Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8413

OIDC Implicit Flow: id_token not returned if other response types are included

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Not A Problem
    • Affects Version/s: 3.4.2
    • Fix Version/s: None
    • Component/s: JAX-RS Security
    • Labels:
    • Estimated Complexity:
      Unknown

      Description

      Per the OIDC Specification:

      id_token token

      When supplied as the value for the response_type parameter, a successful response MUST include an Access Token, an Access Token Type, and an id_token. The default Response Mode for this Response Type is the fragment encoding and the query encoding MUST NOT be used. Both successful and error responses SHOULD be returned using the supplied Response Mode, or if none is supplied, using the default Response Mode.

      OidcImplicitService and OidcHybridService do not include the id_token in the response if token is also requested.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              willcro Will Croteau
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: