[Bug] OAuth 2 not working with OpenId

[daveowenatl]

• Insomnia Version: v5.14.9
• Operating System: Windows 10

Details

Hi,
I'm having trouble getting OAuth 2 working with OpenId Implicit grant type. It looks as though it's still looking for access_token= in the redirect url even though I've set response type to ID Token, and this is causing it to miss the id_token that's coming back in the redirect.

Here are the log messages I'm seeing in the developer console.

[oauth2] Loaded "https://login.microsoftonline.com/purecarsqa.onmicrosoft.com/oauth2/v2.0/au…5-b251ffb7d560&redirect_uri=https%3A%2F%2Fapi-qa.purecars.com&scope=openid"
[oauth2] Ignoring URL "https://api-qa.purecars.com/#id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsI…tQj1u1tnfSh7qkeA0xJPBkRKBRb0528frH0q9wqpN-hcpgWyXyuPHh8oOwj5MEmc-NMqOqHFzQ". Didn't match /(access_token=)/

[gschier]

TL;DR try switching the response type to "ID and Access Token".

Hey there. I'm not the one who added OpenID support to Insomnia but I took a quick look at the docs. Here's what I found.

It looks like Insomnia only really supports the id_token token (ID and Access Token in Insomnia) response type which returns id_token AND access_token. In this case, Insomnia ignores the id_token and just pulls the access_token out, which it uses in the regular OAuth 2.0 flow.

It doesn't look like there's actually any handling of id_token anywhere in Insomnia yet. I'm not sure what is contained in id_token but, based on the docs, it seems to only be necessary for validation purposes. Have you tried switching the response type in Insomnia to "ID and Access Token"?

[gschier]

P.S. If you are knowledgable on OpenID, please correct me if I'm wrong.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.