Buddhimah
commented
3 years ago Either this should be fixed from the hostname validation in the sdk level. But since it is a spec requirement most applicable solution will be to Fix the framework lowercasing.
Describe the issue:
There can be hostnames such as IS-1234.us-east-1.elb.amazonaws.com From the IdentityUtil[1] this converts to is-1234.us-east-1.elb.amazonaws.com because of this all the calls from oauth sdk becomes lower case But since the hostname is in upper case this fails the validation [2] introduced Hostnames are not case sensitive but from the sdk level we validate its case sensitivity. This seems like a spec requirement [3]
In this case lowercasing the url from the IdentityUtil should be fixed
[1].https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityUtil.java#L462 [2].https://github.com/asgardio/asgardio-js-oidc-sdk/blob/master/packages/oidc-js/src/utils/sign-in.ts#L218 [3].https://openid.net/specs/openid-connect-core-1_0.html#Terminology
How to reproduce: Use an upper case hostname in deployment toml and try accessing /console or /myaccount following error will appear in browser console
[Error] Unhandled Promise Rejection: Invalid id_token in the token response: eyJ4NXQiOiJNell4TW1Ga09HWXdNV0kwWldObU5EY3hOR1l