Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15676

iat attribute not returned during introspection for an access token

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.2.1, 6.5.2.2
    • Fix Version/s: None
    • Component/s: oauth2
    • Labels:
    • Support Ticket IDs:

      Description

      Bug description

      Obtain iat attribute during introspection for an access token

      How to reproduce the issue

      During introspection get for example:

      1. curl --request POST --header "Authorization: Basic b3BlbmlkbTpXZWxjb21lMQ==" --data "token=eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiJhbWFkbWluIiwiY3RzIjoiT0FVVEgyX1NUQVRFTEVTU19HUkFOVCIsImF1dGhfbGV2ZWwiOjAsImF1ZGl0VHJhY2tpbmdJZCI6ImY5NDM0NmY4LTE0NDktNDIzMy1hNjhlLTRmZjZhN2FmMDQ2NS03MzA0IiwiaXNzIjoiaHR0cDovL29wZW5hbS5leGFtcGxlLmNvbTo4MDgwL0FNNjUyL29hdXRoMiIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6Ijlmd3NFMUlzWVVXQ0pVc2xWeFNxZldtb2VIRSIsImF1ZCI6Im9wZW5pZG0iLCJuYmYiOjE1NzM1NzUwNTAsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJzY29wZSI6WyJvcGVuaWQiXSwiYXV0aF90aW1lIjoxNTczNTc0OTgzLCJyZWFsbSI6Ii8iLCJleHAiOjE1NzM1Nzg2NTAsImlhdCI6MTU3MzU3NTA1MCwiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiSHA1ZU9Rd1E0YXl0QnhlNnJBQ1gxZWhQV3BnIn0.pjk1zvXFjRrLDszH0zdfUvlzUncVZgyRjS04bUtiZso" http://openam.example.com:8080/AM652/oauth2/introspect
      2. This will be the result without the iat property: {"active":true,"scope":"openid","client_id":"openidm","user_id":"amadmin","token_type":"Bearer","exp":1573578650,"sub":"amadmin","iss":"http://openam.example.com:8080/AM652/oauth2","auth_level":0,"auditTrackingId":"f94346f8-1449-4233-a68e-4ff6a7af0465-7304","cts":"OAUTH2_STATELESS_GRANT","expires_in":3600}
      3.  
      Expected behaviour
      {  "sub": "amadmin",  "cts": "OAUTH2_STATELESS_GRANT",  "auth_level": 0,  "auditTrackingId": "f94346f8-1449-4233-a68e-4ff6a7af0465-7304",  "iss": "http://openam.example.com:8080/AM652/oauth2",  "tokenName": "access_token",  "token_type": "Bearer",  "authGrantId": "9fwsE1IsYUWCJUslVxSqfWmoeHE",  "aud": "openidm",  "nbf": 1573575050,  "grant_type": "authorization_code",  "scope": [    "openid"  ],  "auth_time": 1573574983,  "realm": "/",  "exp": 1573578650,  "iat": 1573575050,  "expires_in": 3600,  "jti": "Hp5eOQwQ4aytBxe6rACX1ehPWpg"}
      
      Current behaviour
      {"active":true,"scope":"openid","client_id":"openidm","user_id":"amadmin","token_type":"Bearer","exp":1573578650,"sub":"amadmin","iss":"http://openam.example.com:8080/AM652/oauth2","auth_level":0,"auditTrackingId":"f94346f8-1449-4233-a68e-4ff6a7af0465-7304","cts":"OAUTH2_STATELESS_GRANT","expires_in":3600}
      

      Work around

       

      Code analysis

       

      org.forgerock.$className.java
      ...
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              george.nikolaidis George Nikolaidis
            • Votes:
              4 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: