Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11275

Ops tokens are stored for Oauth2 tokens without the OIDC scope

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 13.5.2, 14.5.0
    • Component/s: None
    • Labels:
    • Needs backport:
      No
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Ops tokens used to represent a reference to the original session that was authenticated in order to provide the original tokens in order to be able to implement the OpenID Connect session management endpoints.

      When then openid scope is not being requested there is no session management available so there is no point in storing the ops tokens in CTS

      Steps to reproduce

      • Clear out all tokens from the CTS.
      • Perform a non-OpenID Connect OAuth 2.0 stateless token flow to get access and refresh tokens
      • Check the tokens created

      Expected

      • either OAUTH_STATELESS or OAUTH_STATELESS_GRANT tokens should have been created, and optionally an OAUTH token that is the authorization code, if used.

      Actual

      • An additional OAUTH token with an ops value is in the CTS

       

        Attachments

          Activity

            People

            • Assignee:
              gabor.melkvi Gabor Melkvi
              Reporter:
              gabor.melkvi Gabor Melkvi
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: