bug: unable to call the user info endpoint when integrating Logto Cloud with rust openidconnect.

[AH-dark]

Describe the bug

Based on the response in this GitHub issue, I suspect that the OIDC content provided by Logto may not fully comply with the standard.

When calling the userinfo endpoint with the openidconnect library, a parsing error occurred. This might suggest an issue with how the user information is being returned or formatted, potentially due to a deviation from the expected OpenID Connect standard in the response from Logto.

Expected behavior

This API should return a 200 status code along with JSON content compliant with the OIDC standard.

How to reproduce?

Retrieve user info using Rust’s openidconnect 3.5.0 and Logto Cloud.

Context

• Logto Cloud
• Self-hosted, Logto version =
  • Container (Docker image)
  • Raw Node.js

[wangsijie]

Coud you please provider a sample project to reproduce this issue? Or full error messages of the response, and your OIDC configurations.

[AH-dark]

Coud you please provider a sample project to reproduce this issue? Or full error messages of the response, and your OIDC configurations.

pub async fn get_user_by_token(&self, token: String) -> Result<(user::Model, CoreUserInfoClaims), Error> {
    let access_token = AccessToken::new(token);
    let user_info_claims: CoreUserInfoClaims = self.client.user_info(access_token, None)?
        .request_async(async_http_client)
        .await?;

    let sub = user_info_claims.subject().as_str();
    let user = self.get_or_create_user(sub).await?;

    Ok((user, user_info_claims))
}

Here is a simple code snippet that demonstrates a straightforward method using the standard CoreClient and CoreUserInfoClaims provided by openidconnect.

My application is quite large, so it’s difficult for me to extract a complete application. You can use any SPA application (I am using React and @logto/react) to log in via the OIDC service provided by Logto Cloud, obtain the Access Token, and pass it to the Rust backend. Then use this Access Token, request the /oidc/me endpoint and returns an erroneous response.

[wangsijie]

I'll take a look soon.

[AH-dark]

It seems that Logto does not omit null values, and the returned updated_at and created_at are unix timestamp milliseconds not seconds, which is not in compliance with the standard.

[wangsijie]

hi @AH-dark, thanks for your detailed information, there are two things to do:

1. Omit fileds with null value
2. Change the updated_at unit to seconds.

However, this will cause a breaking change, so let's hold for now, need to discuss with the team.