To reproduce the bug:
Firstly you will need to edit openam-oauth2/src/main/java/org/forgerock/oauth2/core/AgentOAuth2ProviderSettings.java to enable the Agent to use the code flow as follows:
Then change openam-oauth2/src/main/java/org/forgerock/openam/oauth2/AgentClientRegistration.java as follows:
In the following I have made these assumptions:
- hostname: openam.afb.com
- container #1 hosting AM deployed on port 8010
- container #2 hosting nothing in particular deployed on port 8030 (to be honest, I'm not sure you even need a container here), nonetheless you will need to choose a port number which I've assumed is 8030.
In the XUI, create a new Java Agent (in the root realm)
- Start up XUI
- Top Level Realm
- +Add Java Agent
Agent ID: FAKE
Agent URL: http://openam.afb.com:8030/fake
Server URL: http://openam.afb.com:8010/openam
Again in the XUI, create an ordinary user (in the root realm)
- +Add Identity
User ID: noggin
Install httpie. Sorry, I tried to get my script to work with curl and the -L option, but it was beyond my skills. If you feel you can edit the script so it doesn't need httpie, please feel free.
Make a copy of the attached script and edit the first few lines according to
the values you entered for Agent name, password and ordinary user and password.
Run the script as often as you like. You should see the output:
That's the bug.