Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16249

AM expects consent_response although agent's configured for implied consent

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.5.2.3
    • 5.5.3, 6.0.1, 7.0.0, 6.5.3
    • None
    • Rank:
      1|i00z2v:
    • AM Sustaining Sprint 75, AM Sustaining Sprint 76
    • 3
    • No
    • Yes
    • Yes and I used the same an in the description, Yes but I used my own steps. (If so, please add them in a new comment)
    • 0
    • Future
    • None

    Description

      Bug description

      Customer states there shouldn't be a consent_response parameter in an AuthZ Code request without using a browser when the OAuth 2.0 agent has "implied consent" enabled. Not even when a Remote Consent Service is configured (this is why AM is expecting this parameter, because we have a RMC configured), it makes no sense to expect this parameter when an agent is configured for implied consent.

      Customer believe there is a bug in core code:

      public ScopeResult getConsentedScopes(OAuth2ProviderSettings providerSettings, ClientRegistration clientRegistration, OAuth2Request request, ResourceOwner resourceOwner)

      How to reproduce the issue

      When send the Authorization Code Request without using a browser we're getting:

      consent_response parameter missing from request&state=abc123&error=invalid_request

       Implied consent is enabled for this OAuth agent

      Expected behaviour
      When e remote consent service is configured, there is no check whether the agent has implied consent enabled
      
      Current behaviour
      consent_response parameter missing from request
      

      Work around

       

      Code analysis

      
      

      Attachments

        Issue Links

          Activity

            People

              lawrence.yarham Lawrence Yarham
              greg.galanopoulos Greg Galanopoulos
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: