oauth2-server-php
oauth2-server-php copied to clipboard
OpenId Connect - TokenController does Not send id_token
This got discussed in #443, but I think I am missing something, or there is some kind of problem here:
- according to Google's implementation (https://developers.google.com/accounts/docs/OpenIDConnect) an
id_token
should always be returned when accessing the token endpoint. I cannot get this to happen.
After making an authorize
request like this:
https://localhost:8443/core_auth/web/oauth/v1/authorize?client_id=app_id&response_type=code&redirect_uri=https%3A%2F%2Flocalhst%...&scope=openid profile email
I only get responses like this:
{
"access_token": "3a7447b3...",
"expires_in": 86400,
"token_type": "Bearer",
"scope": "openid profile email",
"refresh_token": "4116587..."
}
There is no id_token
.
I am using the following config:
'options' => [
'token_param_name' => 'access_token',
'access_lifetime' => 3600 * 24,
'enforce_state' => true,
'allow_implicit' => true,
'use_openid_connect' => true,
'require_exact_redirect_uri' => false, // TODO: should be exact ?!
'enforce_state' => false // TODO: remove! should be true
],
Is this an expected behavior?
Thanks in advance!!