-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 5.5.1, 6.0.0, 6.5.0, 6.5.0.1, 6.0.0.7, 6.5.1, 6.5.0.2, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3
-
Component/s: OpenID Connect
-
Labels:
-
Sprint:AM Sustaining Sprint 73, AM Sustaining Sprint 74
-
Story Points:3
-
Needs backport:Yes
-
Support Ticket IDs:
-
Verified Version/s:
-
Needs QA verification:Yes
-
Functional tests:Yes
-
Are the reproduction steps defined?:Yes and I used the same an in the description
Bug description
When doing an authorization code flow, you can specify an option call max_age.
Currently, AM is expecting this value to be a String but the standard says it should be a number.
How to reproduce the issue
Do an authorization code grant flow with the option max_age.
Expected behaviour
the login page
Current behaviour
An internal server error that is actually catch up and returned as "The request requires login" which makes completely no sense.
Work around
Use max age as a string
- is related to
-
OPENAM-16395 HTTP 302 error=login_required instead of consent approval when in authorization code flow with max_age=""
-
- Open
-