user3353129
Reputation: 11
WSO2 Identity Server using OpenID Connect returns an authorization code even if the user denies granting authorization
When I run the playground2 openid connect example, I can still see the photos even if I deny authorization. I have the user login in and authenticate successfully, but deny the authorization. From the OpenID Connect specification, an error code should be returned, but instead I am still getting the authorization code. I am running WSO2 Identity Server 4.6.
Why is it still sending an authorization token?
Upvotes: 1
Views: 656
Answers (1)
thtesche
Reputation: 1
The validation of the Access Token is disabled in the playground app. You could enable it with un-commenting line 34-40 in 'oauth-access-resource.jsp.
if (!client.validateAuthenticationRequest(oauthReq)) {
%>
<script type="text/javascript">
window.location = "oauth2.jsp?reset=true&error='Invalid Access Attempt'";
</script>
<%
}
Upvotes: 0
Related Questions
- Access token does not have the openid scope
- wso2 identity server: Oauth 2.0 custom grant is not working for 5.11
- wso2 identity server oauth userinfo only returns sub (revisited)
- WSO2 Identity Server login returns a 403
- WSO2 IS - OAuth2/OIDC Giving the same token
- Can't validate access token via OAuth2/OpenID Connect with prompt=none parameter on WSO2 Identity Server
- WSO2 Identity Server not returning requested claims with OAuth/OpenID
- wso2 identity server oauth userinfo only returns sub
- HTTP requests for WSO2 Identity Server user authentication
- WSO2 IS 5.1.0 as OAuth/OIDC IdP response with different claims on UserInfo endpoint