Getting "missing required parameter" when trying to use oxauth-rp as outlined in the documentation

By: Joshua Davies user 22 Aug 2016 at 1:31 p.m. CDT

7 Responses
Joshua Davies gravatar
I'm still working through understanding OpenID connect and GLUU, so I'm working through the deployment guide. I'm stuck at the "authorization endpoint" step, though (https://www.gluu.org/docs/integrate/openid-connect/#authorization-endpoint). The documentation says that I should be able to go to https://gluupoc/oxauth-rp/home.htm, scroll down to authorization endpoint, and input: 1) the authorization endpoint https://gluupoc/oxauth/seam/resource/restv1/oxauth/authorize 2) The response types CODE and ID_TOKEN 3) The Client ID 4) The scope OpenID 5) The redirect URI https://gluupoc/oxauth-rp/home.seam and click "submit". However, when I do, I get the error response: {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an unsupported parameter or parameter value, or is otherwise malformed."} I don't see anything in the logs on the server that would indicate which parameter is missing. I can see in the Chrome debugging tools that the request that was submitted was: https://gluupoc/oxauth/seam/resource/restv1/oxauth/authorize?response_type=code+id_token&client_id=%40%21E66B.1B7E.6EBA.202F%210001%2112FC.3A12%210008%21617D.541F&scope=openid&redirect_uri=https%3A%2F%2Fgluupoc%2Foxauth-rp%2Fhome.seam&claims=%7B%7D
CentOS66
closed

Answers

By Aliaksandr Samuseu staff 22 Aug 2016 at 7:02 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Joshua. Is it really a full request? Because `claims` parameter in it looks truncated. There should be more characters related to it. Regards, Alex.

By Joshua Davies user 23 Aug 2016 at 9:57 a.m. CDT

Copy
Joshua Davies gravatar
Oh - yeah, I had forgotten about that. Whenever I click the "submit" button on the authorization endpoint form on the oxauth-rp home.htm page, I get an error message next to the 'claims' textbox: "Invalid JSON format". I tried adding random JSON strings to it (like {"sub"}, {["sub"]}, {["sub": "bob"]}); the only thing it would accept was an empty object {}. Is that what I'm doing wrong? What's supposed to go here? I can't find any documentation about this parameter, and it appears to be required.

By Aliaksandr Samuseu staff 23 Aug 2016 at 11:33 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
You can try to refer to OpenID specs, [this part](http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter), in particular. There is example of json it's supposed to accept. Keep in mind you need to use actual names of claims that are available at your instance.

By Joshua Davies user 23 Aug 2016 at 12:23 p.m. CDT

Copy
Joshua Davies gravatar
Hm - ok, I'll try to make more sense of this. The references spec indicates that this parameter is optional, though - why does oxauth-rp require it?

By Aliaksandr Samuseu staff 25 Aug 2016 at 2 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
I've done a couple of tests, and discovered that adding `&nonce=nonce` parameter to the query string results in successful request. "nonce" isn't a mandatory parameter by OIDC spec, so, I guess, we need to create a bug report for this.

By Vindula Jayawardana user 02 Sep 2016 at 4:47 a.m. CDT

Copy
Vindula Jayawardana gravatar
I am still facing the same issue. And couldn't identify what to put in 'claims' ..Any help ?

By Aliaksandr Samuseu staff 02 Sep 2016 at 6:15 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Vindula. Just provide something in the "nonce" field. Regarding "claims" parameter format please see [related section](http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter) of OIDC docs.

Post an answer