Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13434

grant_types_supported is not returned in the well-know and this is not optional

    Details

    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Again a miss-interpretation of the wording 'OPTIONAL' in the OIDC spec on our side.

      grant_types_supported
      OPTIONAL. JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. Dynamic OpenID Providers MUST support the authorization_code and implicit Grant Type values and MAY support other Grant Types. If omitted, the default value is ["authorization_code", "implicit"].
      

      Optional here means that it may be return in the json answer or not. If it's not, it means the OIDC provider, so AM, only support "authorization_code" and "implicit".
      AM needs to populate this field grant_types_supported to list the supported grant type, otherwise it's missleading and incorrect.

      http://openid.net/specs/openid-connect-discovery-1_0.html

      How to reproduce the issue

      call the wellknown:
      https://as.aspsp.ob.forgerock.financial/oauth2/.well-known/openid-configuration

      Expected behaviour
      GRANT TYPE SUPPORT LIST
      
      Current behaviour
      Empty
      

      In my OB setup, I would expect AM to return ["authorization_code","client_credentials"]

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ken.stubbings Ken Stubbings
                Reporter:
                quentin.castel Quentin CASTEL [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: