尝试身份验证代码交换时身份验证后出现 auth0 401 错误
[英]auth0 401 error after authentication while attempting auth code exchange
问题描述
I'm struggling to get user info after authenticating using the auth0 PHP SDK.
在使用 auth0 PHP SDK 进行身份验证后,我正在努力获取用户信息。 This is on my localhost using ngrok.这是在我的本地主机上使用 ngrok。 I'm just using the basic example files in the SDK and I'm able to log in fine.我只是使用 SDK 中的基本示例文件,我可以正常登录。 However, after login when it re-directs to my callback url and attempts to exchange the auth code, I get a 401 error with "unauthorized".但是,登录后,当它重定向到我的回调 url 并尝试交换身份验证代码时,我收到“未经授权”的 401 错误。
Here is the error in wamp:这是 wamp 中的错误:
In the logs I can see that the login happened successfully, but when attempting to exchange the auth code, it fails.在日志中,我可以看到登录成功,但是在尝试交换身份验证代码时,它失败了。
I can also confirm that I'm getting the code and the state back in my query parameters:我还可以确认我正在获取查询参数中的代码和状态:
https://myurl.ngrok.io/auth/?code=ygKukP3B5_xk0pbb&state=5ae5b7a643aa46.52329844
I've made a couple of slight modifications to the example files while trying to get this to work, but I don't think that's the culprit.在尝试使其工作时,我对示例文件进行了一些细微的修改,但我认为这不是罪魁祸首。 Just in case, here's the code:以防万一,这里是代码:
require 'vendor/autoload.php';
//require 'dotenv-loader.php';
use Auth0\SDK\Auth0;
$domain = 'mydomain.auth0.com';
$client_id = 'MYCLIENT';
$client_secret = 'MYSECRET';
$redirect_uri = 'https://myurl.ngrok.io/auth/';
$auth0 = new Auth0([
'domain' => $domain,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'persist_id_token' => true,
'persist_refresh_token' => true,
'audience' => 'https://mydomain.auth0.com/userinfo',
'scope' => 'openid profile'
]);
if (isset($_REQUEST['logout'])) {
$auth0->logout();
session_destroy();
header("Location: /");
die();
}
if(isset($_REQUEST['code'])) {
$userInfo = $auth0->getUser();
var_dump($userInfo);
} else {
$auth0->login();
}
UPDATE:更新:
I also noticed that when the page first loads I get the previously mentioned error.我还注意到,当页面第一次加载时,我收到了前面提到的错误。 If I refresh the page, I get Fatal error: Uncaught Auth0\\SDK\\Exception\\CoreException: Invalid state如果我刷新页面,我会收到Fatal error: Uncaught Auth0\\SDK\\Exception\\CoreException: Invalid state
1 个解决方案
解决方案1
0 2020-09-30 09:59:01
I had this issue on an application that was available on two subdomains a and b but uses only b as an configured application domain.我在两个子域a和b上可用的应用程序上遇到了这个问题,但仅使用b作为配置的应用程序域。 When user accesses a Auth0's nonce (aka state) was created only for a leading to a failing validation due to an empty session when Auth0 redirected back to the configured application url on b .当用户访问a Auth0的现时信息(又名状态)只创造了a导致验证失败由于空会话时Auth0重定向回上配置的应用程序URL b 。
I solved this issue by setting php's cookie domain to b.我通过将 php 的 cookie 域设置为b.解决了这个问题b. . . Concretely in my laravel app i set the envvar SESSION_DOMAIN=b具体来说,在我的 Laravel 应用程序中,我设置了 envvar SESSION_DOMAIN=b
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.