CODEWITHSUNDEEP
websphere-libertyopenid-connect
gira1
gira1

Reputation: 177

OIDC Liberty 8.5.5.8 - NPE in OAuth20InternalException.getEncodedTraceArg

I am using WebSphere Liberty 8.5.5.8 (wlp-1.0.11.cl50820151201-1942) and I am trying to setup OpenID-Connect. Most of my basic samples are working, but when I try to implement "Implicit Flow" with a pure JavaScript client (I use the client samples from https://github.com/IdentityServer/IdentityServer3.Samples), I receive an NPE in the POST after the consent form:

[ERROR   ] SRVE0777E: Exception thrown by application class
com.ibm.oauth.core.api.error.oauth20.OAuth20InternalException.getEncodedTraceArguments:76
java.lang.NullPointerException at
com.ibm.oauth.core.api.error.oauth20.OAuth20InternalException.getEncodedTraceArguments(OAuth20InternalException.java:76)
at [internal classes]

Has anybody been successfull with WLP and setting up "Implicit Flow/Grant".

Is anybody from IBM able to make a diagnosis? NPE in internal class is not very helpful.

Upvotes: 0

Views: 127

Answers (2)

Chunlong
Chunlong

Reputation: 636

The expected authorization request format is

https://localhost:8020/oidc/endpoint/OP3/authorize?response_type=id_token+token&client_id=rp&state=mfjSAPtn9X4TAY52nD9T&redirect_uri=https%3A%2F%2Flocalhost%3A8021%2Foidcclient%2Fredirect%2FRP&scope=openid+profile+email+photo&nonce=xNlPy62xC5ABjyfdxSAU&response_mode=form_post

The "response_mode=form_post" is optional with default value of "fragment"

Upvotes: 0

Aruna
Aruna

Reputation: 1

Did you check for any FFDC logs to see if there are any errors logged prior to the NPE. Also this link points to a good document on what you need to add to the request for an implicit flow.

https://www.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_oidc_auth_endpoint.html?lang=en

As you can see in the document, liberty OIDC does not support just "id_token" in the response_type. When using the implicit flow, one must always use "id_token token" ... So make sure that you have ...response_type=id_token token&scope=openid&client_id=... etc specified in your request.

If the above information does not help, then please provide your OpenID Connect provider configuration and also your example request that you are sending.

Upvotes: 0

Related Questions