Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Done
-
2.0.0.CR1
-
None
-
None
Description
The OIDC conformance testsuite has 3 tests for access UserInfo endpoint:
1) GET method with Bearer token in header
2) POST method with Bearer token in the body
3) POST method with Bearer token in header
We pass the 1 and 2, but we fail 3 right now.
Just for tracking OIDC specification sais this in http://openid.net/specs/openid-connect-core-1_0.html#UserInfo :
The UserInfo Endpoint MUST support the use of the HTTP GET and HTTP POST methods defined in RFC 2616 [RFC2616]. The UserInfo Endpoint MUST accept Access Tokens as OAuth 2.0 Bearer Token Usage [RFC6750].
The RFC6750 indeed supports header for GET+POST or body for POST.
Attachments
Issue Links
- blocks
-
KEYCLOAK-3177 Pass OIDC Basic Profile
-
- Closed
-