Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14693

Supported Scope Description is omit, claim of the supported scope still displayed on consent screen

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 13.0.0, 6.0.0.5, 6.5.0.1
    • Fix Version/s: None
    • Component/s: oauth2, OpenID Connect
    • Labels:

      Description

      Bug description

      In documentation, it is mentioned that if the description of the supported scope has been omitted, it would not displayed on the consent page for the scope. However, the claim of the supported scope still displayed on the consent screen.

      How to reproduce the issue

      1. Configure OpenID Connect ([Realm]> Configure OAuth Provider > Configure OpenID Connect)
      2. In OpenAM 13.0.0: Create an OAuth 2 agent called myClientID ([Realm]>Agents>OAuth2.0/OpenID Connect Client) 
        In AM 6.x: Create an OAuth 2 agent called myClientID ([Realm]>Applications>OAuth2.0) 
      3. Configure the following in myClientID agent configuration:
        Redirection URIs : http://www.google.com
        Scope(s): openid
                          profile
        In AM 6.5.x: Allow implicit grant ([Realm]>Applications>OAuth2.0 >  [OAuth2.0 Name] > Advanced) 
      4. Configure the following in OAuth2Provider configuratoin ([Realm]>Services>OAuth2 Provider):
        Supported Scopes: profile|
        Supported Claims: name|Full name
                                         family_name|Family name
      5. Accessing the URL to get the access tokenhttp://am.example.com:8080/openam/oauth2/authorize?client_id=myClientID&redirect_uri=http://www.google.com.sg&response_type=id_token&scope=openid%20profile&nonce=1234
      1. Enter user credentials
      Expected behaviour
      Mentioned in (OpenAM 13, Reference & AM 6.5, OpenID Connect 1.0 Guide documentation) for Supported Scopes Attribute:
      If the description is also omitted, nothing is displayed on the consent page for the scope.
      Current behaviour
      The consent screen is showing the the supported claims of the scope which in this case is showing the claim of profile scope (img1).
      img1 is taken from OpenAM 13 but the behaviour is the same in AM 6.x.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                wanning.tan WanNing Tan
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: