Menu
▾
▴
Re: [Unity-idm-discuss] Possible Bug Report
|
From: Krzysztof B. <kb...@un...> - 2024-11-29 11:29:08
|
Hi Laura,
W dniu 26.11.2024 o 17:11, Laura Hofer pisze:
> Hi Krzysztof, Hi Roman,
> we may have found a bug, but we are not quite sure. We have two oAuth
> clients, one of which has been changed to client_credentials
> (sys:oauth:allowedGrantFlows = client).
> However, the iss field is now missing from the tokens. Is this the
> expected behaviour?
> Here is the token that comes back with the normal client:
> {
> ‘sub": “3cac4792-0611-4f82-85b3-e1a61c8afea4”,
> ‘aud": “rucio-punch-frontend”,
> ‘scope": “eduperson_entitlement profile openid”,
> ‘iss": “https://login.helmholtz.de/oauth2”,
> ‘exp": 1732637686,
> ‘iat": 1732633686,
> ‘jti": “4e42bf02-b4f7-4da3-a062-92eda5bcc7f9”,
> ‘client_id": ’rucio-punch-frontend’
> }
> And here is the token with client_credentials:
> {
> ‘sub": “rucio-punch”,
> ‘exp": 1732637649,
> ‘iat": 1732633649,
> ‘jti": “c0cb7984-e6f4-485f-8e29-ba319a270cf2”,
> ‘client_id": “rucio-punch”,
> ‘scope": ’openid offline_access profile eduperson_entitlement’
> }
Thanks for heads up. Verified there are two problems with client
credentials grant when it is used with JWT access token: also aud claim
is missing.
Will be address in the next patch.
Best,
Krzysztof
|
