Highlighted
Super Contributor.
Super Contributor.
150 views

OIDC and 401 error request for userinfo

We have encountered a problem when building an angular application and using angular-oauth2-oidc modules. Using responseType: 'code' and it seems to work until a request is made to the userinfo endpoint.  Then a 401 is responded. NAM says Valid OAuth bearer token required. Token signature verification failed. I can se that there is a Authorization header and a Bearer token in the request. 

Have: 

Access Token Encryption: Do not encrypt.

ID Token Encrypted Response Algorithm: None

Client Type: Native/Desktop

No secret is used

and it is a pwa.

Any ideas what I have done wrong ?

regards Magnus

0 Likes
2 Replies
Highlighted
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Hi Magnus,
Was the authorization code exchanged for Token? And the received access token is used at userinfo endpoint as Authorization Header Bearer token?
Any additional details did you observe in the IDP log?

Regards,
Sangeetha
0 Likes
Highlighted
Super Contributor.
Super Contributor.

After I did a code review I found that our developer had used an old constant string as a bearer token. 

embarrassing , but it works now . 

thank you ! 

//Magnus

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.