Adding more context information. I have removed given_name claim from openid scope to avoid getting given_name via scopes also noticed VALUE column is alway null in IDN_OIDC_REQ_OBJECT_CLAIMS table. Is that the intended behavior ?
Appreciate If you can look into this. Thanks, Gayan On Tue, Apr 10, 2018 at 10:03 AM, gayan gunawardana <[email protected] > wrote: > Please note that I have gone through exactly same steps in [1], [2] for > wso2is-5.6.0-m1 > > > [1] https://docs.wso2.com/display/IS550/Passing+OIDC+Authenticat > ion+Request+Parameters+in+a+Request+Object > [2] https://docs.wso2.com/display/IS550/Request+Object+Support > > On Tue, Apr 10, 2018 at 9:52 AM, gayan gunawardana < > [email protected]> wrote: > >> >> >> On Tue, Apr 10, 2018 at 9:44 AM, Hasanthi Purnima Dissanayake < >> [email protected]> wrote: >> >>> Hi Gayan, >>> >>> *Request object * >>>> >>>> { >>>> "iss": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa", >>>> "aud": "https://localhost:9444/oauth2/token";, >>>> "response_type": "id_token token", >>>> "client_id": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa", >>>> "redirect_uri": "http://localhost:8080/playground2/oauth2client";, >>>> "scope": "openid", >>>> "state": "af0ifjsldkj", >>>> "nonce": "n-0S6_WzA2Mj", >>>> "max_age": 86400, >>>> "claims": { >>>> "userinfo": { >>>> "given_name": { >>>> "essential": true >>>> } >>>> }, >>>> "id_token": { >>>> "given_name": { >>>> "essential": true >>>> }, >>>> "acr": { >>>> "values": [ >>>> "urn:mace:incommon:iap:silver" >>>> ] >>>> } >>>> } >>>> } >>>> } >>>> >>>> >>> Can you please provide the full authorization request that you are >>> using. For your reference I will add a sample request as below. >>> >> There you go. >> https://localhost:9443/oauth2/authorize?response_type=id_tok >> en%20token&client_id=KqpUgGLpJaW5n5_OiAJlSnMiCiIa&redirect_ >> uri=http://localhost:8080/playground2/oauth2client&scope >> =openid&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj&request=eyJ >> hbGciOiJSUzI1NiIsImtpZCI6ImsyYmRjIn0.eyJpc3MiOiJLcXBVZ0dMcEp >> hVzVuNV9PaUFKbFNuTWlDaUlhIiwiYXVkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q >> 6OTQ0NC9vYXV0aDIvdG9rZW4iLCJyZXNwb25zZV90eXBlIjoiaWRfdG9rZW4 >> gdG9rZW4iLCJjbGllbnRfaWQiOiJLcXBVZ0dMcEphVzVuNV9PaUFKbFNuTWl >> DaUlhIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3B >> sYXlncm91bmQyL29hdXRoMmNsaWVudCIsInNjb3BlIjoib3BlbmlkIiwic3R >> hdGUiOiJhZjBpZmpzbGRraiIsIm5vbmNlIjoibi0wUzZfV3pBMk1qIiwibWF >> 4X2FnZSI6ODY0MDAsImNsYWltcyI6eyJ1c2VyaW5mbyI6eyJnaXZlbl9uYW1 >> lIjp7ImVzc2VudGlhbCI6dHJ1ZX19LCJpZF90b2tlbiI6eyJnaXZlbl9uYW1 >> lIjp7ImVzc2VudGlhbCI6dHJ1ZX0sImFjciI6eyJ2YWx1ZXMiOlsidXJuOm1 >> hY2U6aW5jb21tb246aWFwOnNpbHZlciJdfX19fQ.riFqPq298AVlQgjEztmW >> RAHwyGlvVsF9x0xwPmCrpQwWebJLEjmGLnBjuZsfXGk5dczlmgEB6SKf0o3W >> WmMDgRMemHbxcnKvyaLxVX_PatZs72PC2kTCK71yK0qqwuGkifyK0fmHl_Uz >> abyz17Hfspc5B11EdEl3cPJNheFZBuKGe68q_Z8TmBdpFVm6CPpTv2HkGcNJ >> PzO4jfvl2KYb49v0WiV4gpGHKvy8ZPyEY-cdUxvI9uSUyxValC_M4S47usY55Dr_9F3weF_ >> Rd2d1uyNOebMnJGe-MvP2kwCVHpik-4kEHBJc4xw8TDmgS5HjB1UNiLrqOdzv0cRc-finAQ >> >>> >>> https://server.example.com/authorize? >>> response_type=code%20id_token >>> &client_id=s6BhdRkqt3 >>> &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb >>> &scope=openid >>> &state=af0ifjsldkj >>> &nonce=n-0S6_WzA2Mj >>> &request=eyJhbGciOiJSUzI1NiIsImtpZCI6ImsyYmRjIn0.ew0KICJpc3MiOiA >>> iczZCaGRSa3F0MyIsDQogImF1ZCI6ICJodHRwczovL3NlcnZlci5leGFtcGxlLmN >>> vbSIsDQogInJlc3BvbnNlX3R5cGUiOiAiY29kZSBpZF90b2tlbiIsDQogImNsaWV >>> udF9pZCI6ICJzNkJoZFJrcXQzIiwNCiAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8 >>> vY2xpZW50LmV4YW1wbGUub3JnL2NiIiwNCiAic2NvcGUiOiAib3BlbmlkIiwNCiA >>> ic3RhdGUiOiAiYWYwaWZqc2xka2oiLA0KICJub25jZSI6ICJuLTBTNl9XekEyTWo >>> iLA0KICJtYXhfYWdlIjogODY0MDAsDQogImNsYWltcyI6IA0KICB7DQogICAidXN >>> lcmluZm8iOiANCiAgICB7DQogICAgICJnaXZlbl9uYW1lIjogeyJlc3NlbnRpYWw >>> iOiB0cnVlfSwNCiAgICAgIm5pY2tuYW1lIjogbnVsbCwNCiAgICAgImVtYWlsIjo >>> geyJlc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgImVtYWlsX3ZlcmlmaWVkIjogeyJ >>> lc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgInBpY3R1cmUiOiBudWxsDQogICAgfSw >>> NCiAgICJpZF90b2tlbiI6IA0KICAgIHsNCiAgICAgImdlbmRlciI6IG51bGwsDQo >>> gICAgICJiaXJ0aGRhdGUiOiB7ImVzc2VudGlhbCI6IHRydWV9LA0KICAgICAiYWN >>> yIjogeyJ2YWx1ZXMiOiBbInVybjptYWNlOmluY29tbW9uOmlhcDpzaWx2ZXIiXX0 >>> NCiAgICB9DQogIH0NCn0.nwwnNsk1-ZkbmnvsF6zTHm8CHERFMGQPhos-EJcaH4H >>> h-sMgk8ePrGhw_trPYs8KQxsn6R9Emo_wHwajyFKzuMXZFSZ3p6Mb8dkxtVyjoy2 >>> GIzvuJT_u7PkY2t8QU9hjBcHs68PkgjDVTrG1uRTx0GxFbuPbj96tVuj11pTnmFC >>> UR6IEOXKYr7iGOCRB3btfJhM0_AKQUfqKnRlrRscc8Kol-cSLWoYE9l5QqholImz >>> jT_cMnNIznW9E7CDyWXTsO70xnB4SkG6pXfLSjLLlxmPGiyon_-Te111V8uE83Il >>> zCYIb_NMXvtTIVc1jpspnTSD7xMbpL-2QgwUsAlMGzw >>> >>> From the above mail what I understand is that you have provided a plain >>> text value for the request parameter. But here the value of the >>> request parameter should be a JWT/JWS or JWE. After using a JWT if you >>> still observe the error please get back to us. >>> >> >>> Thanks, >>> >>> >>> >>> On Tue, Apr 10, 2018 at 9:37 AM, gayan gunawardana < >>> [email protected]> wrote: >>> >>>> Hi All, >>>> >>>> Sent below request, expecting *given_name* claim but ID Token doesn't >>>> have given_name claim when obtaining ID Token from Implicit grant type. >>>> >>>> *Request object * >>>> >>>> { >>>> "iss": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa", >>>> "aud": "https://localhost:9444/oauth2/token";, >>>> "response_type": "id_token token", >>>> "client_id": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa", >>>> "redirect_uri": "http://localhost:8080/playground2/oauth2client";, >>>> "scope": "openid", >>>> "state": "af0ifjsldkj", >>>> "nonce": "n-0S6_WzA2Mj", >>>> "max_age": 86400, >>>> "claims": { >>>> "userinfo": { >>>> "given_name": { >>>> "essential": true >>>> } >>>> }, >>>> "id_token": { >>>> "given_name": { >>>> "essential": true >>>> }, >>>> "acr": { >>>> "values": [ >>>> "urn:mace:incommon:iap:silver" >>>> ] >>>> } >>>> } >>>> } >>>> } >>>> >>>> *ID Token* >>>> >>>> { >>>> "at_hash": "A73K_CSStq6fs611ZzFs7A", >>>> "sub": "admin", >>>> "aud": [ >>>> "KqpUgGLpJaW5n5_OiAJlSnMiCiIa" >>>> ], >>>> "azp": "KqpUgGLpJaW5n5_OiAJlSnMiCiIa", >>>> "amr": [], >>>> "iss": "https://localhost:9444/oauth2/token";, >>>> "exp": 1523335098, >>>> "nonce": "n-0S6_WzA2Mj", >>>> "iat": 1523331498, >>>> "sid": "e7278e7c-224b-45c2-a8e0-e5f36cb77b47" >>>> } >>>> >>>> >>>> [1] https://docs.wso2.com/display/IS550/Passing+OIDC+Authenticat >>>> ion+Request+Parameters+in+a+Request+Object >>>> [2] https://docs.wso2.com/display/IS550/Request+Object+Support >>>> >>>> Thanks, >>>> Gayan >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> >>> Hasanthi Dissanayake >>> >>> Senior Software Engineer | WSO2 >>> >>> E: [email protected] >>> M :0718407133| http://wso2.com <http://wso2.com/> >>> >> >> >> >> -- >> Gayan >> > > > > -- > Gayan > -- Gayan
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
