Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10578

Stateless access token doesn't contain the grant type

    Details

    • Sprint:
      AM Sustaining Sprint 36, AM Sustaining Sprint 37, AM Sustaining Sprint 38, AM Sustaining Sprint 39
    • Story Points:
      3
    • Support Ticket IDs:

      Description

      Description

      If you setup stateless, you would expect to have all the token info into it, the same information you would get from a stateful access token via the token info endpoint

      Unfortunately, one value is missing: the grant type

      Here is the output of the token info on a stateful access token:

      {
        "access_token": "3f24a1c8-acbe-404d-a8ad-16b624d18c9c",
        "grant_type": "password",
        "scope": [
          "scope1",
          "scope2"
        ],
        "scope1": "",
        "realm": "/TokenInfoEndpoint-Fc8s1mRpcbSoQnf",
        "scope2": "",
        "token_type": "Bearer",
        "expires_in": 107,
        "client_id": "generated-id-WcIF16vVffu3UDr"
      }
      

      and the JWT payload of a stateless access token:

      {
        "sub": "generated-username-pK0PCLRJlZoCE1i",
        "auditTrackingId": "bfe8ccc2-acdb-4fbf-a74f-074ef359a47e",
        "iss": "http://openam.example.com:14080/openam/oauth2/realms/root/realms/StatelessOAuthToken-Lajzrd1TqRdkxpI",
        "tokenName": "access_token",
        "token_type": "Bearer",
        "authGrantId": "9f7a3de7-f231-4f80-a03a-7f18c27ee49d",
        "aud": "generated-id-TQgbPnLjdF02VbA",
        "nbf": 1486561442,
        "scope": [
          "scope1"
        ],
        "auth_time": 1486561442,
        "realm": "/StatelessOAuthToken-Lajzrd1TqRdkxpI",
        "exp": 1486561447,
        "iat": 1486561442,
        "expires_in": 5000,
        "jti": "d42fdd71-8bdd-4b84-8eef-9a682ae21010"
      }
      

      As you can see, no grant type in the JWT.

      How to reproduce

      Generate a stateless access token and inspect the JWT content with https://jwt.io/

      Expected result

      The following payload for the JWT:

      {
        "sub": "generated-username-fq5TnNWRYchqEpL",
        "auditTrackingId": "0d5ceb5f-627f-4afc-884c-b503e332b610",
        "iss": "http://openam.example.com:14080/openam/oauth2/realms/root/realms/StatelessOAuthToken-q4QC3tFVxnj2Wgf",
        "tokenName": "access_token",
        "token_type": "Bearer",
        "authGrantId": "5efa0daa-8de3-41ac-806d-4cc1ace0fc7a",
        "aud": "generated-id-0F7WKqFKgDSPqIo",
        "nbf": 1486569459,
        "grant_type": "password",
        "scope": [
          "scope1"
        ],
        "auth_time": 1486569459,
        "realm": "/StatelessOAuthToken-q4QC3tFVxnj2Wgf",
        "exp": 1486569464,
        "iat": 1486569459,
        "expires_in": 5000,
        "jti": "964f1ebf-b29a-422b-a9df-fc4ae13877fb"
      }
      

      Current result

      {
        "sub": "generated-username-pK0PCLRJlZoCE1i",
        "auditTrackingId": "bfe8ccc2-acdb-4fbf-a74f-074ef359a47e",
        "iss": "http://openam.example.com:14080/openam/oauth2/realms/root/realms/StatelessOAuthToken-Lajzrd1TqRdkxpI",
        "tokenName": "access_token",
        "token_type": "Bearer",
        "authGrantId": "9f7a3de7-f231-4f80-a03a-7f18c27ee49d",
        "aud": "generated-id-TQgbPnLjdF02VbA",
        "nbf": 1486561442,
        "scope": [
          "scope1"
        ],
        "auth_time": 1486561442,
        "realm": "/StatelessOAuthToken-Lajzrd1TqRdkxpI",
        "exp": 1486561447,
        "iat": 1486561442,
        "expires_in": 5000,
        "jti": "d42fdd71-8bdd-4b84-8eef-9a682ae21010"
      }
      

        Attachments

          Activity

            People

            • Assignee:
              sachiko Sachiko Wallace
              Reporter:
              quentin.castel Quentin CASTEL [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: