OIDC dynamic registration and requested scopes

Wessel, Keith kwessel at illinois.edu
Wed Apr 29 18:48:37 EDT 2020


After one of our client developers reported to me that he was getting dynamic registration responses back from our IdP reporting that he was receiving all scopes, not just the ones that he requested, I decided to investigate the logs. I found this:

2020-04-29 11:23:05,940 - DEBUG [org.geant.idpextension.oidc.decoding.impl.OIDCClientRegistrationRequestDecoder:58] - Removed 'scope'

No indication why it was removing the scope, but it explains why he's getting all of the scopes which are our dynReg.defaultScope property setting.

Can anyone give me a clue why this might be happening or where I should look next?


More information about the users mailing list