search

OpenConext / OpenConext-oidcng

OpenID Connect gateway - The Next Generation
3 stars 5 forks source link

Support for client_credentials in OAuth2 protocol #84

Closed phavekes closed 4 days ago

phavekes commented 4 days ago

This issue is imported from pivotal - Originaly created at Jun 3, 2019 by Okke Harsta

The grant_type client_credentials for the OAuth2 protocol returns a direct result without any redirects:

{
    "result": {
        "access_token": "0572594b-35da-4f2f-8fe1-8cf355b986e6",
        "token_type": "Bearer",
        "refresh_token": "ef73b1b4-ead3-4508-a8ca-5e1d24390660",
        "expires_in": 7200,
        "id_token": "eyJraWQiOiJrZXlfMTMiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJwbGF5Z3JvdW5kX2NsaWVudCIsInN1YiI6InBsYXlncm91bmRfY2xpZW50IiwibmJmIjoxNTU5NTc1NDM0LCJpc3MiOiJodHRwczpcL1wvb2lkY25nLnRlc3QyLnN1cmZjb25leHQubmwiLCJleHAiOjE1NTk1ODI2MzQsImlhdCI6MTU1OTU3NTQzNCwianRpIjoiYjIxMmEwOWYtMTFmYi00M2M5LTgwODAtNDQ3MDJmMTYyZGNhIn0.gYcLY7M2E43lvq2Bwhv4TH1CqNZzb8Uiv7u5OG9Wt-KI3S6WjcJPbBH54rIKiBouDpZgK8yIhG2VkEQw2UM6eYJNqfXQ--NkI9_WKNEJ3uYPmJi8rFWQbJSI1mNmxShSrFTm1qvqyI06m8iue6b3R9z6YA5XANx0psMTGkjVdY3V8giZxzWHAP4i2haFKkvadbmTVrQYE0T73OoFgq1tjeHdeT_V1kG6u9UTU2ouHq9LtokCjVoGxO_wilTdBrlFdA8XaN81GCIaPE4JAijkCJ07vyaa16K3PG_Not8SfcDfFrJOGQ9NCrqHhhdWLYjKiJwGWOyE0tJIPeJQcryERA"
    },
    "request_body": {
        "grant_type": "client_credentials",
        "code": null
    },
    "request_headers": {
        "Authorization": "XXX",
        "Accept": "application/json, application/json;charset=UTF-8",
        "Content-Type": "application/x-www-form-urlencoded"
    },
    "request_url": "https://oidcng.test2.surfconext.nl/oidc/token"
}

This response must set the state for the component after resolving.

phavekes commented 4 days ago

When the client POSTs to https://oidc-playground.test2.surfconext.nl/oidc/api/client_credentials the scope ["openid"] is send to the playground server although no scope is selected. (Okke Harsta - Jun 6, 2019)

phavekes commented 4 days ago

I get an error when I try the client credential flow:

Exception returned from endpoint client_credentials. Error: Internal Server Error (500). Cause Missing client authentication (Bart Geesink - Jun 13, 2019)

phavekes commented 4 days ago 
@bartgeesink Can you describe which options you have chosen? When I go to https://oidc-playground.test2.surfconext.nl/ and only change the \'Authorization protocol\' and \'Grant Type\' I get the following response:

{
  "access_token": "85b5d54a-13a7-486d-afd2-c6880fb767c9",
  "token_type": "Bearer",
  "refresh_token": "99e147de-adb2-423a-8505-6cbcf9320e4a",
  "expires_in": 7200
}
``` (Okke Harsta - Jun 13, 2019)
phavekes commented 4 days ago

I\'m unable to reproduce this currently. Closing this story, and will open another if I encounter it again and reliably reproduce it (Bart Geesink - Jun 13, 2019)