[OPENAM-12477] id_token requested using grant_type=authorization_code returns auth_time in milliseconds - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 14.5.0, 14.5.1, 6.0.0
Fix Version/s: 6.0.0, 5.5.2
Component/s: oauth2, OpenID Connect
Labels:
- AME
- Must-Fix

Target Version/s:

6.0.0

Needs backport:

Yes

Support Ticket IDs:

Verified Version/s:

5.5.2
Needs QA verification:

Yes
Functional tests:

No
Are the reproduction steps defined?:

Yes and I used the same an in the description

Description

Bug description

Requesting an id_token using grant_type=authorization_code sets the auth_time within the id_token in milliseconds. The spec (http://openid.net/specs/openid-connect-core-1_0.html) says this should be in seconds. It only returns in milliseconds for this grant_type.

How to reproduce the issue

Details steps outlining how to recreate the issue (remove this text)

Configure OpenID Connect service
Configure OAuth2/OpenID Connect Agent
Get code - http://openam.example.com:8080/openam/oauth2/authorize?response_type=code&client_id=myOAuth2Client&scope=openid&redirect_uri=http://www.google.co.uk
Get access_token - http://openam.example.com:8080/openam/oauth2/access_token?grant_type=authorization_code&redirect_uri=http://www.google.co.uk&code=\code
Decode the id_token jwt, auth_time shows in milliseconds

Expected behaviour

auth_time returns in seconds

Current behaviour

auth_time returns in milliseconds

Work around

Could use another flow but that's not ideal.

Attachments

Activity

People

Assignee:

Dipu Seminlal

Reporter:

Aaron Haskins

Votes:

2 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

20/Feb/18 4:12 PM

Updated:

29/Apr/20 3:08 PM

Resolved:

22/Mar/18 3:01 PM