There is 1 comment.
 
 
OpenId Connect / cid:jira-generated-image-avatar-93d6c5fb-1886-4c69-9bd1-f20a99cfdc2f OIDC-179 Open

Cannot login when the user is a member of too many groups

 
View issue   ยท   Add comment
 

1 comment

 
cid:jira-generated-image-avatar-e0535f50-d9c5-4bcc-bd47-e12948d96f29 Thomas Mortagne on 07/Jun/24 18:22
 
bq. No call is sent to KeyCloak that I can see (Keycloak on debug mode does not tell me a call was made at all).

Not sure what to tell you. The error you pasted ("info:null") is the response of the request sent to Keycloak on https://github.com/xwiki-contrib/oidc/blob/5117e91353a739f31b93dc0cf2dce0a4203c84e3/oidc-authenticator/src/main/java/org/xwiki/contrib/oidc/auth/internal/OIDCUserManager.java#L188 (the one asking for the userinfo to Keycloak with the access token). In any case, the authenticator is not storing the access token or the id token (it just keep them in the session, so the size is not really a problem in any way). Maybe there is a bug in the oidc library we are using, but I would expect it to produce an exception in that case and not return a response as if the server had answered to it.

bq. which are included in the access token

Note that this does not really make any sense from OIDC point of view, that's not what an access token is for (its main point is to be sent with the userinfo request). User information can also be found on the id token (maybe that's what you meant?), but it's usually more when you use the implicit flow and not the default
core code flow, which relies on the userinfo for this kind of stuff.