Getting error with OIDC identity provider
-
When I am trying to set up a OIDC identity provider, I am seeing an error after I login:
invalid_origin.When I look at the event log I see:
Request to the [https://REDACTED/userinfo] endpoint failed. Status code [200].Exception encountered.com.inversoft.rest.JSONException : Message: Failed to parse the HTTP response as JSON. Actual HTTP response body: eyJra...If I decoded the JWT in the response body, I get back a valid userinfo response.
How can I handle this?
-
That is an encoded (signed) JWT being sent in response to the user info request that the FusionAuth OIDC identity provider is making.
This is technically allowed in the OIDC spec, but we do not currently support this response type.
Per spec, the endpoint should support a JSON response which is the default unless the client requests a signed or encrypted response body.
I would look at how your client is registered and see if it is asking for a JWT userinfo response at that time, and change it to be a normal JSON response. You could also file an issue detailing your needs for FusionAuth to support this user info response type.
If that isn't an option, you could also look at using a SAML Identity Provider if the remote identity source supports that.