ERROR during running CIBA flow with PUSH mode

By: VanHoan Hoang user 17 May 2022 at 10:52 a.m. CDT

6 Responses
VanHoan Hoang gravatar
Dear community, I'm running CIBA flow with PUSH mode. I have configure CIBA by following [the documentation ](https://gluu.org/docs/gluu-server/4.4/admin-guide/ciba/). The detail of the **json configuration file about openid connect** got from */.well-known/openid-configuration* and **the Cliend Configuration** can be found in the link below. [LINK TO CLIENT CONFIGURATION & OPENID CONNECT CONFIGURATION JSON FILE](https://drive.google.com/drive/folders/15xjwITX6JR9-9y-LfI59shbvLNBuRfC9?usp=sharing) I also configured Firebase FCM to which Gluu server will send the notification for user. **Step 1:** Running authentication request via: https://ciba.example.com/oxauth/restv1/bc-authorize As a response, I get *auth_req_id* and *expires_in parameters*. In addition, Gluu also sends a notification to Firebase, which forwards the notifcation to the user device. The notification is like this: ``` {"from":"523390854537","priority":"normal","notification":{"title":"oxAuth Authentication Request","body":"Client Initiated Backchannel Authentication (CIBA)","click_action":"https://hoanhoangpc/oxauth/restv1/authorize?auth_req_id=ed6c67110e81d5b0cc7e593e39401cbda06ea6924749326e&scope=openid+profile&response_type=id_token&redirect_uri=http%3A%2F%2Flocalhost%3A8090%2Fcallback&state=c62a37d7-46eb-4e2d-9138-01da2ee5bc98&nonce=1035a83e-96df-4dee-8288-e304d12a8ced&prompt=consent&client_id=99e9a301-bdc4-44a7-bcde-c815be61ad95"},"fcmMessageId":"e39fd0b6-9a83-4b2f-9b9f-15ddfeb83c1b"} ``` **Step2:** I manually copy the *click_action* link and paste to browser. However, after hitting Enter, I got an error related to *unsupported_response_type* ``` { "error_description": "The authorization server does not support obtaining an access token using this method.", "state": "c62a37d7-46eb-4e2d-9138-01da2ee5bc98", "error": "unsupported_response_type" } ``` Given that I already enabled id_token in the Client configuration, the error seems weird. I also noticed that during the process of sending the notification to Firebase FCM, Gluu can succesfully send the notifcation but failed to parse the response. You can see it in the following, which is taken from oxauth.log. It seems that even though Gluu Server failed to parse the JSON response, it still prints *success* result as the evaluation is based on the http status. It seems to me that this bug does not impact the rest of the authentication process. ``` 2022-05-17 15:16:24,271 INFO [qtp966739377-13] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '99e9a301-bdc4-44a7-bcde-c815be61ad95' 2022-05-17 15:16:24,750 ERROR [qtp966739377-13] [gluu.oxauth.client.ciba.fcm.FirebaseCloudMessagingResponse] (FirebaseCloudMessagingResponse.java:73) - A JSONObject text must begin with '{' at 2 [character 3 line 1] org.json.JSONException: A JSONObject text must begin with '{' at 2 [character 3 line 1] at org.json.JSONTokener.syntaxError(JSONTokener.java:507) ~[json-20210307.jar:?] at org.json.JSONObject.<init>(JSONObject.java:222) ~[json-20210307.jar:?] at org.json.JSONObject.<init>(JSONObject.java:406) ~[json-20210307.jar:?] at org.gluu.oxauth.client.ciba.fcm.FirebaseCloudMessagingResponse.injectDataFromJson(FirebaseCloudMessagingResponse.java:48) ~[oxauth-client-4.4.0.Final.jar:?] at org.gluu.oxauth.client.ciba.fcm.FirebaseCloudMessagingResponse.<init>(FirebaseCloudMessagingResponse.java:42) ~[oxauth-client-4.4.0.Final.jar:?] at org.gluu.oxauth.client.ciba.fcm.FirebaseCloudMessagingClient._exec(FirebaseCloudMessagingClient.java:64) ~[oxauth-client-4.4.0.Final.jar:?] at org.gluu.oxauth.client.ciba.fcm.FirebaseCloudMessagingClient.exec(FirebaseCloudMessagingClient.java:43) ~[oxauth-client-4.4.0.Final.jar:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:190) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:208) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyObject.__call__(PyObject.java:461) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyObject.__call__(PyObject.java:465) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyMethod.__call__(PyMethod.java:126) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.pycode._pyx0.notifyEndUser$6(firebase_ciba_end_user_notification.py:68) ~[?:?] at org.python.pycode._pyx0.call_function(firebase_ciba_end_user_notification.py) ~[?:?] at org.python.core.PyTableCode.call(PyTableCode.java:173) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyBaseCode.call(PyBaseCode.java:306) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyBaseCode.call(PyBaseCode.java:197) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyFunction.__call__(PyFunction.java:485) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyMethod.__call__(PyMethod.java:228) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyMethod.__call__(PyMethod.java:218) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyMethod.__call__(PyMethod.java:213) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyObject._jcallexc(PyObject.java:3565) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.core.PyObject._jcall(PyObject.java:3598) ~[jython-standalone-2.7.3.jar:2.7.3-SNAPSHOT] at org.python.proxies.__main__$EndUserNotification$0.notifyEndUser(Unknown Source) ~[?:?] at org.gluu.oxauth.service.external.ExternalCibaEndUserNotificationService.executeExternalNotifyEndUser(ExternalCibaEndUserNotificationService.java:50) ~[classes/:?] at org.gluu.oxauth.service.external.ExternalCibaEndUserNotificationService.executeExternalNotifyEndUser(ExternalCibaEndUserNotificationService.java:35) ~[classes/:?] at org.gluu.oxauth.service.external.ExternalCibaEndUserNotificationService$Proxy$_$$_WeldClientProxy.executeExternalNotifyEndUser(Unknown Source) ~[classes/:?] at org.gluu.oxauth.ciba.CIBAEndUserNotificationService.notifyEndUser(CIBAEndUserNotificationService.java:52) ~[classes/:?] at org.gluu.oxauth.ciba.CIBAEndUserNotificationService$Proxy$_$$_WeldClientProxy.notifyEndUser(Unknown Source) ~[classes/:?] at org.gluu.oxauth.bcauthorize.ws.rs.BackchannelAuthorizeRestWebServiceImpl.requestBackchannelAuthorizationPost(BackchannelAuthorizeRestWebServiceImpl.java:309) ~[classes/:?] at org.gluu.oxauth.bcauthorize.ws.rs.BackchannelAuthorizeRestWebServiceImpl$Proxy$_$$_WeldClientProxy.requestBackchannelAuthorizationPost(Unknown Source) ~[classes/:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:408) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:69) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:249) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:60) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) ~[oxauth-client-4.4.0.Final.jar:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) ~[jetty-servlet-api-4.0.6.jar:?] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1630) ~[?:?] at org.gluu.server.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:362) ~[oxcore-server-4.4.0.Final.jar:?] at org.gluu.server.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:139) ~[oxcore-server-4.4.0.Final.jar:?] at org.gluu.oxauth.filter.CorsFilter.doFilter(CorsFilter.java:118) ~[classes/:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?] at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) ~[classes/:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?] at org.gluu.oxauth.auth.AuthenticationFilter.processBasicAuth(AuthenticationFilter.java:339) ~[classes/:?] at org.gluu.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:169) ~[classes/:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?] at org.eclipse.jetty.websocket.servlet.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:170) ~[websocket-servlet-10.0.9.jar:10.0.9] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:506) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) ~[?:?] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) ~[?:?] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) ~[?:?] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) ~[?:?] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1378) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:463) ~[?:?] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) ~[?:?] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1300) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) ~[?:?] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192) ~[?:?] at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51) ~[?:?] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?] at org.eclipse.jetty.server.Server.handle(Server.java:562) ~[?:?] at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) ~[?:?] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) ~[?:?] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) ~[?:?] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) ~[?:?] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:319) ~[?:?] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[?:?] at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[?:?] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:894) ~[?:?] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038) ~[?:?] at java.lang.Thread.run(Thread.java:829) ~[?:?] 2022-05-17 15:16:24,814 INFO [qtp966739377-13] [org.gluu.oxauth.ciba.CIBAEndUserNotificationService] (CIBAEndUserNotificationService.java:51) - CIBA: Notification sent to the end user, result true ``` The log releated to the *unsupported_response_type* found in oxauth.log is the following: ``` 2022-05-17 15:16:29,702 ERROR [qtp966739377-15] [gluu.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl] (AuthorizeRestWebServiceImpl.java:623) - HTTP 400 Bad Request javax.ws.rs.WebApplicationException: HTTP 400 Bad Request at org.gluu.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorization(AuthorizeRestWebServiceImpl.java:356) ~[classes/:?] at org.gluu.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl.requestAuthorizationGet(AuthorizeRestWebServiceImpl.java:161) ~[classes/:?] at org.gluu.oxauth.authorize.ws.rs.AuthorizeRestWebServiceImpl$Proxy$_$$_WeldClientProxy.requestAuthorizationGet(Unknown Source) ~[classes/:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:408) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:69) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:249) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:60) ~[oxauth-client-4.4.0.Final.jar:?] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) ~[oxauth-client-4.4.0.Final.jar:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) ~[jetty-servlet-api-4.0.6.jar:?] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1630) ~[?:?] at org.gluu.server.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:362) ~[oxcore-server-4.4.0.Final.jar:?] at org.gluu.server.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:139) ~[oxcore-server-4.4.0.Final.jar:?] at org.gluu.oxauth.filter.CorsFilter.doFilter(CorsFilter.java:118) ~[classes/:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?] at org.gluu.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:67) ~[classes/:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?] at org.gluu.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:205) ~[classes/:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?] at org.eclipse.jetty.websocket.servlet.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:170) ~[websocket-servlet-10.0.9.jar:10.0.9] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1600) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:506) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) ~[?:?] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) ~[?:?] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) ~[?:?] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) ~[?:?] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1378) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) ~[?:?] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:463) ~[?:?] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) ~[?:?] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1300) ~[?:?] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) ~[?:?] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192) ~[?:?] at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51) ~[?:?] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) ~[?:?] at org.eclipse.jetty.server.Server.handle(Server.java:562) ~[?:?] at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) ~[?:?] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) ~[?:?] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) ~[?:?] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) ~[?:?] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:319) ~[?:?] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) ~[?:?] at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) ~[?:?] at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:412) ~[?:?] at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:381) ~[?:?] at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:268) ~[?:?] at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:138) ~[?:?] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:407) ~[?:?] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:894) ~[?:?] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038) ~[?:?] at java.lang.Thread.run(Thread.java:829) ~[?:?] ``` Can you kindly help me to solve this issue ? Thank you so much
Gluu 4.4 Ubuntu 20.04
closed

Answers

By Michael Schwartz Account Admin 17 May 2022 at 2:04 p.m. CDT

Copy
Michael Schwartz gravatar
Milton, can you take a look?

By Milton Ch. staff 18 May 2022 at 8:05 a.m. CDT

Copy
Milton Ch. gravatar
Hi VanHoan, glad to see you were able to call FCM properly, I was exploring those two cases that you reported: 1. About `unsupported_response_type`, this error could be sometimes problematic, you can see how that validation is processed here: https://github.com/GluuFederation/oxAuth/blob/e3365dae7a37240710a9280fb1bea7695778f15e/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java#L349 Just to summarize, these are the validations: - response_type should be in the list of response types supported by the client. - Client grant types shouldn't be empty - Client grant types should have IMPLICIT - AS configuration should support IMPLICIT Using this configuration you should be able to process this kind of authorizations. 2. About parsing problem, I'm suspecting that FCM is returning some kind of error in the middle or maybe we have to tell FCM to use JSON response type. Anyway, as you said, this issue doesn't impact result of the flow, we basically print a DEBUG log after that and end the notification process. Let me know how it goes, thanks.

By VanHoan Hoang user 18 May 2022 at 11:41 a.m. CDT

Copy
VanHoan Hoang gravatar
Hi @Milton.Ch. Thank you so much for your reponse. I'm getting confused with the need of having IMPLICIT grant type here. Now, I add the IMPLICIT grant type to Client configuration. When I copy and paste the URL generated and sent via Firebase, I receive an *Id_token*. However, this token is sent directly in the re-direct URL and not in the body of the response. When I decode the *Id_token*, its generated by IMPLICIT grant type instead of CIBA grant type. Can you please help me to clarify this ? Best regards,

By Milton Ch. staff 19 May 2022 at 7:21 a.m. CDT

Copy
Milton Ch. gravatar
Hi VanHoan, It's using IMPLICIT just to process authorization in the device, in AS, this is treated as CIBA grant type, that's why we also process it using authReqId param. Can you share your idToken and refer what is your specific concern? Thanks in advance.

By VanHoan Hoang user 20 May 2022 at 4:35 a.m. CDT

Copy
VanHoan Hoang gravatar
Hi @Milton.Ch. It turned out to be my misunderstanding. I'm so sorry for this. Thank you so much to help me through these issues releated to CIBA grant type. Hoan

By Milton Ch. staff 20 May 2022 at 8:04 a.m. CDT

Copy
Milton Ch. gravatar
Hi, ok, no problem, let me know if you need something else from my side. Thanks!

Post an answer