canvas-lms icon indicating copy to clipboard operation
canvas-lms copied to clipboard

Published 20 hours ago verified publisher icon instructure

Dynamic Registration Configuration Endpoint does not send openid under scopes_supported

Open lboecken opened this issue 1 year ago • 1 comments

Summary:

The Dynamic Registration spec requires that the LMS have openid listed as one of the scopes_supported. This is currently not being sent.

Steps to reproduce:

  1. Make GET request to OIDC Configuration Endpoint
  2. Response does not include openid under scopes_supported key

Expected behavior:

That openid is one of the scopes_supported

Actual behavior:

The openid scope is not included in the scopes_supported list.

Additional Notes

https://github.com/instructure/canvas-lms/blob/f608fbf319c2ffce66aef43645219853fae34914/app/controllers/security_controller.rb#L111 I believe this is the relevant line where this information comes from.

lboecken avatar Aug 13 '24 16:08 lboecken

It looks like https://github.com/instructure/canvas-lms/commit/09996454a3a051322aa35ca94571b03dcc3151d0 has added "openid" as a supported scope now. However, when requesting the scope from the LMS, the user is presented with an error:

    {
      "errors": [
        {
          "field": "scopes",
          "message": "cannot contain openid",
          "error_code": null
        }
      ]
    }

joecrop avatar Oct 09 '24 18:10 joecrop