Layer7 API Management

  • Private Community

  • 1.  Unsupported type for the scope openid

    Posted Jun 28, 2018 06:42 PM

    Hi There,Am using the below url and getting the following exception.Essentially am using the

    response_type=token id_token and send the following request.Please advise what could be the issue i just followed the OTK 4.0 version doc steps for it.

    error=unsupported_response_type&error_description=None+of+the+supported+response_types+were+used

     

    Request:

    https://ssg92.dmn.com:8443/auth/oauth/v2/authorize?response_type=token%20id_token&scope=openid&client_id=1cde994e-f35c-4… 



  • 2.  Re: Unsupported type for the scope openid

    Broadcom Employee
    Posted Jun 29, 2018 10:10 AM

    Are you including a nonce in your request? A nonce parameter is required for response_type 'token id_token' if it is not present this will cause this error.



  • 3.  Re: Unsupported type for the scope openid

    Posted Jun 29, 2018 10:21 AM

    Hi Barry,Am not including it,will add that and let you know the results.



  • 4.  Re: Unsupported type for the scope openid

    Posted Jun 29, 2018 10:53 AM

    Hi Barry,

    I got the following response, but i am logged in with a userID but i could not see the user id in the decoded jason token.I think it could be in sub which is sort of encrypted,could you pls suggest how could i get the userid from the below token for the authenticated user? 

    {
    "at_hash": "bJyegrnsaJz8IA4bl2CaGA",
    "sub": "PwEUcutuQv-nG1AB4X3_rEbd_8b10xrP9Z4h-G_2Y3o",
    "aud": "1cde994e-f35c-4a4f-a20f-12a1c99d8469",
    "acr": "0",
    "azp": "1cde994e-f35c-4a4f-a20f-12a1c99d8469",
    "auth_time": 1530283318,
    "iss": "https://ssg92.mydmn.com:8443/connect",
    "exp": 1530369775,
    "iat": 1530283375,
    "nonce": "11s3n61cciv"
    }



  • 5.  Re: Unsupported type for the scope openid

    Posted Dec 18, 2018 04:16 PM

    Hello!

    sub contains a ppid (Pairwise Pseudonymous Identifier), it is a generated value based on the username, the client_id and a salt. OTK, by default, does not support 'plain' sub values. At the moment that cannot be changed.

    I will take this as feedback for our product owner.

    I hope this helps,

    Sascha



  • 6.  Re: Unsupported type for the scope openid

    Broadcom Employee
    Posted Jan 01, 2019 07:26 PM

    It sounds like you would like to retrieve user claims, in that case, you may call /openid/connect/v1/userinfo endpoint.

    But you will need to implement the /openid/connect/v1/userinfo endpoint first, as by default, all the user attributes are hard coded in "OTK user Attribute Look Up" encapsulated assertion.

    Open ID Connect Implementation Details - CA API Management OAuth Toolkit - 4.3 - CA Technologies Documentation 



  • 7.  Re: Unsupported type for the scope openid

    Broadcom Employee
    Posted Jan 01, 2019 07:50 PM

    but the 'sub', 'preferred_username' and 'user_role' are real