Preflight Checklist
Version
v3.45.5
Describe the problem caused by this bug
Hi,
When use the library against Okta, our server received the error Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.
suspect problem PR: #803
which adds the authentication hearder after that it's multiple client credentals with client secret configuration.
after revert to v3.45.4 no longer saw such error in our log system.
To reproduce
in the example/client/app/app.go
- configure it for an example okta OIDC app
- add calls to
RefreshToken like (you can put refreshToken as well, doesn't matter since the error priority is higher)
newTokens, err := rp.RefreshTokens[*oidc.IDTokenClaims](ctx, provider, "", "", "")
if err != nil {
fmt.Println("refresh token error:", err)
} else {
fmt.Println("new access token", newTokens.AccessToken)
fmt.Println("new refresh token", newTokens.RefreshToken)
}
- run the example program
receive message in terminal
refresh token error: ErrorType=invalid_request Description=Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.
- comment out the code about adding auth header part
func (r RefreshTokenRequest) Auth(req *http.Request) {
// if r.ClientSecret != "" {
// req.SetBasicAuth(r.ClientID, r.ClientSecret)
// }
}
- run the program again
receive message in terminal (no longer shows the error message)
refresh token error: ErrorType=invalid_grant Description=The refresh token is invalid or expired.
@muhlemmer
cc: @muir
Screenshots
No response
Expected behavior
should no such error when IdP is Okta
ErrorType=invalid_request Description=Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.
Additional Context
fix pr: #858
Preflight Checklist
Version
v3.45.5
Describe the problem caused by this bug
Hi,
When use the library against Okta, our server received the error
Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.suspect problem PR: #803
which adds the authentication hearder after that it's multiple client credentals with client secret configuration.
after revert to v3.45.4 no longer saw such error in our log system.
To reproduce
in the example/client/app/app.go
RefreshTokenlike (you can put refreshToken as well, doesn't matter since the error priority is higher)receive message in terminal
receive message in terminal (no longer shows the error message)
@muhlemmer
cc: @muir
Screenshots
No response
Expected behavior
should no such error when IdP is Okta
Additional Context
fix pr: #858