OIDC extension: OAuth2 client authentication error

Wessel, Keith kwessel at illinois.edu
Fri May 24 15:59:18 EDT 2019


We've got a developer trying to authenticate and get user info from our IdP that's running the current version of the OIDC extension. The developer couldn't find a good OIDC library for their platform, so they're using an OAuth2 library instead. My testing with OIDC libraries is working fine, and I'm still trying to understand the differences.

They're able to send the authentication request successfully, but when they try to hit the token endpoint (/idp/profile/oidc/token), we get a client authentication error:
2019-05-24 11:56:04,061 - WARN [org.geant.idpextension.oidc.profile.impl.ValidateEndpointAuthentication:206] [session=1tlg7dugf7lhp19eb4wanhtego] [ip=] - Profile Action ValidateEndpointAuthentication: Unrecognized client authentication null for client_secret_basic
2019-05-24 11:56:04,065 - WARN [org.opensaml.profile.action.impl.LogEvent:105] [session=1tlg7dugf7lhp19eb4wanhtego] [ip=] - A non-proceed event occurred while processing the request: AccessDenied

That's when they set client_secret_basic to the secret that they provided in the metadata they gave us to register. (I say gave us because they could never get dynamic client registration to work, so we added it to the local oidc-metadata.xml).

They also tried just setting client_secret instead of client_secret_basic which resulted in a slightly different error:
2019-05-23 14:58:57,503 - WARN [org.geant.idpextension.oidc.profile.impl.ValidateEndpointAuthentication:206] [session=ihsr3bkhshhcy6dy9p4dvg4] [ip=] - Profile Action ValidateEndpointAuthentication: Unrecognized client authentication com.nimbusds.oauth2.sdk.auth.ClientSecretPost at 356cc6cc for client_secret_basic

Any suggestions on what the cause might be or how to troubleshoot further?


More information about the users mailing list