<div dir="ltr"><div><div><div>Hi, colleagues.<br><br></div>I am trying to check Authorization Code Flow.<br></div>I have registered new RP(client) via Administrative UI (specifyed client ID, <span>Redirect URI, checked</span><span><span> Grant Types: </span></span><span><span><span>authorization code and </span></span></span><span><span><span><span>password. Other options - default</span></span></span></span>)<br><br></div><div>Then I have tried to get Access Token with curl:<br></div><div>curl -i -X GET '<a href="http://192.168.0.123:8080/openid-connect-server-webapp/authorize?response_type=code&scope=openid%20profile%20email&client_id=curlClient2&state=state12345&redirect_uri=http://192.168.192.168/redirect">http://192.168.0.123:8080/openid-connect-server-webapp/authorize?response_type=code&scope=openid%20profile%20email&client_id=curlClient2&state=state12345&redirect_uri=http://192.168.192.168/redirect</a>'<br><br></div><div>I expect something like:<br>HTTP/1.1 302 Found<br> Location: <a href="https://server.example.com:443/oidcclient/redirect/client01">https://server.example.com:443/oidcclient/redirect/client01</a><br> code=SplxlOBeZQQYbYS6WxSbIA<br> &state=state12345<br><br></div><div>but got:<br>HTTP/1.1 302 Found<br>Server: Apache-Coyote/1.1<br>Set-Cookie: JSESSIONID=896E596E8B00E7B3FC9AF08337739C02; Path=/openid-connect-server-webapp/; HttpOnly<br>X-Frame-Options: DENY<br>Location: <a href="http://192.168.0.123:8080/openid-connect-server-webapp/login">http://192.168.0.123:8080/openid-connect-server-webapp/login</a><br>Content-Length: 0<br>Date: Mon, 31 Aug 2015 16:15:19 GMT<br><br></div><div>What I am doing wrong?<br><br></div><div>P.S. Sorry for dumb questions, but I think here is best place where I could found answers.<br></div><div><br>Thank you in advance.<br></div><div></div><div><div><div><div><div><div>-- <br><div class="gmail_signature"><div dir="ltr">Sergiy Lystopad<br></div></div>
</div></div></div></div></div></div></div>