You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have been testing the DCR flow in IS 7 and noticed that the response_types and application_type claims are missing from the response. Debugging the DCR registration endpoint in the wso2-extensions/identity-inbound-auth-oauth repository revealed that although the DCR endpoint accepts the response_types and application_type claims, they are dropped when converting the request into an internal model. Additionally, IS does not store these values, which explains their absence from the response.
Above is a screenshot of the RegistrationRequestDTO, which is accepted by the IS DCR endpoint. The endpoint then calls the registerApplication() method in the RegisterApiServiceImpl class. This method passes the DTO object to getApplicationRegistrationRequest() in the DCRMUtils class, which converts the DTO into an ApplicationRegistrationRequest object for further processing.
During this conversion step, the response_types and application_types claims are dropped because the ApplicationRegistrationRequest object does not contain fields to store these claims.
As a result, the IS does not store these claims anywhere since they are dropped early in the request processing. Given that these claims are part of the OIDC DCR specification, I believe it would be beneficial to store them in the database and include them in the response, even if the IS has no current use for them.
Why do we need this?
I am an intern with the BFSI team, currently developing a UK Open Banking-compliant DCR flow on top of APIM 4.3 and IS 7.0. As part of this, I am implementing the AdditionalAttributeFilter to perform OB UK-specific claim validations. Some of these validations need to be applied to the response_types and application_type claims, but since these claims are being dropped, we have no way to access them for validation.
Environment information:
Product Version: IS 7.0.0
The text was updated successfully, but these errors were encountered:
Description:
I have been testing the DCR flow in IS 7 and noticed that the
response_typesandapplication_typeclaims are missing from the response. Debugging the DCR registration endpoint in the wso2-extensions/identity-inbound-auth-oauth repository revealed that although the DCR endpoint accepts theresponse_typesandapplication_typeclaims, they are dropped when converting the request into an internal model. Additionally, IS does not store these values, which explains their absence from the response.Above is a screenshot of the
RegistrationRequestDTO, which is accepted by the IS DCR endpoint. The endpoint then calls theregisterApplication()method in theRegisterApiServiceImplclass. This method passes the DTO object togetApplicationRegistrationRequest()in theDCRMUtilsclass, which converts the DTO into anApplicationRegistrationRequestobject for further processing.During this conversion step, the
response_typesandapplication_typesclaims are dropped because theApplicationRegistrationRequestobject does not contain fields to store these claims.As a result, the IS does not store these claims anywhere since they are dropped early in the request processing. Given that these claims are part of the OIDC DCR specification, I believe it would be beneficial to store them in the database and include them in the response, even if the IS has no current use for them.
Why do we need this?
I am an intern with the BFSI team, currently developing a UK Open Banking-compliant DCR flow on top of APIM 4.3 and IS 7.0. As part of this, I am implementing the
AdditionalAttributeFilterto perform OB UK-specific claim validations. Some of these validations need to be applied to theresponse_typesandapplication_typeclaims, but since these claims are being dropped, we have no way to access them for validation.Environment information:
The text was updated successfully, but these errors were encountered: