March 31, 2020 at 9:35 am #27767matthiasblaesingParticipant
I try to invoke the OIDC implicit flow, but fail. What works:
– authorization code grant
– resource owner password grant
– refresh token grant
So the client is correctly setup. I’m on OpenAM 22.214.171.124 and in the “Advanced” tab in the OAuth2 client configuration, I added “Implicit” to the “Grant Types”. I would therefore expect, that this should get me to the authorization page:
But I get:
error_description=Response type is not supported.
There is nothing more – I tried to enable debug logging, but while there is _some_ logging it is not debug level.
So can someone help me, why the implicit flow does not work? (Yes I know its problems, but I first want to setup a working development setup and then choose the flow to use). Or can someone tell me how to get some sane debugging into OpenAM?
MatthiasMarch 31, 2020 at 2:35 pm #27768Jatinder SinghParticipant
Please ensure the “id_token” response type plugins is available in your OAuth2 Provider. If not, add the below:
id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandlerMarch 31, 2020 at 4:27 pm #27769matthiasblaesingParticipant
Thank you! That was the missing piece.March 31, 2020 at 8:11 pm #27770Jatinder SinghParticipant
I am glad I could help. Also, useful is to check well-known OIDC configuration page for supported response types. If a response type you plan to use is missing from the “response_types_supported” field – you know a plugin is likely not there and need to be added.March 31, 2020 at 10:23 pm #27771Scott HegerParticipant
This is a common problem people run into when they initially set up their OAuth Provider via the Common Tasks in the Realm Dashboard. If you configure it as just an OAuth 2.0 Provider is doesn’t include id_token as a response type. I always recommend choosing the “Configure OpenID Connect” option just so it is there in case you decide to use OIDC in the future. Adding it manually like @jsingh recommended or by going through the Common Tasks and selecting Configure OAuth Provider -> Configure OpenID Connect would fix it as well.
You must be logged in to reply to this topic.