How to Validate an Access Token for OAuth2 + PCKE flow
According to this document https://developers.onelogin.com/openid-connect/guides/auth-flow-pkce
Token Endpoint for PCKE flow is None (not Basic or POST)
So, how can I use the validation token API https://developers.onelogin.com/openid-connect/api/validate-session because it supports Basic authentication or POST but not for None (PCKE) I can't find any information relate to this.
NOTE: I have tried to request with Basic authentication and without + client_id, client_secret as a parameter but not working.
response 401 Unauthorized
{
"error": "invalid_client",
"error_description": "client authentication failed"
}
I'm using OIDC with PKCE, and I managed to call the https://openid-connect.onelogin.com/oidc/token/introspection endpoint with a token retrieved via the authorization code flow:
$ curl -i -d "token=...&token_type_hint=access_token&client_id=..." https://openid-connect.onelogin.com/oidc/token/introspection
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Length: 304
Content-Type: application/json; charset=utf-8
Date: Thu, 25 Apr 2019 23:37:42 GMT
Pragma: no-cache
X-Powered-By: Express
Set-Cookie: ol_oidc_canary_040819=false; path=/; domain=.onelogin.com
{"active":true,"sub":"...","client_id":"...","exp":1558819177,"iat":1556227177,"sid":"...","iss":"https://openid-connect.onelogin.com/oidc","jti":"...","scope":"openid profile email"}
Both the access_token and refresh_token returned from the auth code flow https://developers.onelogin.com/openid-connect/api/authorization-code-grant worked, and the access_token only returned {"active":false} after it expired.
Make sure you are not setting the Authorization header, and only set your client_id in the payload.
- How do I get currency exchange rates via an API such as Google Finance?
- How to retrieve pack list with Shippingbo API?
- aws api gateway whitelist reactjs app ip address
- python fastapi giving incorrect responses
- How to map data in reactJS?
- Calling a POST API on android
- API to post messages on Diaspora 0.7.*
- how to get server to client response time in miliseconds while testing websocket API
- How to convert the sunset UNIX timestamp from OpenWeather API to local time using JavaScript?
- PUT call not working for s3 bucket using a AWS GATEWAY api?
- Exception in main java.lang.ClassCastException:class java.lang.String can't be cast to class
- Verbix: 403 error in Java API but not browser or Postman
- Can't find the reason my app returns Uncaught TypeError: Cannot read properties of undefined
- ASP.NET Core - AggregateException: some services are not able to be constructed
- Understanding Allow and Deny statements in AWS permission policies
- Passing multiple certificates through Curl request using Guzzle
- Understanding the difference between these two python requests POST calls (data vs. json args)
- How to protect Open xpage REST API using Azure OAuth or Azure API Gateway
- JWT payload does not contain the required claims
- Expo React Native post method not including MEDIA on Django rest framework right path
- Use postman to get a token from a request and send it to another
- Assign Json to a string without serilization in c#
- express Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
- Extracting data from Wikipedia API
- Update a monthly payment subscription to a single payment after a failed payment? Or allowing the customer to do so or not
- What is a __cf_bm cookie?
- Steam API Returns blank json
- Facing errors in fetching data from rest API to my front-end
- How can I find telegram user by id
- Calling REST API from controller codeigniter