id_token not part of oxD token request

By: Patrick McKinnon user 08 Nov 2016 at 10:52 a.m. CST

2 Responses
Patrick McKinnon gravatar
When executing the get_tokens_by_id command with oxd against a gluu-server, the id_token is not returned in the token-request response. Maybe I have misconfigured my gluu-server somehow? 2016-11-08 10:29:00,301 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"get_tokens_by_code","params":{"oxd_id":"93de9cf5-388b-465e-a7f0-0cde8c73b6cf","code":"f72282ca-99ce-4ebc-8192-685de71a2073","state":"f0qrm5671utu2a2vv09486oo4l","scopes":[""]}} 2016-11-08 10:29:00,305 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/seam/resource/restv1/oxauth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: ojolabs.gluu Authorization: Basic QCE5OTUwLjhERTQuMkE1OC40REZDITAwMDEhREVCNS5CNTVGITAwMDghMkIyRS5FMkYzOjIxODcxYTFhLWI5OTktNDg2Yy04YmY1LTgwMGQzNTI4MWE0Yw== grant_type=authorization_code&code=f72282ca-99ce-4ebc-8192-685de71a2073&redirect_uri=https%3A%2F%2Fpmckinnon.ngrok.io%2Fapi%2Flogin%2Fauthenticated ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Content-Type: application/json Cache-Control: no-store Pragma: no-cache {"access_token":"53d1b817-722d-443b-99f6-492099d97ca3","token_type":"bearer","expires_in":299,"refresh_token":"7366a207-4f46-4856-8a33-b410642cb2db"} 2016-11-08 10:29:00,412 ERROR [org.xdi.oxd.server.Processor] java.lang.NullPointerException at org.xdi.oxd.server.op.GetTokensByCodeOperation.execute(GetTokensByCodeOperation.java:76) at org.xdi.oxd.server.op.GetTokensByCodeOperation.execute(GetTokensByCodeOperation.java:33) at org.xdi.oxd.server.Processor.process(Processor.java:80) at org.xdi.oxd.server.Processor.process(Processor.java:55) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:60) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-11-08 10:29:00,422 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Unknown internal server error occurs."}} 2016-11-08 10:29:00,423 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command.
U1404
closed

Answers

By Yuriy Zabrovarnyy staff 08 Nov 2016 at 11:06 a.m. CST

Copy
Yuriy Zabrovarnyy gravatar
Would you be so kind to attach full `oxd-server.log` ? I assume you missed `openid` scope for `get_authorization_url` command which is required in order to get `id_token`.

By Patrick McKinnon user 08 Nov 2016 at 11:27 a.m. CST

Copy
Patrick McKinnon gravatar
Duh, that was the issue. It looks like the scope parameter isn't included in the request for the authorization url in the [node library](https://github.com/GluuFederation/oxd-node/blob/master/oxd-node/index.js#L166), however the [protocol documentation](https://oxd.gluu.org/docs/oxdserver/) indicates it should be allowed. I'll probably make a PR for the node library and docs because I've noticed a few other inconsistencies.

Post an answer