Re: [Dev] Issue with OIDC Request object

Mon, 09 Apr 2018 21:16:13 -0700 

Hi Gayan,

*Request object *
>
> {
>   "iss": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>   "aud": "https://localhost:9444/oauth2/token";,
>   "response_type": "id_token token",
>   "client_id": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>   "redirect_uri": "http://localhost:8080/playground2/oauth2client";,
>   "scope": "openid",
>   "state": "af0ifjsldkj",
>   "nonce": "n-0S6_WzA2Mj",
>   "max_age": 86400,
>   "claims": {
>     "userinfo": {
>       "given_name": {
>         "essential": true
>       }
>     },
>     "id_token": {
>       "given_name": {
>         "essential": true
>       },
>       "acr": {
>         "values": [
>           "urn:mace:incommon:iap:silver"
>         ]
>       }
>     }
>   }
> }
>
>
Can you please provide the full authorization request that you are using.
For your reference I will add a sample request as below.

https://server.example.com/authorize?
    response_type=code%20id_token
    &client_id=s6BhdRkqt3
    &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
    &scope=openid
    &state=af0ifjsldkj
    &nonce=n-0S6_WzA2Mj
    &request=eyJhbGciOiJSUzI1NiIsImtpZCI6ImsyYmRjIn0.ew0KICJpc3MiOiA
    iczZCaGRSa3F0MyIsDQogImF1ZCI6ICJodHRwczovL3NlcnZlci5leGFtcGxlLmN
    vbSIsDQogInJlc3BvbnNlX3R5cGUiOiAiY29kZSBpZF90b2tlbiIsDQogImNsaWV
    udF9pZCI6ICJzNkJoZFJrcXQzIiwNCiAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8
    vY2xpZW50LmV4YW1wbGUub3JnL2NiIiwNCiAic2NvcGUiOiAib3BlbmlkIiwNCiA
    ic3RhdGUiOiAiYWYwaWZqc2xka2oiLA0KICJub25jZSI6ICJuLTBTNl9XekEyTWo
    iLA0KICJtYXhfYWdlIjogODY0MDAsDQogImNsYWltcyI6IA0KICB7DQogICAidXN
    lcmluZm8iOiANCiAgICB7DQogICAgICJnaXZlbl9uYW1lIjogeyJlc3NlbnRpYWw
    iOiB0cnVlfSwNCiAgICAgIm5pY2tuYW1lIjogbnVsbCwNCiAgICAgImVtYWlsIjo
    geyJlc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgImVtYWlsX3ZlcmlmaWVkIjogeyJ
    lc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgInBpY3R1cmUiOiBudWxsDQogICAgfSw
    NCiAgICJpZF90b2tlbiI6IA0KICAgIHsNCiAgICAgImdlbmRlciI6IG51bGwsDQo
    gICAgICJiaXJ0aGRhdGUiOiB7ImVzc2VudGlhbCI6IHRydWV9LA0KICAgICAiYWN
    yIjogeyJ2YWx1ZXMiOiBbInVybjptYWNlOmluY29tbW9uOmlhcDpzaWx2ZXIiXX0
    NCiAgICB9DQogIH0NCn0.nwwnNsk1-ZkbmnvsF6zTHm8CHERFMGQPhos-EJcaH4H
    h-sMgk8ePrGhw_trPYs8KQxsn6R9Emo_wHwajyFKzuMXZFSZ3p6Mb8dkxtVyjoy2
    GIzvuJT_u7PkY2t8QU9hjBcHs68PkgjDVTrG1uRTx0GxFbuPbj96tVuj11pTnmFC
    UR6IEOXKYr7iGOCRB3btfJhM0_AKQUfqKnRlrRscc8Kol-cSLWoYE9l5QqholImz
    jT_cMnNIznW9E7CDyWXTsO70xnB4SkG6pXfLSjLLlxmPGiyon_-Te111V8uE83Il
    zCYIb_NMXvtTIVc1jpspnTSD7xMbpL-2QgwUsAlMGzw

>From the above mail what I understand is that you have provided a plain
text value for the request parameter.  But here the value of the request
parameter should be a JWT/JWS or  JWE. After using a JWT if you still
observe the error please get back to us.

Thanks,



On Tue, Apr 10, 2018 at 9:37 AM, gayan gunawardana <[email protected]>
wrote:

> Hi All,
>
> Sent below request, expecting *given_name* claim but ID Token doesn't
> have given_name claim when obtaining ID Token from Implicit grant type.
>
> *Request object *
>
> {
>   "iss": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>   "aud": "https://localhost:9444/oauth2/token";,
>   "response_type": "id_token token",
>   "client_id": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>   "redirect_uri": "http://localhost:8080/playground2/oauth2client";,
>   "scope": "openid",
>   "state": "af0ifjsldkj",
>   "nonce": "n-0S6_WzA2Mj",
>   "max_age": 86400,
>   "claims": {
>     "userinfo": {
>       "given_name": {
>         "essential": true
>       }
>     },
>     "id_token": {
>       "given_name": {
>         "essential": true
>       },
>       "acr": {
>         "values": [
>           "urn:mace:incommon:iap:silver"
>         ]
>       }
>     }
>   }
> }
>
> *ID Token*
>
> {
>   "at_hash": "A73K_CSStq6fs611ZzFs7A",
>   "sub": "admin",
>   "aud": [
>     "KqpUgGLpJaW5n5_OiAJlSnMiCiIa"
>   ],
>   "azp": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>   "amr": [],
>   "iss": "https://localhost:9444/oauth2/token";,
>   "exp": 1523335098,
>   "nonce": "n-0S6_WzA2Mj",
>   "iat": 1523331498,
>   "sid": "e7278e7c-224b-45c2-a8e0-e5f36cb77b47"
> }
>
>
> [1] https://docs.wso2.com/display/IS550/Passing+OIDC+
> Authentication+Request+Parameters+in+a+Request+Object
> [2] https://docs.wso2.com/display/IS550/Request+Object+Support
>
> Thanks,
> Gayan
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

Hasanthi Dissanayake

Senior Software Engineer | WSO2

E: [email protected]
M :0718407133| http://wso2.com <http://wso2.com/>

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to