Thanks to visit codestin.com
Credit goes to github.com

Skip to content

OIDC id_token response should not contain state #652

New issue
New issue
Closed
Closed
OIDC id_token response should not contain state#652
Assignees
JonathanHuot
Labels
BugOAuth2-ProviderThis impact the provider part of OAuth2OIDCOpenID Connect
Milestone
3.0.2
@JonathanHuot

Description

@JonathanHuot
JonathanHuot
opened on Feb 19, 2019

Describe the bug

When requesting an id_token with the authorization code flow, the TOKEN endpoint returns a state, but state is only a response's parameter for the AUTHORIZE endpoint.

How to reproduce

  • Implement OIDC support in oauthlib for authorization_code.
  • Send a valid /authorize request with a state
  • Send a valid /token request, and see state=None in the response.

Expected behavior

We should have the state only in the /authorize response (e.g. for code or implicit's response).

Additional context

  • Are you using OAuth1, OAuth2 or OIDC?
    OIDC

  • Are you writing client or server side code?
    Server side

Metadata

Metadata

Assignees

Labels

BugOAuth2-ProviderThis impact the provider part of OAuth2OIDCOpenID Connect

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions