Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9198

Device flow usercode form send twice the user-code value when using acr_values but no mapping behind

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 13.5.0
    • Fix Version/s: None
    • Component/s: oauth2, XUI
    • Labels:
      None

      Description

      How to reproduce

      Specificity of this bug: You haven't configured a mapping but you still do a request with a acr_values.

      Setup an oauth2 environment:

      • create a oauth2 provider on the top realm
      • create a oauth2 agent called `DeviceGrantFlow`
      • add the scope "profile"
        Then try the device flow:

      call

      curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'response_type=token&scope=profile&client_id=DeviceGrantFlow&acr_values=chain1' "http://openam.example.com:13081/openam/oauth2/device/code"
      

      you get

      {
        "user_code": "PmmnSBMi",
        "device_code": "65e9af81-336c-4fea-885d-96606e25f3a6",
        "interval": 5,
        "expires_in": 300,
        "verification_url": "http://openam.example.com:13081/openam/oauth2/device/user"
      }
      

      then you got to the page

      http://openam.example.com:13081/openam/oauth2/device/user

      and you enter the user_code generated, here "PmmnSBMi"

      Expected output:

      Consent page

      Current:

      "invalid_request Invalid Request, duplicate request parameter found : user_code"

      because we are redirected to

      http://openam.example.com:13081/openam/oauth2/device/user?user_code=pnYeZAzq&user_code=pnYeZAzq

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                quentin.castel Quentin CASTEL [X] (Inactive)
                Reporter:
                quentin.castel Quentin CASTEL [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: