Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8690

OIDC/OAuth2 client should always be able to request and obtain any scope they are configured for

    Details

    • Sprint:
      AM Sustaining Sprint 20, AM Sustaining Sprint 21, AM Sustaining Sprint 24, AM Sustaining Sprint 25
    • Support Ticket IDs:

      Description

      In some contexts, there is a restriction on what an OIDC client can request. There may be more than one scenario, but the scenario highlighted is the following:

      Steps to reproduce:

      • Set OpenAM as OpenID connect provider
      • Register an OIDC/OAuth2 client with scope openid
      • Start a pure OAuth2 Implicit flow: response_type=token and do not request openid in the scopes

      Expected behaviour: Obtains an access_token
      Current behaviour: "invalid response type" error.

      The decision should be based on requested scopes compared to registered scopes, independently of whether the flow is OAuth2 or OIDC.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                quentin.castel Quentin CASTEL [X] (Inactive)
                Reporter:
                nathalie.hoet Nathalie Hoet
                QA Assignee:
                Andrew Vinall
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: