I have a Token Inline hook setup on my default auth server, which is triggered successfully when I authenticate using the Authorization code flow. However, I have a need for some clients to use the Implicit flow to authenticate. The issue is that these implicit clients are able to authenticate with the auth server, but the hook is never triggered.
Some more context:
- the hook is triggered by a rule in the default policy, which enables the policy for every authentication flow (including the desired “implicit”).
- To auth using the implicit flow, the client is getting a session token with the /authn endpoint and then providing that token to the /authorize endpoint with response_type=token
I noticed in the system logs that when I authenticate using Auth Code, the logs say “OAuth2 access token is granted success”, but when I authenticate using the implicit flow, the logs say “OIDC authorization implicit access token request success”. Maybe relevant?
