IBM Security Verify

 View Only
  • 1.  OAuth: JWT as an Access Token - unsupported_response_type

    Posted Wed November 25, 2020 11:34 AM
    Hello Team,

    I want to secure webseal junctions using Oauth JWT access tokens.
    I followed OAuth: JWT as an Access Token - IBM Security Identity and Access for configurations.
    I am using https://webseal_host:webseal:port/mga/sps/oauth/oauth20/authorize?client_id=client_id&scope=openid%20profile%20email&response_type=token&redirect_uri=https://jwt.io&state=state&nonce=nonce
    I am getting error in response:
    https://jwt.io/?error=unsupported_response_type&error_description=FBTOAU201E+The+response+type+is+not+supported.&state=state
    Can anyone help me resolve this issue.

    ------------------------------
    Pradnya
    ------------------------------

    ------------------------------
    Prandya Medhi
    ------------------------------


  • 2.  RE: OAuth: JWT as an Access Token - unsupported_response_type

    Posted Wed November 25, 2020 12:38 PM
    Hello,

    You are requesting response type "token" which should be OK as long as you enabled "implicit" in your OAuth definition.  Can you confirm that this is enabled?

    (If it is not enabled you'll have to create a new definition with implicit enabled and then modify you client to use this).

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 3.  RE: OAuth: JWT as an Access Token - unsupported_response_type

    Posted Thu November 26, 2020 12:54 AM
    Thanks a lot Jon. I had just enabled "JWT Bearer" in OAuth definition and hence was the issue. Selecting "implicit" solved the issue, got the access token.

    Thanks,
    Pradnya Medhi


    ------------------------------
    Prandya Medhi
    ------------------------------