You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Will Croteau (Jira)" <ji...@apache.org> on 2021/01/25 01:11:00 UTC
[jira] [Created] (CXF-8413) OIDC Implicit Flow: id_token not
returned if other response types are included
Will Croteau created CXF-8413:
---------------------------------
Summary: OIDC Implicit Flow: id_token not returned if other response types are included
Key: CXF-8413
URL: https://issues.apache.org/jira/browse/CXF-8413
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 3.4.2
Reporter: Will Croteau
Per the OIDC Specification:
id_token token
When supplied as the value for the {{response_type}} parameter, a successful response MUST include an Access Token, an Access Token Type, and an {{id_token}}. The default Response Mode for this Response Type is the fragment encoding and the query encoding MUST NOT be used. Both successful and error responses SHOULD be returned using the supplied Response Mode, or if none is supplied, using the default Response Mode.
OidcImplicitService and OidcHybridService do not include the id_token in the response if token is also requested.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)