Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14548

consent page still shows what's been granted/removed as a result of OAuth2 scope policy evaluation

    Details

    • Sprint:
      AM Sustaining Sprint 60, AM Sustaining Sprint 61, AM Sustaining Sprint 62
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Subject Condition does not apply to OAuth 2.0 Policies.

      How to reproduce the issue

      1. Following the documentation :
        To Configure Access Management for the Examples
        https://backstage.forgerock.com/docs/am/6/authorization-guide/#proc-configure-oauth-policy-example-env
      2. On the Subjects tab, specify the subject condition  Not... Authenticated Users. Save your changes.
      3. To Test OAuth 2.0 Policies in an Interactive OpenID Connect Flow
      http://am.example.com:8080/openam/oauth2/authorize?nonce=123&state=456&scope=openid+email+profile&response_type=id_token&client_id=myClientID&redirect_uri=http://www.google.com.sg
      
      Expected behaviour
      ID Token should not be issued.
      
      Current behaviour
      ID Token is issued.
      URL of the Browser :
      https://www.google.com.sg/#scope=openid%20profile%20email&id_token=eyJ0eXAiOiJKV1QiLCJraWQiOiI0aUNLRkIwUlhJeHl0b3IxcjNUb0JkUmlldnM9IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJkZW1vIiwiYXVkaXRUcmFja2luZ0lkIjoiM2VmMWQ4NTYtZDVmMS00MzkxLThkZjMtZGYxMjhlMGFjY2FlLTM3MjU4IiwiaXNzIjoiaHR0cDovL2FtLmV4YW1wbGUuY29tOjgwODAvb3BlbmFtL29hdXRoMiIsInRva2VuTmFtZSI6ImlkX3Rva2VuIiwibm9uY2UiOiIxMjMiLCJhdWQiOiJteUNsaWVudElEIiwiYWNyIjoiMCIsIm9yZy5mb3JnZXJvY2sub3BlbmlkY29ubmVjdC5vcHMiOiJDc2lQX1BMWE0xNVU0ZElUbUlHcXlNdzd0LTgiLCJzX2hhc2giOiJzNmpnNGZtckdfNDZOdkl4OW5iM2l3IiwiYXpwIjoibXlDbGllbnRJRCIsImF1dGhfdGltZSI6MTU1MTg2MTM0MiwibmFtZSI6ImRlbW8iLCJyZWFsbSI6Ii8iLCJleHAiOjE1NTE4NjUwMzIsInRva2VuVHlwZSI6IkpXVFRva2VuIiwiaWF0IjoxNTUxODYxNDMyLCJmYW1pbHlfbmFtZSI6ImRlbW8iLCJlbWFpbCI6ImFiY0BleGFtcGxlLmNvbSJ9.eFj9gVMhd7UY_TspPFk6dZ1FL_GeiCDT8622P6sRmi2alkBQtSM9-cJD_LHZ9kG0eNiXnBpv_cMsDDr_oDU3kchI-R9XpNRvtYydG1jomijH4WiRt0TkaFMTB0o3TLpwr9D-FNPhe89lnvho33_V9C-k7OZFSpQD0iO5oZSNZ3BRte0zUGsTZVp8r9XQgVYvwPBaCdp-N5loAWgsft6byFIG96hRkTZ42Mc5g7Hl1YL68Ew68oIs_C1seI0i79VgnzuRP01Bl3pjRTFvaKgh92Fd9T11lP_4pf-PjJOaZ2ecv9euoXA6iM55JEcftq9gDg03-j2XpGdHFaJeYcwqhg&state=456
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                wanning.tan WanNing Tan
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: