Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Resource parameter for OIDC/OAuth authorize request has wrong format
See original GitHub issueAccording to the resource indicator spec
https://www.rfc-editor.org/rfc/rfc8707.html#name-authorization-request
Multiple resource parameters are allowed.
OpenIdConnectMessage only allows for a single resource parameter - also the backing field is a dictionary. This needs some re-work to be spec compliant.
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Possible Errors - OAuth 2.0 Simplified
invalid_request : The request is missing a required parameter, includes an invalid parameter value, or is otherwise malformed.
Read more >OAuth 2.0 and OpenID Connect Authorization Endpoints
Authorization Request Parameters. 1. Response Parameters; 2. Response Format; 3. Error Response; 4. Returning Errors when the Redirect URI is Unavailable.
Read more >OAuth OIDC endpoint error handling details
A request that is missing a required parameter is an invalid request. The description tells what is missing. ... When a response_type is...
Read more >OAuth 2.0 Authorization Errors
Errors can occur during OAuth authorization. For example, a user denies access to the connected app or request parameters are incorrect. When errors...
Read more >invalid_client error when requesting an OAuth 2.0 access ...
This error happens when the Token Endpoint Authentication Method is set to client_secret_basic (which is the default method) and the resource ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
+1
Multi-resource scenarios are the bedrock of the authn/authz solution for our cloud platform. This limitation makes supporting dotnet client applications regrettably painful.
Props to @frodegil for the elegant work around 👏 but convincing software teams to adopt a solution like that can be rather troublesome when lack of official support implies that this is somehow wrong… which it isn’t.
Any update? This is violating the spec and blocks people from using resource indicator enabled IdPs…