Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12018

Error in Documentation for UMA 2.0 Guide, Procedure 2.12. Obtain an RPT

    Details

    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      Bug description

      There is an error in the documentation for UMA 2.0 Guide, Procedure 2.12 Obtain an RPT that result not able to get RPT.

      How to reproduce the issue

      1. Permission ticket (Procedure 2.10 in UMA 2.0 Guide documentation)
      2. Gather claim (Procedure 2.11 in UMA 2.0 Guide documenation)
      3. Obtain RPT 
      Expected behaviour

      The first POST request should get the error description where client is not authorised to access the requested resource set.

      curl -X POST \
        --header 'authorization: Basic VW1hQ2xpZW50OnBhc3N3b3Jk' \
        --header 'cache-control: no-cache' \
        --header 'content-type: application/x-www-form-urlencoded' \
        --data 'grant_type=[
           {
             "key":"grant_type",
             "value":"urn:ietf:params:oauth:grant-type:uma-ticket",
             "description":""
           }]' \
        --data 'ticket=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwOi8vb3BlbmFt
                     LmRlZmF1bHQuZXhhbXBsZS5jb206ODAvb3BlbmFtL29hdXRoMiIsImlzcyI6Imh0d
                     HA6Ly9vcGVuYW0uZGVmYXVsdC5leG$' \
        --data 'scope=read' \
        --data 'claim_token=eyJ0eXAiOiJKV1QiLCJraWQiOiJiL082T3ZWdjEreStXZ3JINVVpOVdUaW9MdDA
                       9IiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoieWExdHlyZFdBTTYwWGlfLU5
                       EUTc4ZyIsInN1YiI6ImJvYiIsImF1ZG$' \
        --data 'claim_token_format=http://openid.net/specs/openid-connect-core-1_0.html#IDToken' \
      https://openam.example.com:8443/openam/oauth2/access_token
      {
        "ticket": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwOi8vb3BlbmFt
                   LmRlZmF1bHQuZXhhbXBsZS5jb206ODAvb3BlbmFtL29hdXRoMiIsImlzcyI6Imh0d
                   HA6Ly9vcGVuYW0uZGVmYXVsdC5leGFtcGxlLmNvbTo4MC9vcGVuYW0vb2F1dGgyIi
                   wiaXQiOjEsImV4cCI6MTUwNzE0ODEzNSwidGlkIjoiNTkzNmExOGMtOGE2OC00YTI
                   xLTliOGQtZWViNzIyOGEwMDY3MCIsImZvcmdlcm9jayI6eyJzaWciOiIqP2pMUEVV
                   M3hYNm5RbU8-YXFXZ0d9aTJ1OjNnLlRrc2FKI3UpXnokIn19.a9JpfsXS09CNvr2B
                   RtLDO-t4ZCnmrHr2h3auXPeJi3E",
        "error_description": "The client is not authorised to access the requested resource set. A request has been submitted to the resource owner requesting access to the resource",
        "error": "request_submitted"
      }
      
      Current behaviour

      The invalid grant type value result in error and unable to obtain RPT.

      curl -X POST \
        --header 'authorization: Basic VW1hQ2xpZW50OnBhc3N3b3Jk' \
        --header 'cache-control: no-cache' \
        --header 'content-type: application/x-www-form-urlencoded' \
        --data 'grant_type=[
           {
             "key":"grant_type",
             "value":"urn:ietf:params:oauth:grant-type:uma-ticket",
             "description":""
           }]' \
        --data 'ticket=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwOi8vb3BlbmFt
                     LmRlZmF1bHQuZXhhbXBsZS5jb206ODAvb3BlbmFtL29hdXRoMiIsImlzcyI6Imh0d
                     HA6Ly9vcGVuYW0uZGVmYXVsdC5leG$' \
        --data 'scope=read' \
        --data 'claim_token=eyJ0eXAiOiJKV1QiLCJraWQiOiJiL082T3ZWdjEreStXZ3JINVVpOVdUaW9MdDA
                       9IiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoieWExdHlyZFdBTTYwWGlfLU5
                       EUTc4ZyIsInN1YiI6ImJvYiIsImF1ZG$' \
        --data 'claim_token_format=http://openid.net/specs/openid-connect-core-1_0.html#IDToken' \
      https://openam.example.com:8443/openam/oauth2/access_token
      {
      "error_description": "Unknown Grant Type, [\n {\n \"key\":\"grant_type\",\n \"value\":\"urn:ietf:params:oauth:grant-type:uma-ticket\",\n \"description\":\"\"\n }]",
      "error": "unsupported_grant_type"
      }
      

      Work around

      The grant_type change to --data 'grant_type=urn:ietf:params:oauth:grant-type:uma-ticket'

      curl -X POST \
        --header 'authorization: Basic VW1hQ2xpZW50OnBhc3N3b3Jk' \
        --header 'cache-control: no-cache' \
        --header 'content-type: application/x-www-form-urlencoded' \
        --data 'grant_type=urn:ietf:params:oauth:grant-type:uma-ticket' \
        --data 'ticket=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwOi8vb3BlbmFt
                     LmRlZmF1bHQuZXhhbXBsZS5jb206ODAvb3BlbmFtL29hdXRoMiIsImlzcyI6Imh0d
                     HA6Ly9vcGVuYW0uZGVmYXVsdC5leG$' \
        --data 'scope=read' \
        --data 'claim_token=eyJ0eXAiOiJKV1QiLCJraWQiOiJiL082T3ZWdjEreStXZ3JINVVpOVdUaW9MdDA
                       9IiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoieWExdHlyZFdBTTYwWGlfLU5
                       EUTc4ZyIsInN1YiI6ImJvYiIsImF1ZG$' \
        --data 'claim_token_format=http://openid.net/specs/openid-connect-core-1_0.html#IDToken' \
      https://openam.example.com:8443/openam/oauth2/access_token
      {
        "ticket": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwOi8vb3BlbmFt
                   LmRlZmF1bHQuZXhhbXBsZS5jb206ODAvb3BlbmFtL29hdXRoMiIsImlzcyI6Imh0d
                   HA6Ly9vcGVuYW0uZGVmYXVsdC5leGFtcGxlLmNvbTo4MC9vcGVuYW0vb2F1dGgyIi
                   wiaXQiOjEsImV4cCI6MTUwNzE0ODEzNSwidGlkIjoiNTkzNmExOGMtOGE2OC00YTI
                   xLTliOGQtZWViNzIyOGEwMDY3MCIsImZvcmdlcm9jayI6eyJzaWciOiIqP2pMUEVV
                   M3hYNm5RbU8-YXFXZ0d9aTJ1OjNnLlRrc2FKI3UpXnokIn19.a9JpfsXS09CNvr2B
                   RtLDO-t4ZCnmrHr2h3auXPeJi3E",
        "error_description": "The client is not authorised to access the requested resource set. A request has been submitted to the resource owner requesting access to the resource",
        "error": "request_submitted"
      }
      

        Attachments

          Activity

            People

            • Assignee:
              austingene Gene Hirayama
              Reporter:
              wanning.tan WanNing Tan
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: