OIDC extension and ClearAttributeReleaseConsent
henri.mikkonen at csc.fi
Thu Aug 20 09:52:12 UTC 2020
> On 19 Aug 2020, at 15.52, Darren Boss <darren.boss at computecanada.ca> wrote:
> I don't have all that many OIDC clients yet and most are applications
> developed in house. I just setup Harbor which is an open source
> container registry with OIDC as they don't support SAML. I'm getting
> the attribute consent release on every authentication and seeing
> in the logs.
> I double checked all the other registered OIDC clients and none of
> them exhibit this behavior and a few of them have the same scopes or
> even an additional scope configured and behave normally.
I’d check if Harbor includes prompt=consent in the OIDC authentication request message . Also, if offline_access scope is granted to the RP and it’s requested in the authn request , the consent is asked from the end-user again.
 https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest <https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest>
 https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess <https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users