This topic has 4 replies, 3 voices, and was last updated 1 month, 4 weeks ago by Scott Heger.

  • Author
    Posts
  • #27767
     matthiasblaesing
    Participant

    Hi,

    I try to invoke the OIDC implicit flow, but fail. What works:

    – authorization code grant
    – resource owner password grant
    – refresh token grant

    So the client is correctly setup. I’m on OpenAM 6.5.2.3 and in the “Advanced” tab in the OAuth2 client configuration, I added “Implicit” to the “Grant Types”. I would therefore expect, that this should get me to the authorization page:

    http://openam.dev.XXXXXXX:8080/openam/oauth2/authorize?scope=openid&response_type=id_token&client_id=test&state=dummy&nonce=1234&redirect_uri=http://openam.dev.XXXXXXX:8080/test

    But I get:

    error_description=Response type is not supported.
    state=dummy
    error=unsupported_response_type

    There is nothing more – I tried to enable debug logging, but while there is _some_ logging it is not debug level.

    So can someone help me, why the implicit flow does not work? (Yes I know its problems, but I first want to setup a working development setup and then choose the flow to use). Or can someone tell me how to get some sane debugging into OpenAM?

    Thank you

    Matthias

    #27768
     Jatinder Singh
    Participant

    Please ensure the “id_token” response type plugins is available in your OAuth2 Provider. If not, add the below:

    id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler

    #27769
     matthiasblaesing
    Participant

    Thank you! That was the missing piece.

    #27770
     Jatinder Singh
    Participant

    I am glad I could help. Also, useful is to check well-known OIDC configuration page for supported response types. If a response type you plan to use is missing from the “response_types_supported” field – you know a plugin is likely not there and need to be added.

    #27771
     Scott Heger
    Participant

    This is a common problem people run into when they initially set up their OAuth Provider via the Common Tasks in the Realm Dashboard. If you configure it as just an OAuth 2.0 Provider is doesn’t include id_token as a response type. I always recommend choosing the “Configure OpenID Connect” option just so it is there in case you decide to use OIDC in the future. Adding it manually like @jsingh recommended or by going through the Common Tasks and selecting Configure OAuth Provider -> Configure OpenID Connect would fix it as well.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?