[Issue]Segfault right after OpenID succesful authentication with response_type=code when passing nonce parameter, but invalid request without nonce (nonce+required) #197
Comments
|
Hello @timmotw , I need more information because I can't reproduce your issue. The nonce is required if you add the Can you provide more information on your client configuration, and post the |
|
Yes here it is:
|
|
I still can't reproduce your segfault with your parameters. Nevertheless, you must not add the |
|
@babelouest I have it in mind about the Is there a way to make the Scope Grant full for a specific client app? Meaning no need for the user to select the scopes before Continuing to the client app and even continuing automatically? Also is it possible to use a wildcard as the scope value representing all scopes? |
|
The But either way, in your case it shouldn't be necessary, the client authentication is done in the If by Also, I suggest you send me the dump file to my e-mail address instead of posting it here. And finally, since you use the docker image, I'd like you to retry with the docker-source builder instance with the last commit, to see if you can reproduce the segfault with the last source. To build the docker-source, you must do the following: $ git clone https://github.com/babelouest/glewlwyd.git
$ cd glewlwyd
$ # build the docker-source image
$ make docker
$ # run the docker-source image
$ docker run --rm -it -p 4593:4593 -v /path/to/your/config:/etc/glewlwyd babelouest/glewlwyd:src |
|
OK I lost my data so I hope I will be able to re-produce. Coming back to my question about the scopes. I think showing to the user the complete list of scopes to choose from before being forwarded to our default client app. will be something they will not like. We want the list of scopes to be dictated by us. Can we use another login page or must we go through the Glewlwyd login page? |
That's something I'm not willing to change in Glewlwyd. The scope list required by the client must be open and complete. So the user is aware what are the levels requested by the client and must willingly agree with it, to make sure that the user knows what data can be accessed and/or changed by the client on its behalf. But it's a free software, so you're allowed to change the login page and the login API to fit your needs:
|
|
Yes this is something we already started changing so we are 100% in sync. Thank you very much @babelouest. |
@babelouest does a client really require the
|
|
Yes, if you uncheck this option, then you can send |
|
@babelouest It complains though that the |
|
I'll run some tests to check what's wrong with that |
|
@babelouest I ended up having it |
|
My bad, that's what I meant in the first place... |
I was a bit skeptical to argue 😄 Thank you man! Your help is really important! |
name: Glewlwyd bug report
about: Create a report to help improve Glewlwyd
title: "[Issue]"
labels: ''
assignees: ''
Describe the issue
Segfault right after OpenID succesful authentication with response_type=code when passing nonce parameter, but invalid request without nonce (nonce+required)
To Reproduce
Configure a client with all the auth types added and a client secret
Configure the openid plugin accordingly with PEM keys
Expected behavior
The auth response should contain the authorization code since the response_type=code and according to the rfc the nonce should be optional for this grant type instead it is required and when passed, unfortunately Glewlwyd goes down due to a segfault (I am not sure in which response header the auth code would go though. Where should I expect it?).
Screenshots
If applicable, add screenshots to help explain your problem.
System (please complete the following information):
Additional context
I can ptovide more info if required
The text was updated successfully, but these errors were encountered: