Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10467

RFC7662: oauth2/introspect OpenAM returns token_type not as Bearer

    Details

    • Sprint:
      AM Sustaining Sprint 54
    • Story Points:
      2
    • Support Ticket IDs:

      Description

      From the OAuth2 RFC7662, the token_type for introspect in Section 2.2 should also follow is follow Section 7.1 of RFC6749. https://tools.ietf.org/html/rfc6749#section-7.1. The token_type should be Bearer (if this indeed is a Bearer token).

      Currently this is seen:

      {
        "active": true,
        "scope": "cn profile",
        "client_id": "myOAuth2Client",
        "user_id": "myOAuth2Client",
        "token_type": "access_token",   <-- should be "Bearer"
        "exp": 1485315744,
        "sub": "myOAuth2Client",
        "iss": "http://openam.example.com:8080/openam/oauth2"
      }
      

      An example of token_type can be seen for /oauth2/introspect in OPENAM-8980.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dipu.seminlal Dipu Seminlal
                Reporter:
                chee-weng.chea C-Weng C
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: