Re: [Dev] Issue with OIDC Request object

Mon, 09 Apr 2018 21:34:31 -0700 

Please note that I have gone through exactly same steps in [1], [2] for
wso2is-5.6.0-m1


[1] https://docs.wso2.com/display/IS550/Passing+OIDC+Authentication+Request+
Parameters+in+a+Request+Object
[2] https://docs.wso2.com/display/IS550/Request+Object+Support

On Tue, Apr 10, 2018 at 9:52 AM, gayan gunawardana <[email protected]>
wrote:

>
>
> On Tue, Apr 10, 2018 at 9:44 AM, Hasanthi Purnima Dissanayake <
> [email protected]> wrote:
>
>> Hi Gayan,
>>
>> *Request object *
>>>
>>> {
>>>   "iss": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>>>   "aud": "https://localhost:9444/oauth2/token";,
>>>   "response_type": "id_token token",
>>>   "client_id": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>>>   "redirect_uri": "http://localhost:8080/playground2/oauth2client";,
>>>   "scope": "openid",
>>>   "state": "af0ifjsldkj",
>>>   "nonce": "n-0S6_WzA2Mj",
>>>   "max_age": 86400,
>>>   "claims": {
>>>     "userinfo": {
>>>       "given_name": {
>>>         "essential": true
>>>       }
>>>     },
>>>     "id_token": {
>>>       "given_name": {
>>>         "essential": true
>>>       },
>>>       "acr": {
>>>         "values": [
>>>           "urn:mace:incommon:iap:silver"
>>>         ]
>>>       }
>>>     }
>>>   }
>>> }
>>>
>>>
>> Can you please provide the full authorization request that you are using.
>> For your reference I will add a sample request as below.
>>
> There you go.
> https://localhost:9443/oauth2/authorize?response_type=id_
> token%20token&client_id=KqpUgGLpJaW5n5_OiAJlSnMiCiIa&
> redirect_uri=http://localhost:8080/playground2/oauth2client&;
> scope=openid&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj&request=
> eyJhbGciOiJSUzI1NiIsImtpZCI6ImsyYmRjIn0.eyJpc3MiOiJLcXBVZ0dMcEphVzVuNV
> 9PaUFKbFNuTWlDaUlhIiwiYXVkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6OTQ0NC
> 9vYXV0aDIvdG9rZW4iLCJyZXNwb25zZV90eXBlIjoiaWRfdG9rZW4gdG9rZW
> 4iLCJjbGllbnRfaWQiOiJLcXBVZ0dMcEphVzVuNV9PaUFKbFNuTWlDaUlhIi
> wicmVkaXJlY3RfdXJpIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3BsYXlncm
> 91bmQyL29hdXRoMmNsaWVudCIsInNjb3BlIjoib3BlbmlkIiwic3RhdGUiOi
> JhZjBpZmpzbGRraiIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiwibWF4X2FnZS
> I6ODY0MDAsImNsYWltcyI6eyJ1c2VyaW5mbyI6eyJnaXZlbl9uYW1lIjp7Im
> Vzc2VudGlhbCI6dHJ1ZX19LCJpZF90b2tlbiI6eyJnaXZlbl9uYW1lIjp7Im
> Vzc2VudGlhbCI6dHJ1ZX0sImFjciI6eyJ2YWx1ZXMiOlsidXJuOm1hY2U6aW
> 5jb21tb246aWFwOnNpbHZlciJdfX19fQ.riFqPq298AVlQgjEztmWRAHwyGlvVs
> F9x0xwPmCrpQwWebJLEjmGLnBjuZsfXGk5dczlmgEB6SKf0o3WWmMDgRMemHbxcnKvyaLxVX_
> PatZs72PC2kTCK71yK0qqwuGkifyK0fmHl_Uzabyz17Hfspc5B11EdEl3cPJNheFZBuKGe68q_
> Z8TmBdpFVm6CPpTv2HkGcNJPzO4jfvl2KYb49v0WiV4gpGHKvy8ZPyEY-
> cdUxvI9uSUyxValC_M4S47usY55Dr_9F3weF_Rd2d1uyNOebMnJGe-MvP2kwCVHpik-
> 4kEHBJc4xw8TDmgS5HjB1UNiLrqOdzv0cRc-finAQ
>
>>
>> https://server.example.com/authorize?
>>     response_type=code%20id_token
>>     &client_id=s6BhdRkqt3
>>     &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
>>     &scope=openid
>>     &state=af0ifjsldkj
>>     &nonce=n-0S6_WzA2Mj
>>     &request=eyJhbGciOiJSUzI1NiIsImtpZCI6ImsyYmRjIn0.ew0KICJpc3MiOiA
>>     iczZCaGRSa3F0MyIsDQogImF1ZCI6ICJodHRwczovL3NlcnZlci5leGFtcGxlLmN
>>     vbSIsDQogInJlc3BvbnNlX3R5cGUiOiAiY29kZSBpZF90b2tlbiIsDQogImNsaWV
>>     udF9pZCI6ICJzNkJoZFJrcXQzIiwNCiAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8
>>     vY2xpZW50LmV4YW1wbGUub3JnL2NiIiwNCiAic2NvcGUiOiAib3BlbmlkIiwNCiA
>>     ic3RhdGUiOiAiYWYwaWZqc2xka2oiLA0KICJub25jZSI6ICJuLTBTNl9XekEyTWo
>>     iLA0KICJtYXhfYWdlIjogODY0MDAsDQogImNsYWltcyI6IA0KICB7DQogICAidXN
>>     lcmluZm8iOiANCiAgICB7DQogICAgICJnaXZlbl9uYW1lIjogeyJlc3NlbnRpYWw
>>     iOiB0cnVlfSwNCiAgICAgIm5pY2tuYW1lIjogbnVsbCwNCiAgICAgImVtYWlsIjo
>>     geyJlc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgImVtYWlsX3ZlcmlmaWVkIjogeyJ
>>     lc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgInBpY3R1cmUiOiBudWxsDQogICAgfSw
>>     NCiAgICJpZF90b2tlbiI6IA0KICAgIHsNCiAgICAgImdlbmRlciI6IG51bGwsDQo
>>     gICAgICJiaXJ0aGRhdGUiOiB7ImVzc2VudGlhbCI6IHRydWV9LA0KICAgICAiYWN
>>     yIjogeyJ2YWx1ZXMiOiBbInVybjptYWNlOmluY29tbW9uOmlhcDpzaWx2ZXIiXX0
>>     NCiAgICB9DQogIH0NCn0.nwwnNsk1-ZkbmnvsF6zTHm8CHERFMGQPhos-EJcaH4H
>>     h-sMgk8ePrGhw_trPYs8KQxsn6R9Emo_wHwajyFKzuMXZFSZ3p6Mb8dkxtVyjoy2
>>     GIzvuJT_u7PkY2t8QU9hjBcHs68PkgjDVTrG1uRTx0GxFbuPbj96tVuj11pTnmFC
>>     UR6IEOXKYr7iGOCRB3btfJhM0_AKQUfqKnRlrRscc8Kol-cSLWoYE9l5QqholImz
>>     jT_cMnNIznW9E7CDyWXTsO70xnB4SkG6pXfLSjLLlxmPGiyon_-Te111V8uE83Il
>>     zCYIb_NMXvtTIVc1jpspnTSD7xMbpL-2QgwUsAlMGzw
>>
>> From the above mail what I understand is that you have provided a plain
>> text value for the request parameter.  But here the value of the request
>> parameter should be a JWT/JWS or  JWE. After using a JWT if you still
>> observe the error please get back to us.
>>
>
>> Thanks,
>>
>>
>>
>> On Tue, Apr 10, 2018 at 9:37 AM, gayan gunawardana <
>> [email protected]> wrote:
>>
>>> Hi All,
>>>
>>> Sent below request, expecting *given_name* claim but ID Token doesn't
>>> have given_name claim when obtaining ID Token from Implicit grant type.
>>>
>>> *Request object *
>>>
>>> {
>>>   "iss": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>>>   "aud": "https://localhost:9444/oauth2/token";,
>>>   "response_type": "id_token token",
>>>   "client_id": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>>>   "redirect_uri": "http://localhost:8080/playground2/oauth2client";,
>>>   "scope": "openid",
>>>   "state": "af0ifjsldkj",
>>>   "nonce": "n-0S6_WzA2Mj",
>>>   "max_age": 86400,
>>>   "claims": {
>>>     "userinfo": {
>>>       "given_name": {
>>>         "essential": true
>>>       }
>>>     },
>>>     "id_token": {
>>>       "given_name": {
>>>         "essential": true
>>>       },
>>>       "acr": {
>>>         "values": [
>>>           "urn:mace:incommon:iap:silver"
>>>         ]
>>>       }
>>>     }
>>>   }
>>> }
>>>
>>> *ID Token*
>>>
>>> {
>>>   "at_hash": "A73K_CSStq6fs611ZzFs7A",
>>>   "sub": "admin",
>>>   "aud": [
>>>     "KqpUgGLpJaW5n5_OiAJlSnMiCiIa"
>>>   ],
>>>   "azp": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa",
>>>   "amr": [],
>>>   "iss": "https://localhost:9444/oauth2/token";,
>>>   "exp": 1523335098,
>>>   "nonce": "n-0S6_WzA2Mj",
>>>   "iat": 1523331498,
>>>   "sid": "e7278e7c-224b-45c2-a8e0-e5f36cb77b47"
>>> }
>>>
>>>
>>> [1] https://docs.wso2.com/display/IS550/Passing+OIDC+Authenticat
>>> ion+Request+Parameters+in+a+Request+Object
>>> [2] https://docs.wso2.com/display/IS550/Request+Object+Support
>>>
>>> Thanks,
>>> Gayan
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> Hasanthi Dissanayake
>>
>> Senior Software Engineer | WSO2
>>
>> E: [email protected]
>> M :0718407133| http://wso2.com <http://wso2.com/>
>>
>
>
>
> --
> Gayan
>



-- 
Gayan

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to