Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-4333

OAuth2 endpoint doesn't honour realm DNS aliases - must specify realm via URL query string

    Details

    • Sprint:
      Sprint 71 - Team Tesla, Sprint 72 - Team Tesla, Sprint 73 - Team Tesla, Sprint 74 - Team Tesla, Sprint 75 - Team Tesla, Sprint 76 - Team Tesla
    • Support Ticket IDs:

      Description

      This may be classified as a bug or improvement, depending on expectations of the realm DNS alias functionality.

      On a vanilla OpenAM install, setup a subrealm with working DNS alias support and add an oauth2 provider to the realm. Set the access token lifetime to something distinguishable so it is easy to see which configuration is used, e.g 77.

      Then, as an example, the following call will still use the root realm configuration, despite using the subrealm DNS alias:

      $ curl --request POST --user "oauth2:oauth2" --data "grant_type=client_credentials" "http://subrealm.example.com:8080/openam/oauth2/access_token"
      {"expires_in":59,"token_type":"Bearer","access_token":"7bb339bc-aa14-42a7-98fc-a1e5573e1b2c"}
      

      Specifying the realm via URL query string (as is in the documentation) works.

      $ curl --request POST --user "oauth2:oauth2" --data "grant_type=client_credentials" "http://openam.example.com:8080/openam/oauth2/access_token?realm=subrealm"
      {"expires_in":76,"token_type":"Bearer","access_token":"4a135a57-0dc2-422a-af1b-831c9d18f148"}
      

      Allowing the realm to also be specified in the POST data might also be a useful improvement to help consistency vs other OpenAM endpoints.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jamesphillpotts James Phillpotts
                Reporter:
                ian.packer Ian Packer [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: