By: melkisidek Bequengue user 05 Oct 2016 at 3:51 p.m. CDT

8 Responses

**Hi I'm trying to get a id token without success. When i use response_type=code+id_token i get a error message **strong text****“https://vps296312.ovh.net/login.html#error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+unsupported+parameter+or+parameter+value%2C+or+is+otherwise+malformed.” https://vps296312.ovh.net/oxauth/seam/resource/restv1/oxauth/authorize?scope=openid&response_type=code+id_token&client_id=@!21B5.88F4.D899.8B87!0001!3638.8568!0008!299A.7938&redirect_uri=https://vps296312.ovh.net/login.html **https://vps296312.ovh.net/login.html#error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+unsupported+parameter+or+parameter+value%2C+or+is+otherwise+malformed. ** When i use response_type=code is ok of course I don’t get any id token https://vps296312.ovh.net/oxauth/seam/resource/restv1/oxauth/authorize?scope=openid&response_type=code&client_id=@!21B5.88F4.D899.8B87!0001!3638.8568!0008!299A.7938&redirect_uri=https://vps296312.ovh.net/login.html https://vps296312.ovh.net/login.html?session_state=11dfbab1-847f-4038-b727-7b30fa9aeffc&scope=openid&state&code=32b3078e-11f2-4db2-a1ae-156ba826ab65 MY server config picture : ![https://vps296312.ovh.net/gluu.jpg](https://vps296312.ovh.net/gluu.jpg "enter image title here") https://vps296312.ovh.net/.well-known/openid-configuration response_types_supported": [ "code", "code id_token", "token", "token id_token", "code token", "code token id_token", "id_token" ], "grant_types_supported": [ "authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer" ],

CentOS72

closed

By Aliaksandr Samuseu staff 05 Oct 2016 at 4:09 p.m. CDT

Copy

Hi, Melkisidek. Please provide more details, like captures of your requests and responses from server, at least for initial steps of OIDC flow you use. Best regards, Alex.

By Aliaksandr Samuseu staff 05 Oct 2016 at 4:13 p.m. CDT

Copy

What RP or tool do you use to form initial OIDC request to Gluu?

By melkisidek Bequengue user 05 Oct 2016 at 6:48 p.m. CDT

Copy

I'm trying to get a id token using as response_type=code+id_token, but is not working. The Response is invalid_request&error_description. Its works only when i use as response_type=code. The Response is session_state and code value. I trying to understand why is not working and how can i have id-token Aliaksandr Samuseu i using postman is a rest client: https://www.getpostman.com/

By Aliaksandr Samuseu staff 05 Oct 2016 at 7:52 p.m. CDT

Copy

Could you provide full request string you use for initial request? Capture of actual HTTP request/responses would be even better.

By Aliaksandr Samuseu staff 05 Oct 2016 at 7:59 p.m. CDT

Copy

Is this the one? ``` https://vps296312.ovh.net/oxauth/seam/resource/restv1/oxauth/authorize?scope=openid&response_type=code+id_token&client_id=@!21B5.88F4.D899.8B87!0001!3638.8568!0008!299A.7938&redirect_uri=https://vps296312.ovh.net/login.html ``` Why do you use `redirect_uri` located at the same machine as Gluu? Do you have your RP installed there, too? Also, >response_type=code+id_token I believe this means you are using one of hybrid flows of OIDC. I think `nonce` parameter is required in that case. Please try to add `nonce=some_random_string` to your request.

By melkisidek Bequengue user 06 Oct 2016 at 7:51 a.m. CDT

Copy

Am using this one. I made some change: https://vps296312.ovh.net/login.html https://vps296312.ovh.net/oxauth/seam/resource/restv1/oxauth/authorize?scope=openid+email+clientinfo&response_type=code&client_id=@!21B5.88F4.D899.8B87!0001!3638.8568!0008!299A.7938&redirect_uri=https://vps296312.ovh.net/userinfo.html this only works when response_type=code any other value i get error , invalid request https://vps296312.ovh.net/oxauth/seam/resource/restv1/oxauth/authorize?scope=openid+email+clientinfo&response_type=code+id_token&client_id=@!21B5.88F4.D899.8B87!0001!3638.8568!0008!299A.7938&redirect_uri=https://vps296312.ovh.net/userinfo.html

By melkisidek Bequengue user 06 Oct 2016 at 2:28 p.m. CDT

Copy

Oh yes you was right the "**NONCE**" is required, I found this tinformation on the IBM Knowledge Center, finally I got my id_token "JWT" Thanks A lot! https://www.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_oidc_auth_endpoint.html

By Aliaksandr Samuseu staff 06 Oct 2016 at 2:32 p.m. CDT

Copy

AFAICR, in hybrid flows where you receive `id_token` right from authorization endpoint, `nonce` is always required, as it must be included into the `id_token` and you must be able to compare it with one you set in request. Ok, closing the ticket.

You need to Login in order to post an answer

id_token

By: melkisidek Bequengue user 05 Oct 2016 at 3:51 p.m. CDT

Answers

By Aliaksandr Samuseu staff 05 Oct 2016 at 4:09 p.m. CDT

By Aliaksandr Samuseu staff 05 Oct 2016 at 4:13 p.m. CDT

By melkisidek Bequengue user 05 Oct 2016 at 6:48 p.m. CDT

By Aliaksandr Samuseu staff 05 Oct 2016 at 7:52 p.m. CDT

By Aliaksandr Samuseu staff 05 Oct 2016 at 7:59 p.m. CDT

By melkisidek Bequengue user 06 Oct 2016 at 7:51 a.m. CDT

By melkisidek Bequengue user 06 Oct 2016 at 2:28 p.m. CDT

By Aliaksandr Samuseu staff 06 Oct 2016 at 2:32 p.m. CDT

Post an answer