I have a web application that I wish to use my Invision Community as an OAuth2 server/service provider for. I have it mostly implemented and am receiving a proper response on callback. However, the response returns an empty resourceOwnerId, which blocks me from continuing with the implementation as I cannot pull any user information. Could you tell me why the forum software is returning this value empty? I have included a sample response below:

League\OAuth2\Client\Token\AccessToken Object ( [accessToken:protected] => 735f8af921fcc07e60eeba86e337296e_1f045d3869e6c77e3cc99236af0368d7d96e5889a8024fd6a27328761dbb8e4b [expires:protected] => 1649852825 [refreshToken:protected] => [resourceOwnerId:protected] => [values:protected] => Array ( [token_type] => bearer [scope] => profile email ) )

Thanks!

I have moved your topic to our developer forums, where people are better placed to assist. We cannot assist with development as part of our standard support offering, unfortunately.

Invision Community doesn't have the concept of ResourceOwnerIds. It isn't part of the OAuth 2 specification that we follow.

Something like that would be used where many tenants/sites may be hosted on one single platform, i.e. where customers use Azure AD the ResourceOwnerId would be the tenant ID to make sure the requests are going to the correct customer account.

7 hours ago, Stuart Silvester said:

Invision Community doesn't have the concept of ResourceOwnerIds. It isn't part of the OAuth 2 specification that we follow.

Something like that would be used where many tenants/sites may be hosted on one single platform, i.e. where customers use Azure AD the ResourceOwnerId would be the tenant ID to make sure the requests are going to the correct customer account.

Is there anything in the token that can be used to identify the individual user?

The token can be used with the /api/core/me endpoint to fetch identity information.