Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10322

Authorize flow with maxAge returns an error instead of the login page

    Details

    • Sprint:
      AM Sustaining Sprint 33
    • Story Points:
      3
    • Support Ticket IDs:

      Description

      Part of the OpenID certification. Requesting ID Token with max_age=1 seconds restriction [Basic, Implicit, Hybrid] (OP-Req-max_age=1)

      Description

      In the OAuth2 authorize flow, you can setup a maxAge for the SSO token.
      The idea is to force the user to re-authenticate if the maxAge is hit.

      Note: This test is part of the openid certification.

      How to reproduce

      • Authenticate as demo user
      • wait 1 second
      • Do an authorise code grant flow with max_age=1, like :

      http://openam.example.com:13081/openam/oauth2/authorize?max_age=1&response_type=code&client_id=myClientID&realm=%2F&scope=openid%20profile&redirect_uri=http%3A%2F%2Fopenam.example.com%3A13081%2Fopenid%2Fcb-basic.html&state=af0ifjsldkj

      Expected behavior

      the user needs to authenticate again

      Actual

      an error login_required is sent back to the certification tool.

        Attachments

          Activity

            People

            • Assignee:
              quentin.castel Quentin CASTEL [X] (Inactive)
              Reporter:
              quentin.castel Quentin CASTEL [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: