[Openid-specs-ab] Issue #106: OP-request_uri-Sig (Support request_uri request parameter with signed request) no request_uri in request (openid/certification)
Edmund Jay
issues-reply at bitbucket.org
Wed Mar 18 22:51:03 UTC 2015
New issue 106: OP-request_uri-Sig (Support request_uri request parameter with signed request) no request_uri in request
https://bitbucket.org/openid/certification/issue/106/op-request_uri-sig-support-request_uri
Edmund Jay:
The test does not send the request_uri.
```
#!text
Test info
Profile: {'openid-configuration': 'config', 'extras': True, 'response_type': 'code', 'crypto': 'encrypt+sign', 'registration': 'dynamic'}
Test description: Support request_uri request parameter with signed request [Dynamic]
Test ID: OP-request_uri-Sig
Issuer: https://connect.openid4.us
Test output
__RegistrationRequest:post__
[check]
status: INFORMATION
description: Registration Response
info: {"client_id":"30ZLc0AAaODJEXJ-eEESnw","client_secret":"mxSiG0CVAVvP_w","registration_access_token":"Xj09aDeK32rqcg","registration_client_uri":"https:\/\/connect.openid4.us\/abop\/op.php\/client\/SlAvejOBLqZ532yVlHgQ1Q","client_id_issued_at":1426719009,"client_secret_expires_at":0,"contacts":["roland.hedberg at umu.se"],"application_type":"web","redirect_uris":["https:\/\/op.certification.openid.net:60103\/authz_cb","https:\/\/op.certification.openid.net:60103\/cb"],"post_logout_redirect_uris":["https:\/\/op.certification.openid.net:60103\/logout"],"jwks_uri":"https:\/\/op.certification.openid.net:60103\/export\/jwk_60103.json","subject_type":"pairwise","request_object_signing_alg":"RS256","default_max_age":3600,"require_auth_time":true,"response_types":["code"],"grant_types":["authorization_code"]}
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[authn-response-or-error]
status: OK
description: Checks that the last response was a JSON encoded authentication or error message
Trace output
0.000291 ------------ DiscoveryRequest ------------
0.000302 Provider info discover from 'https://connect.openid4.us'
0.000308 --> URL: https://connect.openid4.us/.well-known/openid-configuration
0.524207 ProviderConfigurationResponse: {
"authorization_endpoint": "https://connect.openid4.us/abop/op.php/auth",
"check_session_iframe": "https://connect.openid4.us/abop/opframe.php/1",
"claim_types_supported": [
"normal"
],
"claims_locales_supported": [
"en-US"
],
"claims_parameter_supported": true,
"claims_supported": [
"name",
"given_name",
"family_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"email",
"email_verified",
"gender",
"birthdate",
"zoneinfo",
"locale",
"phone_number",
"phone_number_verified",
"address",
"updated_at"
],
"display_values_supported": [
"page"
],
"end_session_endpoint": "https://connect.openid4.us/abop/op.php/endsession",
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"id_token_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"issuer": "https://connect.openid4.us",
"jwks_uri": "https://connect.openid4.us/connect4us.jwk",
"op_policy_uri": "https://connect.openid4.us/abop/op.php/op_policy",
"op_tos_uri": "https://connect.openid4.us/abop/op.php/op_tos",
"registration_endpoint": "https://connect.openid4.us/abop/op.php/registration",
"request_object_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"request_object_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"request_object_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_types_supported": [
"code",
"code token",
"code id_token",
"token",
"token id_token",
"code token id_token",
"id_token"
],
"scopes_supported": [
"openid",
"profile",
"email",
"address",
"phone",
"offline_access"
],
"service_documentation": "https://connect.openid4.us/abop/op.php/servicedocs",
"subject_types_supported": [
"public",
"pairwise"
],
"token_endpoint": "https://connect.openid4.us/abop/op.php/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"client_secret_jwt",
"private_key_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"ui_locales_supported": [
"en-US"
],
"userinfo_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"userinfo_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"userinfo_endpoint": "https://connect.openid4.us/abop/op.php/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"version": "3.0"
}
0.833453 JWKS: {
"keys": [
{
"e": "AQAB",
"kid": "ABOP-00",
"kty": "RSA",
"n": "tf_sB4M0sHearRLzz1q1JRgRdRnwk0lz-IcVDFlpp2dtDVyA-ZM8Tu1swp7upaTNykf7cp3Ne_6uW3JiKvRMDdNdvHWCzDHmbmZWGdnFF9Ve-D1cUxj4ETVpUM7AIXWbGs34fUNYl3Xzc4baSyvYbc3h6iz8AIdb_1bQLxJsHBi-ydg3NMJItgQJqBiwCmQYCOnJlekR-Ga2a5XlIx46Wsj3Pz0t0dzM8gVSU9fU3QrKKzDFCoFHTgig1YZNNW5W2H6QwANL5h-nbgre5sWmDmdnfiU6Pj5GOQDmp__rweinph8OAFNF6jVqrRZ3QJEmMnO42naWOsxV2FAUXafksQ"
}
]
}
0.834290 ------------ RegistrationRequest ------------
0.834658 --> URL: https://connect.openid4.us/abop/op.php/registration
0.834665 --> BODY: {"subject_type": "pairwise", "jwks_uri": "https://op.certification.openid.net:60103/export/jwk_60103.json", "contacts": ["roland.hedberg at umu.se"], "application_type": "web", "grant_types": ["authorization_code"], "post_logout_redirect_uris": ["https://op.certification.openid.net:60103/logout"], "redirect_uris": ["https://op.certification.openid.net:60103/authz_cb", "https://op.certification.openid.net:60103/cb"], "response_types": ["code"], "require_auth_time": true, "request_object_signing_alg": "RS256", "default_max_age": 3600}
0.834674 --> HEADERS: {'Content-type': 'application/json'}
1.395281 <-- STATUS: 200
1.395389 <-- BODY: {"client_id":"30ZLc0AAaODJEXJ-eEESnw","client_secret":"mxSiG0CVAVvP_w","registration_access_token":"Xj09aDeK32rqcg","registration_client_uri":"https:\/\/connect.openid4.us\/abop\/op.php\/client\/SlAvejOBLqZ532yVlHgQ1Q","client_id_issued_at":1426719009,"client_secret_expires_at":0,"contacts":["roland.hedberg at umu.se"],"application_type":"web","redirect_uris":["https:\/\/op.certification.openid.net:60103\/authz_cb","https:\/\/op.certification.openid.net:60103\/cb"],"post_logout_redirect_uris":["https:\/\/op.certification.openid.net:60103\/logout"],"jwks_uri":"https:\/\/op.certification.openid.net:60103\/export\/jwk_60103.json","subject_type":"pairwise","request_object_signing_alg":"RS256","default_max_age":3600,"require_auth_time":true,"response_types":["code"],"grant_types":["authorization_code"]}
1.396121 RegistrationResponse: {
"application_type": "web",
"client_id": "30ZLc0AAaODJEXJ-eEESnw",
"client_id_issued_at": 1426719009,
"client_secret": "mxSiG0CVAVvP_w",
"client_secret_expires_at": 0,
"contacts": [
"roland.hedberg at umu.se"
],
"default_max_age": 3600,
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:60103/export/jwk_60103.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:60103/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:60103/authz_cb",
"https://op.certification.openid.net:60103/cb"
],
"registration_access_token": "Xj09aDeK32rqcg",
"registration_client_uri": "https://connect.openid4.us/abop/op.php/client/SlAvejOBLqZ532yVlHgQ1Q",
"request_object_signing_alg": "RS256",
"require_auth_time": true,
"response_types": [
"code"
],
"subject_type": "pairwise"
}
1.398526 ------------ AuthorizationRequest ------------
1.398912 --> URL: https://connect.openid4.us/abop/op.php/auth?scope=openid&state=1YD7VFciM3htab9s&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60103%2Fauthz_cb&response_type=code&client_id=30ZLc0AAaODJEXJ-eEESnw
1.398919 --> BODY: None
3.873009 <-- state=1YD7VFciM3htab9s&session_state=4888b34cd36feb37f91e5d3916ad73c13794d7bb5ff8d4430c79967e30cc15e1.b92945a533785ca49fc5a3dd48fa7577&code=5jKNVK53XBxtxcpoUYVAEZ7Z-divLMh508PXXLf5Tbs
3.873310 AuthorizationResponse: {
"code": "5jKNVK53XBxtxcpoUYVAEZ7Z-divLMh508PXXLf5Tbs",
"session_state": "4888b34cd36feb37f91e5d3916ad73c13794d7bb5ff8d4430c79967e30cc15e1.b92945a533785ca49fc5a3dd48fa7577",
"state": "1YD7VFciM3htab9s"
}
Result
PASSED
```
More information about the Openid-specs-ab
mailing list