[Openid-specs-ab] Issue #127: [OP-redirect_uri-RegFrag] - Server returns error, test doesn't recognize it (openid/certification)
Justin Richer
issues-reply at bitbucket.org
Mon Mar 23 14:22:14 UTC 2015
New issue 127: [OP-redirect_uri-RegFrag] - Server returns error, test doesn't recognize it
https://bitbucket.org/openid/certification/issue/127/op-redirect_uri-regfrag-server-returns
Justin Richer:
The server returns an HTTP 400 with an "invalid_redirect_uri" error message, but the test doesn't recognize this as a correct response.
Test info
Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'none+sign+encrypt', 'registration': 'dynamic'}
Timestamp: 2015-03-23T14:20:14Z
Test description: Reject registration where a redirect_uri has a fragment [Dynamic]
Test ID: OP-redirect_uri-RegFrag
Issuer: https://mitreid.org/
Test output
__RegistrationRequest:post__
[check]
status: INFORMATION
description: Registration Response
info: {"error":"invalid_redirect_uri","error_description":"Redirect URI can not have a fragment"}
__After completing the test flow:__
[verify-response]
status: WARNING
description: Checks that the last response was one of a possible set of OpenID Connect Responses
info: An error response I didn't expect
__X:==== END ====__
Trace output
0.000292 ------------ DiscoveryRequest ------------
0.000303 Provider info discover from 'https://mitreid.org/'
0.000309 --> URL: https://mitreid.org/.well-known/openid-configuration
0.093362 ProviderConfigurationResponse: {
"authorization_endpoint": "https://mitreid.org/authorize",
"claim_types_supported": [
"normal"
],
"claims_parameter_supported": false,
"claims_supported": [
"sub",
"name",
"preferred_username",
"given_name",
"family_name",
"middle_name",
"nickname",
"profile",
"picture",
"website",
"gender",
"zone_info",
"locale",
"updated_time",
"birthdate",
"email",
"email_verified",
"phone_number",
"address"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"client_credentials",
"urn:ietf:params:oauth:grant_type:redelegate"
],
"id_token_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"id_token_encryption_enc_values_supported": [
"A256CBC+HS512",
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128CBC+HS256"
],
"id_token_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512",
"none"
],
"introspection_endpoint": "https://mitreid.org/introspect",
"issuer": "https://mitreid.org/",
"jwks_uri": "https://mitreid.org/jwk",
"op_policy_uri": "https://mitreid.org/about",
"op_tos_uri": "https://mitreid.org/about",
"registration_endpoint": "https://mitreid.org/register",
"request_object_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"request_object_encryption_enc_values_supported": [
"A256CBC+HS512",
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128CBC+HS256"
],
"request_object_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": false,
"require_request_uri_registration": false,
"response_types_supported": [
"code",
"token"
],
"revocation_endpoint": "https://mitreid.org/revoke",
"scopes_supported": [
"openid",
"profile",
"email",
"address",
"phone",
"offline_access"
],
"service_documentation": "https://mitreid.org/about",
"subject_types_supported": [
"public",
"pairwise"
],
"token_endpoint": "https://mitreid.org/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"client_secret_jwt",
"private_key_jwt",
"none"
],
"token_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"userinfo_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"userinfo_encryption_enc_values_supported": [
"A256CBC+HS512",
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128CBC+HS256"
],
"userinfo_endpoint": "https://mitreid.org/userinfo",
"userinfo_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"version": "3.0"
}
0.174564 JWKS: {
"keys": [
{
"alg": "RS256",
"e": "AQAB",
"kid": "rsa1",
"kty": "RSA",
"n": "23zs5r8PQKpsKeoUd2Bjz3TJkUljWqMD8X98SaIb1LE7dCQzi9jwO58FGL0ieY1Dfnr9-g1iiY8sNzV-byawK98W9yFiopaghfoKtxXgUD8pi0fLPeWmAkntjn28Z_WZvvA265ELbBhphPXEJcFhdzUfgESHVuqFMEqp1pB-CP0"
}
]
}
0.175511 ------------ RegistrationRequest ------------
0.175873 --> URL: https://mitreid.org/register
0.175879 --> BODY: {"subject_type": "public", "jwks_uri": "https://op.certification.openid.net:60061/export/jwk_60061.json", "contacts": ["roland.hedberg at umu.se"], "application_type": "web", "grant_types": ["authorization_code"], "post_logout_redirect_uris": ["https://op.certification.openid.net:60061/logout"], "redirect_uris": ["https://op.certification.openid.net:60061/authz_cb#foobar"], "response_types": ["code"], "require_auth_time": true, "default_max_age": 3600}
0.175888 --> HEADERS: {'Content-type': 'application/json'}
0.260492 <-- STATUS: 400
0.260611 ErrorResponse: {
"error": "invalid_redirect_uri",
"error_description": "Redirect URI can not have a fragment"
}
0.261773 ==== END ====
Result
WARNING Warnings: An error response I didn't expect
Responsible: Rohe
More information about the Openid-specs-ab
mailing list