New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

invalid token_type #1934

Closed

TuxCoder opened this issue Jun 30, 2020 · 1 comment

TuxCoder commented Jun 30, 2020

Describe the bug

introspect endpoint returns different token_type.

When I request an acces_token this is the result:

{
  "access_token":"xxx.xxx-xxx",
  "expires_in":3600,
  "id_token":"xxx.xxx.xxx-xxx-xxx-xx-xx-xxx",
  "scope":"openid email email_access",

  **"token_type":"bearer"**
}

The introspect API return:

{
  "active":true,
  "scope":"openid email email_access",
  "client_id":"roundcube",
  "sub":"xxxx",
  "exp":1593543859,
  "iat":1593540258,
  "iss":"https://oauth2.xxx.xxx/",

  **"token_type":"access_token",**

  "ext":{ ".....": "..." }
}

Reproducing the bug

Request an access token.
Get introspect information for this token.

Expected behavior

In RFC7662 2.2 the token_type refers to RFC6749 5.1 refers to section 7.1.

There is only two types of token_types defined:

bearer
mac

Also dovecot checks if this token_type in introspect is bearer

A clear and concise description of what you expected to happen.

Environment

Version: v1.5.2
Environment: Debian, nginx proxy

Additional context

Tested with dovecot as resources server and roundcube PR as client.

The text was updated successfully, but these errors were encountered:

Author

TuxCoder commented Jun 30, 2020

sorry duplicate from #1762

TuxCoder closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment