Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fapi] scope & response_type are optional in OAuth parameters #5975

Closed
leleueri opened this issue Aug 9, 2021 · 0 comments
Closed

[fapi] scope & response_type are optional in OAuth parameters #5975

leleueri opened this issue Aug 9, 2021 · 0 comments
Labels
project: AM type: enhancement
Milestone
AM - 3.11.0

Comments

@leleueri
Copy link
Contributor

leleueri commented Aug 9, 2021

According to OIDC core when request object is used by value or by reference, the OAuth parameters response_type & scope are required.

BUT the FAPI conformance test suite execute some tests where the response_type and scope parameters are present into the request object passed by reference but missing from the query parameters... these tests shall pass even if the OIDC core specification consider it as invalid...

The reason of this inconsistency comes from the OAuth JAR (currently in draft n°34) that requires only the client_id and the request or request_uri parameters because the other ones MUST be present into the request object...
@leleueri leleueri added this to the AM - 3.11.0 milestone Aug 9, 2021
@leleueri leleueri changed the title [FAPI][PAR] scope & response_type are optional in OAuth parameters [FAPI] scope & response_type are optional in OAuth parameters Aug 9, 2021
@leleueri leleueri mentioned this issue Aug 11, 2021
Merged
@tcompiegne tcompiegne changed the title [FAPI] scope & response_type are optional in OAuth parameters [fapi] scope & response_type are optional in OAuth parameters Aug 13, 2021
leleueri added a commit to gravitee-io/gravitee-access-management that referenced this issue Sep 1, 2021
@leleueri
fix: In FAPI mode, excepted client_id, all auth parameters may be pro…
2929a82 
…vided by the request object

fixes gravitee-io/issues#5975
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
project: AM type: enhancement
Projects
None yet
Milestone
AM - 3.11.0
Development

No branches or pull requests
1 participant
@leleueri