Question posted in
Some documentation to get you started can be found here.

OpenId Connect: adding extra/custom parameter at the token endpoint call – Apache

With our IdP server team we discussed while implementing code authorization flow with OIDC and they proposed to add a new http/query parameter to the http call to token endpoint named “resourceServer”, would you say it should be possible to OIDC implementations such as apache httpd oidc module (certified openid) to add such a parameter?
Thank you

Tags:

2

Answers


  1. 0

    OpenID Connect being an extension built on OAuth 2.0, you must check with specification to see whether this violate it.

    Following is mentioned about token endpoint through OAuth 2.0,

    3.2. Token Endpoint

    … Parameters sent without a value MUST be treated as if they were
    omitted from the request. The authorization server MUST ignore
    unrecognized request parameters. Request and response parameters
    MUST NOT be included more than once.

    If you decide to alter and add a parameter to your token request, then the only requirement is to your authorization server to accept that parameter. Else your authorization server will ignore it.

    Also, extra parameters can be seen in major OpenID Connect adaptations. For example, MS Azure authorization request contains resource parameter to state the protected resource that access token will be used against. It is similar to what you are trying to achieve.

    Login or Signup to reply.
  2. 0

    Hi You can add additional parameter to connect endpoint by providing acr_value, here is a reference link. http://docs.identityserver.io/en/latest/endpoints/token.html
    How I have achieved this is below:-
    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search