[Openid-specs-ab] Issue #47: Hybrid (code+token) Request with prompt=none when logged in (OP-G-03) doesn’t call Token Endpoint (openid/certification)

Brian Campbell issues-reply at bitbucket.org
Thu Feb 5 23:22:30 UTC 2015


New issue 47: Hybrid (code+token) Request with prompt=none when logged in (OP-G-03) doesn’t call Token Endpoint
https://bitbucket.org/openid/certification/issue/47/hybrid-code-token-request-with-prompt-none

Brian Campbell:

With response_type=code+token the authorization response has the access token and authorization code fragment encoded (as the default anyway). The ID Token is obtained from the Token Endpoint using the code.

The "Hybrid (code+token) Request with prompt=none when logged in" test does not appear to call the token endpoint with the code. It ends with "[ERROR] TypeError:response() argument after ** must be a mapping, not tuple" after the AuthorizationResponse. The test info page says it PASSED but the icon is red on the main testing page (and I think yesterday or earlier today the test info page did say it failed). 


 



```
#!text





Test info
Profile: {'profile': 'CT', 'sub': 'none', 'register': False, 'discover': True, 'extra': False}
Test ID: OP-G-03
Issuer: https://gold.pinglabs.net
Test output


__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[check-http-response]
	status: OK
	description: Checks that the HTTP response status is within the 200 or 300 range

Trace output


0.000151 ------------ DiscoveryRequest ------------
0.000162 Provider info discover from 'https://gold.pinglabs.net/'
0.000167 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
0.770812 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
  "claim_types_supported": [
    "normal"
  ],
  "claims_parameter_supported": false,
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512"
  ],
  "issuer": "https://gold.pinglabs.net",
  "jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
  "ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
  "ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false,
  "require_request_uri_registration": true,
  "response_modes_supported": [
    "fragment",
    "query",
    "form_post"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code token",
    "code id_token",
    "token id_token",
    "code token id_token"
  ],
  "revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
  "scopes_supported": [
    "product",
    "phone",
    "pingone-native-application",
    "address",
    "email",
    "admin",
    "edit",
    "openid",
    "profile"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
  "version": "3.0"
}
1.552165 JWKS: {
  "keys": [
    {
      "crv": "P-521",
      "kid": "b8483",
      "kty": "EC",
      "use": "sig",
      "x": "AGi7OfriJejgrL12B7WB1MuOOB41b31H-tEywqyUBY-g_sjG4_GqTQCFVINfjz5oEX7YrSAejdpN1uudud2EWO4c",
      "y": "AN29VejUWtLGQFBeZgt1pVSDD9tXunhfHvKfwtg6K7egS7fSrPVq4-hjRGpSF04bYvSs9HZKe-emuTDsmkz5ZQFZ"
    },
    {
      "crv": "P-384",
      "kid": "b8482",
      "kty": "EC",
      "use": "sig",
      "x": "hwuMih-n1IVwgNUTxH9c3dpcFdvMyr920Hv7Jm-99I9IpnoQwq56a3g8EB9ASrlC",
      "y": "4rRGqfFS0TVpjROvd8TesUNMZenorz9x9yKUAhsrCgjIz0IvF21UsPadZzcbjt4A"
    },
    {
      "crv": "P-256",
      "kid": "b8481",
      "kty": "EC",
      "use": "sig",
      "x": "Smm8GA4a4D7etpOA9vnBX350SBKhSLcY0fsoGI2xCIw",
      "y": "SOy5EDrpefB1aU3_5oG8_H840V9jYtlLYm-RvyQQyrg"
    },
    {
      "e": "AQAB",
      "kid": "b8480",
      "kty": "RSA",
      "n": "sK88HIj8Kq4C-PIa4MkIsrINNT2q2nOM3w6HTH37VOEc2UzxHnorSGHonuYmadtIYldlBZRTmU8ebmWTOB-WSg-KwdILtJtqmbqJ7uJcetKVeotF2yDPlqpw6W9nr9yMtNNrRozctmI-jIWnBgigRv0QFknOZqEMtHDYnEH4nyH-YJ-_Ft80I2rdoZqwpomg7QzYWyT4-gUGjmNUhwDNy4-vGhQpJsaGKw94R3GE9hU13SxTpFFlG3w9TfTHwzfRTvJ6WIaeIuGx0_VwArltzkeVdLZDhQKkBAeaVVGZr0xMOSpb-jfS23cbZENuw4FOd36rt3sqrOZ8H7iWJRISLQ",
      "use": "sig"
    },
    {
      "crv": "P-521",
      "kid": "b847z",
      "kty": "EC",
      "use": "sig",
      "x": "ADMJj_BucPFFs-PA_ySm2T6YlKGMxd1ANy-hHrIyh5CxRuBHXXbWolUZtQiApwwumB7GsbbT0ywvamveSTFXnayO",
      "y": "AVQpuvEiFn3V8UlGRX7XaAlbVvLWd0w-8KkemBPqBlLyuuS1dkZNygViuZ5FxPoUUIBgDrY13lr7DqBX63xMN2-2"
    },
    {
      "crv": "P-384",
      "kid": "b847y",
      "kty": "EC",
      "use": "sig",
      "x": "WvxfnsedCNrPio291X-lnYksLg_dyDiLYQi8BuMqtqXz5-ynXW0R8BTcC1otL4JQ",
      "y": "intKQww_wlT9fGlNjcIBqpqTPWW9RVYrryo96_dE8v-mM47GGi3Y23OipCHe4B6F"
    },
    {
      "crv": "P-256",
      "kid": "b847x",
      "kty": "EC",
      "use": "sig",
      "x": "RG5m3GgSHsg0oOo2TQkZUqyp6ubHHoa25J3nC6RtwFo",
      "y": "GEzgoXRV1-OixjD0WRfJtU9RQH_yTXNSRQELFd5SboM"
    },
    {
      "e": "AQAB",
      "kid": "b847w",
      "kty": "RSA",
      "n": "hG-TO6LaJc0gHoombYLZ0eovK_raS4FgR-KPzNauicw9ogETWyOljZMeZ6hQTEuZg_5n1wLOqxlyNwGv_a65tb-bzTbweTqUm8jojUp1qUY4uwO3MUsKZ5sIwmDHGxHsOqHUX_L-qt6u7a-ye2Uz2qfoOGehnvl9jodT9z0RWgdv9Unx6QZ3flxXCPOnmdbf3qi3LKEB3YlDA6PAb3htYeRKsRNGbzD7aflnbqZRngxDm4OMmcUc2bzbNyny_crq9RgavPOwataOGuhu4z77mAw66pJzmSZpBn7y7V_aCL6PXFwTfzl7llrZeCcxrs-mZnSwZyuk07oMspBt4lkFeQ",
      "use": "sig"
    }
  ]
}
1.552834 ------------ AuthorizationRequest ------------
1.553377 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?nonce=c8FQEAAfPfo2&state=vGawsdIBgtqcXGT6&redirect_uri=https%3A%2F%2Foictest.umdc.umu.se%3A8094%2Fauthz_cb&response_type=code+token&client_id=oictest&scope=openid
1.553385 --> BODY: None
11.967598 <-- state=vGawsdIBgtqcXGT6&token_type=Bearer&expires_in=7200&code=kWvnFdEhcJiqxbTQ8MqUPConpqMOS2CL6tM4diNB&access_token=wZoz7nSlVla597Osjt6cX9oSckjV
11.967969 AuthorizationResponse: {
  "access_token": "wZoz7nSlVla597Osjt6cX9oSckjV",
  "code": "kWvnFdEhcJiqxbTQ8MqUPConpqMOS2CL6tM4diNB",
  "expires_in": 7200,
  "state": "vGawsdIBgtqcXGT6",
  "token_type": "Bearer"
}
11.968366 ------------ AuthorizationRequest ------------
11.968800 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?nonce=emDRYU97I2oG&prompt=none&state=Q6Cu23DD5LYZSzZL&redirect_uri=https%3A%2F%2Foictest.umdc.umu.se%3A8094%2Fauthz_cb&response_type=code+token&client_id=oictest&scope=openid
11.968809 --> BODY: None
13.381225 <-- state=Q6Cu23DD5LYZSzZL&token_type=Bearer&expires_in=7199&code=YX3b_6VV2bZEObBYdXAU9ImaJeBTdiQS6vMmMnV_&access_token=W1QKvp2yl5zWQCJBQ9CEsJ4CKEfo
13.381482 AuthorizationResponse: {
  "access_token": "W1QKvp2yl5zWQCJBQ9CEsJ4CKEfo",
  "code": "YX3b_6VV2bZEObBYdXAU9ImaJeBTdiQS6vMmMnV_",
  "expires_in": 7199,
  "state": "Q6Cu23DD5LYZSzZL",
  "token_type": "Bearer"
}
13.382555 [ERROR] TypeError:response() argument after ** must be a mapping, not tuple

Result
PASSED 

```






More information about the Openid-specs-ab mailing list