oauth2-server-php OpenId Connect - TokenController does Not send id

OpenId Connect - TokenController does Not send id_token

Open thyandrecardoso opened this issue 9 years ago • 11 comments

This got discussed in #443, but I think I am missing something, or there is some kind of problem here:

according to Google's implementation (https://developers.google.com/accounts/docs/OpenIDConnect) an id_token should always be returned when accessing the token endpoint. I cannot get this to happen.

After making an authorize request like this:

https://localhost:8443/core_auth/web/oauth/v1/authorize?client_id=app_id&response_type=code&redirect_uri=https%3A%2F%2Flocalhst%...&scope=openid profile email

I only get responses like this:

{
    "access_token": "3a7447b3...",
    "expires_in": 86400,
    "token_type": "Bearer",
    "scope": "openid profile email",
    "refresh_token": "4116587..."
}

There is no id_token.

I am using the following config:

'options' => [
    'token_param_name' => 'access_token',
    'access_lifetime' => 3600 * 24,
    'enforce_state' => true,
    'allow_implicit' => true,
    'use_openid_connect' => true,
    'require_exact_redirect_uri' => false, // TODO: should be exact ?!
    'enforce_state' => false // TODO: remove! should be true
],

Is this an expected behavior?

Thanks in advance!!

Mar 12 '15 16:03 thyandrecardoso

oauth2-server-php oauth2-server-php copied to clipboard

OpenId Connect - TokenController does Not send id_token

oauth2-server-php
oauth2-server-php copied to clipboard