Hello, I'm working on setting up OIDC for our gd.cn instance.
Unfortunately it isn't working but I can't debug the issue from the GD side.
Here is the organization configuration:
{
"data": {
"id": "<myorgid>",
"type": "organization",
"attributes": {
"name": "WizeHive",
"hostname": "wizehive.poc.cloud.gooddata.com",
"oauthIssuerLocation": "https://<ourhost.org>/",
"oauthClientId": "jQPiFIaePpt5EQDav00zha_XvPmku2-SltwKcy79-tk",
"oauthClientSecret": "<secret>"
}
}
}
Much of the login process appears to succeed.
Here is a summary of the requests to the OIDC provider:
GET /.well-known/openid-configuration
200 - OK
GET /oauth/authorize?response_type=code&client_id=jQPiFIaePpt5EQDav00zha_XvPmku2-SltwKcy79-tk&scope=openid%20profile&state=RorYXYYc2SsLpFW1w-h9-gjYPQvNxoRRb6Fh6hsjGQY%3D&redirect_uri=https%3A%2F%2Fwizehive.poc.cloud.gooddata.com%2Flogin%2Foauth2%2Fcode%2Fwizehive.poc.cloud.gooddata.com&nonce=M6P7mmX2vPmJvoSdUt-iZHQfsUgE8hTVIYDPCWPHKeQ
200 - OK
POST /oauth/authorize
302
post body:authenticity_token=h16hDa8G8ejOzHLaMutOVU07TXxHnTsWebO%2B0lKPryviT%2Bn%2BK%2By8RzgG2lrm3%2BrDRKJTiEbt6%2BD8hf8RShymYA%3D%3D&client_id=jQPiFIaePpt5EQDav00zha_XvPmku2-SltwKcy79-tk&redirect_uri=https%3A%2F%2Fwizehive.poc.cloud.gooddata.com%2Flogin%2Foauth2%2Fcode%2Fwizehive.poc.cloud.gooddata.com&state=RorYXYYc2SsLpFW1w-h9-gjYPQvNxoRRb6Fh6hsjGQY%3D&response_type=code&response_mode=query&scope=openid+profile&code_challenge=&code_challenge_method=&commit=Authorize
302 Location
https://wizehive.poc.cloud.gooddata.com/login/oauth2/code/wizehive.poc.cloud.gooddata.com?code=hi_A-NiwDXM7KNJ8usj2jPIkZWuW4EEdDIvIY18nyUc&state=RorYXYYc2SsLpFW1w-h9-gjYPQvNxoRRb6Fh6hsjGQY%3D
GET /.well-known/openid-configuration
200 - OK
POST /oauth/token
200 - OK
Posted token:{
"access_token": "2EVEak5k67gTVt5kjjI2nIpL_lBuXuGM3bp9QSP_m5k",
"token_type": "Bearer",
"expires_in": 7200,
"scope": "openid profile",
"created_at": 1667195403,
"id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6InBkV29RZUdGbkZrdW96X19yU2ZfMW4tblFjdjRCVzd4b2E3RmF5Rk11aUUifQ.eyJpc3MiOiJodHRwczovL3d3dy5zaGFyZS5iZnFhLm9yZy8iLCJzdWIiOiI1MmUwYmZhMTQ2ZjUxYWZlZWQxMDE3MDY3NmEzMWE1MGZmYTAyNTFkZWMzZDIxOTMzNTNiYmNjYzg0NWZiM2RiIiwiYXVkIjoialFQaUZJYWVQcHQ1RVFEYXYwMHpoYV9YdlBta3UyLVNsdHdLY3k3OS10ayIsImV4cCI6MTY2NzE5NTUyMywiaWF0IjoxNjY3MTk1NDAzLCJhdXRoX3RpbWUiOjE2NjcxOTU0MDN9.H2Nv7NrX7IoPvpXgh2o6T6Y7fx-nnjFSxVfsfTfQJS6wmLP-7-vvj_-PTHOvVSComib4aDkBUbyXdOFdiU6LrDGKG4jx16SxUnkoCk2T9baPsXTMn0dFK6SysWHdBexMZigN54gCFkRuY_Una8f_gWoy-vheytqvxCOC_N7ZEIQ5cWAqvYWF92V7vZhqAp4e4ImvYxLtIAHuxATJCXUzvnOPIk9D3sXeTcHw-nHhZiE-_G2L_GNyiw6Aq5o6PI4j_ICBdhedlwg220pR89CbSpsl1BeO6dVQY6T523JYqTNxT9HHU716klBytZE8oHc8kI7wwPUEmZv2bRJip7P4qA"
}
GET /oauth/discovery/keys
200 - OK
After this point my browser is at https://wizehive.poc.cloud.gooddata.com/login/oauth2/code/wizehive.poc.cloud.gooddata.com?code=hi_A-NiwDXM7KNJ8usj2jPIkZWuW4EEdDIvIY18nyUc&state=RorYXYYc2SsLpFW1w-h9-gjYPQvNxoRRb6Fh6hsjGQY%3D with a 401 error
What is happening after the last post to the /token endpoint that is causing the login to fail?
Best answer by Peter Plochan
View original