You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Will Croteau (Jira)" <ji...@apache.org> on 2021/01/25 01:11:00 UTC

[jira] [Created] (CXF-8413) OIDC Implicit Flow: id_token not returned if other response types are included

Will Croteau created CXF-8413:
---------------------------------

             Summary: OIDC Implicit Flow: id_token not returned if other response types are included
                 Key: CXF-8413
                 URL: https://issues.apache.org/jira/browse/CXF-8413
             Project: CXF
          Issue Type: Bug
          Components: JAX-RS Security
    Affects Versions: 3.4.2
            Reporter: Will Croteau


Per the OIDC Specification:

id_token token

When supplied as the value for the {{response_type}} parameter, a successful response MUST include an Access Token, an Access Token Type, and an {{id_token}}. The default Response Mode for this Response Type is the fragment encoding and the query encoding MUST NOT be used. Both successful and error responses SHOULD be returned using the supplied Response Mode, or if none is supplied, using the default Response Mode.

OidcImplicitService and OidcHybridService do not include the id_token in the response if token is also requested.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)