[Openid-specs-ab] Issue #172: Unexpected error [ERROR] TypeError:__init__() got an unexpected keyword argument 'issuer' (openid/certification)

Michael Jones issues-reply at bitbucket.org
Thu Aug 13 05:17:32 UTC 2015


New issue 172: Unexpected error [ERROR] TypeError:__init__() got an unexpected keyword argument 'issuer'
https://bitbucket.org/openid/certification/issues/172/unexpected-error-error-typeerror-__init__

Michael Jones:

In testing a new Microsoft OP endpoint, I'm getting the unexpected error  [ERROR] TypeError:__init__() got an unexpected keyword argument 'issuer' - I think when the code tries to verify the ID Token signature.

Testing at https://op.certification.openid.net:60396/ with the response types set to id_token, I do get an ID Token back that looks legal.  There is an extra "issuer" field in both of the keys at the jwks_uri.  Per the JWK spec, implementations are supposed to ignore not-understood fields, so this should be legal.  But I suspect it's the source of the error.

The ID Token header is:
```
{"typ":"JWT","alg":"RS256","x5t":"MnC_VZcATfM5pOYiJHMba9goEKY","kid":"MnC_VZcATfM5pOYiJHMba9goEKY"}
```

The ID Token claims are:
```
{"aud":"016ed0e4-fc52-4eb8-9eac-e8852c821055","iss":"https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/","iat":1439441230,"nbf":1439441230,"exp":1439445130,"ver":"2.0","tid":"9188040d-6c67-4c5b-b112-36a304b66dad","oid":"f7bc7b3b-db08-4e8c-bd8c-cda5ea9b86bd","preferred_username":"michael_b_jones at hotmail.com","idp":"live.com","sub":"5GhWuZYrWfCANADPQdwACBV5u2kJcnA2CxXHIeVqCd0","name":"Michael Jones","nonce":"jf7j4dHhXaNt"}
```

Can the code be fixed to ignore non-understood fields in the keys?

The log follows...

```

Test info
Profile: {'openid-configuration': 'config', 'response_type': 'id_token', 'crypto': 'sign', 'registration': 'static'}
Timestamp: 2015-08-13T04:52:11Z
Test description: Request with response_type=id_token [Implicit]
Test ID: OP-Response-id_token
Issuer: https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/
Test output


__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
[-]
	status: WARNING
	info: __init__() got an unexpected keyword argument 'issuer'

Trace output


0.000290 ------------ DiscoveryRequest ------------
0.000305 Provider info discover from 'https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/'
0.000313 --> URL: https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/.well-known/openid-configuration
0.647749 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize",
  "claims_parameter_supported": false,
  "claims_supported": [
    "sub",
    "iss",
    "aud",
    "exp",
    "iat",
    "auth_time",
    "acr",
    "nonce",
    "preferred_username",
    "name"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "issuer": "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/",
  "jwks_uri": "https://login.microsoftonline.com/consumers/discovery/v2.0/keys",
  "request_parameter_supported": false,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": true,
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "response_types_supported": [
    "code",
    "id_token",
    "code id_token",
    "token id_token"
  ],
  "scopes_supported": [
    "openid",
    "offline_access"
  ],
  "subject_types_supported": [
    "pairwise"
  ],
  "token_endpoint": "https://login.microsoftonline.com/consumers/oauth2/v2.0/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "private_key_jwt"
  ],
  "version": "3.0"
}
1.706101 JWKS: {
  "keys": [
    {
      "e": "AQAB",
      "issuer": "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/",
      "kid": "GvnPApfWMdLRi8PDmisFn7bprKg",
      "kty": "RSA",
      "n": "5ymq_xwmst1nstPr8YFOTyD1J5N4idYmrph7AyAv95RbWXfDRqy8CMRG7sJq-UWOKVOA4MVrd_NdV-ejj1DE5MPSiG-mZK_5iqRCDFvPYqOyRj539xaTlARNY4jeXZ0N6irZYKqSfYACjkkKxbLKcijSu1pJ48thXOTED0oNa6U",
      "use": "sig",
      "x5c": [
        "MIICWzCCAcSgAwIBAgIJAKVzMH2FfC12MA0GCSqGSIb3DQEBBQUAMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTAeFw0xMzExMTExODMzMDhaFw0xNjExMTAxODMzMDhaMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5ymq/xwmst1nstPr8YFOTyD1J5N4idYmrph7AyAv95RbWXfDRqy8CMRG7sJq+UWOKVOA4MVrd/NdV+ejj1DE5MPSiG+mZK/5iqRCDFvPYqOyRj539xaTlARNY4jeXZ0N6irZYKqSfYACjkkKxbLKcijSu1pJ48thXOTED0oNa6UCAwEAAaOBijCBhzAdBgNVHQ4EFgQURCN+4cb0pvkykJCUmpjyfUfnRMowWQYDVR0jBFIwUIAURCN+4cb0pvkykJCUmpjyfUfnRMqhLaQrMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleYIJAKVzMH2FfC12MAsGA1UdDwQEAwIBxjANBgkqhkiG9w0BAQUFAAOBgQB8v8G5/vUl8k7xVuTmMTDA878AcBKBrJ/Hp6RShmdqEGVI7SFR7IlBN1//NwD0n+IqzmnRV2PPZ7iRgMF/Fyvqi96Gd8X53ds/FaiQpZjUUtcO3fk0hDRQPtCYMII5jq+YAYjSybvF84saB7HGtucVRn2nMZc5cAC42QNYIlPMqA=="
      ],
      "x5t": "GvnPApfWMdLRi8PDmisFn7bprKg"
    },
    {
      "e": "AQAB",
      "issuer": "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0/",
      "kid": "dEtpjbEvbhfgwUI-bdK5xAU_9UQ",
      "kty": "RSA",
      "n": "x7HNcD9ZxTFRaAgZ7-gdYLkgQua3zvQseqBJIt8Uq3MimInMZoE9QGQeSML7qZPlowb5BUakdLI70ayM4vN36--0ht8-oCHhl8YjGFQkU-Iv2yahWHEP-1EK6eOEYu6INQP9Lk0HMk3QViLwshwb-KXVD02jdmX2HNdYJdPyc0c",
      "use": "sig",
      "x5c": [
        "MIICWzCCAcSgAwIBAgIJAL3MzqqEFMYjMA0GCSqGSIb3DQEBBQUAMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTAeFw0xMzExMTExOTA1MDJaFw0xOTExMTAxOTA1MDJaMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx7HNcD9ZxTFRaAgZ7+gdYLkgQua3zvQseqBJIt8Uq3MimInMZoE9QGQeSML7qZPlowb5BUakdLI70ayM4vN36++0ht8+oCHhl8YjGFQkU+Iv2yahWHEP+1EK6eOEYu6INQP9Lk0HMk3QViLwshwb+KXVD02jdmX2HNdYJdPyc0cCAwEAAaOBijCBhzAdBgNVHQ4EFgQULR0aj9AtiNMgqIY8ZyXZGsHcJ5gwWQYDVR0jBFIwUIAULR0aj9AtiNMgqIY8ZyXZGsHcJ5ihLaQrMCkxJzAlBgNVBAMTHkxpdmUgSUQgU1RTIFNpZ25pbmcgUHVibGljIEtleYIJAL3MzqqEFMYjMAsGA1UdDwQEAwIBxjANBgkqhkiG9w0BAQUFAAOBgQBshrsF9yls4ArxOKqXdQPDgHrbynZL8m1iinLI4TeSfmTCDevXVBJrQ6SgDkihl3aCj74IEte2MWN78sHvLLTWTAkiQSlGf1Zb0durw+OvlunQ2AKbK79Qv0Q+wwGuK+oymWc3GSdP1wZqk9dhrQxb3FtdU2tMke01QTut6wr7ig=="
      ],
      "x5t": "dEtpjbEvbhfgwUI-bdK5xAU_9UQ"
    }
  ]
}
1.707886 ------------ AuthorizationRequest ------------
1.708615 --> URL: https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?nonce=jf7j4dHhXaNt&state=YL9i86dLOwbskn9t&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60396%2Fauthz_cb&response_type=id_token&client_id=016ed0e4-fc52-4eb8-9eac-e8852c821055&scope=openid
1.708622 --> BODY: None
8.220372 QUERY_STRING:
8.793447 <-- id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiIwMTZlZDBlNC1mYzUyLTRlYjgtOWVhYy1lODg1MmM4MjEwNTUiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAvIiwiaWF0IjoxNDM5NDQxMjMwLCJuYmYiOjE0Mzk0NDEyMzAsImV4cCI6MTQzOTQ0NTEzMCwidmVyIjoiMi4wIiwidGlkIjoiOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwib2lkIjoiZjdiYzdiM2ItZGIwOC00ZThjLWJkOGMtY2RhNWVhOWI4NmJkIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibWljaGFlbF9iX2pvbmVzQGhvdG1haWwuY29tIiwiaWRwIjoibGl2ZS5jb20iLCJzdWIiOiI1R2hXdVpZcldmQ0FOQURQUWR3QUNCVjV1MmtKY25BMkN4WEhJZVZxQ2QwIiwibmFtZSI6Ik1pY2hhZWwgSm9uZXMiLCJub25jZSI6ImpmN2o0ZEhoWGFOdCJ9.PXPwnqIvSLWhDeNxe8avWiCCPto-Dtn8spFvxqWD4XZZ5mXLFprt0KiydydYE70OLiyVPeC44wfreNIe3uYmQ721tF4HghILOZuJd-0RU-dapkFNaD_X7Bkz3yPR3JiERLHpDomCKQ950mwsiZ_OuHvbny6CEPR-Twy-DwH_PIEow5GvUU6VNPjbpbcUjo5QELbnSX5Jf544VUPmOwZoS8Uvhrp3AnK1g2Wf1HzSKS
 PSZAZWMaUZTrp0lUdayfZSoGlers69ah-nQ2lREU-mAJ2ub-YyJTfRsnFRizmY27UM5D-PLN9jLc9VV3p7mXssWvrkmF3Hvnysz0zYCaHCOg&id_token_expires_in=3599&state=YL9i86dLOwbskn9t&session_state=0dc5cd25-04fc-4dc8-8318-303b9170fce7
9.236270 [ERROR] TypeError:__init__() got an unexpected keyword argument 'issuer'

Result
PARTIAL RESULT
```

Responsible: Rohe


More information about the Openid-specs-ab mailing list