Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14882

OAuth2 do not log scopes while using device code flow

    Details

    • Type: Bug
    • Status: Reopened
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.1, 5.5.2, 7.0.0
    • Fix Version/s: None
    • Component/s: audit logging
    • Labels:
      None
    • Security categories:
      OWASP Insufficient Logging and Monitoring

      Description

      OAuth2 Auditing and Monitoring records requested scopes in access event detail field test fails using device code flow. Test is working for other three flows:

      java.lang.AssertionError: Expected the child scope from /response.detail to defined
      	at org.assertj.core.api.AbstractAssert.failWithMessage(AbstractAssert.java:116)
      	at org.forgerock.json.test.assertj.AssertJJsonValueAssert$AbstractJsonValueAssert.hasPath(AssertJJsonValueAssert.java:389)
      	at org.forgerock.json.test.assertj.AssertJJsonValueAssert$AbstractJsonValueAssert.stringAt(AssertJJsonValueAssert.java:291)
      	at com.forgerock.openam.functionaltest.oauth2.OAuth2Auditing.<cuppa test>(OAuth2Auditing.java:319)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lubomir.mlich Ľubomír Mlích
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: