Problem/Motivation

Function OpenIDConnect::parseToken fails to parse base64url encoded tokens. I found this problem using Keycloak as identity provider.

Steps to reproduce

In some cases, users cannot login leaving a "No "sub" found for provider [provider-name]" entry on Drupal log. Tracking down the issue, i found that for those users OpenIDConnect::parseToken return always the token (still encoded) as string.

Proposed resolution

Modify parseToken to support both base64 and base64url encondings.

Remaining tasks

None

User interface changes

None

API changes

None

Data model changes

None

CommentFileSizeAuthor
#2 base64url-3268569-2.patch527 bytesmaurizio.ganovelli

Comments

maurizio.ganovelli created an issue. See original summary.

maurizio.ganovelli’s picture

maurizio.ganovelli
he/him
Primary language Italian
Location Arezzo
commented
StatusFileSize
new base64url-3268569-2.patch527 bytes

Attached a working patch.

maurizio.ganovelli’s picture

maurizio.ganovelli
he/him
Primary language Italian
Location Arezzo
commented
Version: 8.x-1.x-dev » 2.x-dev
maurizio.ganovelli’s picture

maurizio.ganovelli
he/him
Primary language Italian
Location Arezzo
commented
Status: Active » Needs review
bgustafson’s picture

bgustafson commented

I had this problem as well. My tokens that were not decoding correctly in the module even though they were verified to be valid JWTs using https://jwt.io/ and were decoding correctly there. The patch fixed it for me, thanks!

FWIW, the SDK that my identity provider (Auth0) provided uses effectively the same replacement technique: https://github.com/auth0/auth0-PHP/blob/bd785080772275d7769e9d046b188a83...

webflo’s picture

webflo commented
Status: Needs review » Reviewed & tested by the community

Thanks, looks great. I had a few failures with Moodle as IDP.

  • jcnventura committed 4fd97b9 on 2.x 
    Issue #3268569 by maurizio.ganovelli, bgustafson, webflo, jcnventura:...
jcnventura’s picture

jcnventura
Primary language English
commented
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.