Hi, Some tests in the OIDC certification test suite[1] are not working for the response_type = id_token. Tests that are not working are given below.
- OP-scope-All - OP-scope-phone - OP-scope-email - OP-scope-address - OP-scope-profile - OP-Response-form_post For these tests we don't get any feedback from the test suite. When I inquire about that, OIDC certification community has opened a github issue for not giving any response.[2] I checked our response with Gluu server's response for the test "OP-scope-address". Gluu server is fully OIDC certified. The comparison is attached below. Number of parameters are same in both responses and only difference is "aud" value in id_token is returned as a list in our response where as Gluu return it as a string. As per the OIDC specification[3] "aud" value is defined as below. audREQUIRED. Audience(s) that this ID Token is intended for. It MUST contain the OAuth 2.0 client_id of the Relying Party as an audience value. It MAY also contain identifiers for other audiences. In the general case, the aud value is an array of case sensitive strings. *In the common special case when there is one audience, the aud value MAY be a single case sensitive string.* We only return one audience for "aud" value but it is returned as an array. As per the specification it is not mandatory to return a string as "aud" value when it contains only one value. How ever these same tests are finely working for other response types.(code, id_token token). In those cases also, we return the "aud" value as an array. Can you please help me on this issue? Thank you. [1] - https://op.certification.openid.net:60024 [2] - https://github.com/openid-certification/oidctest/issues/48 [3] - http://openid.net/specs/openid-connect-core-1_0.html -- *Hasini Witharana* Software Engineering Intern | WSO2 *Email : hasi...@wso2.com <hasi...@wso2.com>* *Mobile : +94713850143 <+94%2071%20385%200143>[image: http://wso2.com/signature] <http://wso2.com/signature>*
comparison
Description: Binary data
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev