Michael Molholt Posted March 16, 2022 Posted March 16, 2022 I have a web application that I wish to use my Invision Community as an OAuth2 server/service provider for. I have it mostly implemented and am receiving a proper response on callback. However, the response returns an empty resourceOwnerId, which blocks me from continuing with the implementation as I cannot pull any user information. Could you tell me why the forum software is returning this value empty? I have included a sample response below: League\OAuth2\Client\Token\AccessToken Object ( [accessToken:protected] => 735f8af921fcc07e60eeba86e337296e_1f045d3869e6c77e3cc99236af0368d7d96e5889a8024fd6a27328761dbb8e4b [expires:protected] => 1649852825 [refreshToken:protected] => [resourceOwnerId:protected] => [values:protected] => Array ( [token_type] => bearer [scope] => profile email ) ) Thanks!
Marc Posted March 16, 2022 Posted March 16, 2022 I have moved your topic to our developer forums, where people are better placed to assist. We cannot assist with development as part of our standard support offering, unfortunately.
Solution Stuart Silvester Posted March 16, 2022 Solution Posted March 16, 2022 Invision Community doesn't have the concept of ResourceOwnerIds. It isn't part of the OAuth 2 specification that we follow. Something like that would be used where many tenants/sites may be hosted on one single platform, i.e. where customers use Azure AD the ResourceOwnerId would be the tenant ID to make sure the requests are going to the correct customer account.
Michael Molholt Posted March 17, 2022 Author Posted March 17, 2022 7 hours ago, Stuart Silvester said: Invision Community doesn't have the concept of ResourceOwnerIds. It isn't part of the OAuth 2 specification that we follow. Something like that would be used where many tenants/sites may be hosted on one single platform, i.e. where customers use Azure AD the ResourceOwnerId would be the tenant ID to make sure the requests are going to the correct customer account. Is there anything in the token that can be used to identify the individual user?
Stuart Silvester Posted May 18, 2022 Posted May 18, 2022 The token can be used with the /api/core/me endpoint to fetch identity information.
Recommended Posts