[Openid-specs-ab] What additional tests do we need for the 4th OpenID Connect Interop?

eraviart at easter-eggs.com eraviart at easter-eggs.com
Mon Jul 2 16:59:03 UTC 2012


Some other possible tests:

* Split the current test for the none prompt
http://osis.idcommons.net/wiki/OC4:FeatureTest-Support_prompt_value_none
into 3:
   - prompt=none without user ID hint
   - prompt=none with id_token as a hint
   - prompt=none with user_id in request object as a hint

* Displaying a logo and/or a policy URL in login page.

* Providing the same individually requested claims in both the id_token 
and the userinfo (but may be it is a stupid test with no use case)

* Providing different individually requested claims in the id_token and 
the userinfo

* Using a sector identifier for pairwise user_id.


Emmanuel


On 06/23/2012 10:06 PM, Roland Hedberg wrote:
> Sorry, midsummer is a *big* Swedish holiday ! :-)
>
> 22 jun 2012 kl. 02:59 skrev Mike Jones:
>
>>
>>   Roland, I know you’ve added these RP tests to your test suite since OC3:
>> ·         Access token request with client_secret_basic authentication
>> ·         Request with response_type code and extra query component
>> ·         Request with redirect_uri with query component
>> ·         Registration where a redirect_uri has a query component
>> ·         Registration where a redirect_uri has a fragment
>> ·         Authorization request missing the response_type parameter
>> ·         Sent redirect_uri does not match the registered redirect_uri
>> ·         Access token request with client_secret_jwt authentication
>> ·         Access token request with public_key_jwt authentication
>>
>> Roland, are there others you’ve added, either for the RP or OP?
>
> I have the once (at_hash, c_hash for OP and RP) below too.
> Apart from this I've also started to add tests with/without optional parameters.
> Also, should add tests for user info claims in the id_token.
>
>> Also, can you send us a URL for where people can access these tests to add to the test descriptions?
>
> I'll get back to this and to a description on how to use my OP to tests RP implementations.
>
>> Everyone, I know that we need to add these OP tests:
>> ·         Includes at_hash in ID Token when implicit flow used
>> ·         Includes c_hash in ID Token when code flow used
>>
>> Everyone, I know that we need to add these RP tests:
>> ·         Verifies correct at_hash when implicit flow used
>> ·         Rejects incorrect at_hash when implicit flow used
>> ·         Verifies correct c_hash when code flow used
>> ·         Rejects incorrect c_hash when code flow used
>>
>> What else am I missing?
>>
>> I have already deleted the tests that were for the ID Token.   Do we want to also delete the tests for symmetric signing of the ID token or leave them, since the spec does say how to do symmetric signing.  I’ve left these tests there for now.
>
> I've removed the symmetric signing tests from my set.
>
> -- Roland
> ------------------------------------------------------
> Roland Hedberg
> IT Architect/Senior Researcher
> ICT Services and System Development (ITS)
> Umeå University
> SE-901 87 Umeå, Sweden	
> Phone +46 90 786 68 44
> Mobile +46 70 696 68 44
> www.its.umu.se
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab


More information about the Openid-specs-ab mailing list