-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect scopes persisted during manual registration of OIDC client #1282
Comments
This is not an issue. User should enter scopes in dn format. See below. vokoscreenNG-2022-05-04_13-16-29.mp4 |
At present config-api acts as a pass through and hence expects the scopes as dn, it takes the scope and saves them as it. Checking with Yuriy regarding the expected behaviour on |
Adding @yuriyz as Puja mentioned above. Having users to add Agreed that CLI may not be able to translate |
@yurem for comments on above. |
Yes, I agree. We just discussed it with @pujavs . config-api can check whether scope is in DN format :
|
thanks @yuriyz for your inputs, working on it |
Implemented check as suggested by @yuriyz as follows;config-api can check whether scope is in DN format :
Testing:Case#1: Valid scopes: If scope is provided in DN format it accepts as is else fetches DN from DB Case#2: Invalid scope name: Will throw exception with details of invalid scope. Case#3: Invalid DN: Will throw exception with details of invalid scope. |
Related PR 1293 |
@ossdhaval, change has been merged, request you to please verify |
There is no need any change in CLI. |
When we use id of scope, config-api registers it's dn. vokoscreenNG-2022-05-09_22-45-29.mp4Closing the issue |
Describe the bug
During manual registration of OIDC client through
jans-cli
, the scopes that are persisted in MySQL table are not in Dn format.What is stored :
{"v": ["email", "openid", "profile"]}
What should be stored :
{"v": ["inum=C4F7,ou=scopes,o=jans", "inum=C4F6,ou=scopes,o=jans", ...]}
To Reproduce
Steps to reproduce the behavior:
config-cli
on janssen serveropen id connect clients
( option16
)check the schema JSON that is being used for client registration, mine was
as shown above, the scopes are not sent in Dn format but rather in simple format.
y
on prompt.jans-auth.log
has this error.Expected behavior
config-api
expects Dn formatted input fromjans-cli
then Swagger doc needs to be fixed as it is currently showing simple formatjans-auth.log
logs this issue as TRACE and not as ERROR. This creates a hidden failure which is not logged at all unless log level is changed to TRACE.Screenshots
config-api
swagger showing scopes accepted in non-Dn formatDesktop (please complete the following information):
The text was updated successfully, but these errors were encountered: