Michael Molholt Posted March 16, 2022 Share Posted March 16, 2022 I have a web application that I wish to use my Invision Community as an OAuth2 server/service provider for. I have it mostly implemented and am receiving a proper response on callback. However, the response returns an empty resourceOwnerId, which blocks me from continuing with the implementation as I cannot pull any user information. Could you tell me why the forum software is returning this value empty? I have included a sample response below: League\OAuth2\Client\Token\AccessToken Object ( [accessToken:protected] => 735f8af921fcc07e60eeba86e337296e_1f045d3869e6c77e3cc99236af0368d7d96e5889a8024fd6a27328761dbb8e4b [expires:protected] => 1649852825 [refreshToken:protected] => [resourceOwnerId:protected] => [values:protected] => Array ( [token_type] => bearer [scope] => profile email ) ) Thanks! Link to comment Share on other sites More sharing options...
Marc Posted March 16, 2022 Share Posted March 16, 2022 I have moved your topic to our developer forums, where people are better placed to assist. We cannot assist with development as part of our standard support offering, unfortunately. Link to comment Share on other sites More sharing options...
Solution Stuart Silvester Posted March 16, 2022 Solution Share Posted March 16, 2022 Invision Community doesn't have the concept of ResourceOwnerIds. It isn't part of the OAuth 2 specification that we follow. Something like that would be used where many tenants/sites may be hosted on one single platform, i.e. where customers use Azure AD the ResourceOwnerId would be the tenant ID to make sure the requests are going to the correct customer account. Link to comment Share on other sites More sharing options...
Michael Molholt Posted March 17, 2022 Author Share Posted March 17, 2022 7 hours ago, Stuart Silvester said: Invision Community doesn't have the concept of ResourceOwnerIds. It isn't part of the OAuth 2 specification that we follow. Something like that would be used where many tenants/sites may be hosted on one single platform, i.e. where customers use Azure AD the ResourceOwnerId would be the tenant ID to make sure the requests are going to the correct customer account. Is there anything in the token that can be used to identify the individual user? Link to comment Share on other sites More sharing options...
Stuart Silvester Posted May 18, 2022 Share Posted May 18, 2022 The token can be used with the /api/core/me endpoint to fetch identity information. Link to comment Share on other sites More sharing options...
Recommended Posts