[Openid-specs-ab] OP is not supporting client_secret_post according to 'token_endpoint_auth_methods_supported' in the provider configuration

Hasanthi Purnima Dissanayake hasanthi at wso2.com
Thu Jul 21 14:07:06 UTC 2016


Thanks Justing. Actually we have implemented the discovery spec. Still I
have not merged it with the currently running pack. I just needed to
execute this for basic profile.  Anyway I could success by changing the
configs. Thanks for the help.

Thanks,

Hasanthi Dissanayake

Software Engineer | WSO2

E: hasanthi at wso2.com
http://wso2.com

On Thu, Jul 21, 2016 at 7:30 PM, Justin Richer <jricher at mit.edu> wrote:

> If you don't, then you need to statically configure your test instance to
> include the method mentioned in its configuration. This should be on the
> "config page", and you'll need to add the configuration parameter.
>
> Though honestly, the discovery document is incredibly easy to implement
> and it will make your client developers' lives much simpler, I've rarely
> seen a server without it in the wild.
>
>  -- Justin
>
> On 7/21/2016 9:57 AM, Hasanthi Purnima Dissanayake wrote:
>
> Hi Justing,
>
> Still we have not implemented OIDC discovery. So we don't have such
> configuration.  We are just running the test cases for basic profile. Do we
> need to have this configuration which comes with OIDC spec even to execute
> the test cases in basic profile?
>
> Thanks,
>
> Hasanthi Dissanayake
>
> Software Engineer | WSO2
>
> E: hasanthi at wso2.com
> M :0718407133| http://wso2.com <http://wso2.com/>
>
> On Thu, Jul 21, 2016 at 7:19 PM, Justin Richer <jricher at mit.edu> wrote:
>
>> Looking at the error, I'd ask what's in your
>> "token_endpoint_auth_methods_supported" field of your IdP's discovery
>> document? MITREid currently outputs this:
>>
>> "token_endpoint_auth_methods_supported": [
>>     "client_secret_post",
>>     "client_secret_basic",
>>     "client_secret_jwt",
>>     "private_key_jwt",
>>     "none"
>> ]
>>
>>  -- Justin
>>
>> On 7/21/2016 9:03 AM, Hasanthi Purnima Dissanayake wrote:
>>
>> Hi All,
>> Can anyone please let me know the reason for getting below when running
>> Access token request with client_secret_post authentication
>> (OP-ClientAuth-SecretPost-Static) test case.
>>
>> Result: WARNING
>> Warnings:
>> OP is not supporting client_secret_post according to
>> 'token_endpoint_auth_methods_supported' in the provider configuration
>>
>> Thanks,
>>
>> Hasanthi Dissanayake
>>
>> Software Engineer | WSO2
>>
>> E: hasanthi at wso2.com
>> http://wso2.com
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160721/e3b6fdb2/attachment-0001.html>


More information about the Openid-specs-ab mailing list