search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
732 stars 713 forks source link

CIBA authentication request validator needs to be improved to according to the OpenID CIBA spec #14118

Open mevan-karu opened 2 years ago

mevan-karu commented 2 years ago

Describe the issue: CibaAuthRequestValidator [1] needs to be updated according to the spec [2] to validate authentication requests if the aud value of the client assertion contains any of the values from issuer identifier, token endpoint or CIBA backchannel authentication endpoint.

[1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/ciba/CibaAuthRequestValidator.java#L411 [2] https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.1

KalanaDananjaya commented 2 years ago

This change is introduced through following PRs https://github.com/wso2-support/identity-inbound-auth-oauth/pull/1213 https://github.com/wso2-support/carbon-identity-framework/pull/2371