Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10190

JWT bearer flow on OpenID failed with a server error

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.0, 14.0.0
    • Fix Version/s: 13.5.1, 14.0.0
    • Component/s: oauth2
    • Labels:
    • Support Ticket IDs:

      Description

      When trying the JWT bearer flow, which authenticate the user via a jwt, the openid flow failed with a server error.

      How to reproduce

      Create an openid agent

                          clientBuilder = OAuth2Client.builder()
                                  .realm(realm)
                                  .scopes("openid")
                                  .idTokenSigingAlgorithm(JwsAlgorithm.HS256)
                                  .tokenEndpointAuthMethod(OAuth2Client.TokenEndpointAuthenticationMethod.CLIENT_SECRET_POST)
                                  .redirectionUris(redirectUrl);
      
                          client = clientBuilder.create();
      
      • Create a jwt where the subject is the user.
      • send your jwt
        curl -X POST -u myClientId:password -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=<JWT_HERE>&scope=profile' "http://openam.example.org/openam/oauth2/access_token"
        

      (functional tests exists for this flow)

      expected result :

      An access token

      actual result:

      { 
      "error_description": "User must be authenticated to issue ID tokens.", 
      "error": "server_error" 
      }
      

        Attachments

          Activity

            People

            • Assignee:
              quentin.castel Quentin CASTEL [X] (Inactive)
              Reporter:
              quentin.castel Quentin CASTEL [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: