The library flask-oidc includes the scope parameter into the authorization-code/access-token exchange request, which unsurprisingly throws the following error:
oauth2client.client.FlowExchangeError: invalid_request Scope parameter is not supported on an authorization code access_token exchange request. Scope parameter should be supplied to the authorized request.
The Question:
Is this a configuration problem or a library problem?
- Access Manager
For the access manager I use [OpenAM](https://github.com/OpenIdentityPlatform/OpenAM). I configured an OpenAM client agent as follows:
- Client ID = `MyClientID`
- Client Secret = `password`
- Response Type = `code`
- Token Endpoint Authentication Method = `client_secret_post`
- Redirect URI = `http://flask.example.com:8000/oidc/callback`
**Context**:
I use [flask-oidc](https://github.com/puiterwijk/flask-oidc/) for the logic on the application side and [OpenAM](https://github.com/OpenIdentityPlatform/OpenAM) for the identity and access management - bot applications run in docker containers. When using simple curl commands I can retrieve an authorization grant as well as an authentication token (grant type: Authorization Code Grant). However, using the mentioned library, after logging in to OpenAM and granting authorization to the application (endpoint 'oauth2/authorize'), flask-oidc sends the following GET request:
GET /oidc/callback?code=<some code> \
&scope=openid%20email \
&iss=http%3A%2F%2Fopenam.example.com%3A8080%2Fopenam%2Foauth2 \
&state=<some state> \
&client_id=MyClientID
Which leads to the error mentioned above.
The Problem:
The library flask-oidc includes the
scope
parameter into the authorization-code/access-token exchange request, which unsurprisingly throws the following error:The Question:
Is this a configuration problem or a library problem?
My Configurations: