janakamarasena
commented
1 year ago Ideally, the grant should not worry about this. we need to see why building the id token has become grant dependent and fix there.
Closed piyarathnalakmali closed 1 year ago
janakamarasena
commented
1 year ago Ideally, the grant should not worry about this. we need to see why building the id token has become grant dependent and fix there.
asha15
commented
1 year ago
Describe the issue: When the device grant flow is set up to use a federated IDP for authentication, a server error occurs due to subject claim is missing in the id token.
How to reproduce:
Expected behavior: Valid access token and id token should e issued and the sub claim should be set properly in the id token
Environment information Product Version IS 5.10.0
Analysis: This issue does not occur with the authorization code grant as it stores the authenticated subject identifier in the database along with the authorization code after successful authentication[1]. But in device flow subject identifier is not stored in the db.
[1] https://is.docs.wso2.com/en/6.0.0/guides/access-delegation/try-device-flow/ [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/AuthorizationCodeDAOImpl.java#L108 [3] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/device/dao/DeviceFlowDAOImpl.java#L338-L368