Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
There can be hostnames such as IS-1234.us-east-1.elb.amazonaws.com
From the IdentityUtil[1] this converts to is-1234.us-east-1.elb.amazonaws.com
because of this all the calls from oauth sdk becomes lower case
But since the hostname is in upper case this fails the validation [2] introduced
Hostnames are not case sensitive but from the sdk level we validate its case sensitivity. This seems like a spec requirement
[3]
In this case lowercasing the url from the IdentityUtil should be fixed
How to reproduce:
Use an upper case hostname in deployment toml and try accessing /console or /myaccount following error will appear in browser console
[Error] Unhandled Promise Rejection: Invalid id_token in the token response: eyJ4NXQiOiJNell4TW1Ga09HWXdNV0kwWldObU5EY3hOR1l
Either this should be fixed from the hostname validation in the sdk level. But since it is a spec requirement most applicable solution will be to Fix the framework lowercasing.
Describe the issue:
There can be hostnames such as IS-1234.us-east-1.elb.amazonaws.com From the IdentityUtil[1] this converts to is-1234.us-east-1.elb.amazonaws.com because of this all the calls from oauth sdk becomes lower case But since the hostname is in upper case this fails the validation [2] introduced Hostnames are not case sensitive but from the sdk level we validate its case sensitivity. This seems like a spec requirement [3]
In this case lowercasing the url from the IdentityUtil should be fixed
[1].https://github.com/wso2/carbon-identity-framework/blob/master/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityUtil.java#L462 [2].https://github.com/asgardio/asgardio-js-oidc-sdk/blob/master/packages/oidc-js/src/utils/sign-in.ts#L218 [3].https://openid.net/specs/openid-connect-core-1_0.html#Terminology
How to reproduce: Use an upper case hostname in deployment toml and try accessing /console or /myaccount following error will appear in browser console
[Error] Unhandled Promise Rejection: Invalid id_token in the token response: eyJ4NXQiOiJNell4TW1Ga09HWXdNV0kwWldObU5EY3hOR1l