Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6160

auth_time is updated when refreshing token

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.0, 12.0.0, 12.0.1, 13.0.0
    • Fix Version/s: 12.0.4, 13.5.1, 14.0.0
    • Component/s: OpenID Connect
    • Labels:
    • Rank:
      1|hzrw5z:
    • Sprint:
      AM Sustaining Sprint 24, AM Sustaining Sprint 25, AM Sustaining Sprint 26

      Description

      auth_time is always updated when refreshing an access token.

      Steps to reproduce:
      1. Get an access_token and refresh_token.

      curl --request POST --data "grant_type=password&client_id=myClientID&client_secret=password&username=amadmin&password=password&scope=profile" http://openam.example.co.jp:8080/openam/oauth2/access_token
      

      2. Refresh the access token.

      curl --request POST --data "grant_type=refresh_token&client_id=myClientID&client_secret=password&refresh_token=[refresh token got at step1.]" http://openam.example.co.jp:8080/openam/oauth2/access_token
      

      3. Do it again.

      curl --request POST --data "grant_type=refresh_token&client_id=myClientID&client_secret=password&refresh_token=[refresh token got at step2.]" http://openam.example.co.jp:8080/openam/oauth2/access_token
      

      -> The auth_time in the step3's ID token is different from that in the step2's ID token.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              sachiko Sachiko Wallace
              Reporter:
              kohei kohei
              QA Assignee:
              Filip Kubáň [X] Filip Kubáň [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: