Hello, I'm currently working with CAS 6.1 (RC4 / RC5) and ran in some issues with the OIDC implicit flow.
The client sends the response types "id_token token" and the cas server reports the following errors: 2019-08-09 16:29:04,627 WARN [org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController] - <Ignoring malformed request [https://sso-u.mycompany.de/cas/oidc/authorize?client_id=onlineservice3&redirect_uri=http%3A%2F%2Flocalhost%3A3001%2Fsignin-oidc&response_type=id_token%20token&scope=openid&state=a6198d2a1f1f40ff9778629107567d90&nonce=27c93b2ad113499a9fc3bbf9a1575c1c] as no OAuth20 validator could declare support for its syntax> 2019-08-09 16:29:04,627 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController] - <Authorize request verification failed. Authorization request is missing required parameters, or the request is not authenticated and contains no authenticated profile/principal.> A test with the same client using only the response type=id_token works as expected and results in a redirect including the requested id_token. 2019-08-09 16:38:52,831 DEBUG [org.apereo.cas.support.oauth.web.response.callback.OAuth20TokenAuthorizationResponseBuilder] - <Redirecting to URL [http://localhost:3001/signin-oidc#access_token=AT-1-OJ4kjucWPzpPpTpqxSCTZPrcrowA-6bu&token_type=bearer&expires_in=28800&id_token=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJTVC0zLVUtbGhaMkw5V2Z4ZVJXUmg3emNJRC1tNVljYy1jYXNzaW5pMSIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9jYXMvb2lkYyIsImF1ZCI6Im9ubGluZXNlcnZpY2UzIiwiZXhwIjoxNTY1MzkwMzMyLCJpYXQiOjE1NjUzNjE1MzIsIm5iZiI6MTU2NTM2MTIzMiwic3ViIjoiMTAwMDAwMDIiLCJjbGllbnRfaWQiOiJvbmxpbmVzZXJ2aWNlMyIsInN0YXRlIjoiNzVhMzFlNjY0MTY1NDdlYjgxOGYyZGFhMjliM2MzNWIiLCJub25jZSI6IjcxMGFjYzkzNTEyMjRkODRiZmNhZjY0ZTlhMjk0ZmZjIiwiYXRfaGFzaCI6Il8zaWIzU09VV092MGJCa2hkTkh2M0EiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiIxMDAwMDAwMiJ9.r7VLX6yooJdf3HpcE-KoOreqo45K31zPK9YTqp6Lnlm6rAcnlWqbECudDGXwmuMDvwL06nh8z3ZrsmKPCmxwrFH2xt34-PK_0909d6NTWYDvD1X5Rgv3WhrtV2m1jVr2g4jrKD5vnvqECiBE9GcpCcHQQWtFx7O59v0rS8lRMiXagcUlggezmw_OrVQycjT8FxwmZz9WDV_YTcA_zj6GY3Ou3qQAWcYHbAhPGTWBJ8qS6ZMdZs5jAmCx5PWHHqkmQJ9Vt3e8h_PE8B6ehiKhM4HUBrloh0d21n84W2wC9z8F99Fdl5fZdgC72cOPvmHoj2WO3a_vSU2pEuW4u66CYQ&state=75a31e66416547eb818f2daa29b3c35b&nonce=710acc9351224d84bfcaf64e9a294ffc]> Best Regards, Christian -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/18a64bea-0df6-4421-8788-052f5dc52892%40apereo.org.
