Skip to content

OIDC id_token response should not contain state #652

New issue
New issue
Closed
Closed
OIDC id_token response should not contain state#652
Assignees
JonathanHuot
Labels
BugOAuth2-ProviderThis impact the provider part of OAuth2OIDCOpenID Connect
Milestone
 
3.0.2
@JonathanHuot

Description

@JonathanHuot
JonathanHuot
opened on Feb 19, 2019

Describe the bug

When requesting an id_token with the authorization code flow, the TOKEN endpoint returns a state, but state is only a response's parameter for the AUTHORIZE endpoint.

How to reproduce

  • Implement OIDC support in oauthlib for authorization_code.
  • Send a valid /authorize request with a state
  • Send a valid /token request, and see state=None in the response.

Expected behavior

We should have the state only in the /authorize response (e.g. for code or implicit's response).

Additional context

  • Are you using OAuth1, OAuth2 or OIDC?
    OIDC

  • Are you writing client or server side code?
    Server side

Metadata

Metadata

Assignees

Labels

BugOAuth2-ProviderThis impact the provider part of OAuth2OIDCOpenID Connect

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy