end session

By: Sakit Atakishiyev user 06 Jun 2018 at 10:58 a.m. CDT

5 Responses
Sakit Atakishiyev gravatar
Hi. I could not call end session endpoint. Because request require id_token_hint but I could not get this token from token endpoint. Is there any change on version 3.1.3
Ubuntu 16.04
closed

Answers

By Michael Schwartz Account Admin 06 Jun 2018 at 11:05 a.m. CDT

Copy
Michael Schwartz gravatar
You'd have to have the id_token already which comes back either from the authorization endpoint (implicit flow) or from the token endpoint (code flow). See the attached PDF infographic from OCTO.
OCTO-Refcard_API_Security_BD.pdf

By Sakit Atakishiyev user 06 Jun 2018 at 11:15 a.m. CDT

Copy
Sakit Atakishiyev gravatar
I use code flow but when I call token endpoint with this code I get only access and refresh token. But previous version gluu I got id token when call end point. Other question is previous version gluu return me session state but in version 3.1.3 I have also session_id. Are all of these new or not?

By Michael Schwartz Account Admin 06 Jun 2018 at 12:10 p.m. CDT

Copy
Michael Schwartz gravatar
Make sure your client is requesting `response_type` `id_token` `state` is sent by the client, and should be returned unchanged by the OP. If the OP returns a signed `nonce` sent by the client, then state can be dropped (its superfluous). You should post the entire request, response and client configuration details here, or we can't really help you.

By Yuriy Zabrovarnyy staff 06 Jun 2018 at 12:26 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
In Authorization Code Flow tokens are returned only from Token Endpoint. I assume you are using Hybrid Flow and missed `id_token` in `response_type`. If you wish to return all tokens from Authorization Endpoint please set `response_type=code id_token token` See http://openid.net/specs/openid-connect-core-1_0.html#Authentication Re: `session_id` is session identifier. Please note that it is different then `session_state` defined in session specification http://openid.net/specs/openid-connect-session-1_0.html Thanks, Yuriy Z

By Sakit Atakishiyev user 06 Jun 2018 at 11:55 p.m. CDT

Copy
Sakit Atakishiyev gravatar
Hi everyone. I found the problem. My Client has not `openid` scope so I could not get `id_token`. After adding I got it.

Post an answer