Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC address claim is incorrectly formatted in the ID token when it is multi-valued attribute #21658

Open
ratnajothy opened this issue Nov 11, 2024 · 0 comments
Open

OIDC address claim is incorrectly formatted in the ID token when it is multi-valued attribute #21658

ratnajothy opened this issue Nov 11, 2024 · 0 comments
Labels
Type/Bug

Comments

@ratnajothy
Copy link

Describe the issue:
$title issue happens because [1] handles the address claim as JSONObject but in [2] it's converted toString.

[1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/35d2b91f19d322dd2e923025d1c90c257cee024d/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OpenIDConnectClaimFilterImpl.java#L388
[2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/35d2b91f19d322dd2e923025d1c90c257cee024d/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultOIDCClaimsCallbackHandler.java#L627

How to reproduce:

  1. Assign the local claim for address with name of address under http://wso2.org/oidc/claim
  2. Mapped the new address claim into OIDC Scope under openid
  3. Save the value of address attribute in a user's profile as:address1:qwerty,address2:Medavakkam,city:Chennai,state:Tamilnadu,country:India
  4. Add address local claim and mark it as a mandatory claim in a service provider for which the above user is authorised.
  5. Login with this user credentials to the application and get the ID token.
  6. Introspecting this token's content shows the address claim in below malformed format:
  "address": [
    "{\"address\":\"address1:qwerty",
    "address2:Medavakkam",
    "city:Chennai",
    "state:Tamilnadu",
    "country:India\"}"
  ]

Expected behavior:
Introspecting the token should show the multi-valued address as a properly formatted array:

"address": [
    "address1:qwerty",
    "address2:Medavakkam",
    "city:Chennai",
    "state:Tamilnadu",
    "country:India"
  ]

Suggestion:
Consider changing below code statements in [2],

String claimValue = claimEntry.getValue().toString();
String claimKey = claimEntry.getKey();

into the following:

String claimKey = claimEntry.getKey();
String claimValue = claimEntry.getValue() instanceof JSONObject? ((JSONObject) claimEntry.getValue()).getAsString(claimKey): claimEntry.getValue().toString()
  • Product Version: IS 5.10.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ratnajothy