Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16395

HTTP 302 error=login_required instead of consent approval when in authorization code flow with max_age=""

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 6.5.3
    • Fix Version/s: None
    • Component/s: OpenID Connect
    • Labels:

      Description

      Bug description

      There is HTTP 302 error=login_required instead of consent approval when authorization code flow  is called with max_age=""

      How to reproduce the issue

      as described in OPENAM-12759 using max_age="" or modify RequestParameter test

                      when("making request to authorize endpoint", () -> {
                              when("the request parameter JWT is using max_age", () -> {
                                  before(() -> {
                                      setupClient(JWSAlgorithm.HS256, JWEAlgorithm.NONE, EncryptionMethod.NONE);
                                  });
                                  describe("with string type for backward compatibility", () -> {
                                      it("gets an authorization code", () -> {
                                          requestParameterClaims.claim("max_age", "86400");
                                          canGetAuthorizationCode(RequestParameterMode.REQUEST_PARAMETER,
                                                  TestUseCase.signed(JWSAlgorithm.HS256));
                                      });
                                  });
      

      and set "" instead of "86400"

      Expected behaviour
      AM should be able to work with max_age="" if it is able to work with max_age="86400". If max_age=0 consent approval is displayed. If max_age="" we need to decide if it is same as if not max_age is defined.
      
      Current behaviour
      HTTP 302 error=login_required instead of consent approval
      

      Work around

      OPTIONAL - If you have a workaround, please put the details here (remove this text)

      Code analysis

      OPTIONAL - If you already investigated the code, please share your finding here (remove this text)

      org.forgerock.$className.java
      ...
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lubomir.mlich Ľubomír Mlích
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: