Refresh my rights causes error 500 with OIDC provider
Concerned version
Version: 2.0.6
Platform: Nginx, Debian 9
Summary
- Configure a OIDC provider as authentication source and UserDB source
- Login through OIDC
- Refresh my rights
Logs
[debug] Processing getUser
[error] UserInfo URI not found in configuration
The OP is not resolved, thus LLNG doesn't know how to resolve the UserInfo URL.
Guilty code in UserDB::OpenIDConnect
sub getUser {
my ( $self, $req ) = @_;
my $op = $req->data->{_oidcOPCurrent};
my $access_token = $req->data->{access_token};
my $userinfo_content = $self->getUserInfo( $op, $access_token );
$req->data does not contain the OP anymore when refreshing a user's right, we should lookup the OP in the session info. And the access token is likely to be expired, so we probably should handle OP-sent refresh tokens here if we want session refresh to work correctly
Edited by Maxime Besson