Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12079

Cannot use prompt=login with device flow

    Details

    • Sprint:
      2017.15 "Lowry" Turing, 2017.16 "Monet" Turing
    • Needs backport:
      Yes
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Attempting to use the OIDC prompt=login hint during an OAuth 2.0 device flow fails as the user is not able to complete the flow. Not sure when this bug was introduced, but at least affects 5.5 and 6.

      How to reproduce the issue

      1. Setup AM for OpenID Connect and create a client with "openid" scopes
      2. Open a browser and login to the correct realm
      3. Begin a device flow requesting scope=openid and prompt=login:
        curl -X POST -d 'client_id=test&scope=openid&response_type=code&prompt=login' https://openam.example.com:8443/openam/oauth2/realms/root/realms/edge/device/code
        
      1. Navigate to the verification_uri and enter the user code
      Expected behaviour

      User should be prompted to authenticate again and then approve the request.

      Current behaviour

      User is always prompted to login again even if they already have a session and prompt=login is not specified. If it is specified then the user is prompted to login twice and then the flow fails with "invalid_request Invalid Request, duplicate request parameter found : user_code". The URL does at that point contain a duplicate user_code parameter:

      device/user?user_code=4m45mQGz&user_code=4m45mQGz

      Work around

      Don't use prompt=login as that is the only behaviour anyway.

       

        Attachments

          Activity

            People

            • Assignee:
              rich.riley Rich Riley [X] (Inactive)
              Reporter:
              neil.madden Neil Madden
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: