[Openid-specs-ab] Issue #110: Rejects redirect_uri when query parameter does not match [Dynamic] (OP-redirect_uri-BadQuery) (openid/certification)

John Bradley issues-reply at bitbucket.org
Thu Mar 19 14:34:19 UTC 2015


New issue 110: Rejects redirect_uri when query parameter does not match [Dynamic] (OP-redirect_uri-BadQuery)
https://bitbucket.org/openid/certification/issue/110/rejects-redirect_uri-when-query-parameter

John Bradley:

The test is registering a redirect URI.
"redirect_uris": ["https://op.certification.openid.net:60054/authz_cb?foo=bar"]

The request has:
redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60054%2Fauthz_cb%3Fbar%3Dfoo

MitreID has incorrect matching and is returning a positive authentication and this is showing as pass.

The Ping server 60050 is properly returning a 400 to the user but is shown as failing.



Responsible: Rohe


More information about the Openid-specs-ab mailing list