This latest release (RC2) has fixed the issue with the missing "client_secret_expires_at" field but unfortunately the JSON service definition created by the client registration (i.e. ownCloud Desktop client) is created with a serviceId of "http://127.0.0.1" but the redirected_uri always includes a random port number. Since I don't control the service definition creation (the client does), I can't get the serviceId to be "http://127.0.0.1:.*" which CAS will properly redirect. Is there a CAS configuration setting to relax the serviceId matching or is this an OIDC client issue?
Currently using: cas.authn.oidc.core.dynamic-client-registration-mode=OPEN CAS server log: 2021-11-10 15:36:20,204 WARN [org.apereo.cas.services.resource.AbstractResourceBasedServiceRegistry] - <[ownCloud2.9.1(build5500)-1636576580202.json] does not match the recommended pattern [(\w+-)+(\d+)\.json]. While CAS tries to be forgiving as much as possible, it's recommended that you rename the file to match the requested pattern to avoid issues with duplicate service loading. Future CAS versions may try to strictly force the naming syntax, refusing to load the file.> 2021-11-10 15:36:20,794 ERROR [org.apereo.cas.support.oauth.util.OAuth20Utils] - <Unsupported [redirect_uri]: [http://127.0.0.1:40839] does not match what is defined for registered service: [http://127.0.0.1]. Service is considered unauthorized. Verify the service matching strategy used in the service definition is correct and does in fact match the client [http://127.0.0.1:40839]> ownCloud Desktop client log: 11-10 15:36:20:107 [ info sync.httplogger ]: "5b22ff68-93f0-4588-80b7-31b01bba9218: Request: POST https://secure.redacted.com/cas/oidc/register Header: { Content-Type: application/json, User-Agent: Mozilla/5.0 (Linux) mirall/2.9.1 (build 5500) (ownCloud, ubuntu-5.4.154-0504154-generic ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 5b22ff68-93f0-4588-80b7-31b01bba9218, Original-Request-ID: 5b22ff68-93f0-4588-80b7-31b01bba9218, Content-Length: 201, } Data: [{\n \"application_type\": \"native\",\n \"client_name\": \"ownCloud 2.9.1 (build 5500)\",\n \"redirect_uris\": [\n \"http://127.0.0.1\"\n ],\n \"token_endpoint_auth_method\": \"client_secret_basic\"\n}\n]" CAS JSON service definition created by client (ownCloud2.9.1(build5500)-1636576580202.json) { @class: org.apereo.cas.services.OidcRegisteredService serviceId: http://127.0.0.1 name: ownCloud 2.9.1 (build 5500) id: 1636576580202 description: Registered service ownCloud 2.9.1 (build 5500) logoutUrl: "" clientSecret: EQfoYQ0uscSGDwqzQQCkiDvbUMTv4Or1QnGw clientId: QRRw9U52xBQYyyO0glZLSmS9LII6Jg3t3kvl dynamicallyRegistered: true dynamicRegistrationDateTime: 2021-11-10T20:36:20.201971Z scopes: [ java.util.HashSet [ address phone openid email profile offline_access ] ] } -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/abcdf7e9-dba9-4c9c-8598-e7f31fd56ce0n%40apereo.org.