Connect2id server 6.1.2 maintenance release

Posted 2016-12-15

This is a quick maintenance release of the Connect2id server before we head into the holidays. What’s in it:

UTF8 support in MySQL

When the Connect2id server is provisioned with an MySQL backend, the server will automatically create all its tables when it accesses the database for the first time. In prior releases when this was done the tables assumed the default character set encoding of the provisioned database. This is typically set to "Latin1", which is suitable for strings using the latin alphabet, but not for other languages.

Starting from this version on the Connect2id server will explicitly set the character set of the tables that it creates to UTF-8, to ensure complete i18n support.

If you have an existing Connect2id server with an MySQL database where the character set was originally set to "Latin1", and you don’t expect to be using non-western languages, you can upgrade to 6.1.2 and continue with the same database as it is.

If you wish to switch your existing MySQL database to UTF-8, you will need to dump your data, and then import it into a freshly provisioned database. Some of the VARCHAR key columns will need to have their sizes adjusted, so that the total row size with multi-byte characters doesn’t exceed the MySQL restriction of 65535 bytes. Get in touch with our support to receive assistance.

Helpful error reporting on malformed basic client authentication

Every now and then we receive calls from developers who wonder why their client basic authentication at the token endpoint fails, despite having the correct credentials. That’s because the OAuth 2.0 spec (RFC 6749) mandates an additional layer of URL-encoding of the client_id and client_secret before they get concatenated, to prevent potential issues if they happen to contain the ‘:’ character that is meant to delimit them.

We updated the Connect2id server to return a more detailed error description whenever the basic authentication is malformed, and thus save developers and us time.

HTTP/1.1 400 Bad Request
Content-Type: application/json

  "error"             : "invalid_request",
  "error_description" : "Invalid request: Malformed client secret basic 
                         authentication (see RFC 6749, section 2.3.1): Missing 
                         credentials delimiter \":\""


To download a ZIP package of Connect2id server 6.1.2:

(SHA-1: 66ac83671ebb448112a38798a9c212d3d38b5451)

(SHA-1: 55f0663337eccec58e6611a30d02eb59f4a81ac0)


For any questions, post to the comments section below or email our support team.

Release notes for Connect2id server 6.1.2 (2016-12-15)


  • For Connect2id servers using MySQL as backend, updates the create table statements to explicitly make UTF-8 the default character set. The VARCHAR(x) sizes of key fields are adjusted where needed to accommodate the MySQL row restriction of 65535 bytes. Changes the type of "clients" fields "client_name", "client_uri", "logo_uri", "policy_uri", "tos_uri" and "data" from VARCHAR(X) to JSON. Changes the type of "id_access_tokens" fields "uip" and "dat" to JSON.

  • Improves error reporting on malformed client secret basic authentication at the token endpoint, includes reference to RFC 6749, section 2.3.1 (issue oidc-sdk/201).


  • /WEB-INF/infinispan-mysql.xml

    • Updates the MySQL JDBC URL to set the connection encoding to UTF-8, e.g. "jdbc:mysql://localhost/c2id?useUnicode=yes&characterEncoding=UTF-8"


  • No changes

Bug fixes

  • None


  • Upgrades to com.nimbusds:oauth2-authz-store:5.10

  • Upgrades to com.nimbusds:oidc-session-store:4.13

  • Upgrades to com.nimbusds:oauth2-oidc-sdk:5.19.1

  • Upgrades to com.nimbusds:nimbus-jose-jwt:4.33

  • Upgrades to com.nimbusds:common:2.2

  • Upgrades to com.nimbusds:infinispan-cachestore-ldap:2.2.2

  • Upgrades to com.nimbusds:infinispan-cachestore-sql:2.5.7

comments powered by Disqus