[Openid-specs-ab] Issue #95: OP-request-Unsigned has malformed request object value (openid/certification)
Brian Campbell
issues-reply at bitbucket.org
Mon Mar 16 12:53:56 UTC 2015
New issue 95: OP-request-Unsigned has malformed request object value
https://bitbucket.org/openid/certification/issue/95/op-request-unsigned-has-malformed-request
Brian Campbell:
The value of the request parameter is
```
#!text
e30.eyJzY29wZSI6ICJvcGVuaWQiLCAic3RhdGUiOiAiQVg1VmZCVFBtNkpQNldkViIsICJyZWRpcmVjdF91cmkiOiAiaHR0cHM6Ly9vcC5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQ6NjAyMTEvYXV0aHpfY2IiLCAicmVzcG9uc2VfdHlwZSI6ICJjb2RlIiwgImNsaWVudF9pZCI6ICJfX2MifQ.
```
which isn't a JOSE object b/c it has an empty header with no alg set. Should be {"alg":"none"}
```
#!text
Test info
Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'none+sign', 'registration': 'static'}
Test description: Support request request parameter with unsigned request [Basic, Implicit, Hybrid, Dynamic]
Test ID: OP-request-Unsigned
Issuer: https://gold.pinglabs.net
Test output
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
Trace output
0.000266 ------------ DiscoveryRequest ------------
0.000276 Provider info discover from 'https://gold.pinglabs.net/'
0.000282 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
0.316647 ProviderConfigurationResponse: {
"authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
"claim_types_supported": [
"normal"
],
"claims_parameter_supported": false,
"claims_supported": [
"address",
"birthdate",
"email",
"email_verified",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"picture",
"preferred_username",
"profile",
"sub",
"website",
"zoneinfo"
],
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"ES256",
"ES384",
"ES512"
],
"issuer": "https://gold.pinglabs.net",
"jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
"ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
"ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
"request_object_signing_alg_values_supported": [
"none"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"fragment",
"query",
"form_post"
],
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token"
],
"revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
"scopes_supported": [
"product",
"phone",
"pingone-native-application",
"address",
"email",
"admin",
"edit",
"openid",
"profile"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
"version": "3.0"
}
0.670720 JWKS: {
"keys": [
{
"crv": "P-521",
"kid": "cmv7x",
"kty": "EC",
"use": "sig",
"x": "AdVDqUeeGfH1wJGv_XJRdyI3-ozYTQCLSlicuoLsQvdMuJ2LT2iXgvxf52sroEORGuotAtYVjMwrTqIsdCw5lpPV",
"y": "ANWHbwIsrOQzXGXKjBoSVGEKKdarPKQ0tYw4P_5f7wbfMTN8wP-8bSon06eELsDFTHblKfvPLEnj7TW199oSlUiV"
},
{
"crv": "P-384",
"kid": "cmv7y",
"kty": "EC",
"use": "sig",
"x": "i4f6tixXMC6RCMoDuPD_3VVCPCFOpHoyS5MHg89roXZk6rVB59Db-wVx84Kj4wjS",
"y": "o4SpmYf8T_quE3btkB6KZg2-bagyVssRC5g2pGlhlX3ksXoSMlCNaXKPHxSVNLPv"
},
{
"crv": "P-256",
"kid": "cmv7z",
"kty": "EC",
"use": "sig",
"x": "FfQ0s_N63ODJO22EDBku8cUz4P0BNgfK2WcquyhZhs0",
"y": "amzQqB-eksQg9XyST7xRKRBjgiU4Wl3lTUszh-wio6I"
},
{
"e": "AQAB",
"kid": "cmv80",
"kty": "RSA",
"n": "kuz1y0m9umRGa73uTdvoubrBtO_6uzfo_2mNrHn2Wel439aI0IJKjVoERkuhZEY7g_E84NYA9zOEAoan8Jc097DRYIkvEtmrY8NRyAVcbDwmWtYNIIuvFTjhUI2y6hTBvgYqgZ-TP6ipjKZTaEfIht92g6weZF2Mt3HAyg_ACSgC0s4Pk0Zk-NxgUzCo2omIJ-g4_1zpYuvqMm0SBKjqlTIwW1KsAfC2tJoNF6nLP2NZ6nj9-9QpoUgXeDyufRRcFZIp0JiYNIIGAf3LZlpupyQJrzp_-6fSKMTp2MwEqrjx7JQgzMh-EMF2j_iIN0SrBdOv1t2s16G6hC1he-_6-Q",
"use": "sig"
},
{
"crv": "P-521",
"kid": "cmv81",
"kty": "EC",
"use": "sig",
"x": "AZTr3o1ealCxcTh32jGvwbV2ZAIpGQUEtZaCIWwJ-qbBX5dOfC3CvGjpt3rdZUuh7tI_ez4Km7OmoXslcFAVlNTJ",
"y": "ADBe65DUE9UxoAIjFgeOa-9FveGRnTtCHKMuKiQ1iu-yGnytZuFPhJajR-piwNbirc_0_ZpBnjcXmPGyLw0tQTyf"
},
{
"crv": "P-384",
"kid": "cmv82",
"kty": "EC",
"use": "sig",
"x": "N3aDyUVeoCcH90DPAhkLOdk5OwdP6MJNYYnd79pSrHt8NKzeRYLoo1bMe6KAgHO_",
"y": "xufmmsZagcToXcsEuC-l4-p3Ud4ZSML-OQ908clt__9VRx1GSm8dvGMgNcVSolx7"
},
{
"crv": "P-256",
"kid": "cmv83",
"kty": "EC",
"use": "sig",
"x": "OhpTqxvHP83tvAmlembVhfeIwHb_RW3hcQxfaXwVcfo",
"y": "irW1CKs66_FWHoKE7hrYsoROAVwYkUUiKPsW7Vr9t24"
},
{
"e": "AQAB",
"kid": "cmv84",
"kty": "RSA",
"n": "quXDonatzFRRZVir1SJnv6fBttMhm16CXGtCsaxGeli-crEuFXzF9bm-luPlwo0meRlLPJJolluv_XOO0B1ABVmE1kO-ZMhoUlxZRGLdPt2DTtAEj7m4GKjSl5140usUZZid8ieOYOXQed_yiDT71jP8sAe2YpdAKFWLyaIMER0J6N3oMZXqmiJ3sGzvdEo3NMZ_ECAl9Dzsqr0yt-oYRCcUdk6Hpf13lJ4EIcl2cszSAw3F_3Ce7TQFufNW5KxIBXu0xk4RnHnb8w5CMLvUwH3uo5-TqtvSOQqplPFmjrxxSEbQkuFFtz__HR60ls8I6VfyjVdu-uFjDBGW-bpXZQ",
"use": "sig"
}
]
}
0.671503 ------------ AuthorizationRequest ------------
0.672149 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?request=e30.eyJzY29wZSI6ICJvcGVuaWQiLCAic3RhdGUiOiAiQVg1VmZCVFBtNkpQNldkViIsICJyZWRpcmVjdF91cmkiOiAiaHR0cHM6Ly9vcC5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQ6NjAyMTEvYXV0aHpfY2IiLCAicmVzcG9uc2VfdHlwZSI6ICJjb2RlIiwgImNsaWVudF9pZCI6ICJfX2MifQ.&state=AX5VfBTPm6JP6WdV&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60211%2Fauthz_cb&response_type=code&client_id=__c&scope=openid
0.672157 --> BODY: None
Result
PARTIAL RESULT
```
More information about the Openid-specs-ab
mailing list