Skip to content

fix(jans-auth-server): Duplicate iss and aud on introspection as jwt #3366

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#3387
Closed
fix(jans-auth-server): Duplicate iss and aud on introspection as jwt#3366
#3387
Assignees
yuriyz
Labels
comp-jans-auth-serverComponent affected by issue or PRkind-bugIssue or PR is a bug in existing functionality
Milestone
 
1.0.6
@yuriyz

Description

@yuriyz
yuriyz
opened on Dec 20, 2022

Describe the bug

Duplicate iss and aud on introspection as jwt

oxauth counterpart: GluuFederation/oxAuth#1748

If you do an introspection on a token during a authorization code flow and include the "response_as_jwt" body value as true, the jwt is returned with a duplicate iss and aud.

Example JWT:

eyJraWQiOiI5N2M0MDU1ZS00YjEwLTQ3YTMtOTA0NS1jYTYxN2YxNTFiZTFfc2lnX3JzMjU2IiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJhdWQiOlsiYzcyYTcyNTktY2Q1NS00ZGMxLWJmYzAtY2Y1NmIzY2M3NzJmIiwiYzcyYTcyNTktY2Q1NS00ZGMxLWJmYzAtY2Y1NmIzY2M3NzJmIl0sInN1YiI6IjBzMXJydHFCYmZNV2lTeVV4ZlUzSFB6MzZwSEZxS2NFNnlxSFJRemp3bkUiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIiwiYWNyX3ZhbHVlcyI6InBhc3Nwb3J0X3NvY2lhbCIsImlzcyI6WyJodHRwczovL3AyLmdsdXUub3JnIiwiaHR0cHM6Ly9wMi5nbHV1Lm9yZyJdLCJhY3RpdmUiOnRydWUsInRva2VuX3R5cGUiOiJiZWFyZXIiLCJleHAiOjE2Njk3OTc4NzAsImlhdCI6MTY2OTc5NzU3MCwiY2xpZW50X2lkIjoiYzcyYTcyNTktY2Q1NS00ZGMxLWJmYzAtY2Y1NmIzY2M3NzJmIiwidXNlcm5hbWUiOiJkaG9uaSJ9.WHpFAhid6Ga_iUfrN8Wp42Vh_s9t6DMmJ0yqtvVGJURZTZxZEfdKDFZXmLEHI_zN6vLlrFrC1BdWUzdGjGZjBz3nC-GaQNmm1-YnkgNqziBl2qI1OT8O1gwsSJIsCCQJUFg0YthlAVazo-rI7WuZFUeEl7hrKrqHfEQDxrb-FLa886pbbsgRg-j7HWyndTht9M6dM_JU1yWJ41BPJwD1mGfubeuuCZYcFJFr2icWimpaRVpHwRojSTx8gHVWHdk3tFHZLdXZQQg5-rfxD072TN7LKc3b5xmZvBaGZwks-FQYVfaU6wFj1QpbBtGREbtgzuP16MuvCyeYvDOkTfuFNw

Steps To Reproduce

Steps to reproduce the behavior:

  1. Implement the Code Auth Flow
  2. Get access token from Code Auth flow
  3. Try to instrospect access token with response_as_jwt=true
curl -k --location --request POST 'https://xxx.xxx.xxx/oxauth/restv1/introspection' \

Metadata

Assignees

Labels

comp-jans-auth-serverComponent affected by issue or PRkind-bugIssue or PR is a bug in existing functionality

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions