Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-124901

As an Instance Administrator, I want to prevent portal to fail at refreshing ID token when OpenId Connect is configured

    Details

      Description

      Motivation

      As per the current behaviour, Liferay expects the OpenID provider to include a Nonce claim in the ID Token in a refresh token flow. There is actually an ambiguity in the OpenID Connect specification whether this claim should be included or not: https://bitbucket.org/openid/connect/issues/1025/ambiguity-with-how-nonce-is-handled-o

      As it happens, OpenID Provider middlewares have interpreted this ambiguity differently and Liferay will fail to refresh ID Tokens against some of them.

      To prevent this happening, we will make Nonce claim validation optional in OpenID Connect Provider configuration.

      Acceptance Criteria

      1. As an Instance Administrator, I want to configure that the Nonce claim for the configured OpenId Connect provider is optional in order to prevent portal to fail at refreshing ID token when OpenId Connect is configured.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              stian.sigvartsen Stian Sigvartsen
              Reporter:
              fabian.bouche Fabian Bouché
              Engineering Assignee:
              Fabian Bouché
              Recent user:
              Stian Sigvartsen
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  Master