OpenId Connect to generate authorization code usin...

Report Inappropriate Content · 04-19-2017 01:31 AM

Hi,

I am using Open Id connect with ldp and need to generate authorization code. I am passing hard coded value directly to the OAuthV2 policy to make sure it will generate the authorization code but getting - 'Invalid request' error.

The policy looks like this:

<OAuthV2 name="OAuthV2-GenerateAuthorizationCode">
  <DisplayName>OAuthV2: Generate Authorization Code</DisplayName>
  <ExternalAuthorization>false</ExternalAuthorization>
  <Operation>GenerateAuthorizationCode</Operation>
  <Scope>openid</Scope>
  <ClientId>MRfvntIHAIfPh7qQcGIArD7Bs0DHUKvX</ClientId>
  <ResponseType>code</ResponseType>
  <ExpiresIn>600000</ExpiresIn>
  <SupportedGrantTypes/>
  <UserName>RAJEEV</UserName>
  <Tokens/>
</OAuthV2>

Is any idea which bit of request information , I am not passing or any clue?

DChiesa

I think you need a variable reference for the ClientId element. It should be like this:

<OAuthV2 name="OAuthV2-GenerateAuthorizationCode">
  <Operation>GenerateAuthorizationCode</Operation>
  <ClientId>my_client_id</ClientId> <! -- like this -->
  <RedirectUri>redirect_uri</RedirectUri>
  <ResponseType>request.formparam.response_type</ResponseType>
  <Scope>requested_scope</Scope>
   ...

Each of those things - my_client_id, redirect_uri, requested_scope, and so on... those should refer to names of context variables. Not "hard coded" things. If you need to hard-code something, then you should use an AssignMessage policy and AssignVariable to set a variable to the hard-coded value. like this:

<AssignMessage name='AV-1'>
  <AssignVariable>
    <Name>my_client_id</Name>
    <Value>ABCDEFGHIJKLMNOPQRSTUV123</Value>
  </AssignVariable>
   ...
</AssignMessage>

Set that policy to run before the GenerateAuthorizationCode policy. But it's not only the client_id you must set. You must have variables that hold the correct values for the other elements in that GenerateAuthorizationCode policy. To make that happen, add more AssignVariable stanzas in the AssignMessage policy.

<AssignMessage name='AV-1'>
  <AssignVariable>
    <Name>my_client_id</Name>
    <Value>ABCDEFGHIJKLMNOPQRSTUV123</Value>
  </AssignVariable>
  <AssignVariable>
    <Name>requested_scope</Name>
    <Value>openid</Value>
  </AssignVariable>
  <AssignVariable>
    <Name>redirect_uri</Name>
    <Value>http://my.redirect.uri/for/this/app</Value>
  </AssignVariable>
  <AssignVariable>
    <Name>response_type</Name>
    <Value>token,id_token</Value>
  </AssignVariable>
</AssignMessage>

Then your GenerateAuthorizationCode must look like this:

<OAuthV2 name="OAuthV2-GenerateAuthorizationCode">
  <Operation>GenerateAuthorizationCode</Operation>
  <ClientId>my_client_id</ClientId>
  <RedirectUri>redirect_uri</RedirectUri>
  <ResponseType>response_type</ResponseType>
  <Scope>requested_scope</Scope>
   ...

If this is not the problem, we will need some additional context , to understand what you are doing, what you are trying to do, before we can help you.

Report Inappropriate Content

Thanks Dino for wonderful explanation and support. It is really very well explained here.

Please see below working sample for OAuthV2-GenerateAuthorizationCode policy -

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 name="GenerateAuthorizationCode">
<DisplayName>Generate Authorization Code</DisplayName>
<ExternalAuthorization>false</ExternalAuthorization>
<Operation>GenerateAuthorizationCode</Operation>
<ClientId>request.formparam.client_id</ClientId>
<ResponseType>request.formparam.response_type</ResponseType>
<Scope>request.formparam.scope</Scope>
<RedirectUri>request.formparam.redirect_uri</RedirectUri>
<UserName>request.formparam.userId</UserName>
<ExpiresIn>600000</ExpiresIn>
<SupportedGrantTypes/>
<Tokens/>
</OAuthV2>

Thanks you Dino once again

OpenId Connect to generate authorization code using ldp