Problem with openid connect dynamic client registration

By: Manuel Ciangottini user 07 Oct 2016 at 8:59 a.m. CDT

5 Responses
Manuel Ciangottini gravatar
Hello, I'm getting an error while trying to register the openid client. This is the registration request: ``` POST /oxauth/seam/resource/restv1/oxauth/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: gluu-server { "redirect_uris": ["http://141.250.2.118/cmsmesos/token.html"], "response_types": [ "code", "token", "id_token" ], "grant_types": ["authorization_code"], "application_type": "web", "subject_type": "pairwise", "id_token_signed_response_alg": "none", "id_token_encrypted_response_alg": "RSA1_5", "id_token_encrypted_response_enc": "A128CBC+HS256", "userinfo_signed_response_alg": "none", "userinfo_encrypted_response_alg": "RSA1_5", "userinfo_encrypted_response_enc": "A128CBC+HS256", "request_object_signing_alg": "none", "request_object_encryption_alg": "RSA1_5", "request_object_encryption_enc": "A128CBC+HS256", "token_endpoint_auth_method": "client_secret_basic", "token_endpoint_auth_signing_alg": "none", "default_max_age": "300", "require_auth_time": "true", "logout_uri": [""], "logout_session_required": "false" } ``` And this is the server response: ``` HTTP/1.1 400 Content-Type: application/json Cache-Control: no-store Pragma: no-cache {"error":"invalid_client_metadata","error_description":"The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata."} ``` Is there anything I'm missing in the registration request?
U1404
closed

Answers

By Michael Schwartz Account Admin 07 Oct 2016 at 9:01 a.m. CDT

Copy
Michael Schwartz gravatar
`redirect_uri` must be `https` Try that first.

By Aliaksandr Samuseu staff 07 Oct 2016 at 9:04 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Manuel. I guess it's a continuation of your previous ticket on `id_token` issuance? Was this POST request generated by `mod_auth_openid`, or do you try to compose and send it manually by yourself? Best regards, Alex.

By Manuel Ciangottini user 07 Oct 2016 at 9:10 a.m. CDT

Copy
Manuel Ciangottini gravatar
It's not a continuation of the previous ticket, in there I used a manually registered client. The POST request was generated by the oxAuth-rp.war deployed during gluu installation. I'll try with the https and will update the ticket soon, thanks

By Aliaksandr Samuseu staff 07 Oct 2016 at 9:16 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Please note that we are now [limiting](https://www.gluu.org/blog/limiting-openid-connect-community-client-support/) community support to a strict list of RPs and we discourage using any kind of low-level stuff, unless you are ready and able to resolve all issues this may result in yourself. Please try to use inbuilt dynamic registration features of `mod_auth_opeindc` first, and when it's confirmed to work you may proceed to experimenting with it.

By Manuel Ciangottini user 07 Oct 2016 at 10:06 a.m. CDT

Copy
Manuel Ciangottini gravatar
Thanks for the support, switching the redirect URI to https and using the dynamic client registration solved all my problems

Post an answer