Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13082

Address claim in default OIDC claims script outputs non-spec compliant format

    Details

    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      The 'address' claim resolver mapping code in the default OIDC claims script results in a non-spec compliant format as demonstrated when accessing the userinfo endpoint. 

      This also has the side-effect of causing a display problem with the consent page.

      Currently the script contains this:

      "address": { claim, identity -> [ "formatted" : userProfileClaimResolver("postaladdress", claim, identity) ] },   

      How to reproduce the issue

      1). Set up an AM OIDC environment where the address scope is requested and populated.

      2). Access the userinfo endpoint and verify the current response format for address.

      Expected behaviour
      { 
      "address": {
        "formatted": "123 a street"
       },
       "given_name": "demo",
       "family_name": "demo",
       "name": "demo",
       "sub": "demo"
      }
      
      Current behaviour
      {
       "formatted": {
        "address": "123 a street"
       },
       "given_name": "demo",
       "family_name": "demo",
       "name": "demo",
       "sub": "demo"
      }
      

      Work around/adjustment to the OIDC claims script

      Edit the OIDC claims script and add the following section:

      addressClaimResolver = { identity ->
          return [
            "formatted" : fromSet("postaladdress", identity.getAttribute("postaladdress")),
            "street_address": "",
            "locality": "",
            "region" : "",
            "postal_code": "",
            "country" : ""
          ]
      }

      Note that this includes the rest of the fields from the OIDC spec (unimplemented) - delete or complete these as desired.  Reference: http://openid.net/specs/openid-connect-core-1_0.html#AddressClaim

      ...and then adjust the existing address line in the claimAttributes section so that it becomes:

      "address": { claim, identity -> [ "address": addressClaimResolver(identity)] },

      This should give the following output from the userinfo endpoint:

      {
       "address": {
        "formatted": "123 a street",
        "street_address": "",
        "locality": "",
        "region": "",
        "postal_code": "",
        "country": ""
       },
       "given_name": "demo",
       "family_name": "demo",
       "name": "demo",
       "sub": "demo"
      }

      ...or like this if the other fields from the addressClaimResolver part of the script are removed:

      {
       "address": {
        "formatted": "123 a street"
       },
       "given_name": "demo",
       "family_name": "demo",
       "name": "demo",
       "sub": "demo"
      }

      Note that this adjustment will also allow the consent page to display correctly.

        Attachments

          Activity

            People

            • Assignee:
              sean.oneill Sean ONeill [X] (Inactive)
              Reporter:
              andy.itter Andy Itter
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: