Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot login using Intuit #663

Closed
ashokgelal opened this issue Jun 2, 2020 · 7 comments
Closed

Cannot login using Intuit #663

ashokgelal opened this issue Jun 2, 2020 · 7 comments
Assignees
@robotdan
Labels
moved to forum

Comments

@ashokgelal
Copy link

ashokgelal commented Jun 2, 2020
edited

Cannot connect using Inutit as an OpenID Connect Provider

The log tells me:

Request to the [https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer] endpoint failed. Status code [401]

Error response is 
{
  "error" : "invalid_client"
}

Some links:

This is what my configuration looks like:

https://cln.sh/WhsoHd
@robotdan
Copy link
Member

robotdan commented Jun 2, 2020
edited

Config looks ok from a quick view of it.

You can double check the client id and secret are correct and don't have any trailing white space when entered in the FusionAuth config.

The scope you have configured does not show up in the discovery document but I would assume you'd receive a different error I'd that was a problem.

Have you registered a redirect_uri in your Intuit account, if so what value did you register?

@ashokgelal
Copy link
Author

I made sure of that. I also tried with different set of Id and Secret to be extra sure.

@robotdan
Copy link
Member

robotdan commented Jun 2, 2020

If I can dig up an Intuit account I may be able to attempt a recreate to see what is failing.

@ashokgelal
Copy link
Author

For the callback: http://localhost:9011/oauth2/callback

Good point about scope. I'll double check it and report back.

@ashokgelal
Copy link
Author

Changed the scope to openid profile but still getting invalid_client error. I can send you a temporary secret and the id from a sandbox account that you can use to try it out. Not sure how to send you a DM though. I can email you.

@robotdan
Copy link
Member

robotdan commented Jun 2, 2020
edited

I was able to recreate your symptoms, their APIs don't seem to be working well with the client_secret_basic authentication method.

Their discovery document indicates they support both client_secret_post and client_secret_basic.

"token_endpoint_auth_methods_supported":[  
      "client_secret_post",
      "client_secret_basic"
   ]

The default OpenID Connect config in FusionAuth will use client_secret_basic.

I found a thread indicating others are also having problems with the Basic Authorization strategy.
https://help.developer.intuit.com/s/question/0D50f000050TBnCCAW/getting-the-errorinvalidclient-for-access-tokens

I added to the above thread based upon my findings.

Switching the configuration to use client_secret_post allowed to complete an authentication request.

@robotdan robotdan self-assigned this Jun 2, 2020
@ashokgelal
Copy link
Author

That seems to have done the trick. This is a top notch support. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robotdan robotdan

Labels
moved to forum
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mooreds @ashokgelal @robotdan