Difference between revisions of "OC5:OP Features"
(claims request -> claims request parameter) |
(Remove features that aren't testable) |
||
| (11 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{DT Article|index=}} | {{DT Article|index=}} | ||
__NOTOC__ | __NOTOC__ | ||
| + | |||
| + | ==Feature-ID Token has Issuer== | ||
| + | {{Feature | ||
| + | |feature_id = ID Token has Issuer | ||
| + | |feature_description = ID Token has Issuer | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = The ID Token has an "iss" claim containing the OP's issuer identifier | ||
| + | |acceptable = Works | ||
| + | |not_acceptable = Fails | ||
| + | |testlist = [[OC5:FeatureTest-ID Token has Issuer]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
| + | }} | ||
| + | |||
| + | ==Feature-ID Token has Subject== | ||
| + | {{Feature | ||
| + | |feature_id = ID Token has Subject | ||
| + | |feature_description = ID Token has Subject | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = The ID Token has a "sub" claim containing an identifier for the End-User's account | ||
| + | |acceptable = Works | ||
| + | |not_acceptable = Fails | ||
| + | |testlist = [[OC5:FeatureTest-ID Token has Subject]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
| + | }} | ||
| + | |||
| + | ==Feature-ID Token has Audience== | ||
| + | {{Feature | ||
| + | |feature_id = ID Token has Audience | ||
| + | |feature_description = ID Token has Audience | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = The ID Token has an "aud" claim containing the RP's Client ID | ||
| + | |acceptable = Works | ||
| + | |not_acceptable = Fails | ||
| + | |testlist = [[OC5:FeatureTest-ID Token has Audience]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
| + | }} | ||
| + | |||
| + | ==Feature-ID Token has Key ID== | ||
| + | {{Feature | ||
| + | |feature_id = ID Token has Key ID | ||
| + | |feature_description = ID Token has Key ID | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = The ID Token has a "kid" claim containing the Key ID for the key used to sign the ID Token | ||
| + | |acceptable = Works | ||
| + | |not_acceptable = Fails | ||
| + | |testlist = [[OC5:FeatureTest-ID Token has Key ID]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
| + | }} | ||
==Feature-Support id_token Response Type== | ==Feature-Support id_token Response Type== | ||
| Line 26: | Line 82: | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
|testlist = [[OC5:FeatureTest-Support code Response Type]] | |testlist = [[OC5:FeatureTest-Support code Response Type]] | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = OC3 | |maturity_date = OC3 | ||
| Line 82: | Line 124: | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
|testlist = [[OC5:FeatureTest-Support Combination of code token Response Types]] | |testlist = [[OC5:FeatureTest-Support Combination of code token Response Types]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 96: | Line 138: | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
|testlist = [[OC5:FeatureTest-Support Combination of code id_token token Response Types]] | |testlist = [[OC5:FeatureTest-Support Combination of code id_token token Response Types]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 168: | Line 210: | ||
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = OC3 | |maturity_date = OC3 | ||
| + | }} | ||
| + | |||
| + | ==Feature-UserInfo has Subject== | ||
| + | {{Feature | ||
| + | |feature_id = UserInfo has Subject | ||
| + | |feature_description = UserInfo has Subject | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = The UserInfo Endpoint result has a "sub" value matching the "sub" claim value in the ID Token | ||
| + | |acceptable = Works | ||
| + | |not_acceptable = Fails | ||
| + | |testlist = [[OC5:FeatureTest-UserInfo has Subject]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
}} | }} | ||
| Line 289: | Line 345: | ||
|solution_role = OP | |solution_role = OP | ||
|test_description = Exchange with max_age request value of 30 seconds | |test_description = Exchange with max_age request value of 30 seconds | ||
| − | |acceptable = | + | |acceptable = auth_time claim returned and causes reauthentication when authentication age over 30 seconds |
|not_acceptable = Fails | |not_acceptable = Fails | ||
|testlist = [[OC5:FeatureTest-Providing ID Token with max_age Restriction]] | |testlist = [[OC5:FeatureTest-Providing ID Token with max_age Restriction]] | ||
| Line 422: | Line 478: | ||
}} | }} | ||
| − | ==Feature- | + | ==Feature-Support Registration Read== |
{{Feature | {{Feature | ||
| − | |feature_id = | + | |feature_id = Support Registration Read |
| − | |feature_description = | + | |feature_description = Support Registration Read |
|feature_type = interop | |feature_type = interop | ||
|solution_role = OP | |solution_role = OP | ||
| − | |test_description = | + | |test_description = Read information about registered client |
|acceptable = Works | |acceptable = Works | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
| − | |testlist = [[OC5:FeatureTest- | + | |testlist = [[OC5:FeatureTest-Support Registration Read]] |
| − | |maturity_status = | + | |maturity_status = New |
| − | |maturity_date = | + | |maturity_date = OC5 |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
}} | }} | ||
| Line 488: | Line 530: | ||
|not_acceptable = The public and pairwise sub values are the same | |not_acceptable = The public and pairwise sub values are the same | ||
|testlist = [[OC5:FeatureTest-Public and pairwise sub Values Differ]] | |testlist = [[OC5:FeatureTest-Public and pairwise sub Values Differ]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| − | ==Feature-Support Request | + | ==Feature-Support request_uri Request Parameter== |
{{Feature | {{Feature | ||
| − | |feature_id = Support Request | + | |feature_id = Support request_uri Request Parameter |
| − | |feature_description = Support Request | + | |feature_description = Support request_uri Request Parameter |
|feature_type = interop | |feature_type = interop | ||
|solution_role = OP | |solution_role = OP | ||
| − | |test_description = Exchange with request_uri | + | |test_description = Exchange with request_uri referencing Request Object using alg none |
|acceptable = Works | |acceptable = Works | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
| − | |testlist = [[OC5:FeatureTest-Support Request | + | |testlist = [[OC5:FeatureTest-Support request_uri Request Parameter]] |
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = OC3 | |maturity_date = OC3 | ||
| Line 516: | Line 558: | ||
|not_acceptable = at_hash not returned or incorrectly computed | |not_acceptable = at_hash not returned or incorrectly computed | ||
|testlist = [[OC5:FeatureTest-Includes at_hash in ID Token when Implicit Flow Used]] | |testlist = [[OC5:FeatureTest-Includes at_hash in ID Token when Implicit Flow Used]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 530: | Line 572: | ||
|not_acceptable = c_hash not returned or incorrectly computed | |not_acceptable = c_hash not returned or incorrectly computed | ||
|testlist = [[OC5:FeatureTest-Includes c_hash in ID Token when Code Flow Used]] | |testlist = [[OC5:FeatureTest-Includes c_hash in ID Token when Code Flow Used]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 544: | Line 586: | ||
|not_acceptable = Request is accepted | |not_acceptable = Request is accepted | ||
|testlist = [[OC5:FeatureTest-Reject Request Without response_type]] | |testlist = [[OC5:FeatureTest-Reject Request Without response_type]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 558: | Line 600: | ||
|not_acceptable = Request fails | |not_acceptable = Request fails | ||
|testlist = [[OC5:FeatureTest-Ignores Extra Query Component in Request]] | |testlist = [[OC5:FeatureTest-Ignores Extra Query Component in Request]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 572: | Line 614: | ||
|not_acceptable = Query param not included | |not_acceptable = Query param not included | ||
|testlist = [[OC5:FeatureTest-Preserves Query Parameter in redirect_uri]] | |testlist = [[OC5:FeatureTest-Preserves Query Parameter in redirect_uri]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 586: | Line 628: | ||
|not_acceptable = Discards query component | |not_acceptable = Discards query component | ||
|testlist = [[OC5:FeatureTest-Preserves Query Parameter in Registered redirect_uri]] | |testlist = [[OC5:FeatureTest-Preserves Query Parameter in Registered redirect_uri]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 600: | Line 642: | ||
|not_acceptable = Accepts request | |not_acceptable = Accepts request | ||
|testlist = [[OC5:FeatureTest-Rejects redirect_uri when Query Parameter Does Not Match]] | |testlist = [[OC5:FeatureTest-Rejects redirect_uri when Query Parameter Does Not Match]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 614: | Line 656: | ||
|not_acceptable = Request is accepted | |not_acceptable = Request is accepted | ||
|testlist = [[OC5:FeatureTest-Reject Registration of redirect_uri with Fragment]] | |testlist = [[OC5:FeatureTest-Reject Registration of redirect_uri with Fragment]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 628: | Line 670: | ||
|not_acceptable = Request is accepted | |not_acceptable = Request is accepted | ||
|testlist = [[OC5:FeatureTest-Reject redirect_uri Not Matching a Registered redirect_uri]] | |testlist = [[OC5:FeatureTest-Reject redirect_uri Not Matching a Registered redirect_uri]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 642: | Line 684: | ||
|not_acceptable = Request is rejected | |not_acceptable = Request is rejected | ||
|testlist = [[OC5:FeatureTest-Accept Request Without redirect_uri when One Registered]] | |testlist = [[OC5:FeatureTest-Accept Request Without redirect_uri when One Registered]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 656: | Line 698: | ||
|not_acceptable = Request is accepted | |not_acceptable = Request is accepted | ||
|testlist = [[OC5:FeatureTest-Reject Request Without redirect_uri when Multiple Registered]] | |testlist = [[OC5:FeatureTest-Reject Request Without redirect_uri when Multiple Registered]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| − | ==Feature-Support | + | ==Feature-Support id_token_hint Request Parameter== |
{{Feature | {{Feature | ||
| − | |feature_id = Support | + | |feature_id = Support id_token_hint Request Parameter |
| − | |feature_description = Support | + | |feature_description = Support id_token_hint Request Parameter |
|feature_type = interop | |feature_type = interop | ||
|solution_role = OP | |solution_role = OP | ||
| − | |test_description = Receive request with | + | |test_description = Receive request with id_token_hint request parameter |
|acceptable = Works | |acceptable = Works | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
| − | |testlist = [[OC5:FeatureTest-Support | + | |testlist = [[OC5:FeatureTest-Support id_token_hint Request Parameter]] |
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 684: | Line 726: | ||
|not_acceptable = Other behaviors | |not_acceptable = Other behaviors | ||
|testlist = [[OC5:FeatureTest-Support claims Request Specifying sub Value]] | |testlist = [[OC5:FeatureTest-Support claims Request Specifying sub Value]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 698: | Line 740: | ||
|not_acceptable = Other behaviors | |not_acceptable = Other behaviors | ||
|testlist = [[OC5:FeatureTest-Support claims Request Specifying sub Value when prompt none Used]] | |testlist = [[OC5:FeatureTest-Support claims Request Specifying sub Value when prompt none Used]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 712: | Line 754: | ||
|not_acceptable = Not shown | |not_acceptable = Not shown | ||
|testlist = [[OC5:FeatureTest-Displays Logo in Login Page]] | |testlist = [[OC5:FeatureTest-Displays Logo in Login Page]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 726: | Line 768: | ||
|not_acceptable = Not shown | |not_acceptable = Not shown | ||
|testlist = [[OC5:FeatureTest-Displays Policy URI in Login Page]] | |testlist = [[OC5:FeatureTest-Displays Policy URI in Login Page]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 740: | Line 782: | ||
|not_acceptable = Claims not returned in ID Token or returned at UserInfo endpoint | |not_acceptable = Claims not returned in ID Token or returned at UserInfo endpoint | ||
|testlist = [[OC5:FeatureTest-Supports Returning Claims in ID Token]] | |testlist = [[OC5:FeatureTest-Supports Returning Claims in ID Token]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 754: | Line 796: | ||
|not_acceptable = Claims are not returned or are returned at the wrong locations | |not_acceptable = Claims are not returned or are returned at the wrong locations | ||
|testlist = [[OC5:FeatureTest-Supports Returning Different Claims in ID Token and UserInfo Endpoint]] | |testlist = [[OC5:FeatureTest-Supports Returning Different Claims in ID Token and UserInfo Endpoint]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 768: | Line 810: | ||
|not_acceptable = Not all of the claims requested are returned | |not_acceptable = Not all of the claims requested are returned | ||
|testlist = [[OC5:FeatureTest-Supports Combining Claims Requested with scope and claims Request Parameter]] | |testlist = [[OC5:FeatureTest-Supports Combining Claims Requested with scope and claims Request Parameter]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 782: | Line 824: | ||
|not_acceptable = Different pairwise sub values returned when sector identifier contains the redirect_uri values | |not_acceptable = Different pairwise sub values returned when sector identifier contains the redirect_uri values | ||
|testlist = [[OC5:FeatureTest-Supports using Sector Identifier for Pairwise sub Values]] | |testlist = [[OC5:FeatureTest-Supports using Sector Identifier for Pairwise sub Values]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 796: | Line 838: | ||
|not_acceptable = Request succeeds | |not_acceptable = Request succeeds | ||
|testlist = [[OC5:FeatureTest-Rejects Sector Identifier Not Containing Registered redirect_uri Values]] | |testlist = [[OC5:FeatureTest-Rejects Sector Identifier Not Containing Registered redirect_uri Values]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 810: | Line 852: | ||
|not_acceptable = Nonce value not returned | |not_acceptable = Nonce value not returned | ||
|testlist = [[OC5:FeatureTest-Support Requests Containing nonce]] | |testlist = [[OC5:FeatureTest-Support Requests Containing nonce]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 824: | Line 866: | ||
|not_acceptable = Fails or nonce returned | |not_acceptable = Fails or nonce returned | ||
|testlist = [[OC5:FeatureTest-Support Requests Without nonce]] | |testlist = [[OC5:FeatureTest-Support Requests Without nonce]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 838: | Line 880: | ||
|not_acceptable = Request succeeds | |not_acceptable = Request succeeds | ||
|testlist = [[OC5:FeatureTest-Reject Requests Without nonce Using Implicit Flow]] | |testlist = [[OC5:FeatureTest-Reject Requests Without nonce Using Implicit Flow]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 852: | Line 894: | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
|testlist = [[OC5:FeatureTest-Providing Individually Requested Essential Claims]] | |testlist = [[OC5:FeatureTest-Providing Individually Requested Essential Claims]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 866: | Line 908: | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
|testlist = [[OC5:FeatureTest-Providing Individually Requested Voluntary Claims]] | |testlist = [[OC5:FeatureTest-Providing Individually Requested Voluntary Claims]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 880: | Line 922: | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
|testlist = [[OC5:FeatureTest-Providing Individually Requested Essential and Voluntary Claims]] | |testlist = [[OC5:FeatureTest-Providing Individually Requested Essential and Voluntary Claims]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 894: | Line 936: | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
|testlist = [[OC5:FeatureTest-Providing ID Token with Essential auth_time Claim]] | |testlist = [[OC5:FeatureTest-Providing ID Token with Essential auth_time Claim]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 908: | Line 950: | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
|testlist = [[OC5:FeatureTest-Providing ID Token with Essential acr Claim]] | |testlist = [[OC5:FeatureTest-Providing ID Token with Essential acr Claim]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 922: | Line 964: | ||
|not_acceptable = Fails | |not_acceptable = Fails | ||
|testlist = [[OC5:FeatureTest-Providing ID Token with Voluntary acr Claim]] | |testlist = [[OC5:FeatureTest-Providing ID Token with Voluntary acr Claim]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 936: | Line 978: | ||
Other behaviors |acceptable = | Other behaviors |acceptable = | ||
|testlist = [[OC5:FeatureTest-Support Request for acr Value of 1]] | |testlist = [[OC5:FeatureTest-Support Request for acr Value of 1]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 950: | Line 992: | ||
|not_acceptable = RPs not notified | |not_acceptable = RPs not notified | ||
|testlist = [[OC5:FeatureTest-Logout Initiated by OP]] | |testlist = [[OC5:FeatureTest-Logout Initiated by OP]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 964: | Line 1,006: | ||
|not_acceptable = Logout actions not performed | |not_acceptable = Logout actions not performed | ||
|testlist = [[OC5:FeatureTest-Logout Received by OP]] | |testlist = [[OC5:FeatureTest-Logout Received by OP]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 978: | Line 1,020: | ||
|not_acceptable = RPs not notified | |not_acceptable = RPs not notified | ||
|testlist = [[OC5:FeatureTest-State Change Other than Logout Communicated]] | |testlist = [[OC5:FeatureTest-State Change Other than Logout Communicated]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 988: | Line 1,030: | ||
|feature_type = interop | |feature_type = interop | ||
|solution_role = OP | |solution_role = OP | ||
| − | |test_description = Accept registration for signed UserInfo responses and send them | + | |test_description = Accept registration for signed UserInfo responses using RS256 and send them |
|acceptable = Accepts registration for signed UserInfo responses and sends them | |acceptable = Accepts registration for signed UserInfo responses and sends them | ||
|not_acceptable = Registration not accepted or UserInfo response not signed | |not_acceptable = Registration not accepted or UserInfo response not signed | ||
|testlist = [[OC5:FeatureTest-Can Provide Signed UserInfo Response]] | |testlist = [[OC5:FeatureTest-Can Provide Signed UserInfo Response]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 1,002: | Line 1,044: | ||
|feature_type = interop | |feature_type = interop | ||
|solution_role = OP | |solution_role = OP | ||
| − | |test_description = Accept registration for encrypted UserInfo responses and send them | + | |test_description = Accept registration for encrypted UserInfo responses using RSA1_5 and A128CBC-HS256 and send them |
|acceptable = Accepts registration for encrypted UserInfo responses and sends them | |acceptable = Accepts registration for encrypted UserInfo responses and sends them | ||
|not_acceptable = Registration not accepted or UserInfo response not encrypted | |not_acceptable = Registration not accepted or UserInfo response not encrypted | ||
|testlist = [[OC5:FeatureTest-Can Provide Encrypted UserInfo Response]] | |testlist = [[OC5:FeatureTest-Can Provide Encrypted UserInfo Response]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 1,016: | Line 1,058: | ||
|feature_type = interop | |feature_type = interop | ||
|solution_role = OP | |solution_role = OP | ||
| − | |test_description = Accept registration for signed and encrypted UserInfo responses and send them | + | |test_description = Accept registration for signed and encrypted UserInfo responses using RS256, RSA1_5, and A128CBC-HS256 and send them |
|acceptable = Accepts registration for signed and encrypted UserInfo responses and sends them | |acceptable = Accepts registration for signed and encrypted UserInfo responses and sends them | ||
|not_acceptable = Registration not accepted or UserInfo response not signed and encrypted | |not_acceptable = Registration not accepted or UserInfo response not signed and encrypted | ||
|testlist = [[OC5:FeatureTest-Can Provide Signed and Encrypted UserInfo Response]] | |testlist = [[OC5:FeatureTest-Can Provide Signed and Encrypted UserInfo Response]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 1,044: | Line 1,072: | ||
|feature_type = interop | |feature_type = interop | ||
|solution_role = OP | |solution_role = OP | ||
| − | |test_description = Accept registration for signed and encrypted ID Token responses and send them | + | |test_description = Accept registration for signed and encrypted ID Token responses using RS256, RSA1_5, and A128CBC-HS256 and send them |
|acceptable = Accepts registration for signed and encrypted ID Token responses and sends them | |acceptable = Accepts registration for signed and encrypted ID Token responses and sends them | ||
|not_acceptable = Registration not accepted or ID Token response not signed and encrypted | |not_acceptable = Registration not accepted or ID Token response not signed and encrypted | ||
|testlist = [[OC5:FeatureTest-Can Provide Signed and Encrypted ID Token Response]] | |testlist = [[OC5:FeatureTest-Can Provide Signed and Encrypted ID Token Response]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
| + | }} | ||
| + | |||
| + | ==Feature-Can Provide Unsecured ID Token Response== | ||
| + | {{Feature | ||
| + | |feature_id = Can Provide Unsecured ID Token Response | ||
| + | |feature_description = Can Provide Unsecured ID Token Response | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = Accept registration for unsecured ID Token responses using the code flow and "alg":"none" | ||
| + | |acceptable = Accepts registration for unsecured ID Token responses and sends them | ||
| + | |not_acceptable = Registration not accepted or ID Token response not unsecured | ||
| + | |testlist = [[OC5:FeatureTest-Can Provide Unsecured ID Token Response]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
}} | }} | ||
| Line 1,062: | Line 1,104: | ||
|not_acceptable = Request succeeds | |not_acceptable = Request succeeds | ||
|testlist = [[OC5:FeatureTest-Rejects Second Use of Access Code]] | |testlist = [[OC5:FeatureTest-Rejects Second Use of Access Code]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 1,076: | Line 1,118: | ||
|not_acceptable = Access token continues to work | |not_acceptable = Access token continues to work | ||
|testlist = [[OC5:FeatureTest-Second Use of Access Code Revokes Previously Issued Access Token]] | |testlist = [[OC5:FeatureTest-Second Use of Access Code Revokes Previously Issued Access Token]] | ||
| − | |maturity_status = | + | |maturity_status = Established |
|maturity_date = OC4 | |maturity_date = OC4 | ||
}} | }} | ||
| Line 1,216: | Line 1,258: | ||
|not_acceptable = The iss and issuer values differ | |not_acceptable = The iss and issuer values differ | ||
|testlist = [[OC5:FeatureTest-Discovered issuer Matches ID Token iss Value]] | |testlist = [[OC5:FeatureTest-Discovered issuer Matches ID Token iss Value]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
| + | }} | ||
| + | |||
| + | ==Feature-Support request_uri Request Parameter with Signed Request== | ||
| + | {{Feature | ||
| + | |feature_id = Support request_uri Request Parameter with Signed Request | ||
| + | |feature_description = Support request_uri Request Parameter with Signed Request | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = Exchange with request_uri referencing Request Object signed with RS256 | ||
| + | |acceptable = Works | ||
| + | |not_acceptable = Fails | ||
| + | |testlist = [[OC5:FeatureTest-Support request_uri Request Parameter with Signed Request]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
| + | }} | ||
| + | |||
| + | ==Feature-Support request_uri Request Parameter with Encrypted Request== | ||
| + | {{Feature | ||
| + | |feature_id = Support request_uri Request Parameter with Encrypted Request | ||
| + | |feature_description = Support request_uri Request Parameter with Encrypted Request | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = Exchange with request_uri referencing Request Object encrypted with RSA1_5 and A128CBC-HS256 | ||
| + | |acceptable = Works | ||
| + | |not_acceptable = Fails | ||
| + | |testlist = [[OC5:FeatureTest-Support request_uri Request Parameter with Encrypted Request]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
| + | }} | ||
| + | |||
| + | ==Feature-Support request_uri Request Parameter with Signed and Encrypted Request== | ||
| + | {{Feature | ||
| + | |feature_id = Support request_uri Request Parameter with Signed and Encrypted Request | ||
| + | |feature_description = Support request_uri Request Parameter with Signed and Encrypted Request | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = Exchange with request_uri referencing Request Object signed with RS256 and encrypted with RSA1_5 and A128CBC-HS256 | ||
| + | |acceptable = Works | ||
| + | |not_acceptable = Fails | ||
| + | |testlist = [[OC5:FeatureTest-Support request_uri Request Parameter with Signed and Encrypted Request]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
| + | }} | ||
| + | |||
| + | ==Feature-Support request Request Parameter with Signed Request== | ||
| + | {{Feature | ||
| + | |feature_id = Support request Request Parameter with Signed Request | ||
| + | |feature_description = Support request Request Parameter with Signed Request | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = Exchange with request containing Request Object signed with RS256 | ||
| + | |acceptable = Works | ||
| + | |not_acceptable = Fails | ||
| + | |testlist = [[OC5:FeatureTest-Support request Request Parameter with Signed Request]] | ||
| + | |maturity_status = New | ||
| + | |maturity_date = OC5 | ||
| + | }} | ||
| + | |||
| + | ==Feature-Support Elliptic Curve ID Token Signatures== | ||
| + | {{Feature | ||
| + | |feature_id = Support Elliptic Curve ID Token Signatures | ||
| + | |feature_description = Support Elliptic Curve ID Token Signatures | ||
| + | |feature_type = interop | ||
| + | |solution_role = OP | ||
| + | |test_description = Sign ID Token with ES256 when RP registers for this algorithm | ||
| + | |acceptable = Works | ||
| + | |not_acceptable = Fails | ||
| + | |testlist = [[OC5:FeatureTest-Support Elliptic Curve ID Token Signatures]] | ||
|maturity_status = New | |maturity_status = New | ||
|maturity_date = OC5 | |maturity_date = OC5 | ||
}} | }} | ||
Latest revision as of 12:56, 6 November 2014
{{#vardefine:DtArticleSortKey|}}
Feature-ID Token has Issuer
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:ID Token has Issuer|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP ID Token has Issuer - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| ID Token has Issuer | The ID Token has an "iss" claim containing the OP's issuer identifier | Works | Fails |
Tests
OC5:FeatureTest-ID Token has Issuer
Feature-ID Token has Subject
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:ID Token has Subject|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP ID Token has Subject - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| ID Token has Subject | The ID Token has a "sub" claim containing an identifier for the End-User's account | Works | Fails |
Tests
OC5:FeatureTest-ID Token has Subject
Feature-ID Token has Audience
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:ID Token has Audience|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP ID Token has Audience - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| ID Token has Audience | The ID Token has an "aud" claim containing the RP's Client ID | Works | Fails |
Tests
OC5:FeatureTest-ID Token has Audience
Feature-ID Token has Key ID
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:ID Token has Key ID|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP ID Token has Key ID - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| ID Token has Key ID | The ID Token has a "kid" claim containing the Key ID for the key used to sign the ID Token | Works | Fails |
Tests
OC5:FeatureTest-ID Token has Key ID
Feature-Support id_token Response Type
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support id_token Response Type|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support id_token Response Type - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support id_token Response Type | Exchange with response_type of id_token | Works | Fails |
Tests
OC5:FeatureTest-Support id_token Response Type
Feature-Support code Response Type
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support code Response Type|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support code Response Type - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support code Response Type | Exchange with response_type of code | Works | Fails |
Tests
OC5:FeatureTest-Support code Response Type
Feature-Support Combination of id_token code Response Types
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Combination of id_token code Response Types|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Combination of id_token code Response Types - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support Combination of id_token code Response Types | Exchange with response_type of id_token code | Works | Fails |
Tests
OC5:FeatureTest-Support Combination of id_token code Response Types
Feature-Support Combination of id_token token Response Types
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Combination of id_token token Response Types|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Combination of id_token token Response Types - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support Combination of id_token token Response Types | Exchange with response_type of id_token token | Works | Fails |
Tests
OC5:FeatureTest-Support Combination of id_token token Response Types
Feature-Support Combination of code token Response Types
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Combination of code token Response Types|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Combination of code token Response Types - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Support Combination of code token Response Types | Exchange with response_type of code token | Works | Fails |
Tests
OC5:FeatureTest-Support Combination of code token Response Types
Feature-Support Combination of code id_token token Response Types
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Combination of code id_token token Response Types|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Combination of code id_token token Response Types - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Support Combination of code id_token token Response Types | Exchange with response_type of code id_token token | Works | Fails |
Tests
OC5:FeatureTest-Support Combination of code id_token token Response Types
Feature-Support Authentication to Token Endpoint using HTTP Basic with POST
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Authentication to Token Endpoint using HTTP Basic with POST|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Authentication to Token Endpoint using HTTP Basic with POST - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support Authentication to Token Endpoint using HTTP Basic with POST | Obtain Token using client_secret_basic Method with POST | Works | Fails |
Tests
OC5:FeatureTest-Support Authentication to Token Endpoint using HTTP Basic with POST
Feature-Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body | Obtain Token using client_secret_post method | Works | Fails |
Tests
Feature-Support Authentication to Token Endpoint with Asymmetrically Signed JWTs
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Authentication to Token Endpoint with Asymmetrically Signed JWTs|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Authentication to Token Endpoint with Asymmetrically Signed JWTs - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support Authentication to Token Endpoint with Asymmetrically Signed JWTs | Obtain Token using private_key_jwt Method | Works | Fails |
Tests
OC5:FeatureTest-Support Authentication to Token Endpoint with Asymmetrically Signed JWTs
Feature-Support Authentication to Token Endpoint with Symmetrically Signed JWTs
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Authentication to Token Endpoint with Symmetrically Signed JWTs|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Authentication to Token Endpoint with Symmetrically Signed JWTs - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support Authentication to Token Endpoint with Symmetrically Signed JWTs | Obtain Token using client_secret_jwt Method | Works | Fails |
Tests
OC5:FeatureTest-Support Authentication to Token Endpoint with Symmetrically Signed JWTs
Feature-UserInfo Endpoint
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:UserInfo Endpoint|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP UserInfo Endpoint - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| UserInfo Endpoint | Exchange Returning Claims from UserInfo Endpoint | Works | Fails |
Tests
OC5:FeatureTest-UserInfo Endpoint
Feature-UserInfo has Subject
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:UserInfo has Subject|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP UserInfo has Subject - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| UserInfo has Subject | The UserInfo Endpoint result has a "sub" value matching the "sub" claim value in the ID Token | Works | Fails |
Tests
OC5:FeatureTest-UserInfo has Subject
Feature-UserInfo Endpoint Access with Header Method
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:UserInfo Endpoint Access with Header Method|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP UserInfo Endpoint Access with Header Method - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| UserInfo Endpoint Access with Header Method | UserInfo Endpoint Exchange using Header Method | Works | Fails |
Tests
OC5:FeatureTest-UserInfo Endpoint Access with Header Method
Feature-UserInfo Endpoint Access with Form-Encoded Body Method
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:UserInfo Endpoint Access with Form-Encoded Body Method|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP UserInfo Endpoint Access with Form-Encoded Body Method - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| UserInfo Endpoint Access with Form-Encoded Body Method | UserInfo Endpoint Exchange using Form-Encoded Body Method | Works | Fails |
Tests
OC5:FeatureTest-UserInfo Endpoint Access with Form-Encoded Body Method
Feature-Support scope Requesting No Specific Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support scope Requesting No Specific Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support scope Requesting No Specific Claims - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support scope Requesting No Specific Claims | Exchange with scope of openid | sub claim returned | Fails |
Tests
OC5:FeatureTest-Support scope Requesting No Specific Claims
Feature-Support scope Requesting profile Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support scope Requesting profile Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support scope Requesting profile Claims - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support scope Requesting profile Claims | Exchange with scope of openid profile | sub and available default profile claims (name, family_name, given_name, middle_name, nickname, profile, picture, website, gender, birthday, zoneinfo, locale, updated_time) returned | Fails |
Tests
OC5:FeatureTest-Support scope Requesting profile Claims
Feature-Support scope Requesting email Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support scope Requesting email Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support scope Requesting email Claims - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support scope Requesting email Claims | Exchange with scope of openid email | sub returned and email and verified claims returned, if available | Fails |
Tests
OC5:FeatureTest-Support scope Requesting email Claims
Feature-Support scope Requesting address Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support scope Requesting address Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support scope Requesting address Claims - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support scope Requesting address Claims | Exchange with scope of openid address | sub returned and address claim returned, if available | Fails |
Tests
OC5:FeatureTest-Support scope Requesting address Claims
Feature-Support scope Requesting phone Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support scope Requesting phone Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support scope Requesting phone Claims - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support scope Requesting phone Claims | Exchange with scope of openid phone | sub returned and phone_number claim returned, if available | Fails |
Tests
OC5:FeatureTest-Support scope Requesting phone Claims
Feature-Support scope Requesting All Basic Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support scope Requesting All Basic Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support scope Requesting All Basic Claims - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support scope Requesting All Basic Claims | Exchange with scope of openid profile email address phone | sub returned and all other available Connect claims returned | Fails |
Tests
OC5:FeatureTest-Support scope Requesting All Basic Claims
Feature-Providing ID Token with max_age Restriction
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Providing ID Token with max_age Restriction|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Providing ID Token with max_age Restriction - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Providing ID Token with max_age Restriction | Exchange with max_age request value of 30 seconds | auth_time claim returned and causes reauthentication when authentication age over 30 seconds | Fails |
Tests
OC5:FeatureTest-Providing ID Token with max_age Restriction
Feature-Support display value page
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support display value page|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support display value page - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support display value page | Exchange with display value of page | Works | Fails |
Tests
OC5:FeatureTest-Support display value page
Feature-Support display value popup
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support display value popup|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support display value popup - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support display value popup | Exchange with display value of popup | Works | Fails |
Tests
OC5:FeatureTest-Support display value popup
Feature-Support prompt value none
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support prompt value none|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support prompt value none - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support prompt value none | Exchange with prompt value of none | Works | Fails |
Tests
OC5:FeatureTest-Support prompt value none
Feature-Support prompt value login
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support prompt value login|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support prompt value login - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support prompt value login | Exchange with prompt value of login | Works | Fails |
Tests
OC5:FeatureTest-Support prompt value login
Feature-Uses Asymmetric ID Token Signatures
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Asymmetric ID Token Signatures|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Uses Asymmetric ID Token Signatures - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Uses Asymmetric ID Token Signatures | Sign ID Token with RS256 | Works | Fails |
Tests
OC5:FeatureTest-Uses Asymmetric ID Token Signatures
Feature-Uses Symmetric ID Token Signatures
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Symmetric ID Token Signatures|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Uses Symmetric ID Token Signatures - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Uses Symmetric ID Token Signatures | Sign ID Token with HS256 | Works | Fails |
Tests
OC5:FeatureTest-Uses Symmetric ID Token Signatures
Feature-Support WebFinger Discovery
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support WebFinger Discovery|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support WebFinger Discovery - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support WebFinger Discovery | Exchange in which RP discovers user's OP location with WebFinger | Works | Fails |
Tests
OC5:FeatureTest-Support WebFinger Discovery
Feature-Publish openid-configuration Discovery Information
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Publish openid-configuration Discovery Information|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Publish openid-configuration Discovery Information - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Publish openid-configuration Discovery Information | OP publishes OP metadata at <issuer>/.well-known/openid-configuration | OP metadata discoverable | OP metadata not discoverable |
Tests
OC5:FeatureTest-Publish openid-configuration Discovery Information
Feature-Enables Dynamic Registration
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Enables Dynamic Registration|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Enables Dynamic Registration - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Enables Dynamic Registration | Exchange Registering New Client | Works | Fails |
Tests
OC5:FeatureTest-Enables Dynamic Registration
Feature-Support Registration Read
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Registration Read|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Registration Read - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support Registration Read | Read information about registered client | Works | Fails |
Tests
OC5:FeatureTest-Support Registration Read
Feature-Providing public sub Value
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Providing public sub Value|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Providing public sub Value - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Providing public sub Value | Exchange with public sub Value | Works | Fails |
Tests
OC5:FeatureTest-Providing public sub Value
Feature-Providing pairwise sub Value
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Providing pairwise sub Value|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Providing pairwise sub Value - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Providing pairwise sub Value | Exchange with pairwise sub Value | Works | Fails |
Tests
OC5:FeatureTest-Providing pairwise sub Value
Feature-Public and pairwise sub Values Differ
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Public and pairwise sub Values Differ|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Public and pairwise sub Values Differ - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Public and pairwise sub Values Differ | Request public and pairwise sub values and verify they differ | The public and pairwise sub values differ | The public and pairwise sub values are the same |
Tests
OC5:FeatureTest-Public and pairwise sub Values Differ
Feature-Support request_uri Request Parameter
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support request_uri Request Parameter|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support request_uri Request Parameter - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Support request_uri Request Parameter | Exchange with request_uri referencing Request Object using alg none | Works | Fails |
Tests
OC5:FeatureTest-Support request_uri Request Parameter
Feature-Includes at_hash in ID Token when Implicit Flow Used
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Includes at_hash in ID Token when Implicit Flow Used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP
Receive request with response_type of token id_token Includes at_hash in ID Token when Implicit Flow Used - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Includes at_hash in ID Token when Implicit Flow Used | at_hash for token returned in id_token | at_hash not returned or incorrectly computed | |
Tests
OC5:FeatureTest-Includes at_hash in ID Token when Implicit Flow Used
Feature-Includes c_hash in ID Token when Code Flow Used
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Includes c_hash in ID Token when Code Flow Used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Includes c_hash in ID Token when Code Flow Used - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Includes c_hash in ID Token when Code Flow Used | Receive request with response_type of code | c_hash for code returned in id_token | c_hash not returned or incorrectly computed |
Tests
OC5:FeatureTest-Includes c_hash in ID Token when Code Flow Used
Feature-Reject Request Without response_type
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Reject Request Without response_type|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Reject Request Without response_type - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Reject Request Without response_type | Receive authorization request missing the response_type parameter | Request is rejected | Request is accepted |
Tests
OC5:FeatureTest-Reject Request Without response_type
Feature-Ignores Extra Query Component in Request
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Ignores Extra Query Component in Request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Ignores Extra Query Component in Request - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Ignores Extra Query Component in Request | Receive request with response_type of code and an extra query parameter | Extra query parameter ignored | Request fails |
Tests
OC5:FeatureTest-Ignores Extra Query Component in Request
Feature-Preserves Query Parameter in redirect_uri
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Preserves Query Parameter in redirect_uri|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Preserves Query Parameter in redirect_uri - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Preserves Query Parameter in redirect_uri | Receive request with query parameter in redirect_uri | Query parameter included in authorization response | Query param not included |
Tests
OC5:FeatureTest-Preserves Query Parameter in redirect_uri
Feature-Preserves Query Parameter in Registered redirect_uri
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Preserves Query Parameter in Registered redirect_uri|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Preserves Query Parameter in Registered redirect_uri - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Preserves Query Parameter in Registered redirect_uri | Receive registration request in which the redirect_uri has a query component | Preserves query component | Discards query component |
Tests
OC5:FeatureTest-Preserves Query Parameter in Registered redirect_uri
Feature-Rejects redirect_uri when Query Parameter Does Not Match
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects redirect_uri when Query Parameter Does Not Match|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Rejects redirect_uri when Query Parameter Does Not Match - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Rejects redirect_uri when Query Parameter Does Not Match | Receive request with same base redirect_uri value but different query parameter in redirect_uri | Rejects request | Accepts request |
Tests
OC5:FeatureTest-Rejects redirect_uri when Query Parameter Does Not Match
Feature-Reject Registration of redirect_uri with Fragment
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Reject Registration of redirect_uri with Fragment|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Reject Registration of redirect_uri with Fragment - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Reject Registration of redirect_uri with Fragment | Receive registration request in which the redirect_uri has a fragment | Request is rejected | Request is accepted |
Tests
OC5:FeatureTest-Reject Registration of redirect_uri with Fragment
Feature-Reject redirect_uri Not Matching a Registered redirect_uri
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Reject redirect_uri Not Matching a Registered redirect_uri|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Reject redirect_uri Not Matching a Registered redirect_uri - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Reject redirect_uri Not Matching a Registered redirect_uri | Receive request with redirect_uri not matching a registered redirect_uri | Request is rejected | Request is accepted |
Tests
OC5:FeatureTest-Reject redirect_uri Not Matching a Registered redirect_uri
Feature-Accept Request Without redirect_uri when One Registered
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Accept Request Without redirect_uri when One Registered|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Accept Request Without redirect_uri when One Registered - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Accept Request Without redirect_uri when One Registered | Receive request without redirect_uri when one redirect_uri registered | Request accepted and registered redirect_uri is used | Request is rejected |
Tests
OC5:FeatureTest-Accept Request Without redirect_uri when One Registered
Feature-Reject Request Without redirect_uri when Multiple Registered
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Reject Request Without redirect_uri when Multiple Registered|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Reject Request Without redirect_uri when Multiple Registered - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Reject Request Without redirect_uri when Multiple Registered | Receive request without redirect_uri when multiple redirect_uri values registered | Request is rejected | Request is accepted |
Tests
OC5:FeatureTest-Reject Request Without redirect_uri when Multiple Registered
Feature-Support id_token_hint Request Parameter
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support id_token_hint Request Parameter|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support id_token_hint Request Parameter - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Support id_token_hint Request Parameter | Receive request with id_token_hint request parameter | Works | Fails |
Tests
OC5:FeatureTest-Support id_token_hint Request Parameter
Feature-Support claims Request Specifying sub Value
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support claims Request Specifying sub Value|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support claims Request Specifying sub Value - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Support claims Request Specifying sub Value | Receive request specifying requested sub value using claims request parameter | If that user is logged in, the request succeeds, otherwise it fails | Other behaviors |
Tests
OC5:FeatureTest-Support claims Request Specifying sub Value
Feature-Support claims Request Specifying sub Value when prompt none Used
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support claims Request Specifying sub Value when prompt none Used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support claims Request Specifying sub Value when prompt none Used - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Support claims Request Specifying sub Value when prompt none Used | Receive request specifying requested sub value using claims request parameter and using the prompt value none | If that user is logged in without prompting for credentials, the request succeeds, otherwise it fails | Other behaviors |
Tests
OC5:FeatureTest-Support claims Request Specifying sub Value when prompt none Used
Feature-Displays Logo in Login Page
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Displays Logo in Login Page|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Displays Logo in Login Page - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Displays Logo in Login Page | OP displays registered client logo in login page | Shown | Not shown |
Tests
OC5:FeatureTest-Displays Logo in Login Page
Feature-Displays Policy URI in Login Page
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Displays Policy URI in Login Page|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Displays Policy URI in Login Page - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Displays Policy URI in Login Page | OP displays registered policy URI in login page | Shown | Not shown |
Tests
OC5:FeatureTest-Displays Policy URI in Login Page
Feature-Supports Returning Claims in ID Token
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Supports Returning Claims in ID Token|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Supports Returning Claims in ID Token - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Supports Returning Claims in ID Token | Claims request requests that the name and email and claims be returned in the ID Token and requests no claims from the UserInfo endpoint | Claims returned in ID Token and not the UserInfo endpoint | Claims not returned in ID Token or returned at UserInfo endpoint |
Tests
OC5:FeatureTest-Supports Returning Claims in ID Token
Feature-Supports Returning Different Claims in ID Token and UserInfo Endpoint
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Supports Returning Different Claims in ID Token and UserInfo Endpoint|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Supports Returning Different Claims in ID Token and UserInfo Endpoint - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Supports Returning Different Claims in ID Token and UserInfo Endpoint | Claims request requests that the name and email and claims be returned in the ID Token and requests the given_name and family_name claims from the UserInfo endpoint | Claims are returned from locations requested | Claims are not returned or are returned at the wrong locations |
Tests
OC5:FeatureTest-Supports Returning Different Claims in ID Token and UserInfo Endpoint
Feature-Supports Combining Claims Requested with scope and claims Request Parameter
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Supports Combining Claims Requested with scope and claims Request Parameter|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Supports Combining Claims Requested with scope and claims Request Parameter - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Supports Combining Claims Requested with scope and claims Request Parameter | Request uses email scope to request email and email_verified claims and claims request parameter to request given_name and family_name claims from UserInfo endpoint | The claims email, email_verified, given_name, and family_name are all returned from the UserInfo endpoint | Not all of the claims requested are returned |
Tests
OC5:FeatureTest-Supports Combining Claims Requested with scope and claims Request Parameter
Feature-Supports using Sector Identifier for Pairwise sub Values
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Supports using Sector Identifier for Pairwise sub Values|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Supports using Sector Identifier for Pairwise sub Values - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Supports using Sector Identifier for Pairwise sub Values | Pairwise sub values returned computed using sector_identifier_uri | Same pairwise sub returned for different registered redirect_uri values | Different pairwise sub values returned when sector identifier contains the redirect_uri values |
Tests
OC5:FeatureTest-Supports using Sector Identifier for Pairwise sub Values
Feature-Rejects Sector Identifier Not Containing Registered redirect_uri Values
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects Sector Identifier Not Containing Registered redirect_uri Values|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Rejects Sector Identifier Not Containing Registered redirect_uri Values - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Rejects Sector Identifier Not Containing Registered redirect_uri Values | Registration request received in which the list of redirect_uri values at the sector_identifier_uri does not include all the registered redirect_uri values | Request is rejected | Request succeeds |
Tests
OC5:FeatureTest-Rejects Sector Identifier Not Containing Registered redirect_uri Values
Feature-Support Requests Containing nonce
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Requests Containing nonce|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Requests Containing nonce - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Support Requests Containing nonce | Receive request using implicit flow containing a nonce | Nonce value returned in ID Token | Nonce value not returned |
Tests
OC5:FeatureTest-Support Requests Containing nonce
Feature-Support Requests Without nonce
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Requests Without nonce|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Requests Without nonce - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Support Requests Without nonce | Receive request using code flow without a nonce | Works | Fails or nonce returned |
Tests
OC5:FeatureTest-Support Requests Without nonce
Feature-Reject Requests Without nonce Using Implicit Flow
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Reject Requests Without nonce Using Implicit Flow|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Reject Requests Without nonce Using Implicit Flow - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Reject Requests Without nonce Using Implicit Flow | Receive request using implicit flow without a nonce | Request is rejected | Request succeeds |
Tests
OC5:FeatureTest-Reject Requests Without nonce Using Implicit Flow
Feature-Providing Individually Requested Essential Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Providing Individually Requested Essential Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Providing Individually Requested Essential Claims - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Providing Individually Requested Essential Claims | Exchange using claims Request with Essential name Claim | Specific requested claims returned and no others, or error returned if all not available | Fails |
Tests
OC5:FeatureTest-Providing Individually Requested Essential Claims
Feature-Providing Individually Requested Voluntary Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Providing Individually Requested Voluntary Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Providing Individually Requested Voluntary Claims - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Providing Individually Requested Voluntary Claims | Exchange using claims Request with Voluntary email and picture Claims | Specific available voluntary claims returned and no others | Fails |
Tests
OC5:FeatureTest-Providing Individually Requested Voluntary Claims
Feature-Providing Individually Requested Essential and Voluntary Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Providing Individually Requested Essential and Voluntary Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Providing Individually Requested Essential and Voluntary Claims - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Providing Individually Requested Essential and Voluntary Claims | Exchange using claims Request with Essential name and Voluntary email and picture Claims | Specific essential claims returned and available voluntary claims returned and no others, or error returned if all essential claims not available | Fails |
Tests
OC5:FeatureTest-Providing Individually Requested Essential and Voluntary Claims
Feature-Providing ID Token with Essential auth_time Claim
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Providing ID Token with Essential auth_time Claim|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Providing ID Token with Essential auth_time Claim - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Providing ID Token with Essential auth_time Claim | Exchange using claims Request with Essential auth_time Claim for ID Token | Works | Fails |
Tests
OC5:FeatureTest-Providing ID Token with Essential auth_time Claim
Feature-Providing ID Token with Essential acr Claim
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Providing ID Token with Essential acr Claim|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Providing ID Token with Essential acr Claim - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Providing ID Token with Essential acr Claim | Exchange requesting two acr claim values for ID Token returning one or an error | Returns one of available requested acr claim values if supported or else an error | Fails |
Tests
OC5:FeatureTest-Providing ID Token with Essential acr Claim
Feature-Providing ID Token with Voluntary acr Claim
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Providing ID Token with Voluntary acr Claim|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Providing ID Token with Voluntary acr Claim - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Providing ID Token with Voluntary acr Claim | Exchange requesting two specific voluntary acr claim values for ID Token returning one or zero | Returns one of available requested acr claim values if supported or else none | Fails |
Tests
OC5:FeatureTest-Providing ID Token with Voluntary acr Claim
Feature-Support Request for acr Value of 1
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Request for acr Value of 1|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Request for acr Value of 1 - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Support Request for acr Value of 1 | Exchange requesting essential acr claim value of 1 in ID Token
Returns ID Token with acr value of 1 Other behaviors |
Enter the unacceptable result | |
Tests
OC5:FeatureTest-Support Request for acr Value of 1
Feature-Logout Initiated by OP
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Logout Initiated by OP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Logout Initiated by OP - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Logout Initiated by OP | OP notifies RPs of logout state change | RPs notified of logout | RPs not notified |
Tests
OC5:FeatureTest-Logout Initiated by OP
Feature-Logout Received by OP
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Logout Received by OP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Logout Received by OP - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Logout Received by OP | RP notifies OP of logout request | OP performs logout actions | Logout actions not performed |
Tests
OC5:FeatureTest-Logout Received by OP
Feature-State Change Other than Logout Communicated
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:State Change Other than Logout Communicated|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP State Change Other than Logout Communicated - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| State Change Other than Logout Communicated | OP notifies RPs of switch user or reauthorization state change | RPs notified of state change | RPs not notified |
Tests
OC5:FeatureTest-State Change Other than Logout Communicated
Feature-Can Provide Signed UserInfo Response
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Provide Signed UserInfo Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Can Provide Signed UserInfo Response - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Provide Signed UserInfo Response | Accept registration for signed UserInfo responses using RS256 and send them | Accepts registration for signed UserInfo responses and sends them | Registration not accepted or UserInfo response not signed |
Tests
OC5:FeatureTest-Can Provide Signed UserInfo Response
Feature-Can Provide Encrypted UserInfo Response
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Provide Encrypted UserInfo Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Can Provide Encrypted UserInfo Response - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Provide Encrypted UserInfo Response | Accept registration for encrypted UserInfo responses using RSA1_5 and A128CBC-HS256 and send them | Accepts registration for encrypted UserInfo responses and sends them | Registration not accepted or UserInfo response not encrypted |
Tests
OC5:FeatureTest-Can Provide Encrypted UserInfo Response
Feature-Can Provide Signed and Encrypted UserInfo Response
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Provide Signed and Encrypted UserInfo Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Can Provide Signed and Encrypted UserInfo Response - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Provide Signed and Encrypted UserInfo Response | Accept registration for signed and encrypted UserInfo responses using RS256, RSA1_5, and A128CBC-HS256 and send them | Accepts registration for signed and encrypted UserInfo responses and sends them | Registration not accepted or UserInfo response not signed and encrypted |
Tests
OC5:FeatureTest-Can Provide Signed and Encrypted UserInfo Response
Feature-Can Provide Signed and Encrypted ID Token Response
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Provide Signed and Encrypted ID Token Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Can Provide Signed and Encrypted ID Token Response - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Provide Signed and Encrypted ID Token Response | Accept registration for signed and encrypted ID Token responses using RS256, RSA1_5, and A128CBC-HS256 and send them | Accepts registration for signed and encrypted ID Token responses and sends them | Registration not accepted or ID Token response not signed and encrypted |
Tests
OC5:FeatureTest-Can Provide Signed and Encrypted ID Token Response
Feature-Can Provide Unsecured ID Token Response
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Provide Unsecured ID Token Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Can Provide Unsecured ID Token Response - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Can Provide Unsecured ID Token Response | Accept registration for unsecured ID Token responses using the code flow and "alg":"none" | Accepts registration for unsecured ID Token responses and sends them | Registration not accepted or ID Token response not unsecured |
Tests
OC5:FeatureTest-Can Provide Unsecured ID Token Response
Feature-Rejects Second Use of Access Code
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects Second Use of Access Code|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Rejects Second Use of Access Code - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Rejects Second Use of Access Code | OP receives request to use access code for a second time | Error returned | Request succeeds |
Tests
OC5:FeatureTest-Rejects Second Use of Access Code
Feature-Second Use of Access Code Revokes Previously Issued Access Token
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Second Use of Access Code Revokes Previously Issued Access Token|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Second Use of Access Code Revokes Previously Issued Access Token - Maturity: Established {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Second Use of Access Code Revokes Previously Issued Access Token | OP receives request to use access code for a second time | Access token revoked | Access token continues to work |
Tests
OC5:FeatureTest-Second Use of Access Code Revokes Previously Issued Access Token
Feature-Can Request OP Initiated Login
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request OP Initiated Login|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Can Request OP Initiated Login - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Can Request OP Initiated Login | Send OP-initiated login request to the RP | RP logged in at OP | RP not logged in at OP |
Tests
OC5:FeatureTest-Can Request OP Initiated Login
Feature-Support form_post Response Mode
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support form_post Response Mode|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support form_post Response Mode - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support form_post Response Mode | Receive request using response_type=id_token token and response_mode=form_post | Response sent as HTML form post resulting in query encoded parameters | Fails. One form of failure is returning fragment encoded parameters. |
Tests
OC5:FeatureTest-Support form_post Response Mode
Feature-Uses Keys Registered with jwks_uri Value
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Keys Registered with jwks_uri Value|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Uses Keys Registered with jwks_uri Value - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Uses Keys Registered with jwks_uri Value | OP uses keys obtained from jwks_uri registration parameter | Works | Fails |
Tests
OC5:FeatureTest-Uses Keys Registered with jwks_uri Value
Feature-Uses Keys Registered with jwks Value
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Keys Registered with jwks Value|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Uses Keys Registered with jwks Value - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Uses Keys Registered with jwks Value | OP uses keys obtained from jwks registration parameter | Works | Fails |
Tests
OC5:FeatureTest-Uses Keys Registered with jwks Value
Feature-Can Rollover OP Signing Key
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Rollover OP Signing Key|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Can Rollover OP Signing Key - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Can Rollover OP Signing Key | OP rolls over signing key at its jwks_uri location after use by RP | RP successfully uses old then new key | Fails |
Tests
OC5:FeatureTest-Can Rollover OP Signing Key
Feature-Support RP Signing Key Rollover
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support RP Signing Key Rollover|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support RP Signing Key Rollover - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support RP Signing Key Rollover | RP rolls over signing key at its jwks_uri location after use by OP | OP successfully uses old then new key | Fails |
Tests
OC5:FeatureTest-Support RP Signing Key Rollover
Feature-Support RP Encryption Key Rollover
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support RP Encryption Key Rollover|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support RP Encryption Key Rollover - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support RP Encryption Key Rollover | RP rolls over encryption key at its jwks_uri location after use by OP | OP successfully uses old then new key | Fails |
Tests
OC5:FeatureTest-Support RP Encryption Key Rollover
Feature-Can Rollover OP Encryption Key
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Rollover OP Encryption Key|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Can Rollover OP Encryption Key - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Can Rollover OP Encryption Key | OP rolls over encryption key at its jwks_uri location after use by RP | RP successfully uses old then new key | Fails |
Tests
OC5:FeatureTest-Can Rollover OP Encryption Key
Feature-Discovered issuer Matches openid-configuration Path Prefix
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Discovered issuer Matches openid-configuration Path Prefix|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Discovered issuer Matches openid-configuration Path Prefix - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Discovered issuer Matches openid-configuration Path Prefix | Retrieve openid-configuration information for OP from its .well-known/openid-configuration path | Concatenating .well-known/openid-configuration to retrieved issuer matches openid-configuration path | Paths differ |
Tests
OC5:FeatureTest-Discovered issuer Matches openid-configuration Path Prefix
Feature-Discovered issuer Matches ID Token iss Value
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Discovered issuer Matches ID Token iss Value|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Discovered issuer Matches ID Token iss Value - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Discovered issuer Matches ID Token iss Value | Obtain ID token and compare iss value to discovered issuer value | The iss and issuer values exactly match | The iss and issuer values differ |
Tests
OC5:FeatureTest-Discovered issuer Matches ID Token iss Value
Feature-Support request_uri Request Parameter with Signed Request
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support request_uri Request Parameter with Signed Request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support request_uri Request Parameter with Signed Request - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support request_uri Request Parameter with Signed Request | Exchange with request_uri referencing Request Object signed with RS256 | Works | Fails |
Tests
OC5:FeatureTest-Support request_uri Request Parameter with Signed Request
Feature-Support request_uri Request Parameter with Encrypted Request
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support request_uri Request Parameter with Encrypted Request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support request_uri Request Parameter with Encrypted Request - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support request_uri Request Parameter with Encrypted Request | Exchange with request_uri referencing Request Object encrypted with RSA1_5 and A128CBC-HS256 | Works | Fails |
Tests
OC5:FeatureTest-Support request_uri Request Parameter with Encrypted Request
Feature-Support request_uri Request Parameter with Signed and Encrypted Request
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support request_uri Request Parameter with Signed and Encrypted Request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support request_uri Request Parameter with Signed and Encrypted Request - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support request_uri Request Parameter with Signed and Encrypted Request | Exchange with request_uri referencing Request Object signed with RS256 and encrypted with RSA1_5 and A128CBC-HS256 | Works | Fails |
Tests
OC5:FeatureTest-Support request_uri Request Parameter with Signed and Encrypted Request
Feature-Support request Request Parameter with Signed Request
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support request Request Parameter with Signed Request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support request Request Parameter with Signed Request - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support request Request Parameter with Signed Request | Exchange with request containing Request Object signed with RS256 | Works | Fails |
Tests
OC5:FeatureTest-Support request Request Parameter with Signed Request
Feature-Support Elliptic Curve ID Token Signatures
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|OP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Elliptic Curve ID Token Signatures|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| OP Support Elliptic Curve ID Token Signatures - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support Elliptic Curve ID Token Signatures | Sign ID Token with ES256 when RP registers for this algorithm | Works | Fails |
