Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10336

oauth2/connect/register expecting a String instead of a Json for the jwks field.

    Details

    • Sprint:
      AM Sustaining Sprint 33, AM Sustaining Sprint 34
    • Story Points:
      3
    • Support Ticket IDs:

      Description

      Part of the OpenID certification. Uses keys registered with jwks value [Dynamic] (OP-Registration-jwks)

      H3. Description

      When registering an OAuth2 agent via the oauth2/connect/register, with a jwks value, OpenAM is expecting a String format for this attribute instead of a json.

      How to reproduce

      0.788284 ------------ RegistrationRequest ------------
      0.788744 --> URL: https://ec2-54-213-25-148.us-west-2.compute.amazonaws.com:13081/openam/oauth2/connect/register
      0.788752 --> BODY: {"token_endpoint_auth_method": "private_key_jwt", "subject_type": "public", "jwks_uri": null, "jwks": {"keys": [{"use": "enc", "n": "tx3Hjdbc19lkTiohbJrNj4jf2_90MEE122CRrwtFu6saDywKcG7Bi7w2FMAK2oTkuWfqhWRb5BEGmnSXdiCEPO5d-ytqP3nwlZXHaCDYscpP8bB4YLhvCn7R8Efw6gwQle24QPRP3lYoFeuUbDUq7GKA5SfaZUvWoeWjqyLIaBspKQsC26_Umx1E4IXLrMSL6nkRnrYcVZBAXrYCeTP1XtsV38_lZVJfHSaJaUy4PKaj3yvgm93EV2CXybPti7CCMXZ34VqqWiF64pQjZsPu3ZTr7ha_TTQq499-zYRQNDvIVsBDLQQIgrbctuGqj6lrXb31Jj3JIEYqH_4h5X9d0Q", "e": "AQAB", "kty": "RSA", "kid": "a0"}, {"use": "sig", "n": "zfZzttF7HmnTYwSMPdxKs5AoczbNS2mOPz-tN1g4ljqI_F1DG8cgQDcN_VDufxoFGRERo2FK6WEN41LhbGEyP6uL6wW6Cy29qE9QZcvY5mXrncndRSOkNcMizvuEJes_fMYrmP_lPiC6kWiqItTk9QBWqJfiYKhCx9cSDXsBmJXn3KWQCVHvj1ANFWW0CWLMKlWN-_NMNLIWJN_pEAocTZMzxSFBK1b5_5J8ZS7hfWRF6MQmjsJcz2jzA21SQZNpre3kwnTGRSwo05sAS-TyeadDqQPWgbqX69UzcGq5irhzN8cpZ_JaTk3Y_uV6owanTZLVvCgdjaAnMYeZhb0KFw", "e": "AQAB", "kty": "RSA", "kid": "a1"}, {"use": "sig", "crv": "P-256", "kty": "EC", "y": "wjsrQzgg-1fSCvg33YTJZSaJjmOSoYMv9JA9AD13jUU", "x": "RhBV9-mW7i0HA3SHx-BahAqmyu9EQsClYDOUknvktoI", "kid": "a2"}, {"use": "enc", "crv": "P-256", "kty": "EC", "y": "w3Nm27N8994v1ot6EeTlBqBTSbficMBqXmEKyfX3xvw", "x": "-SSIRDpjA-a6Tk2V2KsThRgUV8EU2gBjcmGd3DygnA0", "kid": "a3"}]}, "application_type": "web", "contacts": ["roland.hedberg@umu.se"], "post_logout_redirect_uris": ["https://op.certification.openid.net:60592/logout"], "redirect_uris": ["https://op.certification.openid.net:60592/authz_cb", "https://op.certification.openid.net:60592/cb"], "response_types": ["code"], "require_auth_time": true, "grant_types": ["authorization_code"], "default_max_age": 3600}
      0.788764 --> HEADERS: {'Content-Type': 'application/json'}
      

      Expected

      A HTTP 200, meaning that the OAuth2 agent config has been created with success.
      Also the jwks value in this config should be equals to the one send previously via the REST request.

      Actual

      [ERROR] ErrorResponse:{'error_description': u'The request contains invalid metadata.', 'error': u'invalid_client_metadata'}
      Result
      
      Exception in the OAuth2Provider
      OAuth2Provider:12/23/2016 12:06:30:851 PM GMT: Thread[http-nio-8080-exec-7,5,main]: TransactionId[97c4b96f-53d4-48d2-bae1-d1bd20765fee-1419] 
      ERROR: Unable to build client. 
      org.forgerock.json.JsonValueException: /jwks: Expecting a java.lang.String 
      at org.forgerock.json.JsonValue.expect(JsonValue.java:1176) 
      at org.forgerock.json.JsonValue.asString(JsonValue.java:981) 
      at org.forgerock.openidconnect.OpenIdConnectClientRegistrationService.createRegistration(OpenIdConnectClientRegistrationService.java:151) 
      at org.forgerock.openidconnect.restlet.ConnectClientRegistration.createClient(ConnectClientRegistration.java:93) 
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      

      Workaround

      You can serialize the json into a String and it will work.

        Attachments

          Activity

            People

            • Assignee:
              joe.starling Joe Starling
              Reporter:
              quentin.castel Quentin CASTEL [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: