Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17913

AM introspection endpoint fails to introspect Client based Access Tokens

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Not a defect
    • 7.0.0, 7.1.0, 7.0.1, 7.0.2
    • None
    • oauth2

    Description

      Bug description

      When trying to introspect a stateless access token the introspection endpoint just gives back the stateless access token JWT when the JSON Response format is selected. This used to work in 6.5.X.

      How to reproduce the issue

      Configure the Token Introspection response format to "JSON Response format" and introspect a stateless access token. 

      Expected behaviour
      curl "http://openam.example.com:8080/openam/oauth2/introspect" \
      --request POST \
      --header "Authorization: Basic bXljbGllbnQ6....." \
      --data "token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1......." | jq .
      {
       "active": true,
       "auditTrackingId": "41db3658-874b-4a97-b783-0a2015e3ed05-19121",
       "auth_level": 0,
       "client_id": "myclient",
       "exp": 1620732466,
       "expires_in": 3600,
       "iss": "http://openam.example.com:8080/openam/oauth2",
       "scope": "read",
       "sub": "demo",
       "token_type": "Bearer",
       "user_id": "demo"
      }
      
      Current behaviour
      curl "http://openam.example.com:8080/openam/oauth2/introspect" \ --request POST \ --header "Authorization: Basic bXljbGllbnQ6....." \ --data "token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1......."
      
      Response:
      eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1.......
      

      Work around

      No work around available.

      Attachments

        Activity

          People

            Unassigned Unassigned
            jelle.v Jelle Verbraak
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: