JWT server.exchange is not invoked

[kavuri]

Hi,

I have implemented jwt server exchange in my oauth flow and I see that this method server.exchange('urn:ietf:params:oauth:grant-type:jwt-bearer', jwtBearer(function(client, data, signature, done) does not get invoked as mentioned in the README. Any clue?

[Nat11]

I have the same issue, were you able to make it work?

[Nat11]

The data should be the jwt header.payload and the signature is the third part of the jwt. Other than that i do not know how to make it work

[murraybauer]

Did anyone manage to work out how to actually invoke the flow? What URL did you use?

The RFC says the flow should be exposed at /token.oauth2 but it's not configured anywhere.

POST /token.oauth2 HTTP/1.1
     Host: as.example.com
     Content-Type: application/x-www-form-urlencoded

     grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer
     &assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6IjE2In0.
     eyJpc3Mi[...omitted for brevity...].
     J9l-ZhwP[...omitted for brevity...]

I've triedso many other standard endpoints - GET and POST with the grant_type specified in x-www-form-urlencoded or URL params. I looked at the other OIDC connect extension and still can't work it out.

app.get('/dialog/authorize', oauth2.authorization);

[murraybauer]

Figured it out: Invoke the flow at your defined HTTP POST token endpoint (not GET authorize endpoint)

If using https://github.com/FrankHassanabad/Oauth2orizeRecipes this will be /oauth/token - the below works. You may also need to include your client_id and client_secret.

POST /oauth/token HTTP/1.1
     Host: as.example.com
     Content-Type: application/x-www-form-urlencoded

     grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer
     &assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6IjE2In0.
     eyJpc3Mi[...omitted for brevity...].
     J9l-ZhwP[...omitted for brevity...]