I'm testing proof of concept using php, no frameworks. I want to use Onelogin with the OpenID connect flow to confirm the identity of an existing user (already setup on Onelogin) with Onelogin and then get redirected to my login page to finish the process. I cannot find similar issues answered so here i am.
Using https://developers.onelogin.com/openid-connect/api/authorization-code i've set up the first api call with the OpenId Connect (OIDC) -> SSO -> Application Type set to Web and Token endpoint set to POST. With this i am able to go through the flow once successfully back to my test system login. But this doesn't pass back any user identifiable information so i cannot confirm the user on our db system.
As far as I can tell in all examples here i am logging into Onelogin and using the MFA okay. I have Google Auth on my phone. All looks good. I can then confirm i am logged into Onelogin under my test user.
The test user has no Privileges as my end user will be only using Onelogin to confirm identity on my final system.
So i guess this is fine if someone does not care about confirming the user on the initiating system. But i do need that so unless i missed something i can't use that way (Web).
Also i seem to be able to login and get redirected back to my test system login once using this but then if i try again soon after i get UnauthorizedError. Which makes me think of logging the user out of Onelogin first but no, logging user out between has no effect.
So then i tried setting Application Type set to Native hoping that we get redirected back to my redirect URL i've set in the App but I then keep getting UnauthorizedError after MFA and i can't seem to get past this bit even after checking over the Roles, Policies and App settings.
I've tried Token Endpoint to all the options but i still get UnauthorizedError after MFA or I get logged into Onelogin but I don't get redirected to my test login url set in the App settings.
Now at a loss and need help.
edited to add- the user has been added to the app which i can confirm via the app and the user. Also i can see that within the Activity for my user i can see it says 'logged into Openid Connect (OIDC)'. So it seems like i am getting logged in but i am still getting an UnauthorizedError 401.