Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16358

OIDC authentication nodes do not work when response_mode=form_post is requested from OP

    Details

    • Support Ticket IDs:

      Description

      When using OpenID Connect node in a tree and requesting response_mode=form_post (https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html) from the OP (in the aurthorize request), the response from the OP is in the form of a POST to the redirect URL with a self submitting form in the payload. This does not work and as the redirect URL
      is the XUI endpoint, it just starts a new authentication flow.

      This is particularly important when using "Sign in with Apple". Apple OP does not return any default claims in the id_token, so to get usable claims, the client has to provide them in the scope as part of the call to the authorize endpoint of Apple. But Apple requires the response_mode=form_post if any scopes are requested, according to https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms

      Interestingly, as an OP, AM supports the response_mode=form_post.

      Acceptance Criteria

      • Social Provider Handler Node is spec compliant vis a vis a form_post during auth flow redirect.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                sandeep.chaturvedi Sandeep Chaturvedi
              • Votes:
                1 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated: