Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uncaught exception with message 'invalid_grant' after authenticating user #123

Open
selimirez opened this issue Sep 25, 2020 · 1 comment
Open

Uncaught exception with message 'invalid_grant' after authenticating user #123

selimirez opened this issue Sep 25, 2020 · 1 comment

Comments

@selimirez
Copy link

After the user gets authenticated and the necessary information is gathered from AAD, I get the following error;

Uncaught exception 'League\OAuth2\Client\Provider\Exception\IdentityProviderException' with message 'invalid_grant' in /var/www/myAapp/vendor/thenetworg/oauth2-azure/src/Provider/Azure.php:315

I have 2 separate files that complete the flow (not sure if this info is relevant), one file gets the code and the other completes the token generation to get the user data.

Despite getting the necessary user information and log them in it seems to proceed further and cause this exception.

I will appreciate any help

Stack Trace is as below;

#0 /var/www/myAapp/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(628): TheNetworg\OAuth2\Client\Provider\Azure->checkResponse(Object(GuzzleHttp\Psr7\Response), Array)
#1 /var/www/myAapp/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(537): League\OAuth2\Client\Provider\AbstractProvider->getParsedResponse(Object(GuzzleHttp\Psr7\Request))
#2 /var/www/myAapp/vendor/thenetworg/oauth2-azure/src/Provider/Azure.php(59): League\OAuth2\Client\Provider\AbstractProvider->getAccessToken('authorization_c...', Array)
#3 /var/www/myAapp/controllers/application.php(253): TheNetworg\OAuth2\Client\Provider\Azure->getAccessToken('authorization_c...', Array)
#4 /var/www/myAapp/controllers/application.php(304): azureSso(Object(Request))
#5 /var/www/framework/controllers/framework.php(186): include('/var/www/myApp/co..
@decomplexity
Copy link

When I have seen this message it has usually been because the token presented to the token endpoint is the wrong type of token. If you acquire a refresh token and then - in a later run - use it to acquire a new access token (this is the way e.g. PHPMailer works), it is all too easy to accidentally offer the wrong token for that grant. Have you checked the token in jwt.ms? Access tokens should display formatted (leave out the initial email address and 'bearer'); refresh tokens and authorization codes are impenetrable with or without decode 64'ing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@selimirez @decomplexity