Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12477

id_token requested using grant_type=authorization_code returns auth_time in milliseconds

    Details

    • Target Version/s:
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Requesting an id_token using grant_type=authorization_code sets the auth_time within the id_token in milliseconds. The spec (http://openid.net/specs/openid-connect-core-1_0.html) says this should be in seconds. It only returns in milliseconds for this grant_type.

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Configure OpenID Connect service
      2. Configure OAuth2/OpenID Connect Agent
      3. Get code - http://openam.example.com:8080/openam/oauth2/authorize?response_type=code&client_id=myOAuth2Client&scope=openid&redirect_uri=http://www.google.co.uk
      4. Get access_token - http://openam.example.com:8080/openam/oauth2/access_token?grant_type=authorization_code&redirect_uri=http://www.google.co.uk&code=\code
      5. Decode the id_token jwt, auth_time shows in milliseconds
      Expected behaviour
      auth_time returns in seconds
      Current behaviour
      auth_time returns in milliseconds

      Work around

      Could use another flow but that's not ideal.

       

        Attachments

          Activity

            People

            • Assignee:
              dipu.seminlal Dipu Seminlal
              Reporter:
              aaron.haskins Aaron Haskins
            • Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: