Ashwin, How can we reproduce the error? Thanks, Will

Hi, Ashwin. You seem to try to use a very specific type of implicit flow, judging by this request parameter: `response_type=id_token`. Is it your intention, and did you configure you client's metadata at Gluu to be ready for it? Could you perhaps provide screenshots of page with all its settings?

Hi, Adam. Just to make sure: can you log in to Gluu's admin web UI? If you can, then it seems like you have some issues when trying to configure its interoperability with `mod_openidc`. In such case please gather and share more details on your configuration, including screenshots of pages with relevant settings and [logs](https://gluu.org/docs/ce/3.1.1/operation/logs/). `mod_openidc` should register its client dynamically at Gluu, you should be able to see it in the list of OIDC clients clearly (it names it in a special way). Please check our ["How to ask" guide](https://support.gluu.org/docs/user-guide/how-to-ask/) I'll try to check that setup when I'll have some time as well.

Not sure there is some manual, you can check [its spec](https://openid.net/specs/openid-connect-registration-1_0.html) though. Here are the sample requests with curl: - `POST REQUEST` ``` curl -k -X POST -H "Content-Type: application/json" -d '{"redirect_uris":["https://127.0.0.1:8080/login-redirect"],"response_types":["code token,id_token"],"grant_types":["authorization_code"],"applicationType":"web"}' 'https://your.gluu.host/oxauth/restv1/register' ``` `POST RESPONSE` ``` { "client_id": "@!3BBD.C34D.BA66.49B3!0001!17D5.1A00!0008!9C65.DE26.6A1A.F73F", "client_secret": "XXXXXXXXXXXXXXXXXXXXXXXXXX", "registration_access_token": "YYYYYYYYYYYYYYYYYYYYYYYYYYY", "registration_client_uri": "https://your.gluu.host/oxauth/restv1/register?client_id=@!3BBD.C34D.BA66.49B3!0001!17D5.1A00!0008!9C65.DE26.6A1A.F73F", "client_id_issued_at": 1503370360, "client_secret_expires_at": 1503456760, "redirect_uris": ["https://127.0.0.1:8080/login-redirect"], "response_types": ["code"], "grant_types": [ "refresh_token", "authorization_code" ], "application_type": "web", "client_name": "127.0.0.1", "subject_type": "pairwise", "id_token_signed_response_alg": "RS256", "token_endpoint_auth_method": "client_secret_basic", "require_auth_time": false, "frontchannel_logout_session_required": false, "scopes": [ "permission", "openid", "uma_protection" ] } ``` Pay attention to `registration_access_token` and `client_id` fields you will use them in the PUT and GET requests as a "Authorization" header and as a query parameter respectively. - `PUT REQUEST.` This request will update field `client_name`, ``` curl -k -X PUT -H "Authorization: Bearer YYYYYYYYYYYYYYYYYYYYYYYYYYY" -H "Content-Type: application/json" -d '{"client_name":"New Client Name"}' 'https://your.gluu.host/oxauth/restv1/register?client_id=@!3BBD.C34D.BA66.49B3!0001!17D5.1A00!0008!9C65.DE26.6A1A.F73F' ``` `PUT RESPONSE` ``` { "client_id": "@!3BBD.C34D.BA66.49B3!0001!17D5.1A00!0008!9C65.DE26.6A1A.F73F", "client_secret": "XXXXXXXXXXXXXXXXXXXXXXXXXX", "registration_access_token": "YYYYYYYYYYYYYYYYYYYYYYYYYYY", "registration_client_uri": "https://your.gluu.host/oxauth/restv1/register?client_id=@!3BBD.C34D.BA66.49B3!0001!17D5.1A00!0008!9C65.DE26.6A1A.F73F", "client_id_issued_at": 1503370360, "client_secret_expires_at": 1503456760, "redirect_uris": ["https://127.0.0.1:8080/login-redirect"], "response_types": ["code"], "grant_types": [ "refresh_token", "authorization_code" ], "application_type": "web", "client_name": "New Client Name", "subject_type": "pairwise", "id_token_signed_response_alg": "RS256", "token_endpoint_auth_method": "client_secret_basic", "require_auth_time": false, "frontchannel_logout_session_required": false, "scopes": [ "permission", "openid", "uma_protection" ] } ``` - `GET REQUEST` ``` curl -k -X GET -H "Authorization: Bearer YYYYYYYYYYYYYYYYYYYYYYYYYYY" -H "Content-Type: application/json" 'https://your.gluu.host/oxauth/restv1/register?client_id=@!3BBD.C34D.BA66.49B3!0001!17D5.1A00!0008!9C65.DE26.6A1A.F73F' ``` `GET RESPONSE` ``` { "client_id": "@!3BBD.C34D.BA66.49B3!0001!17D5.1A00!0008!9C65.DE26.6A1A.F73F", "client_secret": "XXXXXXXXXXXXXXXXXXXXXXXXXX", "registration_access_token": "YYYYYYYYYYYYYYYYYYYYYYYYYYY", "registration_client_uri": "https://your.gluu.host/oxauth/restv1/register?client_id=@!3BBD.C34D.BA66.49B3!0001!17D5.1A00!0008!9C65.DE26.6A1A.F73F", "client_id_issued_at": 1503370360, "client_secret_expires_at": 1503456760, "redirect_uris": ["https://127.0.0.1:8080/login-redirect"], "response_types": ["code"], "grant_types": [ "refresh_token", "authorization_code" ], "application_type": "web", "client_name": "New Client Name", "subject_type": "pairwise", "id_token_signed_response_alg": "RS256", "token_endpoint_auth_method": "client_secret_basic", "require_auth_time": false, "frontchannel_logout_session_required": false, "scopes": [ "permission", "openid", "uma_protection" ] } ```

Adam, Can you clarify where/what should be updated in the docs? Alternatively, if you are feeling generous, you could submit a merge request with the docs that we can review and merge. All the docs are hosted on github. Here is the [mod_auth doc](https://github.com/GluuFederation/docs-ce-prod/blob/3.1.1/3.1.1/source/integration/sswebapps/openidc-rp.md). Thanks in advance, Will

Hi Adam, Can you open a new ticket for this? That way I can assign to the proper engineer. Thanks! Will

I don't think the issue is with C# Sample application. The OP host url is wrong . Should be op_host":"https://idp.somedomain.com"