-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 13.5.2, 14.1.1, 14.5.0, 14.5.1, 14.1.2
-
Component/s: oauth2, OpenID Connect
-
Labels:
Bug description
The ops claim, which link the original session to the id token, is not generated in the case of the implicit grant flow. Therefore, the endSession is not killing the original session, in the case of an id token generated by the implicit grant flow
How to reproduce the issue
- enable "Store Ops Tokens"
- Generate an id token via the implicit grant flow
Expected behaviour
The id token should contain the ops claim
Current behaviour
the ops claim is not present in the id token
Work around
There is none
- is caused by
-
OPENAM-10782 endSession with an id_token generated from a refresh_token request does not destroy the session
-
- Resolved
-
- is duplicated by
-
OPENAM-11559 ops tokens missing from implicit and resource owner flows
-
- Closed
-