On Tue, Apr 10, 2018 at 9:44 AM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:
> Hi Gayan,
>
> *Request object *
>>
>> {
>> "iss": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>> "aud": "https://localhost:9444/oauth2/token";,
>> "response_type": "id_token token",
>> "client_id": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>> "redirect_uri": "http://localhost:8080/playground2/oauth2client";,
>> "scope": "openid",
>> "state": "af0ifjsldkj",
>> "nonce": "n-0S6_WzA2Mj",
>> "max_age": 86400,
>> "claims": {
>> "userinfo": {
>> "given_name": {
>> "essential": true
>> }
>> },
>> "id_token": {
>> "given_name": {
>> "essential": true
>> },
>> "acr": {
>> "values": [
>> "urn:mace:incommon:iap:silver"
>> ]
>> }
>> }
>> }
>> }
>>
>>
> Can you please provide the full authorization request that you are using.
> For your reference I will add a sample request as below.
>
There you go.
https://localhost:9443/oauth2/authorize?response_type=id_token%20token&client_id=KqpUgGLpJaW5n5_OiAJlSnMiCiIa&redirect_uri=http://localhost:8080/playground2/oauth2client&scope=openid&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj&request=eyJhbGciOiJSUzI1NiIsImtpZCI6ImsyYmRjIn0.eyJpc3MiOiJLcXBVZ0dMcEphVzVuNV9PaUFKbFNuTWlDaUlhIiwiYXVkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6OTQ0NC9vYXV0aDIvdG9rZW4iLCJyZXNwb25zZV90eXBlIjoiaWRfdG9rZW4gdG9rZW4iLCJjbGllbnRfaWQiOiJLcXBVZ0dMcEphVzVuNV9PaUFKbFNuTWlDaUlhIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3BsYXlncm91bmQyL29hdXRoMmNsaWVudCIsInNjb3BlIjoib3BlbmlkIiwic3RhdGUiOiJhZjBpZmpzbGRraiIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiwibWF4X2FnZSI6ODY0MDAsImNsYWltcyI6eyJ1c2VyaW5mbyI6eyJnaXZlbl9uYW1lIjp7ImVzc2VudGlhbCI6dHJ1ZX19LCJpZF90b2tlbiI6eyJnaXZlbl9uYW1lIjp7ImVzc2VudGlhbCI6dHJ1ZX0sImFjciI6eyJ2YWx1ZXMiOlsidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciJdfX19fQ.riFqPq298AVlQgjEztmWRAHwyGlvVsF9x0xwPmCrpQwWebJLEjmGLnBjuZsfXGk5dczlmgEB6SKf0o3WWmMDgRMemHbxcnKvyaLxVX_PatZs72PC2kTCK71yK0qqwuGkifyK0fmHl_Uzabyz17Hfspc5B11EdEl3cPJNheFZBuKGe68q_Z8TmBdpFVm6CPpTv2HkGcNJPzO4jfvl2KYb49v0WiV4gpGHKvy8ZPyEY-cdUxvI9uSUyxValC_M4S47usY55Dr_9F3weF_Rd2d1uyNOebMnJGe-MvP2kwCVHpik-4kEHBJc4xw8TDmgS5HjB1UNiLrqOdzv0cRc-finAQ
>
> https://server.example.com/authorize?
> response_type=code%20id_token
> &client_id=s6BhdRkqt3
> &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
> &scope=openid
> &state=af0ifjsldkj
> &nonce=n-0S6_WzA2Mj
> &request=eyJhbGciOiJSUzI1NiIsImtpZCI6ImsyYmRjIn0.ew0KICJpc3MiOiA
> iczZCaGRSa3F0MyIsDQogImF1ZCI6ICJodHRwczovL3NlcnZlci5leGFtcGxlLmN
> vbSIsDQogInJlc3BvbnNlX3R5cGUiOiAiY29kZSBpZF90b2tlbiIsDQogImNsaWV
> udF9pZCI6ICJzNkJoZFJrcXQzIiwNCiAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8
> vY2xpZW50LmV4YW1wbGUub3JnL2NiIiwNCiAic2NvcGUiOiAib3BlbmlkIiwNCiA
> ic3RhdGUiOiAiYWYwaWZqc2xka2oiLA0KICJub25jZSI6ICJuLTBTNl9XekEyTWo
> iLA0KICJtYXhfYWdlIjogODY0MDAsDQogImNsYWltcyI6IA0KICB7DQogICAidXN
> lcmluZm8iOiANCiAgICB7DQogICAgICJnaXZlbl9uYW1lIjogeyJlc3NlbnRpYWw
> iOiB0cnVlfSwNCiAgICAgIm5pY2tuYW1lIjogbnVsbCwNCiAgICAgImVtYWlsIjo
> geyJlc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgImVtYWlsX3ZlcmlmaWVkIjogeyJ
> lc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgInBpY3R1cmUiOiBudWxsDQogICAgfSw
> NCiAgICJpZF90b2tlbiI6IA0KICAgIHsNCiAgICAgImdlbmRlciI6IG51bGwsDQo
> gICAgICJiaXJ0aGRhdGUiOiB7ImVzc2VudGlhbCI6IHRydWV9LA0KICAgICAiYWN
> yIjogeyJ2YWx1ZXMiOiBbInVybjptYWNlOmluY29tbW9uOmlhcDpzaWx2ZXIiXX0
> NCiAgICB9DQogIH0NCn0.nwwnNsk1-ZkbmnvsF6zTHm8CHERFMGQPhos-EJcaH4H
> h-sMgk8ePrGhw_trPYs8KQxsn6R9Emo_wHwajyFKzuMXZFSZ3p6Mb8dkxtVyjoy2
> GIzvuJT_u7PkY2t8QU9hjBcHs68PkgjDVTrG1uRTx0GxFbuPbj96tVuj11pTnmFC
> UR6IEOXKYr7iGOCRB3btfJhM0_AKQUfqKnRlrRscc8Kol-cSLWoYE9l5QqholImz
> jT_cMnNIznW9E7CDyWXTsO70xnB4SkG6pXfLSjLLlxmPGiyon_-Te111V8uE83Il
> zCYIb_NMXvtTIVc1jpspnTSD7xMbpL-2QgwUsAlMGzw
>
> From the above mail what I understand is that you have provided a plain
> text value for the request parameter. But here the value of the request
> parameter should be a JWT/JWS or JWE. After using a JWT if you still
> observe the error please get back to us.
>
> Thanks,
>
>
>
> On Tue, Apr 10, 2018 at 9:37 AM, gayan gunawardana <
> gmgunaward...@gmail.com> wrote:
>
>> Hi All,
>>
>> Sent below request, expecting *given_name* claim but ID Token doesn't
>> have given_name claim when obtaining ID Token from Implicit grant type.
>>
>> *Request object *
>>
>> {
>> "iss": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>> "aud": "https://localhost:9444/oauth2/token";,
>> "response_type": "id_token token",
>> "client_id": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>> "redirect_uri": "http://localhost:8080/playground2/oauth2client";,
>> "scope": "openid",
>> "state": "af0ifjsldkj",
>> "nonce": "n-0S6_WzA2Mj",
>> "max_age": 86400,
>> "claims": {
>> "userinfo": {
>> "given_name": {
>> "essential": true
>> }
>> },
>> "id_token": {
>> "given_name": {
>> "essential": true
>> },
>> "acr": {
>> "values": [
>> "urn:mace:incommon:iap:silver"
>> ]
>> }
>> }
>> }
>> }
>>
>> *ID Token*
>>
>> {
>> "at_hash": "A73K_CSStq6fs611ZzFs7A",
>> "sub": "admin",
>> "aud": [
>> "KqpUgGLpJaW5n5_OiAJlSnMiCiIa"
>> ],
>> "azp": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>> "amr": [],
>> "iss": "https://localhost:9444/oauth2/token";,
>> "exp": 1523335098,
>> "nonce": "n-0S6_WzA2Mj",
>> "iat": 1523331498,
>> "sid": "e7278e7c-224b-45c2-a8e0-e5f36cb77b47"
>> }
>>
>>
>> [1] https://docs.wso2.com/display/IS550/Passing+OIDC+Authenticat
>> ion+Request+Parameters+in+a+Request+Object
>> [2] https://docs.wso2.com/display/IS550/Request+Object+Support
>>
>> Thanks,
>> Gayan
>>
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> Hasanthi Dissanayake
>
> Senior Software Engineer | WSO2
>
> E: hasan...@wso2.com
> M :0718407133| http://wso2.com <http://wso2.com/>
>
--
Gayan
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
