Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Cannot assign null to property Heptacom\\AdminOpenAuth\\Contract\\User::$displayName of type string #33

Open
MartinKuhl opened this issue Dec 25, 2024 · 5 comments
Open

[Bug]: Cannot assign null to property Heptacom\\AdminOpenAuth\\Contract\\User::$displayName of type string #33

MartinKuhl opened this issue Dec 25, 2024 · 5 comments

Comments

@MartinKuhl
Copy link

Plugin Version

7.0.0

PHP Version

8.3.15

Shopware Version

6.6.9.0

Installation method

Composer

Identity provider

OpenID Connect

What happened?

Everytime I try to connect to Authelia I receive an HTTP 500 error:
{
"errors": [
{
"code": "0",
"status": "500",
"title": "Internal Server Error",
"detail": "Cannot assign null to property Heptacom\AdminOpenAuth\Contract\User::$displayName of type string"
}
]
}

Relevant log output

[2024-12-25T19:25:15.990860+00:00] request.CRITICAL: Uncaught PHP Exception TypeError: "Cannot assign null to property Heptacom\AdminOpenAuth\Contract\User::$displayName of type string" at OpenIdConnectClient.php line 67 {"exception":"[object] (TypeError(code: 0): Cannot assign null to property Heptacom\\AdminOpenAuth\\Contract\\User::$displayName of type string at /var/www/html/vendor/heptacom/shopware-platform-admin-open-auth/src/Component/Provider/OpenIdConnectClient.php:67)"} []
@JoshuaBehrens
Copy link
Member

Hi @MartinKuhl can you please provide which kind of OIDC Provider you are using? Because this error will occur if you neither have a name, given name + family name, nickname, preferred username nor an email in the user info response. To deduct this we need to understand something that either has something to do with the error handling of a broken access token + user info request cycle or your identity provider has placed its information in an unexpected pattern.

@MartinKuhl
Copy link
Author

Hi @JoshuaBehrens ,
yes of course. I am using authelia. Maybe it is a configuration error on my site.
In which format should I save the application scopes?
As soon as I save my configuration, the application scope inputbox within the sso configuration become empty.

image

Here is the content of the /.well-known/openid-configuration:

{ "issuer": "https://auth.XXXX/", "jwks_uri": "https://auth.XXXX/jwks.json", "authorization_endpoint": "https://auth.XXXX/api/oidc/authorization", "token_endpoint": "https://auth.XXXX/api/oidc/token", "subject_types_supported": [ "public", "pairwise" ], "response_types_supported": [ "code", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token" ], "grant_types_supported": [ "authorization_code", "implicit", "client_credentials", "refresh_token" ], "response_modes_supported": [ "form_post", "query", "fragment", "jwt", "form_post.jwt", "query.jwt", "fragment.jwt" ], "scopes_supported": [ "offline_access", "openid", "profile", "groups", "email" ], "claims_supported": [ "amr", "aud", "azp", "client_id", "exp", "iat", "iss", "jti", "rat", "sub", "auth_time", "nonce", "email", "email_verified", "alt_emails", "groups", "preferred_username", "name" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none" ], "token_endpoint_auth_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "introspection_endpoint": "https://auth.XXXX/api/oidc/introspection", "revocation_endpoint": "https://auth.XXXX/api/oidc/revocation", "introspection_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "revocation_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "none" ], "revocation_endpoint_auth_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "code_challenge_methods_supported": [ "S256" ], "authorization_response_iss_parameter_supported": true, "introspection_signing_alg_values_supported": [ "RS256", "none" ], "pushed_authorization_request_endpoint": "https://auth.XXXX/api/oidc/pushed-authorization-request", "require_pushed_authorization_requests": false, "id_token_signing_alg_values_supported": [ "RS256", "none" ], "userinfo_endpoint": "https://auth.XXXX/api/oidc/userinfo", "userinfo_signing_alg_values_supported": [ "RS256", "none" ], "request_object_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "none" ], "claim_types_supported": [ "normal" ], "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": true, "claims_parameter_supported": false, "prompt_values_supported": [ "consent", "login", "none", "select_account" ], "authorization_signing_alg_values_supported": [ "RS256" ] }

@JoshuaBehrens
Copy link
Member

@MartinKuhl So within the supported claims we have email, email_verified, preferred_username and name so we should be able to get it. For now we need to setup our own authelia and try to replicate your case. Either you can provide us access to your scenario or we have to be lucky and it will be broken on our side as well ^^ .

The application scopes are the scopes, that we send with our token to request these. They are just a string list. The field should not be empty though. Technically it could relate. e.g. when we do not request the scope of User.read (in a Microsoft scenario) we do not get this info. This might be a good hint on that one.

Would you mind adding the scopes "profile" and "email" into the database yourself into the table heptacom_admin_open_auth_client, in column config (JSON field) under the key scopes as an array of string? See https://www.authelia.com/integration/openid-connect/introduction/#email for more

@MartinKuhl
Copy link
Author

MartinKuhl commented Dec 28, 2024
edited
Loading

Hi @JoshuaBehrens with the manual adjustment directly in the database, I am now able to login via authelia.
Looks like the configuration of the scopes is not stored nor read correctly from the database.
Sorry but I am not able to share the access to my setup.

@MartinKuhl
Copy link
Author

Looks like there are some additional error in the code:
{ "errors": [ { "code": "0", "status": "500", "title": "Internal Server Error", "detail": "Error: Class Heptacom\\AdminOpenAuth\\Exception\\UserMismatchException contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Shopware\\Core\\Framework\\ShopwareException::getErrorCode)" } ] }

JoshuaBehrens pushed a commit that referenced this issue Jan 6, 2025
@silviokennecke
replace scope-field with sw-tagged-field
40dba5c 
#33
JoshuaBehrens pushed a commit that referenced this issue Jan 9, 2025
@silviokennecke
implement ShopwareException::getErrorCode
7ce096a 
#33
silviokennecke added a commit that referenced this issue Jan 16, 2025
@silviokennecke
replace scope-field with sw-tagged-field
3be889e 
#33

(cherry picked from commit 40dba5c)
silviokennecke added a commit that referenced this issue Jan 16, 2025
@silviokennecke
implement ShopwareException::getErrorCode
fd2344d 
#33

(cherry picked from commit 7ce096a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JoshuaBehrens @MartinKuhl