OIDC dynamic registration and requested scopes
Wessel, Keith
kwessel at illinois.edu
Wed Apr 29 18:48:37 EDT 2020
All,
After one of our client developers reported to me that he was getting dynamic registration responses back from our IdP reporting that he was receiving all scopes, not just the ones that he requested, I decided to investigate the logs. I found this:
2020-04-29 11:23:05,940 - DEBUG [org.geant.idpextension.oidc.decoding.impl.OIDCClientRegistrationRequestDecoder:58] - Removed 'scope'
No indication why it was removing the scope, but it explains why he's getting all of the scopes which are our dynReg.defaultScope property setting.
Can anyone give me a clue why this might be happening or where I should look next?
Thanks,
Keith
More information about the users
mailing list