bug: SSO userinfo request is using HTTP POST method #4898
Labels
group/backend
Issue related to the backend (API Server, Git Agent)
priority/1
This issue must be fixed/implemented ASAP, it's a blocker for a release
type/bug
Something isn't working as expected
Milestone
Component
API Server / GraphQL
Infrahub version
1.0.2
Current Behavior
The userinfo request during the OAUTH2 and OIDC process is sent using an HTTP POST.
Some authorization servers only support this using a HTTP GET request.
According to the spec, both methods are supported and it is recommended to use HTTP GET:
https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest
When we send the userinfo request using an HTTP POST to a server that only supports this using an HTTP GET, we will get back an HTTP 404 response. This response will not contain a JSON payload, which will cause an exception to be raised:
infrahub/backend/infrahub/api/oauth2.py
Line 123 in 136bdd7
Expected Behavior
Support calling the userinfo endpoint using the HTTP GET method
Steps to Reproduce
Configure an SSO authorization server that only supports the userinfo request using HTTP GET in Infrahub.
Additional Information
No response
The text was updated successfully, but these errors were encountered: