Identityserver4: Implicit flow won't allow openid scope and id_token response in the same URI, preventing id_token responses
I'm not a fan of implicit flow, but one of our partners requires this means for authentication. To support them, we've enabled it. They also would like to retrieve an id token, which requires an augmented response type (I believe?)
So their URL looks something like this:
connect/authorize?client_id=some_client&grant_type=implicit&scope=openid+profile&response_type=token+id_token&nonce=a3ab12235&redirect_uri=http://someplace.com/
When this URI gets requested, I receive the following error from IS4 (this also occurs with only openid scope, and not profile):
Requests for id_token response type only must not include resource scopes
As part of my troubleshooting, I removed openid scope and left profile:
response_type requires the openid scope
This leaves me to believe that either IS4 considers openid a resource scope in this context, for whatever reason, or that I've misconfigured my scopes somehow so that openid is somewhere it shouldnt be.
When using authorization code flow, I can retrieve access token, id token and refresh token all in the same response with no issue.
I am not completely clear with how resource scopes are meant to be configured, but here's roughly what my resource looks like:
.AddInMemoryApiResources(new [] { new ApiResource("someResource") { Scopes = { new Scope("openid"), new Scope("profile") } } })
spragchris
All 7 comments
Apologies, IdentityServer4 for .NET Core is the product, version 1.5.1.
I would be interested in work-arounds, if this turns out to be a bug.
spragchris
on 10 Jan 2018
openid must be an identity scope.
See the quickstarts in the docs.
leastprivilege
on 10 Jan 2018
This is not a helpful answer.
spragchris
on 10 Jan 2018
I am sorry - have you tried reading the docs? was that helpful..
e.g. https://identityserver4.readthedocs.io/en/release/quickstarts/3_interactive_login.html
that being said...
This seems to be a general question about IdentityServer - not a bug report or an issue.
Please use one of the our free or commercial support options
See here for more details.
Thanks!
leastprivilege
on 10 Jan 2018
I suspected a possible bug as indicated in my original posting.
Thank you for your follow up.
spragchris
on 14 Jan 2018
I'm struggling with similar issue for a while now. Bouncing from one github issue to another. In all of them there are RTFMs with links to documentation. And in all of them all the links are dead... Frustrating.
Episodex
on 19 Sep 2019
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 10 Jan 2020
Related issues
chrisrestall
路
3Comments
krgm03
路
3Comments
eshorgan
路
3Comments
mackie1001
路
3Comments
Aravind1729
路
3Comments
Most helpful comment
I am sorry - have you tried reading the docs? was that helpful..
e.g. https://identityserver4.readthedocs.io/en/release/quickstarts/3_interactive_login.html
that being said...
This seems to be a general question about IdentityServer - not a bug report or an issue.
Please use one of the our free or commercial support options
See here for more details.
Thanks!