[Openid-specs-ab] Issue #95: OP-request-Unsigned has malformed request object value (openid/certification)

Brian Campbell issues-reply at bitbucket.org
Mon Mar 16 12:53:56 UTC 2015


New issue 95: OP-request-Unsigned has malformed request object value
https://bitbucket.org/openid/certification/issue/95/op-request-unsigned-has-malformed-request

Brian Campbell:

The value of the request parameter is 
```
#!text

e30.eyJzY29wZSI6ICJvcGVuaWQiLCAic3RhdGUiOiAiQVg1VmZCVFBtNkpQNldkViIsICJyZWRpcmVjdF91cmkiOiAiaHR0cHM6Ly9vcC5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQ6NjAyMTEvYXV0aHpfY2IiLCAicmVzcG9uc2VfdHlwZSI6ICJjb2RlIiwgImNsaWVudF9pZCI6ICJfX2MifQ.
```

which isn't a JOSE object b/c it has an empty header with no alg set. Should be {"alg":"none"}


```
#!text


Test info
Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'none+sign', 'registration': 'static'}
Test description: Support request request parameter with unsigned request [Basic, Implicit, Hybrid, Dynamic]
Test ID: OP-request-Unsigned
Issuer: https://gold.pinglabs.net
Test output


__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server

Trace output


0.000266 ------------ DiscoveryRequest ------------
0.000276 Provider info discover from 'https://gold.pinglabs.net/'
0.000282 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
0.316647 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
  "claim_types_supported": [
    "normal"
  ],
  "claims_parameter_supported": false,
  "claims_supported": [
    "address",
    "birthdate",
    "email",
    "email_verified",
    "family_name",
    "gender",
    "given_name",
    "locale",
    "middle_name",
    "name",
    "nickname",
    "phone_number",
    "picture",
    "preferred_username",
    "profile",
    "sub",
    "website",
    "zoneinfo"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512"
  ],
  "issuer": "https://gold.pinglabs.net",
  "jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
  "ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
  "ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
  "request_object_signing_alg_values_supported": [
    "none"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": true,
  "response_modes_supported": [
    "fragment",
    "query",
    "form_post"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code token",
    "code id_token",
    "token id_token",
    "code token id_token"
  ],
  "revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
  "scopes_supported": [
    "product",
    "phone",
    "pingone-native-application",
    "address",
    "email",
    "admin",
    "edit",
    "openid",
    "profile"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
  "version": "3.0"
}
0.670720 JWKS: {
  "keys": [
    {
      "crv": "P-521",
      "kid": "cmv7x",
      "kty": "EC",
      "use": "sig",
      "x": "AdVDqUeeGfH1wJGv_XJRdyI3-ozYTQCLSlicuoLsQvdMuJ2LT2iXgvxf52sroEORGuotAtYVjMwrTqIsdCw5lpPV",
      "y": "ANWHbwIsrOQzXGXKjBoSVGEKKdarPKQ0tYw4P_5f7wbfMTN8wP-8bSon06eELsDFTHblKfvPLEnj7TW199oSlUiV"
    },
    {
      "crv": "P-384",
      "kid": "cmv7y",
      "kty": "EC",
      "use": "sig",
      "x": "i4f6tixXMC6RCMoDuPD_3VVCPCFOpHoyS5MHg89roXZk6rVB59Db-wVx84Kj4wjS",
      "y": "o4SpmYf8T_quE3btkB6KZg2-bagyVssRC5g2pGlhlX3ksXoSMlCNaXKPHxSVNLPv"
    },
    {
      "crv": "P-256",
      "kid": "cmv7z",
      "kty": "EC",
      "use": "sig",
      "x": "FfQ0s_N63ODJO22EDBku8cUz4P0BNgfK2WcquyhZhs0",
      "y": "amzQqB-eksQg9XyST7xRKRBjgiU4Wl3lTUszh-wio6I"
    },
    {
      "e": "AQAB",
      "kid": "cmv80",
      "kty": "RSA",
      "n": "kuz1y0m9umRGa73uTdvoubrBtO_6uzfo_2mNrHn2Wel439aI0IJKjVoERkuhZEY7g_E84NYA9zOEAoan8Jc097DRYIkvEtmrY8NRyAVcbDwmWtYNIIuvFTjhUI2y6hTBvgYqgZ-TP6ipjKZTaEfIht92g6weZF2Mt3HAyg_ACSgC0s4Pk0Zk-NxgUzCo2omIJ-g4_1zpYuvqMm0SBKjqlTIwW1KsAfC2tJoNF6nLP2NZ6nj9-9QpoUgXeDyufRRcFZIp0JiYNIIGAf3LZlpupyQJrzp_-6fSKMTp2MwEqrjx7JQgzMh-EMF2j_iIN0SrBdOv1t2s16G6hC1he-_6-Q",
      "use": "sig"
    },
    {
      "crv": "P-521",
      "kid": "cmv81",
      "kty": "EC",
      "use": "sig",
      "x": "AZTr3o1ealCxcTh32jGvwbV2ZAIpGQUEtZaCIWwJ-qbBX5dOfC3CvGjpt3rdZUuh7tI_ez4Km7OmoXslcFAVlNTJ",
      "y": "ADBe65DUE9UxoAIjFgeOa-9FveGRnTtCHKMuKiQ1iu-yGnytZuFPhJajR-piwNbirc_0_ZpBnjcXmPGyLw0tQTyf"
    },
    {
      "crv": "P-384",
      "kid": "cmv82",
      "kty": "EC",
      "use": "sig",
      "x": "N3aDyUVeoCcH90DPAhkLOdk5OwdP6MJNYYnd79pSrHt8NKzeRYLoo1bMe6KAgHO_",
      "y": "xufmmsZagcToXcsEuC-l4-p3Ud4ZSML-OQ908clt__9VRx1GSm8dvGMgNcVSolx7"
    },
    {
      "crv": "P-256",
      "kid": "cmv83",
      "kty": "EC",
      "use": "sig",
      "x": "OhpTqxvHP83tvAmlembVhfeIwHb_RW3hcQxfaXwVcfo",
      "y": "irW1CKs66_FWHoKE7hrYsoROAVwYkUUiKPsW7Vr9t24"
    },
    {
      "e": "AQAB",
      "kid": "cmv84",
      "kty": "RSA",
      "n": "quXDonatzFRRZVir1SJnv6fBttMhm16CXGtCsaxGeli-crEuFXzF9bm-luPlwo0meRlLPJJolluv_XOO0B1ABVmE1kO-ZMhoUlxZRGLdPt2DTtAEj7m4GKjSl5140usUZZid8ieOYOXQed_yiDT71jP8sAe2YpdAKFWLyaIMER0J6N3oMZXqmiJ3sGzvdEo3NMZ_ECAl9Dzsqr0yt-oYRCcUdk6Hpf13lJ4EIcl2cszSAw3F_3Ce7TQFufNW5KxIBXu0xk4RnHnb8w5CMLvUwH3uo5-TqtvSOQqplPFmjrxxSEbQkuFFtz__HR60ls8I6VfyjVdu-uFjDBGW-bpXZQ",
      "use": "sig"
    }
  ]
}
0.671503 ------------ AuthorizationRequest ------------
0.672149 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?request=e30.eyJzY29wZSI6ICJvcGVuaWQiLCAic3RhdGUiOiAiQVg1VmZCVFBtNkpQNldkViIsICJyZWRpcmVjdF91cmkiOiAiaHR0cHM6Ly9vcC5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQ6NjAyMTEvYXV0aHpfY2IiLCAicmVzcG9uc2VfdHlwZSI6ICJjb2RlIiwgImNsaWVudF9pZCI6ICJfX2MifQ.&state=AX5VfBTPm6JP6WdV&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60211%2Fauthz_cb&response_type=code&client_id=__c&scope=openid
0.672157 --> BODY: None

Result
PARTIAL RESULT

```





More information about the Openid-specs-ab mailing list