Error with authorization_endpoint

[georgelutz-alk]

The demo does not work locally for me. Using php 7.4.

I tried the latest and the original version of the demo php here and I get basically the same error in both cases.

In the console, i see this error:

[Thu Dec 31 09:17:46 2020] PHP Notice: Trying to get property 'authorization_endpoint' of non-object in C:\oauth-demo\index.php on line 70
[Thu Dec 31 09:17:46 2020] [::1]:54923 [200]: GET /?response_type=code....

[aaronpk]

That probably means it couldn't fetch the server metadata. Double check you've included the right issuer URL and that the metadata URL of the server exists.

[lucsio]

Hi, i tried the latest version of the demo php but i get " Error fetching access token".
i didnt try it locally but hosted solution
FROM system log (from Okta developer console) i get this message:

Jan 03 20:14:30 | login okta  (PublicClientApp) | OAuth2 access token is grantedsuccess | (User)Access Token  (access_token)

but my redircet page is blank
-- | -- | -- | --

here my code

`<?php
session_start();

$client_id = 'MYID';
$client_secret = 'MYSECRET';
$redirect_uri = 'https://www.provailtuositoweb.com/LOGIN';
$metadata_url = 'https://dev-3098461.okta.com/oauth2/default/.well-known/oauth-authorization-server';

if(isset($_GET['logout'])) {
unset($_SESSION['username']);
unset($_SESSION['sub']);
header('Location: /');
die();
}

if(isset($_SESSION['sub'])) {
echo '

Logged in as

';
echo '

' . $_SESSION['username'] . '

';
echo '

Log Out

';
die();
}

$metadata = http($metadata_url);

if(!isset($_GET['code'])) {

$_SESSION['state'] = bin2hex(random_bytes(5));
$_SESSION['code_verifier'] = bin2hex(random_bytes(50));
$code_challenge = base64_urlencode(hash('sha256', $_SESSION['code_verifier'], true));

$authorize_url = $metadata->authorization_endpoint.'?'.http_build_query([
'response_type' => 'code',
'client_id' => $client_id,
'redirect_uri' => $redirect_uri,
'state' => $_SESSION['state'],
'scope' => 'openid profile',
'code_challenge' => $code_challenge,
'code_challenge_method' => 'S256',
]);

echo '

Not logged in

';
echo '

Log In

';

} else {

if($_SESSION['state'] != $_GET['state']) {
die('Authorization server returned an invalid state parameter');
}

if(isset($_GET['error'])) {
die('Authorization server returned an error: '.htmlspecialchars($_GET['error']));
}

$response = http($metadata->token_endpoint, [
'grant_type' => 'authorization_code',
'code' => $_GET['code'],
'redirect_uri' => $redirect_uri,
'client_id' => $client_id,
'client_secret' => $client_secret,
'code_verifier' => $_SESSION['code_verifier'],
]);

if(!isset($response->access_token)) {
die('Error fetching access token');
}

$userinfo = http($metadata->userinfo_endpoint, [
'access_token' => $response->access_token,
]);

if($userinfo->sub) {
$_SESSION['sub'] = $userinfo->sub;
$_SESSION['username'] = $userinfo->preferred_username;
$_SESSION['profile'] = $userinfo;
header('Location: /');
die();
}

}

// Base64-urlencoding is a simple variation on base64-encoding
// Instead of +/ we use -, and the trailing = are removed.
function base64_urlencode($string) {
return rtrim(strtr(base64_encode($string), '+/', '-'), '=');
}

function http($url, $params=false) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
if($params)
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
return json_decode(curl_exec($ch));
}`
-- | --