[Openid-specs-ab] FW: Post Implementers Draft 1 features added to OC4 interop

Mike Jones Michael.Jones at microsoft.com
Wed Aug 22 15:03:23 UTC 2012


FYI

From: Mike Jones
Sent: Wednesday, August 22, 2012 8:03 AM
To: openid-connect-interop at googlegroups.com
Subject: Post Implementers Draft 1 features added to OC4 interop

Tests for the features added or changed since the first OpenID Connect implementer's drafts have been added to the OC4 interop.  31 OP tests and 10 RP tests have been added.  They are:

OP Tests:
Includes at_hash in ID Token when Implicit Flow Used
Includes c_hash in ID Token when Code Flow Used
Reject Request Without response_type
Ignores Extra Query Component in Request
Preserves Query Parameter in redirect_uri
Preserves Query Parameter in Registered redirect_uri
Rejects redirect_uri when Query Parameter Does Not Match
Reject Registration of redirect_uri with Fragment
Reject redirect_uri Not Matching a Registered redirect_uri
Accept Request Without redirect_uri when One Registered
Reject Request Without redirect_uri when Multiple Registered
Support Registration Update
Support Registration Secret Rotation
Support id_token Hint Parameter
Support Request Object Specifying user_id Value
Displays Logo in Login Page
Displays Policy URL in Login Page
Supports Returning Claims in ID Token
Supports Returning Different Claims in ID Token and UserInfo Endpoint
Supports Combining Claims Requested with scope and Request Object
Supports using Sector Identifier for Pairwise user_id Values
Rejects Sector Identifier Not Containing Registered redirect_uri Values
Support Requests Containing nonce
Support Requests Without nonce
Reject Requests Without nonce Using Implicit Flow
Providing Individually Requested Essential Claims
Providing Individually Requested Voluntary Claims
Providing Individually Requested Essential and Voluntary Claims
Providing ID Token with Essential auth_time Claim
Providing ID Token with Essential acr Claim
Providing ID Token with Voluntary acr Claim

RP Tests:
Verifies Correct at_hash when Implicit Flow Used
Rejects Incorrect at_hash when Implicit Flow Used
Verifies Correct c_hash when Code Flow Used
Rejects Incorrect c_hash when Code Flow Used
Can Request and Use Claims in id_token
Can Use Self-Issued OP
Can Make Access Token Request with client_secret_basic Authentication
Can Make Access Token Request with client_secret_post Authentication
Can Make Access Token Request with private_key_jwt Authentication
Can Make Access Token Request with client_secret_jwt Authentication

Also, six OP tests were removed because of the change from "required" to "essential" claims and "optional" to "voluntary" claims.  They were replaced by the corresponding tests above using the new claims request syntax.

                                                            -- Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120822/a029a100/attachment.html>


More information about the Openid-specs-ab mailing list