Hello, I’m performing request:
$ curl -X POST https://auth.localhost/oauth2/token -H 'Accept: application/json' -vk --data "client_id=keys-client-p&client_secret=keys-secret-p&grant_type=authorization_code&code=agtdx0UH
768Ka-OgN0HPV_mkgWDt5UcRv2VPSyFZao8.X9kYJ_gBfk87xyCClJYbgl6MNE7by9kw6fLQ-cWzRgQ&redirect_uri=https://keys.auth.localhost/oidc/auth/cb/"
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to auth.localhost (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd
* start date: Feb 1 11:06:58 2019 GMT
* expire date: Feb 1 11:06:58 2020 GMT
* issuer: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> POST /oauth2/token HTTP/1.1
> Host: auth.localhost
> User-Agent: curl/7.58.0
> Accept: application/json
> Content-Length: 229
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 229 out of 229 bytes
< HTTP/1.1 200 OK
< Cache-Control: no-store
< Content-Type: application/json;charset=UTF-8
< Pragma: no-cache
< Date: Fri, 01 Feb 2019 14:14:34 GMT
< Content-Length: 157
<
* Connection #0 to host auth.localhost left intact
{"access_token":"ckAgadiNu8evHO9bUsGtr9IDVm7XsEh4ACwjjXo6X2c.ZWQql-QmsCW7rHceYmh2m6bRcVMe-Q_NNSp53nJqGn8","expires_in":3599,"scope":"","token_type":"bearer"}
I cannot understand, why id_token is missing from the response?
My client was created with:
docker-compose exec hydra \
hydra clients create \
--endpoint http://hydra:4445 \
--id keys-client-$POSTFIX \
--secret keys-secret-$POSTFIX \
--callbacks https://keys.auth.localhost/oidc/auth/cb/ \
--scope "openid" \
--token-endpoint-auth-method client_secret_post \
--response-types id_token,code \
--grant-types refresh_token,authorization_code \
-g client_credentials_$POSTFIX
What I’m doing wrong?
I’m using docker image oryd/hydra:latest-alpine