[SOLVED] IPS custom OAuth2 error.

[Paulius Pro]

Hello, I am building my own NodeJS OAuth2 server that services authentication from IPS.

However I am encountering some issues making it work. IPS constantly throws me error :

"The provider is not responding as expected. Check the application settings are correct and you have registered the correct Redirect URI."
 

IPS request is handled correctly in NodeJS server, and server returns these in body:

access_token:"0000000000000000000000000000000000000000"

refresh_token:"0000000000000000000000000000000000000000"

token_type:"Bearer"

It also sets these headers as required by OAuth2 RFC

  res.set("Cache-Control", "no-store");

  res.set("Pragma", "no-cache");

However, it doesn't work. I tried redirecting it to /oauth/callback as required by IPS, and it still shows the same error.

Any ideas what I could be doing wrong?

 

[bfarber]

What kind of grant type are you attempting to configure?

That error message would be shown (and the actual exception message should be displayed at the end of the sentence actually) if

1) There is a HTTP communication error

2) You are setting up a password grant and the provider is not returning error=invalid_grant in the response

[Paulius Pro]

Grant is Resource Owner Password Credentials ("password")

What I do receive when I manually post for token :

 

or this (if i am not setting the redirect)

 

This would also be the information IPS receives.

 

[bfarber]

When you go to save the settings a test is performed using "username" as the username and "password" as the password. The software is expecting these are invalid, and subsequently is expecting to get an invalid_grant error response, which is not happening. Are you treating "username" and "password" (as the username/password combination) special on your end somehow, or are these somehow valid credentials by chance?

[Paulius Pro]

8 hours ago, bfarber said:

When you go to save the settings a test is performed using "username" as the username and "password" as the password. The software is expecting these are invalid, and subsequently is expecting to get an invalid_grant error response, which is not happening. Are you treating "username" and "password" (as the username/password combination) special on your end somehow, or are these somehow valid credentials by chance?

Yes, that was the error! Thank you very much. Not sure if I have to create a new topic but what data does the IPS expect from User Information Endpoint? 

I am sending  

However IPS says:

When trying to sign in.

 

I noticed that it does same request twice, once with access_token in query string and other with access_token in body. Is there are special way it needs to be handled for IPS?

[bfarber]

It uses the header first, and falls back to trying the query string if that does not succeed.

The only data necessary is a unique user ID ('sub' in your example). It sounds like the software is not picking this up from the user info endpoint for some reason, although without looking at it directly I can't say why from here. You may wish to submit a ticket for assistance.

[Paulius Pro]

1 hour ago, bfarber said:

It uses the header first, and falls back to trying the query string if that does not succeed.

The only data necessary is a unique user ID ('sub' in your example). It sounds like the software is not picking this up from the user info endpoint for some reason, although without looking at it directly I can't say why from here. You may wish to submit a ticket for assistance.

Hey thanks again for response. I got it fully working. In IPS it says that to get user info data you have to fill in the fields with response[user_id] and etc... So whats what I did, response_{, response[name], response. But apparently you don't need to add response[ ], just sub, name, email. Don't know how I was confused by it, but anyways, it works!}

_{Thank you again for the help!}