[Openid-specs-ab] Issue #133: OP-UserInfo-Body Still Fails if not supported (openid/certification)
Mike Jones
Michael.Jones at microsoft.com
Mon Apr 6 21:55:26 UTC 2015
Roshni - in my testing, this appears to be fixed now (meaning it returns a warning when not supported). Can you retest this and if you agree, mark the issue as resolved?
Thanks,
-- Mike
-----Original Message-----
From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Roshni Chandrashekhar
Sent: Friday, March 27, 2015 7:51 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Issue #133: OP-UserInfo-Body Still Fails if not supported (openid/certification)
New issue 133: OP-UserInfo-Body Still Fails if not supported https://bitbucket.org/openid/certification/issue/133/op-userinfo-body-still-fails-if-not
Roshni Chandrashekhar:
It appears that the test seems to be checking for a Response Code between 200 and 300:
description: Checks that the HTTP response status is within the 200 or 300 range
We return a 401 when a UserInfoRequest is made with the access token in the body:
8.829751 ------------ UserInfoRequest ------------
8.830021 --> URL: https://www.googleapis.com/oauth2/v3/userinfo
8.830027 --> BODY: access_token=ya29.QwFqBx8DZfKQZfIM6RMPLqiZo-RWiL1ppD64Fd-tQViSXJioR-S2O4upTSAR6LhaCvjUBZgwNl_CXg
8.830035 --> HEADERS: {'Content-type': 'application/x-www-form-urlencoded'}
8.905696 <-- STATUS: 401
8.905822 ErrorResponse: {
"error": "invalid_token",
"error_description": "Invalid Credentials"
}
How can we return a 200-300 ResponseCode if we do not support asking for user information by passing in POST body parameters?
Responsible: Rohe
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
More information about the Openid-specs-ab
mailing list