[Openid-specs-ab] Issue #24: OP-C-01 and other tests accessing the user info endpoint using code+id_token (openid/certification)
John Bradley
issues-reply at bitbucket.org
Fri Jan 23 23:41:37 UTC 2015
New issue 24: OP-C-01 and other tests accessing the user info endpoint using code+id_token
https://bitbucket.org/openid/certification/issue/24/op-c-01-and-other-tests-accessing-the-user
John Bradley:
The tests with the code+id_token response type don't seem to be exchanging code for AT.
The test works fine for code and token, but the hybrid test docent seem to access the token endpoint and shows the access token as "None"
test info for OP-C-01
Test output
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
Trace output
0.000099 ------------ DiscoveryRequest ------------
0.000107 Provider info discover from 'https://gold.pinglabs.net/'
0.774796 ProviderConfigurationResponse: {'authorization_endpoint': u'https://gold.pinglabs.net/as/authorization.oauth2', 'userinfo_endpoint': u'https://gold.pinglabs.net/idp/userinfo.openid', u'revocation_endpoint': u'https://gold.pinglabs.net/as/revoke_token.oauth2', 'jwks_uri': u'https://gold.pinglabs.net/pf/JWKS', 'token_endpoint': u'https://gold.pinglabs.net/as/token.oauth2', 'require_request_uri_registration': True, 'scopes_supported': [u'product', u'phone', u'pingone-native-application', u'address', u'email', u'admin', u'edit', u'openid', u'profile'], u'ping_revoked_sris_endpoint': u'https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris', 'subject_types_supported': [u'public'], 'token_endpoint_auth_methods_supported': [u'client_secret_basic', u'client_secret_post'], 'request_uri_parameter_supported': False, 'id_token_signing_alg_values_supported': [u'none', u'HS256', u'HS384', u'HS512', u'RS256', u'RS384', u'RS512', u'ES256', u'ES384', u'ES512'], 'version': u'3.0
', u'ping_end_session_endpoint': u'https://gold.pinglabs.net/idp/startSLO.ping', 'grant_types_supported': ['authorization_code', 'implicit'], 'response_types_supported': [u'code', u'token', u'id_token', u'code token', u'code id_token', u'token id_token', u'code token id_token'], 'claims_parameter_supported': False, 'request_parameter_supported': False, 'claim_types_supported': [u'normal'], 'issuer': u'https://gold.pinglabs.net'}
1.526940 JWKS: {"keys":[{"kty":"EC","kid":"omtyl","use":"sig","x":"Qa75Wh11nUZQHk8_PTcB7IBuHXE5Q6K028uGpripFImZ_-iY0wzD3WPE4Enklv2BrPt8qV9VEdMGO10R9SliQGM","y":"AR1I5udt6dptALiocqnmnSn1nFvLWD3PVBEO6KOjwEKCQ7LHMbq8WBnhglGjs9Iie7aIwRgnfPVDumfPWJYMZEzW","crv":"P-521"},{"kty":"EC","kid":"omtyk","use":"sig","x":"uolOQQrTc4OD9OqOjaxSV0ovp1vjWzkUy4qUCzWSClt4uXW--rMF9qSLjkdPBpoO","y":"0-NpgG0Uozuyyw42mIYTG0npTlXZJGVBCmSuz5WjCarli2TMQ7Wxj9ZelqsN_-To","crv":"P-384"},{"kty":"EC","kid":"omtyj","use":"sig","x":"p6nMaLIeGXT9jn7iONIIdpn3_JQ_vBfu2SgnNxifE_E","y":"TgY6pu-GgTDw79i3zPwstXmBqnRKEmAkNDpO4uYNxec","crv":"P-256"},{"kty":"RSA","kid":"omtyi","use":"sig","n":"gNNb8r3nYFNZ5NebpCzE7fgzfinhpkNczQ6gvjtWlfN76WU3I1ZUymYyJrdy_AVgRDX-eZO2NMwXqyIIOjrxYb_iY0HnbHhQ0m9_77Oy2e16aI6R_87IoWKjRpW5AhW8X8cAVewrOoDTykl9p6KpP1J8-j5u9hlmCBSMJgEBWkY73ZlqTdaZn1LhQD2Kl7rVjf_iYiUdx7R2cZMWJDGUkRkFLMrU2rx4aj-3OiWFkTS8DyfTDQh43dXAnuSz7cXpyUqzrYf8jPb0uXU3BbQwdnJrLwQNBBtDWywwDBFRv_iv1RPabpQUOzYx6O4tRt7GakfeFfTv9Rr2
jbKvFOswZQ","e":"AQAB"},{"kty":"EC","kid":"omtyh","use":"sig","x":"-CVoaxVJHJQTrA7zNYXnf1sFxhQc717-mSVye3bap6nC8MCAOr2_U4F9gdCezWB76mCm032ZArBLteY4BVaXXnM","y":"67Hu-HczMXrk9gcWMp-BzO1Xsanl5-3EgiMXRnQUlJfPkmu8AAaPfDSSAkTvcS9Mwv0DOzuvVNCZlafaum4-4Yg","crv":"P-521"},{"kty":"EC","kid":"omtyg","use":"sig","x":"echhbbR5SJgunbVB-EZ50-R5paFtiT6-Kh_xoTj5yInQ4VDNWZ69AAWBdXBr0glG","y":"QWriRmPy0c5KSvuqwpOzAMh-SLJVpTwGYDFbR6sgFl8HDhlMMoJeGaPGM0Jf3JTZ","crv":"P-384"},{"kty":"EC","kid":"omtyf","use":"sig","x":"X7Wo2qjS64LGJjBNz2dixGqecM-d14a7i7G-JGBRpx4","y":"jCfH0Aep1z186djurKewen-rqppbbjy98VVibHxGO8E","crv":"P-256"},{"kty":"RSA","kid":"omtye","use":"sig","n":"r9eYnv7WLy2g5xOBaHEjQmMuvNa8MOW9VXG6u-ekJ5_kHh7hyEfralTws6dbN73kNm3wlnJzlvZNovGAoP0UeJ0kcUP5AaBGo7y_ywvNqlFt_nVfYFdLZRRikR7-o4cVBievgTY27yPfzG7-2oVEJ8JGj5_Sc64-d6p8JzDTz2dxfXHFUzrGpRpEf2UxltiyYR5sO_xrEqSs7HnkmtbvB8ujSGEQwVl2u4aZFnndfEu58DidvMi4JWUgl4kpM0qeTpVHXFS1N6yCgtdXiNhXdnK4M7fkYpHaPZFdQydp7rS9DKcbpM2aw_cNqX_xrvCchS1051QsPDsI
bc37-FXiwQ","e":"AQAB"},{"kty":"EC","kid":"omtyd","use":"sig","x":"t9TQIAu70CeYgfvFgFtaLkVanP2ln-FvKr7XVH-DeCbwKOlJpCQDZYkbVcotRzjXbMdpw6pHTUIz2p-1_LprCBU","y":"5vDFeDfFJOtUnouYNhzMckP2epqruKYXfyarKmtJfNDtKA67eBb7K7wfNsSWurB2h7D6SP1bWjHwp2V_x73pBVk","crv":"P-521"},{"kty":"EC","kid":"omtyc","use":"sig","x":"lM7G07MicMcn2lMoAonzrptHbE-us4xR8NGhPH3vB2JMCuute0Hne3q0pW6G24LD","y":"wP67VUFFlSt3UKkKpASsPDFnJGfUFvs44pCJM7ISdQeZNdc79RqGVfU6wR1llJxk","crv":"P-384"},{"kty":"EC","kid":"omtyb","use":"sig","x":"CkVyG0M8TQXkPY_Tk_p3f4igO2StwvqPeIXXV0BG-LU","y":"5bsqE5ArQIfZZPMZNB02l0cjwnQmeoegUuqTfuNtw1M","crv":"P-256"},{"kty":"RSA","kid":"omtya","use":"sig","n":"pgx_9LykeHPCCVnLY_8weAYCIIIpVjrhH0kmKgQ-Me_9mNQKLFdJHyEtt1o4AaZJ-NptlwxMg0CfuMWq0sIYvwLS13v0rM8I3hq2m5Rtcv_okeNcG4Jq-XBt_xwYBRQcoEIPrtYkG8NwK_jG82k1LsDHHiNmypCexeKeQ5QLEd9qxYqo9Ymzfj9xquL7yicqpGFcSqDco9D4-aALbKdqNB_uz-yvw10mfS22ay6Ihyepwr0kojhoW_yo4lhVYe3SFbD5de1_oSpVqn1aXxUhmIzm0atsnTOIT_GNmgheQBxmDB6TFgcXviRZpbZsFy41_0bvYvYX0bie
bu4Fo-r6tw","e":"AQAB"}]}
1.527428 ------------ AuthorizationRequest ------------
1.527715 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?nonce=frmmhmgXxZ07&state=jEZgYbAnkCHuGU1Y&redirect_uri=https%3A%2F%2Foictest.umdc.umu.se%3A8094%2Fauthz_cb&response_type=code+id_token&client_id=oictest&scope=openid
1.527721 --> BODY: None
13.847279 <-- state=jEZgYbAnkCHuGU1Y&code=gN4qi0_s_gxObG2DG1uGlrXUL2gHhgqDgFYgbxw5&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6Im9tdHllIn0.eyJzdWIiOiJqYnJhZGxleSIsImF1ZCI6Im9pY3Rlc3QiLCJqdGkiOiJJQVdscEZiQlpVREdkVmdQNjRLZUI3IiwiaXNzIjoiaHR0cHM6XC9cL2dvbGQucGluZ2xhYnMubmV0IiwiaWF0IjoxNDIyMDU2MTU4LCJleHAiOjE0MjIwNTY0NTgsIm5vbmNlIjoiZnJtbWhtZ1h4WjA3IiwiY19oYXNoIjoiMkhvRFRlb2NqSTVIZnVIZHdzQktUQSJ9.AjJ77_zjelA7zIFeGj-t6PE2zdWjjnN1C4mpaWnfgk4a3e_WYh_eOxKbTNJMneNgNQEHDis_U_WOAVDwbd2H8A7Hf5sw9-cgZ0OixqVX5pjl-V_V3p7DC1wFMa0yKMm1S1r5x-IP0WuXo3Hn1cmMe0WCW4kMixf5-4bC7p8CU1tR8fKIau-fZJh__AiuYI9D1RxBupkKwWWxT2eqS9WnPOnrQTvYT-ptTVVUSpgp_8LiBmyV22fyqCkSDps6JU0xEXNgA_SuW6S_pjAnoZrbyrSstZ1P9zTW5SOgjVHZFmGVZfOnuIg5HJGeC766cmrG4FkG9rStxviHYQteexFP5g
14.600722 AuthorizationResponse: {'id_token': {'nonce': u'frmmhmgXxZ07', 'c_hash': u'2HoDTeocjI5HfuHdwsBKTA', 'sub': u'jbradley', 'iss': u'https://gold.pinglabs.net', u'jti': u'IAWlpFbBZUDGdVgP64KeB7', 'exp': 1422056458, 'iat': 1422056158, 'aud': [u'oictest']}, 'state': 'jEZgYbAnkCHuGU1Y', 'code': 'gN4qi0_s_gxObG2DG1uGlrXUL2gHhgqDgFYgbxw5'}
14.600877 ------------ UserInfoRequest ------------
14.601050 --> URL: https://gold.pinglabs.net/idp/userinfo.openid
14.601055 --> BODY: None
14.601060 --> HEADERS: {'Authorization': 'Bearer None'}
15.379675 <-- STATUS: 401
15.380081 [ERROR] ValueError:No JSON object could be decoded
Responsible: Rohe
More information about the Openid-specs-ab
mailing list