[Openid-specs-ab] Issue #16: OP-P-02 (Support request Request Parameter with unSigned Request) should actually make the authentication request (openid/certification)
Michael Jones
issues-reply at bitbucket.org
Thu Jan 22 01:42:57 UTC 2015
New issue 16: OP-P-02 (Support request Request Parameter with unSigned Request) should actually make the authentication request
https://bitbucket.org/openid/certification/issue/16/op-p-02-support-request-request-parameter
Michael Jones:
No matter whether the discovery document says that the "request" parameter is supported, a request using it should actually be performed. OP-P-01 tests the discovery statement for this parameter, so OP-P-02 doesn't have to. The authentication request should be made and the tool should verify that an error didn't result.
The same should be true of OP-O-02 - the equivalent test for the "request_uri" parameter, and OP-Q-02 - the equivalent test for the "claims" parameter.
The log follows.
test info for OP-P-02
--------------------------------------------------------------------------------
Test output
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
--------------------------------------------------------------------------------
Trace output
0.000192 ------------ DiscoveryRequest ------------
0.000205 Provider info discover from 'https://sts.windows.net/b4ea3de6-839e-4ad1-ae78-c78e5c0cdc06'
0.472491 ProviderConfigurationResponse: {'authorization_endpoint': u'https://login.windows.net/b4ea3de6-839e-4ad1-ae78-c78e5c0cdc06/oauth2/authorize', 'userinfo_endpoint': u'https://login.windows.net/b4ea3de6-839e-4ad1-ae78-c78e5c0cdc06/openid/userinfo', 'response_modes_supported': [u'query', u'fragment', u'form_post'], 'jwks_uri': u'https://login.windows.net/common/discovery/keys', u'microsoft_multi_refresh_token': True, u'check_session_iframe': u'https://login.windows.net/b4ea3de6-839e-4ad1-ae78-c78e5c0cdc06/oauth2/checksession', 'scopes_supported': [u'openid'], 'subject_types_supported': [u'pairwise'], 'token_endpoint_auth_methods_supported': [u'client_secret_post', u'private_key_jwt'], 'request_uri_parameter_supported': True, 'id_token_signing_alg_values_supported': [u'RS256'], u'end_session_endpoint': u'https://login.windows.net/b4ea3de6-839e-4ad1-ae78-c78e5c0cdc06/oauth2/logout', 'version': '3.0', 'grant_types_supported': ['authorization_code', 'implicit'], 'response_ty
pes_supported': [u'code', u'id_token', u'code id_token', u'token'], 'claims_parameter_supported': False, 'request_parameter_supported': False, 'require_request_uri_registration': True, 'token_endpoint': u'https://login.windows.net/b4ea3de6-839e-4ad1-ae78-c78e5c0cdc06/oauth2/token', 'issuer': u'https://sts.windows.net/b4ea3de6-839e-4ad1-ae78-c78e5c0cdc06/'}
0.472843 Client behavior: {'token_endpoint_auth_method': 'client_secret_post', 'subject_type': 'pairwise', 'grant_types': ['authorization_code', 'implicit', 'refresh_token', 'urn:ietf:params:oauth:grant-type:jwt-bearer:'], 'userinfo_signed_response_alg': [], 'id_token_signed_response_alg': 'RS256', 'response_types': ['code', 'token', 'id_token', 'code id_token'], 'require_auth_time': True, 'scope': ['openid', 'profile', 'email', 'address', 'phone'], 'request_object_signing_alg': [], 'default_max_age': 3600}
0.473695 ------------ AuthorizationRequest ------------
0.474667 [ERROR] NoSuitableSigningKeys:None
More information about the Openid-specs-ab
mailing list