[Openid-specs-ab] Issue #172: Unexpected error [ERROR] TypeError:__init__() got an unexpected keyword argument 'issuer' (openid/certification)
Michael Jones
issues-reply at bitbucket.org
Thu Aug 13 05:17:32 UTC 2015
New issue 172: Unexpected error [ERROR] TypeError:__init__() got an unexpected keyword argument 'issuer'
https://bitbucket.org/openid/certification/issues/172/unexpected-error-error-typeerror-__init__
Michael Jones:
In testing a new Microsoft OP endpoint, I'm getting the unexpected error [ERROR] TypeError:__init__() got an unexpected keyword argument 'issuer' - I think when the code tries to verify the ID Token signature.
Testing at https://op.certification.openid.net:60396/ with the response types set to id_token, I do get an ID Token back that looks legal. There is an extra "issuer" field in both of the keys at the jwks_uri. Per the JWK spec, implementations are supposed to ignore not-understood fields, so this should be legal. But I suspect it's the source of the error.
The ID Token header is:
```
{"typ":"JWT","alg":"RS256","x5t":"MnC_VZcATfM5pOYiJHMba9goEKY","kid":"MnC_VZcATfM5pOYiJHMba9goEKY"}
```
The ID Token claims are:
```
{"aud":"016ed0e4-fc52-4eb8-9eac-e8852c821055","iss":"https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/","iat":1439441230,"nbf":1439441230,"exp":1439445130,"ver":"2.0","tid":"9188040d-6c67-4c5b-b112-36a304b66dad","oid":"f7bc7b3b-db08-4e8c-bd8c-cda5ea9b86bd","preferred_username":"michael_b_jones at hotmail.com","idp":"live.com","sub":"5GhWuZYrWfCANADPQdwACBV5u2kJcnA2CxXHIeVqCd0","name":"Michael Jones","nonce":"jf7j4dHhXaNt"}
```
Can the code be fixed to ignore non-understood fields in the keys?
The log follows...
```
Test info
Profile: {'openid-configuration': 'config', 'response_type': 'id_token', 'crypto': 'sign', 'registration': 'static'}
Timestamp: 2015-08-13T04:52:11Z
Test description: Request with response_type=id_token [Implicit]
Test ID: OP-Response-id_token
Issuer: https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/
Test output
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
[-]
status: WARNING
info: __init__() got an unexpected keyword argument 'issuer'
Trace output
0.000290 ------------ DiscoveryRequest ------------
0.000305 Provider info discover from 'https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/'
0.000313 --> URL: https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/.well-known/openid-configuration
0.647749 ProviderConfigurationResponse: {
"authorization_endpoint": "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize",
"claims_parameter_supported": false,
"claims_supported": [
"sub",
"iss",
"aud",
"exp",
"iat",
"auth_time",
"acr",
"nonce",
"preferred_username",
"name"
],
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/",
"jwks_uri": "https://login.microsoftonline.com/consumers/discovery/v2.0/keys",
"request_parameter_supported": false,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment",
"form_post"
],
"response_types_supported": [
"code",
"id_token",
"code id_token",
"token id_token"
],
"scopes_supported": [
"openid",
"offline_access"
],
"subject_types_supported": [
"pairwise"
],
"token_endpoint": "https://login.microsoftonline.com/consumers/oauth2/v2.0/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"private_key_jwt"
],
"version": "3.0"
}
1.706101 JWKS: {
"keys": [
{
"e": "AQAB",
"issuer": "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/",
"kid": "GvnPApfWMdLRi8PDmisFn7bprKg",
"kty": "RSA",
"n": "5ymq_xwmst1nstPr8YFOTyD1J5N4idYmrph7AyAv95RbWXfDRqy8CMRG7sJq-UWOKVOA4MVrd_NdV-ejj1DE5MPSiG-mZK_5iqRCDFvPYqOyRj539xaTlARNY4jeXZ0N6irZYKqSfYACjkkKxbLKcijSu1pJ48thXOTED0oNa6U",
"use": "sig",
"x5c": [
"MIICWzCCAcSgAwIBAgIJAKVzMH2FfC12MA0GCSqGSIb3DQEBBQUAMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTAeFw0xMzExMTExODMzMDhaFw0xNjExMTAxODMzMDhaMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5ymq/xwmst1nstPr8YFOTyD1J5N4idYmrph7AyAv95RbWXfDRqy8CMRG7sJq+UWOKVOA4MVrd/NdV+ejj1DE5MPSiG+mZK/5iqRCDFvPYqOyRj539xaTlARNY4jeXZ0N6irZYKqSfYACjkkKxbLKcijSu1pJ48thXOTED0oNa6UCAwEAAaOBijCBhzAdBgNVHQ4EFgQURCN+4cb0pvkykJCUmpjyfUfnRMowWQYDVR0jBFIwUIAURCN+4cb0pvkykJCUmpjyfUfnRMqhLaQrMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleYIJAKVzMH2FfC12MAsGA1UdDwQEAwIBxjANBgkqhkiG9w0BAQUFAAOBgQB8v8G5/vUl8k7xVuTmMTDA878AcBKBrJ/Hp6RShmdqEGVI7SFR7IlBN1//NwD0n+IqzmnRV2PPZ7iRgMF/Fyvqi96Gd8X53ds/FaiQpZjUUtcO3fk0hDRQPtCYMII5jq+YAYjSybvF84saB7HGtucVRn2nMZc5cAC42QNYIlPMqA=="
],
"x5t": "GvnPApfWMdLRi8PDmisFn7bprKg"
},
{
"e": "AQAB",
"issuer": "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/",
"kid": "dEtpjbEvbhfgwUI-bdK5xAU_9UQ",
"kty": "RSA",
"n": "x7HNcD9ZxTFRaAgZ7-gdYLkgQua3zvQseqBJIt8Uq3MimInMZoE9QGQeSML7qZPlowb5BUakdLI70ayM4vN36--0ht8-oCHhl8YjGFQkU-Iv2yahWHEP-1EK6eOEYu6INQP9Lk0HMk3QViLwshwb-KXVD02jdmX2HNdYJdPyc0c",
"use": "sig",
"x5c": [
"MIICWzCCAcSgAwIBAgIJAL3MzqqEFMYjMA0GCSqGSIb3DQEBBQUAMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTAeFw0xMzExMTExOTA1MDJaFw0xOTExMTAxOTA1MDJaMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx7HNcD9ZxTFRaAgZ7+gdYLkgQua3zvQseqBJIt8Uq3MimInMZoE9QGQeSML7qZPlowb5BUakdLI70ayM4vN36++0ht8+oCHhl8YjGFQkU+Iv2yahWHEP+1EK6eOEYu6INQP9Lk0HMk3QViLwshwb+KXVD02jdmX2HNdYJdPyc0cCAwEAAaOBijCBhzAdBgNVHQ4EFgQULR0aj9AtiNMgqIY8ZyXZGsHcJ5gwWQYDVR0jBFIwUIAULR0aj9AtiNMgqIY8ZyXZGsHcJ5ihLaQrMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleYIJAL3MzqqEFMYjMAsGA1UdDwQEAwIBxjANBgkqhkiG9w0BAQUFAAOBgQBshrsF9yls4ArxOKqXdQPDgHrbynZL8m1iinLI4TeSfmTCDevXVBJrQ6SgDkihl3aCj74IEte2MWN78sHvLLTWTAkiQSlGf1Zb0durw+OvlunQ2AKbK79Qv0Q+wwGuK+oymWc3GSdP1wZqk9dhrQxb3FtdU2tMke01QTut6wr7ig=="
],
"x5t": "dEtpjbEvbhfgwUI-bdK5xAU_9UQ"
}
]
}
1.707886 ------------ AuthorizationRequest ------------
1.708615 --> URL: https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?nonce=jf7j4dHhXaNt&state=YL9i86dLOwbskn9t&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60396%2Fauthz_cb&response_type=id_token&client_id=016ed0e4-fc52-4eb8-9eac-e8852c821055&scope=openid
1.708622 --> BODY: None
8.220372 QUERY_STRING:
8.793447 <-- id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiIwMTZlZDBlNC1mYzUyLTRlYjgtOWVhYy1lODg1MmM4MjEwNTUiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAvIiwiaWF0IjoxNDM5NDQxMjMwLCJuYmYiOjE0Mzk0NDEyMzAsImV4cCI6MTQzOTQ0NTEzMCwidmVyIjoiMi4wIiwidGlkIjoiOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwib2lkIjoiZjdiYzdiM2ItZGIwOC00ZThjLWJkOGMtY2RhNWVhOWI4NmJkIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibWljaGFlbF9iX2pvbmVzQGhvdG1haWwuY29tIiwiaWRwIjoibGl2ZS5jb20iLCJzdWIiOiI1R2hXdVpZcldmQ0FOQURQUWR3QUNCVjV1MmtKY25BMkN4WEhJZVZxQ2QwIiwibmFtZSI6Ik1pY2hhZWwgSm9uZXMiLCJub25jZSI6ImpmN2o0ZEhoWGFOdCJ9.PXPwnqIvSLWhDeNxe8avWiCCPto-Dtn8spFvxqWD4XZZ5mXLFprt0KiydydYE70OLiyVPeC44wfreNIe3uYmQ721tF4HghILOZuJd-0RU-dapkFNaD_X7Bkz3yPR3JiERLHpDomCKQ950mwsiZ_OuHvbny6CEPR-Twy-DwH_PIEow5GvUU6VNPjbpbcUjo5QELbnSX5Jf544VUPmOwZoS8Uvhrp3AnK1g2Wf1HzSKS
PSZAZWMaUZTrp0lUdayfZSoGlers69ah-nQ2lREU-mAJ2ub-YyJTfRsnFRizmY27UM5D-PLN9jLc9VV3p7mXssWvrkmF3Hvnysz0zYCaHCOg&id_token_expires_in=3599&state=YL9i86dLOwbskn9t&session_state=0dc5cd25-04fc-4dc8-8318-303b9170fce7
9.236270 [ERROR] TypeError:__init__() got an unexpected keyword argument 'issuer'
Result
PARTIAL RESULT
```
Responsible: Rohe
More information about the Openid-specs-ab
mailing list