Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8780

"Resource Owner did not authorize the request" error when running the OIDC sample


    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 12.0.0, 12.0.2
    • Fix Version/s: None
    • Component/s: samples
    • Labels:
    • Sprint:
      Sprint 109 - Shakespeare, Sprint 107 - Team Shakespeare, Sprint 108 - Team Shakespeare, Sprint 111 - Shakespeare, Sprint 112 - Shakespeare


      From support case 12674:

      I am trying to configure OpenIDConnect. I use this test client: https://github.com/ForgeRock/openid
      When trying the basic OpenIDConnect flow (authorization grant). I authenticate successfully and am asked to give consent (see screencap). However, when I click on 'Allow' I get redirected to my client application with the following error: "Resource Owner did not authorize the request"


      This error is specifically related to the consent and seems to be coming from this class: AuthorizationServiceImpl.java

      Do you have any idea what might be causing the issue? Is this a known bug?

      And from a GitHub notificarion:

      I have had issues with the fetching of the access token and the userinfo object in the cb-basic.html. I was prompted with a basic authentication form due to a 401 reply from OpenAM. Apperently I had to add the realm as a GET parameter. Next I had issues in fetching the userinfo object. Adding the realm to this ajax call resolved the issue as well.

      I have tried this code before when testing with OpenAM12 and then it worked like a charm. However, on OpenAM12.0.2 I need the realm to be added for everything to work.

      So the codechanges were quite simple:
      url: server + openam + access + "?"
      + encodeQueryData(

      { "realm": client_realm }



      url: server + openam + info + "?"
      + encodeQueryData(

      { "realm": client_realm }


      It would take a lot more effort to do a pull request and push my changes. So for this simple issue I think that is overkill.




            • Assignee:
              David.Goldsmith David Goldsmith
              David.Goldsmith David Goldsmith
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: