[OPENAM-14633] User is not prompted for consent when requesting different scopes to those previously requested and saved Created: 18/Mar/19  Updated: 29/Mar/19  Resolved: 27/Mar/19

Status: Closed
Project: OpenAM
Component/s: oauth2
Affects Version/s: 6.5.0
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Aaron Haskins Assignee: Unassigned
Resolution: Not a defect Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
is related to OPENAM-14683 Update AM 6.5 Release Notes to docume... Resolved
is related to OPENAM-8479 OAuth2 Scriptable/policy-driven Scopes Resolved
Support Ticket IDs:

 Description   

Bug description

If a resource owner has already consented to saving a set of scopes, when a different set of scopes is requested, consent is NOT requested

How to reproduce the issue

  1. Create OAuth2 Provider
  2. Set description in OAuth2 Provider > Consent > Saved Consent Attribute Name
  3. Add description to Identity Stores > embedded > User Configuration > LDAP User Attributes
  4. Create OAuth2 Client with scopes profile and mail
  5. Use OAuth2 authorize endpoint and request scopes profile and mail (and save the consent)
  6. Use almost the same request except remove one of the scopes
Expected behaviour
Consent should be requested for the set of different scopes
Current behaviour
Authorization code is provided

Work around

None



 Comments   
Comment by Andrew Vinall [ 22/Mar/19 ]

Bug Triage: The change of behaviour was probably introduced as part of the dynamic improvements.

Comment by Andy Hall [ 27/Mar/19 ]

Dom Reed might be a good candidate for a KB article? "How does OAuth2 Consent work?"

Comment by Andrew Vinall [ 27/Mar/19 ]

Dom Reed The behaviour here is as expected, so we closed it as "Not a defect".

Comment by Aaron Haskins [ 29/Mar/19 ]

I've raised https://bugster.forgerock.org/jira/browse/OPENAM-14683 to update the Release Notes.

Generated at Mon Sep 21 15:41:47 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.