Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6160

auth_time is updated when refreshing token

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.0, 12.0.0, 12.0.1, 13.0.0
    • Fix Version/s: 12.0.4, 13.5.1, 14.0.0
    • Component/s: OpenID Connect
    • Labels:
    • Sprint:
      AM Sustaining Sprint 24, AM Sustaining Sprint 25, AM Sustaining Sprint 26

      Description

      auth_time is always updated when refreshing an access token.

      Steps to reproduce:
      1. Get an access_token and refresh_token.

      curl --request POST --data "grant_type=password&client_id=myClientID&client_secret=password&username=amadmin&password=password&scope=profile" http://openam.example.co.jp:8080/openam/oauth2/access_token
      

      2. Refresh the access token.

      curl --request POST --data "grant_type=refresh_token&client_id=myClientID&client_secret=password&refresh_token=[refresh token got at step1.]" http://openam.example.co.jp:8080/openam/oauth2/access_token
      

      3. Do it again.

      curl --request POST --data "grant_type=refresh_token&client_id=myClientID&client_secret=password&refresh_token=[refresh token got at step2.]" http://openam.example.co.jp:8080/openam/oauth2/access_token
      

      -> The auth_time in the step3's ID token is different from that in the step2's ID token.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                kohei kohei
                QA Assignee:
                Filip Kubáň [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: