You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In version 7.0, it was identified that when custom scopes are requested using the JWT Bearer Grant, the scopes are not properly resolved, and as a result, they are not included in the exchanged access token or bearer response.
If the openid scope is requested along with the custom scopes, the request functions as expected. However, ideally, the custom scopes should resolve properly even without the inclusion of the openid scope.
How to reproduce:
Create an API resource and define one or more custom scopes.
Create a role and associate the custom scopes with it.
Create a group and assign the role created in the previous step.
Set up a connection by providing the alias, issuer details, and uploading the Identity Server's public key as a certificate.
Navigate to the Connection → Groups section and add an IDP group (e.g., group1).
In User Management → Roles → select the role → Groups → External Groups, map the previously added IDP group to the local role.
Create a user and assign the local group created in step 3.
Generate the assertion with the correct identity provider (IDP) and user information.
Request the custom scopes in the JWT Bearer request, omitting the openid scope.
Observe that the custom scopes are not included in the response.
When the openid scope is included in the request, the custom scopes are correctly resolved.
Expected behavior:
The custom scopes should resolve properly even without the inclusion of the openid scope.
Environment information (Please complete the following information; remove any unnecessary fields) :
Describe the issue:
In version 7.0, it was identified that when custom scopes are requested using the JWT Bearer Grant, the scopes are not properly resolved, and as a result, they are not included in the exchanged access token or bearer response.
If the
openid
scope is requested along with the custom scopes, the request functions as expected. However, ideally, the custom scopes should resolve properly even without the inclusion of theopenid
scope.How to reproduce:
openid
scope.openid
scope is included in the request, the custom scopes are correctly resolved.Expected behavior:
The custom scopes should resolve properly even without the inclusion of the
openid
scope.Environment information (Please complete the following information; remove any unnecessary fields) :
Optional Fields
Related issues:
#21009
The text was updated successfully, but these errors were encountered: