You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found the test is omitting the response_types param so the default is to set it as only code. Then the test performs a call to the Authorization endpoint with param response_type=code+id_token. I think the registration request should specify the response_types: [code, id_token] in the registration request.
http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
response_types OPTIONAL. JSON array containing a list of the OAuth 2.0 response_type values that the Client is declaring that it will restrict itself to using. If omitted, the default is that the Client will use only the code Response Type.
I found the test is omitting the response_types param so the default is to set it as only code. Then the test performs a call to the Authorization endpoint with param response_type=code+id_token. I think the registration request should specify the response_types: [code, id_token] in the registration request.
http://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
response_types OPTIONAL. JSON array containing a list of the OAuth 2.0 response_type values that the Client is declaring that it will restrict itself to using. If omitted, the default is that the Client will use only the code Response Type.
$ ./gluu_oxauth.py | oicc.py -J - -d 'mj-05'
/Library/Python/2.7/site-packages/requests-2.5.1-py2.7.egg/requests/packages/urllib3/connectionpool.py:734: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/Library/Python/2.7/site-packages/requests-2.5.1-py2.7.egg/requests/packages/urllib3/connectionpool.py:734: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/Library/Python/2.7/site-packages/requests-2.5.1-py2.7.egg/requests/packages/urllib3/connectionpool.py:734: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
0.001117 client preferences: {}
0.001193 provider-discovery
0.001237 <-- FUNCTION: discover
0.001246 <-- ARGS: {'content': None, 'features': None, 'request_args': {'state': '2psoEjQnpzdpSz8Z'}, 'location': '', 'response': None, 'issuer': u'https://localhost:8443/'}
0.048882 Provider info: {'claims_supported': [u'locality', u'country', u'name', u'email', u'given_name', u'gluuWhitePagesListed', u'formatted', u'iname', u'sub', u'family_name', u'o', u'picture', u'postal_code', u'locale', u'region', u'street_address', u'phone_number', u'zoneinfo'], 'op_policy_uri': u'http://ox.gluu.org/doku.php?id=oxauth:policy', 'subject_types_supported': [u'public', u'pairwise'], 'request_parameter_supported': True, u'id_generation_endpoint': u'https://localhost:8443/seam/resource/restv1/id', 'userinfo_signing_alg_values_supported': [u'HS256', u'HS384', u'HS512', u'RS256', u'RS384', u'RS512', u'ES256', u'ES384', u'ES512'], 'issuer': u'https://localhost:8443', 'ui_locales_supported': [u'en', u'es'], 'id_token_encryption_enc_values_supported': [u'A128CBC+HS256', u'A256CBC+HS512', u'A128GCM', u'A256GCM'], u'federation_metadata_endpoint': u'https://localhost:8443/seam/resource/restv1/oxauth/federationmetadata', 'require_request_uri_registration': False, 'grant_types_supported': [u'authorization_code', u'implicit', u'urn:ietf:params:oauth:grant-type:jwt-bearer'], 'token_endpoint': u'https://localhost:8443/seam/resource/restv1/oxauth/token', 'request_uri_parameter_supported': True, 'version': '3.0', 'claims_locales_supported': [u'en'], 'service_documentation': u'http://ox.gluu.org/doku.php?id=oxauth:home', 'registration_endpoint': u'https://localhost:8443/seam/resource/restv1/oxauth/register', u'validate_token_endpoint': u'https://localhost:8443/seam/resource/restv1/oxauth/validate', 'jwks_uri': u'https://localhost:8443/seam/resource/restv1/oxauth/jwks', 'userinfo_encryption_alg_values_supported': [u'RSA1_5', u'RSA-OAEP', u'A128KW', u'A256KW'], u'federation_endpoint': u'https://localhost:8443/seam/resource/restv1/oxauth/federation', 'scopes_supported': [u'address', u'email', u'http://docs.kantarainitiative.org/uma/scopes/authz.json', u'clientinfo', u'http://docs.kantarainitiative.org/uma/scopes/prot.json', u'openid', u'user_name', u'phone', u'profile'], 'token_endpoint_auth_methods_supported': [u'client_secret_basic', u'client_secret_post', u'client_secret_jwt', u'private_key_jwt'], 'userinfo_encryption_enc_values_supported': [u'RSA1_5', u'RSA-OAEP', u'A128KW', u'A256KW'], 'id_token_signing_alg_values_supported': [u'HS256', u'HS384', u'HS512', u'RS256', u'RS384', u'RS512', u'ES256', u'ES384', u'ES512'], 'display_values_supported': [u'page'], 'request_object_encryption_enc_values_supported': [u'A128CBC+HS256', u'A256CBC+HS512', u'A128GCM', u'A256GCM'], 'claims_parameter_supported': True, u'clientinfo_endpoint': u'https://localhost:8443/seam/resource/restv1/oxauth/clientinfo', u'end_session_endpoint': u'https://localhost:8443/seam/resource/restv1/oxauth/end_session', u'introspection_endpoint': u'https://localhost:8443/seam/resource/restv1/introspection', 'token_endpoint_auth_signing_alg_values_supported': [u'HS256', u'HS384', u'HS512', u'RS256', u'RS384', u'RS512', u'ES256', u'ES384', u'ES512'], 'userinfo_endpoint': u'https://localhost:8443/seam/resource/restv1/oxauth/userinfo', u'scope_to_claims_mapping': [{u'scope': u'address', u'claims': [u'homePostalAddress', u'street', u'st', u'postOfficeBox', u'postalCode', u'mail', u'preferredLanguage', u'zoneinfo']}, {u'scope': u'email', u'claims': [u'mail']}, {u'scope': u'http://docs.kantarainitiative.org/uma/scopes/authz.json', u'claims': [u'mail']}, {u'scope': u'clientinfo', u'claims': [u'displayName', u'uid', u'inum', u'oxAuthAppType', u'oxAuthIdTokenSignedResponseAlg', u'oxAuthRedirectURI', u'oxAuthScope']}, {u'scope': u'http://docs.kantarainitiative.org/uma/scopes/prot.json', u'claims': []}, {u'scope': u'openid', u'claims': [u'inum']}, {u'scope': u'user_name', u'claims': []}, {u'scope': u'phone', u'claims': [u'telephoneNumber', u'mobile', u'homePhone', u'facsimileTelephoneNumber']}, {u'scope': u'profile', u'claims': [u'displayName', u'givenName', u'sn', u'preferredLanguage', u'zoneinfo', u'picture']}], 'request_object_signing_alg_values_supported': [u'none', u'HS256', u'HS384', u'HS512', u'RS256', u'RS384', u'RS512', u'ES256', u'ES384', u'ES512'], 'op_tos_uri': u'http://ox.gluu.org/doku.php?id=oxauth:tos', u'check_session_iframe': u'https://localhost:8443/opiframe.seam', 'request_object_encryption_alg_values_supported': [u'RSA1_5', u'RSA-OAEP', u'A128KW', u'A256KW'], 'response_types_supported': [u'code', u'code id_token', u'id_token', u'token id_token', u'token', u'code token id_token'], 'id_token_encryption_alg_values_supported': [u'RSA1_5', u'RSA-OAEP', u'A128KW', u'A256KW'], 'authorization_endpoint': u'https://localhost:8443/seam/resource/restv1/oxauth/authorize', 'claim_types_supported': [u'normal']}
0.049488 Client behavior: {'request_object_signing_alg': 'RS256'}
0.050057 oic-registration
0.051035 --> URL: https://localhost:8443/seam/resource/restv1/oxauth/register
0.051039 --> BODY: {"application_type": "web", "request_object_signing_alg": "RS256", "redirect_uris": ["https://seed.gluu.org/oxauth-rp/home.seam"], "state": "2psoEjQnpzdpSz8Z"}
0.051046 --> HEADERS: {'Content-type': 'application/json'}
0.074666 <-- RESPONSE: <Response [200]>
0.074745 <-- CONTENT: {
"client_id": "@!1111!0008!BDEF.7A45",
"client_secret": "f9e82b22-0239-437e-8a50-964c61cb5f4b",
"registration_access_token": "b2cf1a2c-a75d-4f2c-b507-3a28b1ca5b2d",
"registration_client_uri": "https://localhost:8443/seam/resource/restv1/oxauth/register?client_id=@!1111!0008!BDEF.7A45",
"client_id_issued_at": 1424720134,
"client_secret_expires_at": 1424720254,
"redirect_uris": ["https://seed.gluu.org/oxauth-rp/home.seam"],
"response_types": ["code"],
"application_type": "web",
"client_name": "seed.gluu.org",
"token_endpoint_auth_method": "client_secret_basic",
"subject_type": "public",
"request_object_signing_alg": "RS256",
"id_token_signed_response_alg": "RS256",
"require_auth_time": false,
"scopes": [
"address",
"email",
"http://docs.kantarainitiative.org/uma/scopes/authz.json",
"clientinfo",
"http://docs.kantarainitiative.org/uma/scopes/prot.json",
"openid",
"user_name",
"phone",
"profile"
]
}
0.074748 <-- REASON: OK
0.074756 <-- COOKIES: {}
0.075028 [RegistrationResponse]: {'client_id_issued_at': 1424720134, 'token_endpoint_auth_method': u'client_secret_basic', 'redirect_uris': [u'https://seed.gluu.org/oxauth-rp/home.seam'], u'scopes': [u'address', u'email', u'http://docs.kantarainitiative.org/uma/scopes/authz.json', u'clientinfo', u'http://docs.kantarainitiative.org/uma/scopes/prot.json', u'openid', u'user_name', u'phone', u'profile'], 'application_type': u'web', 'client_name': u'seed.gluu.org', 'registration_client_uri': u'https://localhost:8443/seam/resource/restv1/oxauth/register?client_id=@!1111!0008!BDEF.7A45', 'subject_type': u'public', 'id_token_signed_response_alg': u'RS256', 'registration_access_token': u'b2cf1a2c-a75d-4f2c-b507-3a28b1ca5b2d', 'response_types': [u'code'], 'client_id': u'@!1111!0008!BDEF.7A45', 'require_auth_time': False, 'client_secret': u'f9e82b22-0239-437e-8a50-964c61cb5f4b', 'request_object_signing_alg': u'RS256', 'client_secret_expires_at': 1424720254}
0.075044 ### extra claims: {u'scopes': [u'address', u'email', u'http://docs.kantarainitiative.org/uma/scopes/authz.json', u'clientinfo', u'http://docs.kantarainitiative.org/uma/scopes/prot.json', u'openid', u'user_name', u'phone', u'profile']}
0.075094 oic-login-code+idtoken
0.075333 --> URL: https://localhost:8443/seam/resource/restv1/oxauth/authorize?nonce=n7fzO0X2l7l3&state=2psoEjQnpzdpSz8Z&redirect_uri=https%3A%2F%2Fseed.gluu.org%2Foxauth-rp%2Fhome.seam&response_type=code+id_token&client_id=%40%211111%210008%21BDEF.7A45&scope=openid
0.075336 --> BODY: None
0.094088 <-- RESPONSE: <Response [400]>
0.094363 <-- CONTENT: {"error":"unsupported_response_type","error_description":"The authorization server does not support obtaining an access token using this method.","state":"2psoEjQnpzdpSz8Z"}
0.094367 <-- REASON: Bad Request
0.094386 <-- COOKIES: {'JSESSIONID': '87F27082B36A5A7937C3297EFF7F4C78'}
Couldn't find the check: 'check-nonce'
[RUN] ExcList: Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oictest-0.3.0-py2.7.egg/oauth2test/init.py", line 222, in run
conv.do_sequence(_spec)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oictest-0.3.0-py2.7.egg/rrtest/tool.py", line 357, in do_sequence
self.test_sequence(oper["tests"]["post"])
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oictest-0.3.0-py2.7.egg/rrtest/tool.py", line 118, in test_sequence
self.do_check(test, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oictest-0.3.0-py2.7.egg/rrtest/tool.py", line 90, in do_check
chk = self.check_factory(test)(**kwargs)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/oictest-0.3.0-py2.7.egg/oictest/check.py", line 2120, in factory
raise Unknown("Couldn't find the check: '%s'" % cid)
Unknown: Couldn't find the check: 'check-nonce'
[RUN] Exception: Couldn't find the check: 'check-nonce'
The text was updated successfully, but these errors were encountered: