Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16373

Device code authorization flow to support latest draft version (remove response_type parameter from authorization request)

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.0.0, 6.5.0, 6.5.1, 6.5.2, 6.5.2.1, 6.5.2.2, 6.5.2.3
    • Fix Version/s: None
    • Labels:
    • Rank:
      1|i019xz:
    • Support Ticket IDs:

      Description

      In the OAuth2 Guide https://backstage.forgerock.com/docs/am/6.5/oauth2-guide/#rest-api-oauth2-device-code the OAuth2 device flow shows it supports draft https://tools.ietf.org/html/draft-ietf-oauth-device-flow-03

      This is further established within AMs code

      // Client ID, Response Type and Scope are required, all other parameters are optional
       String clientId = request.getParameter(CLIENT_ID);
       String scope = request.getParameter(SCOPE);
       String responseType = request.getParameter(RESPONSE_TYPE);
       if (isEmpty(clientId) || isEmpty(scope) || isEmpty(responseType)) {
       throw new OAuth2ChfException(400, "bad_request",
       "client_id, scope and response_type are required parameters", state);

      This showing that the response_type parameter is a requirement for authorization requests.

      In the latest draft https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15 it shows that this parameter is no longer a requirement 

      o response_type parameter removed from authorization request.

       

      The RFE is for AM to support the latest device flow draft '15' so that the response_type parameter is no longer required.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jason.yuen Jason Yuen
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: