Enhanced verification URI on device-pairing flow
There are two enhancements on device-pairing flow of Identify version 5.5.
- It supports “verification_uri_complete” on device authorization response which is designed for non-textual transmission.
- If user_code exists in verification url, fills it into the user code textbox with a message “please confirm that the code [...] matches the one appeared in your device”. For example, the uri is https://[tenant]/runtime/oauth2/devicepairing?user_code=5YUD-TL9W-LZCN, so the code “5YUD-TL9W-LZCN" is filled in input beforehand.
Fixed wrong error response mode when request is missing response_type parameter
There were some error cases which didn’t return to client side via “return Uri” but were thrown on Identify side as follows:
- Errors happened when handling an authorization request whose prompt parameter is ‘none’ and the return error type is login_required / consent_required/interaction_required .
- An error happened when validating scopes of the requests.
Fixed wrong error type when authorization code is invalid
On prior versions, Identify OAuth 2.0 incorrectly returns error response with type “invalid_request” if authorization code is invalid or out of dated. It 's fixed by return “invalid_grant” for this error case.
Fixed error response when missing none parameter on authentication request using implicit flow
On prior version, Identify OAuth 2.0 returns a dummy “bad request” error response if “none” parameter is missing on authentication request using implicit flow. It's fixed on version 5.5 by return “invalid_request” error response with description “The mandatory 'nonce' parameter is missing.”
Returned error response if authorization code is used twice
If the Identify OAuth 2.0 server observes multiple attempts to exchange an authorization code for an access token, it returns error response to client with “invalid_grant” type
Correct error response mode
On implicit flow, when authentication request has a valid return_uri but has something else making it invalidated, Identify should return error using URL fragment response mode instead of query as on prior version 5.5.
If any authentication or token request is missing response_type, Identify returns error response “invalid_request ” with response mode is query.