[CXF-8413] OIDC Implicit Flow: id_token not returned if other response types are included - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Not A Problem
Affects Version/s: 3.4.2
Fix Version/s: None
Component/s: JAX-RS Security
Labels:
- OIDC

Estimated Complexity:
Unknown

Description

Per the OIDC Specification:

id_token token

When supplied as the value for the response_type parameter, a successful response MUST include an Access Token, an Access Token Type, and an id_token. The default Response Mode for this Response Type is the fragment encoding and the query encoding MUST NOT be used. Both successful and error responses SHOULD be returned using the supplied Response Mode, or if none is supplied, using the default Response Mode.

OidcImplicitService and OidcHybridService do not include the id_token in the response if token is also requested.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Will Croteau

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Jan/21 01:10

Updated:: 26/Jan/21 08:04

Resolved:: 26/Jan/21 06:54