Reputation: 278
IdentityServer3 rejecting responsetypes that appear in openid "wellknown" configuration
I am trying to wade my way through learning IdentityServer so that I can implement single sign-on at my workplace. I have a POC service running locally and when I request the configuration, this is the configuration that displays:
{"issuer":"https://localhost:44345/core","jwks_uri":"https://localhost:44345/core/.well-known/jwks","authorization_endpoint":"https://localhost:44345/core/connect/authorize","token_endpoint":"https://localhost:44345/core/connect/token","userinfo_endpoint":"https://localhost:44345/core/connect/userinfo","end_session_endpoint":"https://localhost:44345/core/connect/endsession","check_session_iframe":"https://localhost:44345/core/connect/checksession","revocation_endpoint":"https://localhost:44345/core/connect/revocation","introspection_endpoint":"https://localhost:44345/core/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"scopes_supported":["openid","profile","email","roles","offline_access"],"claims_supported":["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at","email","email_verified","role"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"grant_types_supported":["authorization_code","client_credentials","password","refresh_token","implicit"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"],"token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic"]}
As part of this, you can see:
"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"]
However, when I send a request to the service, with responseType=id_token in the url, I get the error message:
The authorization server does not support the requested response type.
I have tried other responseType values but still get this error message.
I am basically a beginner at web security and IdentityServer, so I am sure I am missing something very basic.
Upvotes: 0
Views: 481
Answers (2)
Reputation: 19
The list of possible parameters that you can send to the authorization endpoint are listed on the following websites :
- OpenId RFC : http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
- Identity server doc : https://identityserver.github.io/Documentation/docsv2/endpoints/authorization.html
The correct parameter is "response_type" and not "response_types" :)
Upvotes: 1
Reputation: 278
This is pretty stupid. All of the examples online I have looked at for IdentityServer show the parameter as responseTypes (camel case). I think these examples must have all been done against an older version of the platform.
The correct parameter name to send is response_types.
Upvotes: 1
Related Questions
- OpenIDConnect Response Type Confusion
- IdentityServer 4 user-info endpoints returns forbidden status
- Identity Server4 connect/token endpoint gives 400 Bad Request
- Identity Server 4 /connect/token return 400 Bad Request when using grant_type:authorization_code
- IdentityServer 3 returns invalid_client
- IdentityServer "invalid_client" error always returned
- How to set up .well-known/openid-configuration endpoint in Identity Server
- Open ID Connect Multiple response types
- User Info endpoint not finding openid scope
- How to solve open id configuration error with identity server 4?