Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17440

OAuth2 doesn't error if IAT attribute is not issued yet set mandatory

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 7.0.1
    • None
    • oauth2
    • Rank:
      1|i03nzj:

    Description

      Bug description

      Even though the OAuth2 Service Provider can be configured so that IAT (Issued AT Time) is a mandatory attribute, when a new dynamic client is registered with an SSA and it is missing the IAT attribute instead of producing an error, a HTTP 201 Accept is replied as the result which is a success.

      Expected behaviour
      ERROR
      Current behaviour
      HTTP 201 Accepted
      

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            graham.horne1 Graham Horne [X] (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated: