Auth0 Home Blog Docs

Failed to get valid id_token after code exchange

id_token

#1

Hi,

Our backend is php, the code to get id_token is:

$auth0 = new Authentication(<domain>, <client_id>);
$oAuthClient = $auth0->get_oauth_client(<client_secret>, <redirect_uri>);

try {
    $oAuthClient->exchangeCode();
} catch (\Exception $ex) {

    return false; // return error
}
$idToken = $oAuthClient->getIdToken();

return json_encode("id_token" => $idToken]);

It worked fine before. We didn’t change code but somehow $idToken gets value ‘false’ now.

Here are some points may be relevant:

  1. There is no error Exception thrown in code exchange.
  2. In login url ($auth0->get_authorize_link()), we give scope containing ‘openid’ and response_type = ‘code’.
  3. Our connection is a custom database.
  4. If I try with different domain/client/custom database connection, it works fine.

It looks like the difference is client/connection on Auth0 account side, but we don’t know what the exact cause is.

Any suggestions to find the cause would be appreciated!



Thank you,
Una

#2

Can you check if exchangeCode is throwing an exception and if it is, include the exception details in the question? You mention that you’re getting a value of false and your code is ignoring the exceptions thrown by that method and just returning false so this looks suspicious.


#3

Just made the code more complete according to your suspect.

Based on the code, we get {“id_token”: false} as a result. If there is any Exception, it is supposed to get false directly.


#4

Just made the code more complete according to your suspect.

Based on the code, we get {“id_token”: false} as a result. If there is any Exception, it is supposed to get false directly.


#5

Thanks for the additional info; that likely implies that the code is being exchanged with success, but an ID token is not being included in the response. One explanation could be that the openid scope was not being included, but you also state that you’re doing this. Can you try to reproduce this outside of your PHP app? For example, obtaining the code through a web browser and then exchange it using an HTTP client tool like Postman?


#6