[Openid-specs-ab] Issue #94: OP-Registration-jwks_uri: test expects client_secret (openid/certification)

Justin Richer issues-reply at bitbucket.org
Sat Mar 14 22:21:48 UTC 2015 

New issue 94: OP-Registration-jwks_uri: test expects client_secret
https://bitbucket.org/openid/certification/issue/94/op-registration-jwks_uri-test-expects

Justin Richer:

It looks like the test is looking for a "client_secret" when it registers with a "jwks_uri" and the auth method of "private_key_jwt", but with this auth method no client_secret is generated by the server.

Logs:


Test info
Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'sign', 'registration': 'dynamic'}
Test description: Uses keys registered with jwks_uri value [Dynamic]
Test ID: OP-Registration-jwks_uri
Issuer: https://mitreid.org/
Test output


[-]
	status: ERROR
	info: 'client_secret'

Trace output


0.000283 ------------ DiscoveryRequest ------------
0.000292 Provider info discover from 'https://mitreid.org/'
0.000298 --> URL: https://mitreid.org/.well-known/openid-configuration
0.088560 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://mitreid.org/authorize",
  "claim_types_supported": [
    "normal"
  ],
  "claims_parameter_supported": false,
  "claims_supported": [
    "sub",
    "name",
    "preferred_username",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "profile",
    "picture",
    "website",
    "gender",
    "zone_info",
    "locale",
    "updated_time",
    "birthdate",
    "email",
    "email_verified",
    "phone_number",
    "address"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "urn:ietf:params:oauth:grant-type:jwt-bearer",
    "client_credentials",
    "urn:ietf:params:oauth:grant_type:redelegate"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA1_5",
    "RSA-OAEP-256"
  ],
  "id_token_encryption_enc_values_supported": [
    "A192CBC-HS384",
    "A192GCM",
    "A256CBC+HS512",
    "A128CBC+HS256",
    "A256CBC-HS512",
    "A128CBC-HS256",
    "A128GCM",
    "A256GCM"
  ],
  "id_token_signing_alg_values_supported": [
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "none"
  ],
  "introspection_endpoint": "https://mitreid.org/introspect",
  "issuer": "https://mitreid.org/",
  "jwks_uri": "https://mitreid.org/jwk",
  "op_policy_uri": "https://mitreid.org/about",
  "op_tos_uri": "https://mitreid.org/about",
  "registration_endpoint": "https://mitreid.org/register",
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA1_5",
    "RSA-OAEP-256"
  ],
  "request_object_encryption_enc_values_supported": [
    "A192CBC-HS384",
    "A192GCM",
    "A256CBC+HS512",
    "A128CBC+HS256",
    "A256CBC-HS512",
    "A128CBC-HS256",
    "A128GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": false,
  "require_request_uri_registration": false,
  "response_types_supported": [
    "code",
    "token"
  ],
  "revocation_endpoint": "https://mitreid.org/revoke",
  "scopes_supported": [
    "openid",
    "profile",
    "email",
    "address",
    "phone",
    "offline_access"
  ],
  "service_documentation": "https://mitreid.org/about",
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "token_endpoint": "https://mitreid.org/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic",
    "client_secret_jwt",
    "private_key_jwt",
    "none"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA1_5",
    "RSA-OAEP-256"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A192CBC-HS384",
    "A192GCM",
    "A256CBC+HS512",
    "A128CBC+HS256",
    "A256CBC-HS512",
    "A128CBC-HS256",
    "A128GCM",
    "A256GCM"
  ],
  "userinfo_endpoint": "https://mitreid.org/userinfo",
  "userinfo_signing_alg_values_supported": [
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "version": "3.0"
}
0.171669 JWKS: {
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "rsa1",
      "kty": "RSA",
      "n": "23zs5r8PQKpsKeoUd2Bjz3TJkUljWqMD8X98SaIb1LE7dCQzi9jwO58FGL0ieY1Dfnr9-g1iiY8sNzV-byawK98W9yFiopaghfoKtxXgUD8pi0fLPeWmAkntjn28Z_WZvvA265ELbBhphPXEJcFhdzUfgESHVuqFMEqp1pB-CP0"
    }
  ]
}
0.172722 ------------ RegistrationRequest ------------
0.173148 --> URL: https://mitreid.org/register
0.173156 --> BODY: {"token_endpoint_auth_method": "private_key_jwt", "subject_type": "public", "jwks_uri": "https://op.certification.openid.net:60054/export/jwk_60054.json", "contacts": ["roland.hedberg at umu.se"], "application_type": "web", "grant_types": ["authorization_code"], "post_logout_redirect_uris": ["https://op.certification.openid.net:60054/logout"], "redirect_uris": ["https://op.certification.openid.net:60054/authz_cb", "https://op.certification.openid.net:60054/cb"], "response_types": ["code"], "require_auth_time": true, "default_max_age": 3600}
0.173165 --> HEADERS: {'Content-type': 'application/json'}
0.280321 <-- STATUS: 200
0.280357 <-- BODY: {"client_id":"6635b59a-9cd8-44a3-a993-92cdb1380c89","client_id_issued_at":1426371501,"registration_access_token":"eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOlsiNjYzNWI1OWEtOWNkOC00NGEzLWE5OTMtOTJjZGIxMzgwYzg5Il0sImlzcyI6Imh0dHBzOlwvXC9taXRyZWlkLm9yZ1wvIiwianRpIjoiOWZjMWJhYTMtNDdjNy00MGRhLWJkMDItMTFiNGU0Zjk0YzZmIiwiaWF0IjoxNDI2MzcxNTAxfQ.HIXJ1ZeXIot1ucip5lZ9e6BHQV3Rlg4fqu0IbacIQ6bu-6sMjwyhFePdGrtpehYBc4ZP5KPbDyDLYyPq73cvJFt-7KxujCKYgb1T6CIgqjs521cX2Dqj2WqklpoD_YNW6l9DUqVTeNEQTZuWAuYspyMlUvpK9zuRk25fqrMox0I","registration_client_uri":"https://mitreid.org/register/6635b59a-9cd8-44a3-a993-92cdb1380c89","redirect_uris":["https://op.certification.openid.net:60054/cb","https://op.certification.openid.net:60054/authz_cb"],"contacts":["roland.hedberg at umu.se"],"token_endpoint_auth_method":"private_key_jwt","scope":"phone openid address email profile","grant_types":["authorization_code"],"response_types":["code"],"jwks_uri":"https://op.certification.openid.net:60054/export/jwk_600
 54.json","application_type":"web","subject_type":"public","default_max_age":3600,"require_auth_time":true,"default_acr_values":[],"request_uris":[]}
0.280951 RegistrationResponse: {
  "application_type": "web",
  "client_id": "6635b59a-9cd8-44a3-a993-92cdb1380c89",
  "client_id_issued_at": 1426371501,
  "contacts": [
    "roland.hedberg at umu.se"
  ],
  "default_max_age": 3600,
  "grant_types": [
    "authorization_code"
  ],
  "jwks_uri": "https://op.certification.openid.net:60054/export/jwk_60054.json",
  "redirect_uris": [
    "https://op.certification.openid.net:60054/cb",
    "https://op.certification.openid.net:60054/authz_cb"
  ],
  "registration_access_token": "eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOlsiNjYzNWI1OWEtOWNkOC00NGEzLWE5OTMtOTJjZGIxMzgwYzg5Il0sImlzcyI6Imh0dHBzOlwvXC9taXRyZWlkLm9yZ1wvIiwianRpIjoiOWZjMWJhYTMtNDdjNy00MGRhLWJkMDItMTFiNGU0Zjk0YzZmIiwiaWF0IjoxNDI2MzcxNTAxfQ.HIXJ1ZeXIot1ucip5lZ9e6BHQV3Rlg4fqu0IbacIQ6bu-6sMjwyhFePdGrtpehYBc4ZP5KPbDyDLYyPq73cvJFt-7KxujCKYgb1T6CIgqjs521cX2Dqj2WqklpoD_YNW6l9DUqVTeNEQTZuWAuYspyMlUvpK9zuRk25fqrMox0I",
  "registration_client_uri": "https://mitreid.org/register/6635b59a-9cd8-44a3-a993-92cdb1380c89",
  "require_auth_time": true,
  "response_types": [
    "code"
  ],
  "scope": "phone openid address email profile",
  "subject_type": "public",
  "token_endpoint_auth_method": "private_key_jwt"
}
0.282167 [ERROR] KeyError:'client_secret'

Result
PARTIAL RESULT

More information about the Openid-specs-ab mailing list