<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">2-5 are mine I’ll fix them later today when I’m back home.<div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 8 Dec 2016, at 17:15, Filip <<a href="mailto:panva.ip@gmail.com" class="">panva.ip@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="">Hello,</div><div class=""><br class=""></div><div class="">While testing for all specified test/profiles in the PDF i've encountered the following five issues for these test + response_type combinations<br class=""></div><div class=""><ol class=""><li class="">id_token/rp-id_token-bad-at_hash<br class=""></li><ul class=""><li class="">is listed in the PDF for implicit profile, test description clearly only mentions access_token issuing response types, this test should not be listed in the PDF under implicit-id_token, since no at_hash check will be performed without access_token being present<br class=""></li></ul><li class="">code+id_token/rp-id_token-bad-at_hash<br class=""></li><ol class=""><li class="">authentication request is failing when response_type=code+id_token, Response {"error_description": "Wrong response_type", "error": "incorrect_behavior"}<br class=""></li></ol><li class="">code+token/rp-id_token-bad-at_hash<br class=""></li><ol class=""><li class="">authentication request is failing when response_type=code+id_token, Response {"error_description": "Wrong response_type", "error": "incorrect_behavior"}<br class=""></li></ol><li class="">code+token/rp-id_token-bad-c_hash</li><ol class=""><li class="">authentication request is failing when response_type=code+id_token, Response {"error_description": "Wrong response_type", "error": "incorrect_behavior"}<br class=""></li></ol><li class="">code+token/rp-token_endpoint-client_secret_basic<br class=""></li><ol class=""><li class="">authentication request is failing when response_type=code+id_token, Response {"error_description": "Wrong response_type", "error": "incorrect_behavior"}</li></ol></ol></div><div class=""><div class="gmail_extra"><br clear="all" class=""><div class=""><div class="gmail_signature">Best Regards,<br class=""><b class="">Filip Skokan</b></div></div>
<br class=""><div class="gmail_quote">On Thu, Dec 8, 2016 at 12:17 PM, Mike Jones via Openid-specs-ab <span dir="ltr" class=""><<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank" class="">openid-specs-ab@lists.openid.net</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US" class="">
<div class="gmail-m_2689563176068355093WordSection1"><p class="MsoNormal">There are now complete RP certification submission instructions at
<a href="http://openid.net/certification/rp_submission/" target="_blank" class="">http://openid.net/<wbr class="">certification/rp_submission/</a> and updated example submissions showing RP certifications referenced from it at
<a href="http://openid.net/wordpress-content/uploads/2016/12/Certification-Submission-Examples.pdf" target="_blank" class="">
http://openid.net/wordpress-<wbr class="">content/uploads/2016/12/<wbr class="">Certification-Submission-<wbr class="">Examples.pdf</a>. This means that we’re ready to accept real RP certification submissions!<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">Hans, Edmund, Filip, Rich (and of course Roland) – you’ve been actively testing. I encourage you to now take the final step to submit actual RP certification applications (thereby testing the instructions). Please contact me (and possibly
also Roland) if you have any questions about the instructions or suggestions on how to make them better. All other members are likewise encouraged to likewise participate in the pilot phase, during which RP certifications are free.<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">A huge thanks to Roland and the early testers for getting us to this point – especially Hans and Edmund!<u class=""></u><u class=""></u></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal">We’ll talk about this progress and related items on the Connect working group call in 3.75 hours…<span class="gmail-HOEnZb"><font color="#888888" class=""><u class=""></u><u class=""></u></font></span></p><span class="gmail-HOEnZb"><font color="#888888" class=""><p class="MsoNormal"><u class=""></u> <u class=""></u></p><p class="MsoNormal"> <wbr class=""> -- Mike<u class=""></u><u class=""></u></p>
</font></span></div>
</div>
<br class="">______________________________<wbr class="">_________________<br class="">
Openid-specs-ab mailing list<br class="">
<a href="mailto:Openid-specs-ab@lists.openid.net" class="">Openid-specs-ab@lists.openid.<wbr class="">net</a><br class="">
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank" class="">http://lists.openid.net/<wbr class="">mailman/listinfo/openid-specs-<wbr class="">ab</a><br class="">
<br class=""></blockquote></div><br class=""></div></div></div>
</div></blockquote></div><br class=""></div></body></html>