For testing purposes I dynamically registered my client via POST **inruptLoginRegistrationUrl and (using the clientId from the response) I’m using the Java client library like this:
import java.net.URI
val openIdProvider = OpenIdProvider(URI.create("https://login.inrupt.com"), DPoP.of())
val authRequest = AuthorizationRequest.newBuilder()
.responseType("code")
.scope("openid").scope("webid").scope("offline_access")
.build("<client-id-from-reponse>", URI.create("http://localhost:8080/callback"))
val request = Request.newBuilder()
.uri(openIdProvider.authorize(authRequest).toCompletableFuture().get())
.GET()
.build()
return "redirect:${request.uri()}"
The resulting URI (request.uri()) looks like this:
I could be completely wrong, however I am pretty sure you have to include a “scope” URI parameter which is not visible in your request URI. Example https://login.inrupt.com/authorization?client_id=client-id-from-response&redirect_uri=http://localhost:8080/callback&scope=openid%20webid%20offline_access&response_type=code
And let me know if that fixes your issue (or at least gives you a different error )
Yes you are right thanks for the hint. I managed to get it working by including the scope “openid” but why doesn’t the java library do it by itself? If I’m not mistaken the method openIdProvider.authorize(authRequest) should generate the correct authorization URI including the scope …
I do not know what library you are using so I cannot provide feedback. I Would possibly raise an issue on their github/gitlab/other source control resource.
the underlying .authorize method constructs a new builder which takes in an AuthorizationRequest object, however this internal call is not adding the “scope” parameter from the AuthorizationRequest provided. I would raise an issue on their github with it, to see if that is intended behavior or a bug.
)