Dynamic Oauth client register API error: "One or more redirect_uri values are invalid"
search cancel

Dynamic Oauth client register API error: "One or more redirect_uri values are invalid"

book

Article ID: 370568

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Try to do HTTP POST on endpoint openid/connect/register with test data provided by page https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-6/apis-and-assertions/oauth-server-api-endpoints.html#tocusencaenterprisesoftwarelayer7apimanagementapimanagementoauthtoolkit46fapicompliancehtmlFAPIComplianceinOAuthToolkit

GET error:

{
"error": "invalid_client_metadata",
"error_description": "One or more redirect_uri values are invalid"
}

Environment

ssg !0.x, 11.0, Oauth 4.6

Cause

 Syntax error in the request data. 

Resolution

For API endpoint ../openid/connect/register: 

POST request example 

{
      "redirect_uris": ["https://test-redirect.com"],
      "client_name": "Demo Client",
      "token_endpoint_auth_method": "client_secret_basic",
      "application_type": "web",
      "scope": "openid profile openid_client_registration"
     }

response: 

{
   "client_id": "aa614a7b-67f4-4038-9676-421d204a92ea",
   "client_secret": "95164b4d-eb8e-4f1f-9cfc-c0ff67498258",
   "client_secret_expires_at": 0,
   "client_id_issued_at": 1718730203,
   "registration_access_token": "9ac3ed37-140d-48df-b692-8871846e795c-1718733803",
   "registration_client_uri": "https://dhcp-xx-xxx-xxx-xxx:8443/openid/connect/register/aa614a7b-67f4-4038-9676-421d204a92ea",
   "token_endpoint_auth_method": "client_secret_basic",
   "token_endpoint_auth_signing_alg": "",
   "application_type": "web",
   "redirect_uris": ["https://test-redirect.com"],
   "client_name": "Demo Client",
   "subject_type": "pairwise",
   "sector_identifier_uri": "",
   "contacts": ["unknown"],
   "response_types": ["code"],
   "grant_types": ["authorization_code"],
   "id_token_signed_response_alg": "RS256",
   "userinfo_signed_response_alg": "",
   "request_object_signing_alg": "",
   "request_object_encryption_alg": "",
   "request_object_encryption_enc": "",
   "request_uris": [],
   "environment": "ALL",
   "organization": "https://test-redirect.com",
   "master": false,
   "description": "Registered via OpenID Connect Dynamic Registration",
   "scope": "openid profile openid_client_registration",
   "authorization_signed_response_alg": "PS256",
   "jwks": "",
   "jwks_uri": ""
}

 

Powered by Wolken Software