. The first thing I need to do is to reveal the authorization header via .htaccess CGIPassAuth on And then create oauth-intermediary.php file that takes the Bearer userinfo request and does a POST request with access_token query string <?php //OLD USERINFO https://www.yoursite.com/oauth/userinfo.php //NEW USERINFO https://www.yoursite.com/oauth-intermediary.php header('Content-Type: application/json'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,"https://www.yoursite.com/oauth/userinfo.php?access_token=".str_replace("Bearer ","",getallheaders()["Authorization"])); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $server_output = curl_exec($ch); echo $server_output; curl_close ($ch); 0 Quote Link to comment Share on other sites More sharing options...
Thiago F. Melo Posted August 6, 2021 Share Posted August 6, 2021 Eu estava tendo o mesmo problema porém não consegui resolver com essa biblioteca ai, então usei essa: https://www.phpclasses.org/package/7700-PHP-Authorize-and-access-APIs-using-OAuth.html Dentro do arquivo de configuração oauth_configuration.json inclua: "WHMCS": { "oauth_version": "2.0", "dialog_url": "https://www.YOURHOST.com.br/cliente/oauth/authorize.php?client_id={CLIENT_ID}&response_type=code&redirect_uri={REDIRECT_URI}&scope={SCOPE}&state={STATE}", "access_token_url": "https://www.YOURHOST.com.br/cliente/oauth/token.php" } -- Use o arquivo de referencia para seus códigos: login_microsfot_openid.php e edite de acordo com o que precisar. Agora o problema que estou tendo é para usar as credenciais obtidas em consultas a API. 0 Quote Link to comment Share on other sites More sharing options...
wambomango Posted August 27 Share Posted August 27 this should be added in the Docs: https://docs.whmcs.com/system/authentication/openid-connect-development/#6-authenticate-the-user after a lot of search i was able to find this. Example: oauth/userinfo.php?access_token={access_token:} generatet from step 4: https://docs.whmcs.com/system/authentication/openid-connect-development/#4-exchange-code-for-the-access_token-value-and-the-id-token 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.