[Openid-specs-ab] Issue #154: Certification should have additional check for presence of id_token in token endpoint response (openid/certification)

Jaromir Talir issues-reply at bitbucket.org
Mon Jul 20 14:40:14 UTC 2015


New issue 154: Certification should have additional check for presence of id_token in token endpoint response
https://bitbucket.org/openid/certification/issues/154/certification-should-have-additional-check

Jaromir Talir:

We have a bug in our OIDC implementation and as a result id_token is missing in token endpoint responses. However, we are still passing relevant certification tests. We are using basic code flow profile and for example, the first test doing token endpoint communication "Asymmetric ID Token signature with RS256 [Dynamic] (OP-IDToken-RS256)" is passing without complaining that id_token is missing. I suggest to add more checks to prevent passing buggy implementations.




More information about the Openid-specs-ab mailing list