id_token not returned when /oxauth/restv1/token queried

By: Robert Polasek user 30 Nov 2017 at 2:40 p.m. CST

3 Responses
Robert Polasek gravatar
I just installed Gluu 3.1.1 using containers provided. I created one test user rpolasek and one client kubernetes. The screenshot of client configuration is attached. When I run following curl query, it returns 200, but the response doesn't contain id_token. I am not sure what I am doing wrong here. ``` curl -sv -X POST --user '@!9FEF.827B.42DF.751A!0001!2160.7062!0008!5893.3E90.838D.B65D:XXXXXXXX' --data "grant_type=password&username=rpolasek&password=XXXXXX&scope=openid" 'https://gluu.hubub.com/oxauth/restv1/token' { "access_token": "48b6d00d-7096-43be-afd8-90a88988072a", "token_type": "bearer", "expires_in": 299, "refresh_token": "abebe42d-521c-4c77-b004-0ac8071af923", "scope": "openid" } ``` ![Client configuration](https://www.dropbox.com/s/qj5j6kzl07k7c67/FireShot%20Capture%204%20-%20Gluu_%20-%20https___gluu.hubub.com_identity_cli.png?dl=0 "enter image title here")
Ubuntu 16.04
closed

Answers

By Michael Schwartz Account Admin 01 Dec 2017 at 10:59 a.m. CST

Copy
Michael Schwartz gravatar
You are using the Resource Owner Password Grant -- `grant_type=password` -- that is an OAuth flow, not an OpenID Connect flow. `id_token` (an identity assertion, like a SAML assertion) is only available if you use the implicit, code, or hybrid flows [defined here](https://openid.net/connect). BTW, RO PW Grant is the **anti-pattern**.

By Robert Polasek user 02 Dec 2017 at 11:02 p.m. CST

Copy
Robert Polasek gravatar
Thank you for your help. I was trying quickly get id_token and refresh token for Kubenetes authentication as I am working on prove of concept. After exploring details of those suggested workflows I used a modified javascript with example pages provided as a part of repo https://github.com/GluuFederation/openid-implicit-client.git and I was able to get both id_token and refresh token using a setup with a local webserver. The ticket can be closed.

By Michael Schwartz Account Admin 04 Dec 2017 at 11:01 a.m. CST

Copy
Michael Schwartz gravatar
Nice work Robert!!!!

Post an answer