[Openid-specs-ab] Issue #65: OP-redirect_uri-RegFrag (Reject registration where a redirect_uri has a fragment) Shows failed when registration is rejected (openid/certification)

Edmund Jay issues-reply at bitbucket.org
Thu Feb 19 21:53:19 UTC 2015


New issue 65: OP-redirect_uri-RegFrag (Reject registration where a redirect_uri has a fragment) Shows failed when registration is rejected
https://bitbucket.org/openid/certification/issue/65/op-redirect_uri-regfrag-reject

Edmund Jay:

The registration request is rejected by the OP but the test shows it as failure.


```
#!text

Test info

Profile: {'profile': 'CIT', 'sub': 'none', 'register': True, 'discover': True, 'extra': False}
Test ID: OP-redirect_uri-RegFrag
Issuer: https://connect.openid4.us
Test output


[-]
	status: ERROR
	info: invalid_redirect_uri
Trace output


0.000233 ------------ DiscoveryRequest ------------
0.000241 Provider info discover from 'https://connect.openid4.us/'
0.000248 --> URL: https://connect.openid4.us/.well-known/openid-configuration
0.860709 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://connect.openid4.us/abop/op.php/auth",
  "check_session_iframe": "https://connect.openid4.us/abop/opframe.php/1",
  "claim_types_supported": [
    "normal"
  ],
  "claims_locales_supported": [
    "en-US"
  ],
  "claims_parameter_supported": true,
  "claims_supported": [
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "preferred_username",
    "profile",
    "picture",
    "website",
    "email",
    "email_verified",
    "gender",
    "birthdate",
    "zoneinfo",
    "locale",
    "phone_number",
    "phone_number_verified",
    "address",
    "updated_at"
  ],
  "display_values_supported": [
    "page"
  ],
  "end_session_endpoint": "https://connect.openid4.us/abop/op.php/endsession",
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512",
    "A128GCM",
    "A256GCM"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "issuer": "https://connect.openid4.us",
  "jwks_uri": "https://connect.openid4.us/connect4us.jwk",
  "op_policy_uri": "https://connect.openid4.us/abop/op.php/op_policy",
  "op_tos_uri": "https://connect.openid4.us/abop/op.php/op_tos",
  "registration_endpoint": "https://connect.openid4.us/abop/op.php/registration",
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512",
    "A128GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": false,
  "response_types_supported": [
    "code",
    "code token",
    "code id_token",
    "token",
    "token id_token",
    "code token id_token",
    "id_token"
  ],
  "scopes_supported": [
    "openid",
    "profile",
    "email",
    "address",
    "phone",
    "offline_access"
  ],
  "service_documentation": "https://connect.openid4.us/abop/op.php/servicedocs",
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "token_endpoint": "https://connect.openid4.us/abop/op.php/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "ui_locales_supported": [
    "en-US"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512",
    "A128GCM",
    "A256GCM"
  ],
  "userinfo_endpoint": "https://connect.openid4.us/abop/op.php/userinfo",
  "userinfo_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "version": "3.0"
}
1.613531 JWKS: {
  "keys": [
    {
      "e": "AQAB",
      "kid": "ABOP-00",
      "kty": "RSA",
      "n": "tf_sB4M0sHearRLzz1q1JRgRdRnwk0lz-IcVDFlpp2dtDVyA-ZM8Tu1swp7upaTNykf7cp3Ne_6uW3JiKvRMDdNdvHWCzDHmbmZWGdnFF9Ve-D1cUxj4ETVpUM7AIXWbGs34fUNYl3Xzc4baSyvYbc3h6iz8AIdb_1bQLxJsHBi-ydg3NMJItgQJqBiwCmQYCOnJlekR-Ga2a5XlIx46Wsj3Pz0t0dzM8gVSU9fU3QrKKzDFCoFHTgig1YZNNW5W2H6QwANL5h-nbgre5sWmDmdnfiU6Pj5GOQDmp__rweinph8OAFNF6jVqrRZ3QJEmMnO42naWOsxV2FAUXafksQ"
    }
  ]
}
1.614268 ------------ RegistrationRequest ------------
1.614690 --> URL: https://connect.openid4.us/abop/op.php/registration
1.614698 --> BODY: {"subject_type": "public", "jwks_uri": "https://oictest.umdc.umu.se:8102/export/jwk_8102.json", "application_type": "web", "grant_types": ["authorization_code", "implicit"], "redirect_uris": ["https://oictest.umdc.umu.se:8102/authz_cb#foobar"], "response_types": ["code id_token token"], "require_auth_time": true, "scope": ["openid", "profile", "email", "address", "phone"], "default_max_age": 3600}
1.614706 --> HEADERS: {'Content-type': 'application/json'}
2.507882 <-- STATUS: 400
2.508016 ErrorResponse: {
  "error": "invalid_redirect_uri",
  "error_description": "redirect_uris is invalid"
}
2.508430 [ERROR] unicode:invalid_redirect_uri
Result

FAILED
```




More information about the Openid-specs-ab mailing list