[Openid-specs-ab] What additional tests do we need for the 4th OpenID Connect Interop?

Roland Hedberg roland.hedberg at adm.umu.se
Sat Jun 23 20:06:27 UTC 2012 

Sorry, midsummer is a *big* Swedish holiday ! :-)

22 jun 2012 kl. 02:59 skrev Mike Jones:

>  
>  Roland, I know you’ve added these RP tests to your test suite since OC3:
> ·         Access token request with client_secret_basic authentication
> ·         Request with response_type code and extra query component
> ·         Request with redirect_uri with query component
> ·         Registration where a redirect_uri has a query component
> ·         Registration where a redirect_uri has a fragment
> ·         Authorization request missing the response_type parameter
> ·         Sent redirect_uri does not match the registered redirect_uri
> ·         Access token request with client_secret_jwt authentication
> ·         Access token request with public_key_jwt authentication
>  
> Roland, are there others you’ve added, either for the RP or OP?  

I have the once (at_hash, c_hash for OP and RP) below too.
Apart from this I've also started to add tests with/without optional parameters.
Also, should add tests for user info claims in the id_token.

> Also, can you send us a URL for where people can access these tests to add to the test descriptions?

I'll get back to this and to a description on how to use my OP to tests RP implementations.

> Everyone, I know that we need to add these OP tests:
> ·         Includes at_hash in ID Token when implicit flow used
> ·         Includes c_hash in ID Token when code flow used
>  
> Everyone, I know that we need to add these RP tests:
> ·         Verifies correct at_hash when implicit flow used
> ·         Rejects incorrect at_hash when implicit flow used
> ·         Verifies correct c_hash when code flow used
> ·         Rejects incorrect c_hash when code flow used
>  
> What else am I missing?
>  
> I have already deleted the tests that were for the ID Token.   Do we want to also delete the tests for symmetric signing of the ID token or leave them, since the spec does say how to do symmetric signing.  I’ve left these tests there for now.

I've removed the symmetric signing tests from my set.

-- Roland
------------------------------------------------------
Roland Hedberg
IT Architect/Senior Researcher
ICT Services and System Development (ITS) 
Umeå University 
SE-901 87 Umeå, Sweden	
Phone +46 90 786 68 44
Mobile +46 70 696 68 44 
www.its.umu.se

More information about the Openid-specs-ab mailing list