search

finalist / liferay-oidc-plugin

Plugin for Liferay, enabling OpenID Connect authentication
Apache License 2.0
21 stars 31 forks source link

CAS 5.x uses Hash Parameter for access_token #26

Closed bitbaggi closed 6 years ago

bitbaggi commented 6 years ago

Heyho,

When i set the Response_Type to id_token token" Cas redirects to liferay/c/login#access_token=...

So, we can't use this Hash Param at backend because hash params aren't sent to server.

Any Solutions?

gvanderploeg commented 6 years ago

No direct solution for you but an important clue instead: getting the access token in the hash is a sign of the so called "implicit flow", meant for javascript applications instead of server side applications. Search for "authorization code" flow configuration instead on the CAS side of things.

Op wo 4 jul. 2018 18:03 schreef bitbaggi notifications@github.com:

Heyho,

When i set the Response_Type to id_token token" Cas redirects to liferay/c/login#access_token=...

So, we can't use this Hash Param at backend because hash params aren't sent to server.

Any Solutions?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/finalist/liferay-oidc-plugin/issues/26, or mute the thread https://github.com/notifications/unsubscribe-auth/ABG69qMzF_nwkngi7_lM0l9F27tWDdH2ks5uDOdIgaJpZM4VCzfp .

-- http://www.finalist.nl