6.1 RC4/RC5 OIDC -> implicit flow not working
31 views
Skip to first unread message
Christian Schmidt
Aug 9, 2019, 10:41:01 AM8/9/19
to CAS Community
Hello,
I'm currently working with CAS 6.1 (RC4 / RC5) and ran in some issues with the OIDC implicit flow.
The client sends the response types "id_token token" and the cas server reports the following errors:
2019-08-09 16:29:04,627 WARN [org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController] - <Ignoring malformed request [https://sso-u.mycompany.de/cas/oidc/authorize?client_id=onlineservice3&redirect_uri=http%3A%2F%2Flocalhost%3A3001%2Fsignin-oidc&response_type=id_token%20token&scope=openid&state=a6198d2a1f1f40ff9778629107567d90&nonce=27c93b2ad113499a9fc3bbf9a1575c1c] as no OAuth20 validator could declare support for its syntax>
2019-08-09 16:29:04,627 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController] - <Authorize request verification failed. Authorization request is missing required parameters, or the request is not authenticated and contains no authenticated profile/principal.>
2019-08-09 16:29:04,627 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController] - <Authorize request verification failed. Authorization request is missing required parameters, or the request is not authenticated and contains no authenticated profile/principal.>
A test with the same client using only the response type=id_token works as expected and results in a redirect including the requested id_token.
2019-08-09 16:38:52,831 DEBUG [org.apereo.cas.support.oauth.web.response.callback.OAuth20TokenAuthorizationResponseBuilder] - <Redirecting to URL [http://localhost:3001/signin-oidc#access_token=AT-1-OJ4kjucWPzpPpTpqxSCTZPrcrowA-6bu&token_type=bearer&expires_in=28800&id_token=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJTVC0zLVUtbGhaMkw5V2Z4ZVJXUmg3emNJRC1tNVljYy1jYXNzaW5pMSIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9jYXMvb2lkYyIsImF1ZCI6Im9ubGluZXNlcnZpY2UzIiwiZXhwIjoxNTY1MzkwMzMyLCJpYXQiOjE1NjUzNjE1MzIsIm5iZiI6MTU2NTM2MTIzMiwic3ViIjoiMTAwMDAwMDIiLCJjbGllbnRfaWQiOiJvbmxpbmVzZXJ2aWNlMyIsInN0YXRlIjoiNzVhMzFlNjY0MTY1NDdlYjgxOGYyZGFhMjliM2MzNWIiLCJub25jZSI6IjcxMGFjYzkzNTEyMjRkODRiZmNhZjY0ZTlhMjk0ZmZjIiwiYXRfaGFzaCI6Il8zaWIzU09VV092MGJCa2hkTkh2M0EiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiIxMDAwMDAwMiJ9.r7VLX6yooJdf3HpcE-KoOreqo45K31zPK9YTqp6Lnlm6rAcnlWqbECudDGXwmuMDvwL06nh8z3ZrsmKPCmxwrFH2xt34-PK_0909d6NTWYDvD1X5Rgv3WhrtV2m1jVr2g4jrKD5vnvqECiBE9GcpCcHQQWtFx7O59v0rS8lRMiXagcUlggezmw_OrVQycjT8FxwmZz9WDV_YTcA_zj6GY3Ou3qQAWcYHbAhPGTWBJ8qS6ZMdZs5jAmCx5PWHHqkmQJ9Vt3e8h_PE8B6ehiKhM4HUBrloh0d21n84W2wC9z8F99Fdl5fZdgC72cOPvmHoj2WO3a_vSU2pEuW4u66CYQ&state=75a31e66416547eb818f2daa29b3c35b&nonce=710acc9351224d84bfcaf64e9a294ffc]>
Best Regards,
Christian
Reply all
Reply to author
Forward
0 new messages