Menu
▾
▴
[Unity-idm-discuss] OIDC Problem
|
From: Sander A. <sa....@fz...> - 2017-08-02 14:24:09
|
Hi Krzysztof, I got a report about using OIDC client. Unity seems to reserve a mandatory attribute if not all requested scopes are available. Please see the message below. In that case we did not define the scope profile. WaTTS is requesting the scope 'email profile openid' (double checked in the browser log) b2access displays the user that only 'email openid' was requested, which is wrong. User is returned to WaTTS without any 'scope' attribute (also double checked with browser log), which MUST be present if it is not as requested: "[..] If the issued access token scope is different from the one requested by the client, the authorization server MUST include the "scope" response parameter to inform the client of the actual scope granted. " https://tools.ietf.org/html/rfc6749#section-3.3 Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
