It should be possible to pass custom value in `state` parameter, including encoded urls. Would you please provide `oxd-server.log` file in TRACE log level where it fails? So we see exact values as well as point of failure. I can be bug which we can address quickly. Thanks in advance, Yuriy Z

Hi Yuri. I'm sorry, just noticed that my description is wrong. "get-authorization-url" works with a padding =, but "get-tokens-by-code" fails. ``` TRACE [19:28:12.067] [dw-20 - POST /get-client-token] o.g.o.s.s.RpService - Found rp by client_id: a29e105e-cfce-49f4-bc30-41db06046745, rp: Rp{oxdId='da49f930-b1aa-46bc-afe6-aabb12beb460', opHost='https://gluu.my.site', opDiscoveryPath='null', idToken='eyJraWQiOiI4MGQxNmNkYS02YzE3LTQwYWQtODBkZS00M2Y4YjkyODY0ZDlfc2lnX3JzMjU2IiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoieC1yZDZUQ3hJbTJocW5NbzVic2pZZyIsImF1ZCI6ImEyOWUxMDVlLWNmY2UtNDlmNC1iYzMwLTQxZGIwNjA0Njc0NSIsImFjciI6InBhc3Nwb3J0X3NhbWwiLCJzdWIiOiJIeGFaT0ZfM29NTWkxRDNSY0Ftbmt5cGd5UDBIWjhrQWpEclhDSG5YSTU0IiwiYW1yIjpbIjYwIl0sImF1dGhfdGltZSI6MTU5OTY3ODkxMSwiaXNzIjoiaHR0cHM6Ly9hdXRoMDEucG9jLmF3aS5kZSIsImV4cCI6MTU5OTY4MzA1NCwiaWF0IjoxNTk5Njc5NDU0LCJub25jZSI6ImVmdDJoNXVwbDZ0OWhiODU2aDlpbG05aXEzIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.Eu4_rFCsMhgF8Pr54DScvXnNx3h580UMw5RgvFu4hoEbcZpxLvbF9LShmJEnuYuf6a2Ts1hwZ5eL8r2Hx8PLpt9OGAyaDwe7OIKtLo7dffgKLNRLRQyzxsN8KuNkFNgJBY-G10iEqplH2RZOazYeBZmlYhhz9npyxomUQG6UrTv80723uPOSqqFbhfj4Mi6pC07bE5qURCYT5QstZ7iOkgKS5k9OcoOxF1QWp3zL7M82S4orh2siWM-y7t2t3ytYACaPshkK5kuiHpDxyXyL9Q2QMqXiwLau0anZBRnZb7qMIUAoIizBq3roN51YRuoK9SQn193Qq14HkysMr15nlA', accessToken='1d07674a-29e8-4714-9b08-332b4db27eca', redirectUri='https://client.my.site/callback', postLogoutRedirectUri='null', postLogoutRedirectUris='[https://client.my.site/logout]', applicationType='web', redirectUris=[https://client.my.site/callback], frontChannelLogoutUris=[], claimsRedirectUri=null, responseTypes=[code], clientId='a29e105e-cfce-49f4-bc30-41db06046745', clientRegistrationAccessToken='a1a8deb2-c494-40cd-89f0-9fef64f0300b', clientRegistrationClientUri='https://gluu.my.site/oxauth/restv1/register?client_id=a29e105e-cfce-49f4-bc30-41db06046745', clientIdIssuedAt=Mon Sep 07 12:50:24 UTC 2020, clientSecretExpiresAt=null, clientName='client.my.site', sectorIdentifierUri='null', clientJwksUri='null', scope=[openid, oxd, profile, user_name, email, memberOf], uiLocales=[], claimsLocales=[], acrValues=[], grantType=[authorization_code, client_credentials], contacts=[martin.petri@awi.de], userId='null', userSecret='null', pat='null', patExpiresIn=null, patCreatedAt=null, patRefreshToken='null', oauthToken='c2a8c914-5283-4aa7-8c16-588ae433812e', oauthTokenExpiresIn='299, oauthTokenCreatedAt='Wed Sep 09 19:23:05 UTC 2020, oauthTokenRefreshToken=''null', umaProtectedResources='[], rpt='null', rptTokenType='null', rptPct='null', rptExpiresAt='null', rptCreatedAt='null', rptUpgraded='null', rptAsJwt='false', tokenEndpointAuthSigningAlg='null', tokenEndpointAuthMethod='null', oxdRpProgrammingLanguage='null', accessTokenAsJwt='false', accessTokenSigningAlg='null', trusted_client='true', frontChannelLogoutSessionRequired='false', runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims='false', requireAuthTime='false', logoUri='null', clientUri='null', policyUri='null', tosUri='null', jwks='null', idTokenBindingCnf='null', tlsClientAuthSubjectDn='null', idTokenSignedResponseAlg='null', idTokenEncryptedResponseAlg='null', idTokenEncryptedResponseEnc='null', userInfoSignedResponseAlg='null', userInfoEncryptedResponseAlg='null', userInfoEncryptedResponseEnc='null', requestObjectSigningAlg='null', requestObjectEncryptionAlg='null', requestObjectEncryptionEnc='null', defaultMaxAge='null', initiateLoginUri='null', authorizedOrigins='null', accessTokenLifetime='null', softwareId='null', softwareVersion='null', softwareStatement='null', customAttributes='null', requestUris='null'} TRACE [19:28:12.072] [dw-20 - POST /get-client-token] o.g.o.s.s.HttpService - Created TRUST_ALL client. TRACE [19:28:12.293] [dw-20 - POST /get-client-token] o.g.o.s.s.DiscoveryService - Discovery response: { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://gluu.my.site/oxauth/restv1/revoke", "introspection_endpoint" : "https://gluu.my.site/oxauth/restv1/introspection", "claims_parameter_supported" : false, "check_session_iframe" : "https://gluu.my.site/oxauth/opiframe.htm", "scopes_supported" : [ "https://gluu.my.site/oxauth/restv1/uma/scopes/scim_access", "address", "openid", "clientinfo", "user_name", "profile", "uma_protection", "permission", "https://gluu.my.site/oxauth/restv1/uma/scopes/passport_access", "oxtrust-api-write", "oxtrust-api-read", "phone", "mobile_phone", "uid_number", "oxd", "memberOf", "super_gluu_ro_session", "email" ], "issuer" : "https://gluu.my.site", "acr_values_supported" : [ "passport_saml", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", "poc-dmawi.de" ], "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://gluu.my.site/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "id_generation_endpoint" : "https://gluu.my.site/oxauth/restv1/id", "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claims_supported" : [ "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "phone_mobile_number", "preferred_username", "locale", "inum", "updated_at", "nickname", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "uid_number", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "openid" : [ ] }, { "https://gluu.my.site/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "permission" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "https://gluu.my.site/oxauth/restv1/uma/scopes/passport_access" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "uid_number" : [ "uid_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "clientinfo" : [ "name", "inum" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "memberOf" : [ "member_of" ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] } ], "claim_types_supported" : [ "normal" ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "query", "fragment", "form_post" ], "token_endpoint" : "https://gluu.my.site/oxauth/restv1/token", "response_types_supported" : [ "code token id_token", "token id_token", "code token", "code id_token", "code", "token", "id_token" ], "request_uri_parameter_supported" : true, "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "grant_types_supported" : [ "urn:ietf:params:oauth:grant-type:uma-ticket", "implicit", "authorization_code", "password", "client_credentials", "refresh_token" ], "end_session_endpoint" : "https://gluu.my.site/oxauth/restv1/end_session", "ui_locales_supported" : [ "en", "es" ], "revocation_endpoint" : "https://gluu.my.site/oxauth/restv1/revoke", "userinfo_endpoint" : "https://gluu.my.site/oxauth/restv1/userinfo", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "frontchannel_logout_supported" : true, "auth_level_mapping" : { "-1" : [ "poc-dmawi.de" ], "60" : [ "passport_saml" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "jwks_uri" : "https://gluu.my.site/oxauth/restv1/jwks", "frontchannel_logout_session_supported" : true, "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://gluu.my.site/oxauth/restv1/register", "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://gluu.my.site/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } TRACE [19:28:12.294] [dw-20 - POST /get-client-token] o.g.o.s.s.HttpService - Created TRUST_ALL client. TRACE [19:28:12.397] [dw-20 - POST /get-client-token] o.g.o.s.RestResource - Send back response: {"access_token":"b86c1af8-958b-4b7d-be2a-1f9e16ddecb3","expires_in":299,"refresh_token":null,"scope":["openid","user_name","oxd","email"]} TRACE [19:28:12.435] [dw-23 - POST /get-authorization-url] o.g.o.s.RestResource - Command: {"oxd_id": "da49f930-b1aa-46bc-afe6-aabb12beb460", "scope": ["openid", "oxd", "email", "user_name", "memberof"], "acr_values": ["passport_saml"], "redirect_uri": "https://client.my.site/callback", "state": "L3Byb2plY3RzL1BoaWxQcm9qMTA="} TRACE [19:28:12.437] [dw-23 - POST /get-authorization-url] o.g.o.s.s.ValidationService - Introspect token with rp: Rp{oxdId='da49f930-b1aa-46bc-afe6-aabb12beb460', opHost='https://gluu.my.site', opDiscoveryPath='null', idToken='eyJraWQiOiI4MGQxNmNkYS02YzE3LTQwYWQtODBkZS00M2Y4YjkyODY0ZDlfc2lnX3JzMjU2IiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoieC1yZDZUQ3hJbTJocW5NbzVic2pZZyIsImF1ZCI6ImEyOWUxMDVlLWNmY2UtNDlmNC1iYzMwLTQxZGIwNjA0Njc0NSIsImFjciI6InBhc3Nwb3J0X3NhbWwiLCJzdWIiOiJIeGFaT0ZfM29NTWkxRDNSY0Ftbmt5cGd5UDBIWjhrQWpEclhDSG5YSTU0IiwiYW1yIjpbIjYwIl0sImF1dGhfdGltZSI6MTU5OTY3ODkxMSwiaXNzIjoiaHR0cHM6Ly9hdXRoMDEucG9jLmF3aS5kZSIsImV4cCI6MTU5OTY4MzA1NCwiaWF0IjoxNTk5Njc5NDU0LCJub25jZSI6ImVmdDJoNXVwbDZ0OWhiODU2aDlpbG05aXEzIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.Eu4_rFCsMhgF8Pr54DScvXnNx3h580UMw5RgvFu4hoEbcZpxLvbF9LShmJEnuYuf6a2Ts1hwZ5eL8r2Hx8PLpt9OGAyaDwe7OIKtLo7dffgKLNRLRQyzxsN8KuNkFNgJBY-G10iEqplH2RZOazYeBZmlYhhz9npyxomUQG6UrTv80723uPOSqqFbhfj4Mi6pC07bE5qURCYT5QstZ7iOkgKS5k9OcoOxF1QWp3zL7M82S4orh2siWM-y7t2t3ytYACaPshkK5kuiHpDxyXyL9Q2QMqXiwLau0anZBRnZb7qMIUAoIizBq3roN51YRuoK9SQn193Qq14HkysMr15nlA', accessToken='1d07674a-29e8-4714-9b08-332b4db27eca', redirectUri='https://client.my.site/callback', postLogoutRedirectUri='null', postLogoutRedirectUris='[https://client.my.site/logout]', applicationType='web', redirectUris=[https://client.my.site/callback], frontChannelLogoutUris=[], claimsRedirectUri=null, responseTypes=[code], clientId='a29e105e-cfce-49f4-bc30-41db06046745', clientRegistrationAccessToken='a1a8deb2-c494-40cd-89f0-9fef64f0300b', clientRegistrationClientUri='https://gluu.my.site/oxauth/restv1/register?client_id=a29e105e-cfce-49f4-bc30-41db06046745', clientIdIssuedAt=Mon Sep 07 12:50:24 UTC 2020, clientSecretExpiresAt=null, clientName='client.my.site', sectorIdentifierUri='null', clientJwksUri='null', scope=[openid, oxd, profile, user_name, email, memberOf], uiLocales=[], claimsLocales=[], acrValues=[], grantType=[authorization_code, client_credentials], contacts=[martin.petri@awi.de], userId='null', userSecret='null', pat='null', patExpiresIn=null, patCreatedAt=null, patRefreshToken='null', oauthToken='c2a8c914-5283-4aa7-8c16-588ae433812e', oauthTokenExpiresIn='299, oauthTokenCreatedAt='Wed Sep 09 19:23:05 UTC 2020, oauthTokenRefreshToken=''null', umaProtectedResources='[], rpt='null', rptTokenType='null', rptPct='null', rptExpiresAt='null', rptCreatedAt='null', rptUpgraded='null', rptAsJwt='false', tokenEndpointAuthSigningAlg='null', tokenEndpointAuthMethod='null', oxdRpProgrammingLanguage='null', accessTokenAsJwt='false', accessTokenSigningAlg='null', trusted_client='true', frontChannelLogoutSessionRequired='false', runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims='false', requireAuthTime='false', logoUri='null', clientUri='null', policyUri='null', tosUri='null', jwks='null', idTokenBindingCnf='null', tlsClientAuthSubjectDn='null', idTokenSignedResponseAlg='null', idTokenEncryptedResponseAlg='null', idTokenEncryptedResponseEnc='null', userInfoSignedResponseAlg='null', userInfoEncryptedResponseAlg='null', userInfoEncryptedResponseEnc='null', requestObjectSigningAlg='null', requestObjectEncryptionAlg='null', requestObjectEncryptionEnc='null', defaultMaxAge='null', initiateLoginUri='null', authorizedOrigins='null', accessTokenLifetime='null', softwareId='null', softwareVersion='null', softwareStatement='null', customAttributes='null', requestUris='null'} TRACE [19:28:12.448] [dw-23 - POST /get-authorization-url] o.g.o.s.s.HttpService - Created TRUST_ALL client. TRACE [19:28:12.511] [dw-23 - POST /get-authorization-url] o.g.o.s.s.DiscoveryService - Discovery response: { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://gluu.my.site/oxauth/restv1/revoke", "introspection_endpoint" : "https://gluu.my.site/oxauth/restv1/introspection", "claims_parameter_supported" : false, "check_session_iframe" : "https://gluu.my.site/oxauth/opiframe.htm", "scopes_supported" : [ "https://gluu.my.site/oxauth/restv1/uma/scopes/scim_access", "address", "openid", "clientinfo", "user_name", "profile", "uma_protection", "permission", "https://gluu.my.site/oxauth/restv1/uma/scopes/passport_access", "oxtrust-api-write", "oxtrust-api-read", "phone", "mobile_phone", "uid_number", "oxd", "memberOf", "super_gluu_ro_session", "email" ], "issuer" : "https://gluu.my.site", "acr_values_supported" : [ "passport_saml", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", "poc-dmawi.de" ], "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://gluu.my.site/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "id_generation_endpoint" : "https://gluu.my.site/oxauth/restv1/id", "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claims_supported" : [ "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "phone_mobile_number", "preferred_username", "locale", "inum", "updated_at", "nickname", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "uid_number", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "openid" : [ ] }, { "https://gluu.my.site/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "permission" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "https://gluu.my.site/oxauth/restv1/uma/scopes/passport_access" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "uid_number" : [ "uid_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "clientinfo" : [ "name", "inum" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "memberOf" : [ "member_of" ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] } ], "claim_types_supported" : [ "normal" ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "query", "fragment", "form_post" ], "token_endpoint" : "https://gluu.my.site/oxauth/restv1/token", "response_types_supported" : [ "code token id_token", "token id_token", "code token", "code id_token", "code", "token", "id_token" ], "request_uri_parameter_supported" : true, "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "grant_types_supported" : [ "urn:ietf:params:oauth:grant-type:uma-ticket", "implicit", "authorization_code", "password", "client_credentials", "refresh_token" ], "end_session_endpoint" : "https://gluu.my.site/oxauth/restv1/end_session", "ui_locales_supported" : [ "en", "es" ], "revocation_endpoint" : "https://gluu.my.site/oxauth/restv1/revoke", "userinfo_endpoint" : "https://gluu.my.site/oxauth/restv1/userinfo", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "frontchannel_logout_supported" : true, "auth_level_mapping" : { "-1" : [ "poc-dmawi.de" ], "60" : [ "passport_saml" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "jwks_uri" : "https://gluu.my.site/oxauth/restv1/jwks", "frontchannel_logout_session_supported" : true, "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://gluu.my.site/oxauth/restv1/register", "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://gluu.my.site/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } TRACE [19:28:12.511] [dw-23 - POST /get-authorization-url] o.g.o.s.s.HttpService - Created TRUST_ALL client. TRACE [19:28:12.523] [dw-23 - POST /get-authorization-url] o.g.o.s.s.HttpService - Created TRUST_ALL client. TRACE [19:28:12.585] [dw-23 - POST /get-authorization-url] o.g.o.s.s.UmaTokenService - Obtained token with client authentication: UmaToken{token='f9b9b92a-3b05-4bf9-8677-0ccae6a35a08', refreshToken='null', expiresIn=299} DEBUG [19:28:12.605] [dw-23 - POST /get-authorization-url] o.g.o.s.p.SqlPersistenceServiceImpl - RP updated successfully. RP : Rp{oxdId='da49f930-b1aa-46bc-afe6-aabb12beb460', opHost='https://gluu.my.site', opDiscoveryPath='null', idToken='eyJraWQiOiI4MGQxNmNkYS02YzE3LTQwYWQtODBkZS00M2Y4YjkyODY0ZDlfc2lnX3JzMjU2IiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoieC1yZDZUQ3hJbTJocW5NbzVic2pZZyIsImF1ZCI6ImEyOWUxMDVlLWNmY2UtNDlmNC1iYzMwLTQxZGIwNjA0Njc0NSIsImFjciI6InBhc3Nwb3J0X3NhbWwiLCJzdWIiOiJIeGFaT0ZfM29NTWkxRDNSY0Ftbmt5cGd5UDBIWjhrQWpEclhDSG5YSTU0IiwiYW1yIjpbIjYwIl0sImF1dGhfdGltZSI6MTU5OTY3ODkxMSwiaXNzIjoiaHR0cHM6Ly9hdXRoMDEucG9jLmF3aS5kZSIsImV4cCI6MTU5OTY4MzA1NCwiaWF0IjoxNTk5Njc5NDU0LCJub25jZSI6ImVmdDJoNXVwbDZ0OWhiODU2aDlpbG05aXEzIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.Eu4_rFCsMhgF8Pr54DScvXnNx3h580UMw5RgvFu4hoEbcZpxLvbF9LShmJEnuYuf6a2Ts1hwZ5eL8r2Hx8PLpt9OGAyaDwe7OIKtLo7dffgKLNRLRQyzxsN8KuNkFNgJBY-G10iEqplH2RZOazYeBZmlYhhz9npyxomUQG6UrTv80723uPOSqqFbhfj4Mi6pC07bE5qURCYT5QstZ7iOkgKS5k9OcoOxF1QWp3zL7M82S4orh2siWM-y7t2t3ytYACaPshkK5kuiHpDxyXyL9Q2QMqXiwLau0anZBRnZb7qMIUAoIizBq3roN51YRuoK9SQn193Qq14HkysMr15nlA', accessToken='1d07674a-29e8-4714-9b08-332b4db27eca', redirectUri='https://client.my.site/callback', postLogoutRedirectUri='null', postLogoutRedirectUris='[https://client.my.site/logout]', applicationType='web', redirectUris=[https://client.my.site/callback], frontChannelLogoutUris=[], claimsRedirectUri=[], responseTypes=[code], clientId='a29e105e-cfce-49f4-bc30-41db06046745', clientRegistrationAccessToken='a1a8deb2-c494-40cd-89f0-9fef64f0300b', clientRegistrationClientUri='https://gluu.my.site/oxauth/restv1/register?client_id=a29e105e-cfce-49f4-bc30-41db06046745', clientIdIssuedAt=Mon Sep 07 12:50:24 UTC 2020, clientSecretExpiresAt=null, clientName='client.my.site', sectorIdentifierUri='null', clientJwksUri='null', scope=[openid, oxd, profile, user_name, email, memberOf], uiLocales=[], claimsLocales=[], acrValues=[], grantType=[authorization_code, client_credentials], contacts=[martin.petri@awi.de], userId='null', userSecret='null', pat='null', patExpiresIn=null, patCreatedAt=null, patRefreshToken='null', oauthToken='f9b9b92a-3b05-4bf9-8677-0ccae6a35a08', oauthTokenExpiresIn='299, oauthTokenCreatedAt='Wed Sep 09 19:28:12 UTC 2020, oauthTokenRefreshToken=''null', umaProtectedResources='[], rpt='null', rptTokenType='null', rptPct='null', rptExpiresAt='null', rptCreatedAt='null', rptUpgraded='null', rptAsJwt='false', tokenEndpointAuthSigningAlg='null', tokenEndpointAuthMethod='null', oxdRpProgrammingLanguage='null', accessTokenAsJwt='false', accessTokenSigningAlg='null', trusted_client='true', frontChannelLogoutSessionRequired='false', runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims='false', requireAuthTime='false', logoUri='null', clientUri='null', policyUri='null', tosUri='null', jwks='null', idTokenBindingCnf='null', tlsClientAuthSubjectDn='null', idTokenSignedResponseAlg='null', idTokenEncryptedResponseAlg='null', idTokenEncryptedResponseEnc='null', userInfoSignedResponseAlg='null', userInfoEncryptedResponseAlg='null', userInfoEncryptedResponseEnc='null', requestObjectSigningAlg='null', requestObjectEncryptionAlg='null', requestObjectEncryptionEnc='null', defaultMaxAge='null', initiateLoginUri='null', authorizedOrigins='null', accessTokenLifetime='null', softwareId='null', softwareVersion='null', softwareStatement='null', customAttributes='null', requestUris='null'} TRACE [19:28:12.694] [dw-23 - POST /get-authorization-url] o.g.o.s.s.ValidationService - access_token: b86c1af8-958b-4b7d-be2a-1f9e16ddecb3, introspection: IntrospectionResponse{active=true, scope=[openid, user_name, oxd, email], clientId='a29e105e-cfce-49f4-bc30-41db06046745', username='null', tokenType='bearer', expiresAt=1599679992, issuedAt=1599679692, subject='', audience='a29e105e-cfce-49f4-bc30-41db06046745', issuer='https://gluu.my.site', jti='null', acrValues='null'}, clientId: a29e105e-cfce-49f4-bc30-41db06046745 TRACE [19:28:12.697] [dw-23 - POST /get-authorization-url] o.g.o.s.RestResource - Send back response: {"authorization_url":"https://gluu.my.site/oxauth/restv1/authorize?response_type=code&client_id=a29e105e-cfce-49f4-bc30-41db06046745&redirect_uri=https://client.my.site/callback&scope=openid+oxd+email+user_name+memberof&state=L3Byb2plY3RzL1BoaWxQcm9qMTA%3D&nonce=ck41jj0sg18h8snm5oikit2v0d&acr_values=passport_saml"} TRACE [19:28:57.274] [dw-23 - POST /get-tokens-by-code] o.g.o.s.RestResource - Command: {"oxd_id": "da49f930-b1aa-46bc-afe6-aabb12beb460", "code": "29ecabbf-8e30-4118-9dee-9ce2915db23f", "state": "L3Byb2plY3RzL1BoaWxQcm9qMTA="} TRACE [19:28:57.279] [dw-23 - POST /get-tokens-by-code] o.g.o.s.s.ValidationService - Introspect token with rp: Rp{oxdId='da49f930-b1aa-46bc-afe6-aabb12beb460', opHost='https://gluu.my.site', opDiscoveryPath='null', idToken='eyJraWQiOiI4MGQxNmNkYS02YzE3LTQwYWQtODBkZS00M2Y4YjkyODY0ZDlfc2lnX3JzMjU2IiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoieC1yZDZUQ3hJbTJocW5NbzVic2pZZyIsImF1ZCI6ImEyOWUxMDVlLWNmY2UtNDlmNC1iYzMwLTQxZGIwNjA0Njc0NSIsImFjciI6InBhc3Nwb3J0X3NhbWwiLCJzdWIiOiJIeGFaT0ZfM29NTWkxRDNSY0Ftbmt5cGd5UDBIWjhrQWpEclhDSG5YSTU0IiwiYW1yIjpbIjYwIl0sImF1dGhfdGltZSI6MTU5OTY3ODkxMSwiaXNzIjoiaHR0cHM6Ly9hdXRoMDEucG9jLmF3aS5kZSIsImV4cCI6MTU5OTY4MzA1NCwiaWF0IjoxNTk5Njc5NDU0LCJub25jZSI6ImVmdDJoNXVwbDZ0OWhiODU2aDlpbG05aXEzIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.Eu4_rFCsMhgF8Pr54DScvXnNx3h580UMw5RgvFu4hoEbcZpxLvbF9LShmJEnuYuf6a2Ts1hwZ5eL8r2Hx8PLpt9OGAyaDwe7OIKtLo7dffgKLNRLRQyzxsN8KuNkFNgJBY-G10iEqplH2RZOazYeBZmlYhhz9npyxomUQG6UrTv80723uPOSqqFbhfj4Mi6pC07bE5qURCYT5QstZ7iOkgKS5k9OcoOxF1QWp3zL7M82S4orh2siWM-y7t2t3ytYACaPshkK5kuiHpDxyXyL9Q2QMqXiwLau0anZBRnZb7qMIUAoIizBq3roN51YRuoK9SQn193Qq14HkysMr15nlA', accessToken='1d07674a-29e8-4714-9b08-332b4db27eca', redirectUri='https://client.my.site/callback', postLogoutRedirectUri='null', postLogoutRedirectUris='[https://client.my.site/logout]', applicationType='web', redirectUris=[https://client.my.site/callback], frontChannelLogoutUris=[], claimsRedirectUri=[], responseTypes=[code], clientId='a29e105e-cfce-49f4-bc30-41db06046745', clientRegistrationAccessToken='a1a8deb2-c494-40cd-89f0-9fef64f0300b', clientRegistrationClientUri='https://gluu.my.site/oxauth/restv1/register?client_id=a29e105e-cfce-49f4-bc30-41db06046745', clientIdIssuedAt=Mon Sep 07 12:50:24 UTC 2020, clientSecretExpiresAt=null, clientName='client.my.site', sectorIdentifierUri='null', clientJwksUri='null', scope=[openid, oxd, profile, user_name, email, memberOf], uiLocales=[], claimsLocales=[], acrValues=[], grantType=[authorization_code, client_credentials], contacts=[martin.petri@awi.de], userId='null', userSecret='null', pat='null', patExpiresIn=null, patCreatedAt=null, patRefreshToken='null', oauthToken='f9b9b92a-3b05-4bf9-8677-0ccae6a35a08', oauthTokenExpiresIn='299, oauthTokenCreatedAt='Wed Sep 09 19:28:12 UTC 2020, oauthTokenRefreshToken=''null', umaProtectedResources='[], rpt='null', rptTokenType='null', rptPct='null', rptExpiresAt='null', rptCreatedAt='null', rptUpgraded='null', rptAsJwt='false', tokenEndpointAuthSigningAlg='null', tokenEndpointAuthMethod='null', oxdRpProgrammingLanguage='null', accessTokenAsJwt='false', accessTokenSigningAlg='null', trusted_client='true', frontChannelLogoutSessionRequired='false', runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims='false', requireAuthTime='false', logoUri='null', clientUri='null', policyUri='null', tosUri='null', jwks='null', idTokenBindingCnf='null', tlsClientAuthSubjectDn='null', idTokenSignedResponseAlg='null', idTokenEncryptedResponseAlg='null', idTokenEncryptedResponseEnc='null', userInfoSignedResponseAlg='null', userInfoEncryptedResponseAlg='null', userInfoEncryptedResponseEnc='null', requestObjectSigningAlg='null', requestObjectEncryptionAlg='null', requestObjectEncryptionEnc='null', defaultMaxAge='null', initiateLoginUri='null', authorizedOrigins='null', accessTokenLifetime='null', softwareId='null', softwareVersion='null', softwareStatement='null', customAttributes='null', requestUris='null'} TRACE [19:28:57.281] [dw-23 - POST /get-tokens-by-code] o.g.o.s.s.HttpService - Created TRUST_ALL client. DEBUG [19:28:57.282] [dw-23 - POST /get-tokens-by-code] o.g.o.s.s.UmaTokenService - OauthToken from site configuration, OauthToken: f9b9b92a-3b05-4bf9-8677-0ccae6a35a08 TRACE [19:28:57.348] [dw-23 - POST /get-tokens-by-code] o.g.o.s.s.ValidationService - access_token: b86c1af8-958b-4b7d-be2a-1f9e16ddecb3, introspection: IntrospectionResponse{active=true, scope=[openid, user_name, oxd, email], clientId='a29e105e-cfce-49f4-bc30-41db06046745', username='null', tokenType='bearer', expiresAt=1599679992, issuedAt=1599679692, subject='', audience='a29e105e-cfce-49f4-bc30-41db06046745', issuer='https://gluu.my.site', jti='null', acrValues='null'}, clientId: a29e105e-cfce-49f4-bc30-41db06046745 ERROR [19:28:57.362] [dw-23 - POST /get-tokens-by-code] o.g.o.s.Processor - HTTP 400 Bad Request org.gluu.oxd.server.HttpException: HTTP 400 Bad Request at org.gluu.oxd.server.op.GetTokensByCodeOperation.validate(GetTokensByCodeOperation.java:116) at org.gluu.oxd.server.op.GetTokensByCodeOperation.execute(GetTokensByCodeOperation.java:40) at org.gluu.oxd.server.op.GetTokensByCodeOperation.execute(GetTokensByCodeOperation.java:25) at org.gluu.oxd.server.Processor.process(Processor.java:47) at org.gluu.oxd.server.RestResource.getObjectForJsonConversion(RestResource.java:234) at org.gluu.oxd.server.RestResource.process(RestResource.java:220) at org.gluu.oxd.server.RestResource.getTokenByCode(RestResource.java:103) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161) at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:205) at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99) at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347) at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102) at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) at org.glassfish.jersey.internal.Errors.process(Errors.java:315) at org.glassfish.jersey.internal.Errors.process(Errors.java:297) at org.glassfish.jersey.internal.Errors.process(Errors.java:267) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:473) at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:427) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:388) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:341) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:228) at io.dropwizard.jetty.NonblockingServletHolder.handle(NonblockingServletHolder.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) at io.dropwizard.servlets.ThreadNameFilter.doFilter(ThreadNameFilter.java:35) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at io.dropwizard.jersey.filter.AllowedMethodsFilter.handle(AllowedMethodsFilter.java:45) at io.dropwizard.jersey.filter.AllowedMethodsFilter.doFilter(AllowedMethodsFilter.java:39) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at com.codahale.metrics.jetty9.InstrumentedHandler.handle(InstrumentedHandler.java:239) at io.dropwizard.jetty.RoutingHandler.handle(RoutingHandler.java:52) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:455) at io.dropwizard.jetty.BiDiGzipHandler.handle(BiDiGzipHandler.java:67) at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:56) at org.eclipse.jetty.server.handler.StatisticsHandler.handle(StatisticsHandler.java:169) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:530) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:289) at org.eclipse.jetty.io.ssl.SslConnection$3.succeeded(SslConnection.java:149) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:708) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:626) at java.lang.Thread.run(Thread.java:748) ```

Hi Martin, Thanks for this report, we have bug which will be fixed within https://github.com/GluuFederation/oxd/issues/538 Thanks, Yuriy Z

Thanks :-)