-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 13.0.0, 13.5.1, 14.1.1, 14.5.1
-
Component/s: oauth2
-
Labels:
-
Sprint:AM Sustaining Sprint 54, AM Sustaining Sprint 55, AM Sustaining Sprint 56, AM Sustaining Sprint 57, AM Sustaining Sprint 58
-
Story Points:5
-
Needs backport:No
-
Support Ticket IDs:
-
Verified Version/s:
-
Needs QA verification:No
-
Functional tests:Yes
-
Are the reproduction steps defined?:Yes and I used the same an in the description
Bug description
Authorization Grant response returns scope in the URL. RFC 6749 suggests only the code and state (if defined in the request) should be returned.
How to reproduce the issue
- Create OAuth2 Provider service
- Register an OAuth2 client profile
- Request authorization code using /authorize endpoint
- If authentication is successful, and the user allows access, an authorization code is returned, along with the scope(s).
Expected behaviour
Authorization Code is returned
Current behaviour
Authorization Code and scope(s) are returned
- caused
-
OPENAM-13929 Authorise endpoint against agent profile is currently failing and impacting performance tests
-
- Resolved
-
- is duplicated by
-
OPENAM-14087 TestScopes test failures
-
- Closed
-