Difference between revisions of "OC5:RP Features"
(New for OC5) |
(request object -> claims request) |
||
| Line 100: | Line 100: | ||
}} | }} | ||
| − | ==Feature-Requesting UserInfo Claims with | + | ==Feature-Requesting UserInfo Claims with claims Request Parameter== |
{{Feature | {{Feature | ||
| − | |feature_id = Requesting UserInfo Claims with | + | |feature_id = Requesting UserInfo Claims with claims Request Parameter |
| − | |feature_description = Requesting UserInfo Claims with | + | |feature_description = Requesting UserInfo Claims with claims Request Parameter |
|feature_type = interop | |feature_type = interop | ||
|solution_role = RP | |solution_role = RP | ||
| − | |test_description = Request | + | |test_description = Request name and email claims using claims request parameter |
| − | |acceptable = Displays claims returned that were requested with | + | |acceptable = Displays claims returned that were requested with the claims Request Parameter |
|not_acceptable = Fails | |not_acceptable = Fails | ||
| − | |testlist = [[OC5:FeatureTest-Requesting UserInfo Claims with | + | |testlist = [[OC5:FeatureTest-Requesting UserInfo Claims with claims Request Parameter]] |
|maturity_status = Established | |maturity_status = Established | ||
|maturity_date = OC3 | |maturity_date = OC3 | ||
Revision as of 15:35, 11 June 2014
{{#vardefine:DtArticleSortKey|}}
Feature-Web Page Application
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Web Page Application|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Web Page Application - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Web Page Application | Use OP from Web Page Application | Works | Fails |
Tests
OC5:FeatureTest-Web Page Application
Feature-Native Client Application
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Native Client Application|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Native Client Application - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Native Client Application | Use OP from Native Client Application | Works | Fails |
Tests
OC5:FeatureTest-Native Client Application
Feature-Accept Valid Asymmetric ID Token Signature
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Accept Valid Asymmetric ID Token Signature|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Accept Valid Asymmetric ID Token Signature - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Accept Valid Asymmetric ID Token Signature | Validate ID Token Correctly Signed with RS256 | Works | Fails |
Tests
OC5:FeatureTest-Accept Valid Asymmetric ID Token Signature
Feature-Reject Invalid Asymmetric ID Token Signature
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Reject Invalid Asymmetric ID Token Signature|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Reject Invalid Asymmetric ID Token Signature - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Reject Invalid Asymmetric ID Token Signature | Reject ID Token with Incorrect RS256 Signature | Works | Fails |
Tests
OC5:FeatureTest-Reject Invalid Asymmetric ID Token Signature
Feature-Accept Valid Symmetric ID Token Signature
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Accept Valid Symmetric ID Token Signature|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Accept Valid Symmetric ID Token Signature - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Accept Valid Symmetric ID Token Signature | Validate ID Token Correctly Signed with HS256 | Works | Fails |
Tests
OC5:FeatureTest-Accept Valid Symmetric ID Token Signature
Feature-Reject Invalid Symmetric ID Token Signature
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Reject Invalid Symmetric ID Token Signature|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Reject Invalid Symmetric ID Token Signature - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Reject Invalid Symmetric ID Token Signature | Reject ID Token with Incorrect HS256 Signature | Works | Fails |
Tests
OC5:FeatureTest-Reject Invalid Symmetric ID Token Signature
Feature-Requesting UserInfo Claims with scope Values
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Requesting UserInfo Claims with scope Values|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Requesting UserInfo Claims with scope Values - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Requesting UserInfo Claims with scope Values | Request Claims using scope Value | Displays claims returned that were requested with a scope value | Fails |
Tests
OC5:FeatureTest-Requesting UserInfo Claims with scope Values
Feature-Requesting UserInfo Claims with claims Request Parameter
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Requesting UserInfo Claims with claims Request Parameter|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Requesting UserInfo Claims with claims Request Parameter - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Requesting UserInfo Claims with claims Request Parameter | Request name and email claims using claims request parameter | Displays claims returned that were requested with the claims Request Parameter | Fails |
Tests
OC5:FeatureTest-Requesting UserInfo Claims with claims Request Parameter
Feature-Uses WebFinger Discovery
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses WebFinger Discovery|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Uses WebFinger Discovery - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Uses WebFinger Discovery | Discover user's OP location with WebFinger | Works | Fails |
Tests
OC5:FeatureTest-Uses WebFinger Discovery
Feature-Uses openid-configuration Discovery Information
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses openid-configuration Discovery Information|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Uses openid-configuration Discovery Information - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Uses openid-configuration Discovery Information | RP uses OP metadata published at <issuer>/.well-known/openid-configuration | RP uses OP metadata | RP does not use OP metadata |
Tests
OC5:FeatureTest-Uses openid-configuration Discovery Information
Feature-Can Discover Identifiers using E-Mail Syntax
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Discover Identifiers using E-Mail Syntax|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Discover Identifiers using E-Mail Syntax - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Can Discover Identifiers using E-Mail Syntax | Discover and Use OP for Identifier using E-Mail Syntax | Works | Fails |
Tests
OC5:FeatureTest-Can Discover Identifiers using E-Mail Syntax
Feature-Can Discover Identifiers using URL Syntax
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Discover Identifiers using URL Syntax|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Discover Identifiers using URL Syntax - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Can Discover Identifiers using URL Syntax | Discover and Use OP for Identifier using URL Syntax | Works | Fails |
Tests
OC5:FeatureTest-Can Discover Identifiers using URL Syntax
Feature-Uses Dynamic Registration
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Dynamic Registration|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Uses Dynamic Registration - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Uses Dynamic Registration | Dynamically Register Client with OP and Use OP | Works | Fails |
Tests
OC5:FeatureTest-Uses Dynamic Registration
Feature-Uses Aggregated Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Aggregated Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Uses Aggregated Claims - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Uses Aggregated Claims | Display Aggregated Claims Received from OP | Works | Fails |
Tests
OC5:FeatureTest-Uses Aggregated Claims
Feature-Uses Distributed Claims
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Distributed Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Uses Distributed Claims - Maturity: Established {{#if: OC3 | (OC3 ) }} | |||
|---|---|---|---|
| Uses Distributed Claims | Display Distributed Claims Received from OP | Works | Fails |
Tests
OC5:FeatureTest-Uses Distributed Claims
Feature-Verifies Correct at_hash when Implicit Flow Used
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verifies Correct at_hash when Implicit Flow Used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Verifies Correct at_hash when Implicit Flow Used - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Verifies Correct at_hash when Implicit Flow Used | Receive response to request using response_type token id_token with correct at_hash value | Correct at_hash value verified | Response rejected |
Tests
OC5:FeatureTest-Verifies Correct at_hash when Implicit Flow Used
Feature-Rejects Incorrect at_hash when Implicit Flow Used
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects Incorrect at_hash when Implicit Flow Used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Rejects Incorrect at_hash when Implicit Flow Used - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Rejects Incorrect at_hash when Implicit Flow Used | Receive response to request using response_type token id_token with incorrect at_hash value | Incorrect at_hash value rejected | Response accepted |
Tests
OC5:FeatureTest-Rejects Incorrect at_hash when Implicit Flow Used
Feature-Verifies Correct c_hash when Code Flow Used
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Verifies Correct c_hash when Code Flow Used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Verifies Correct c_hash when Code Flow Used - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Verifies Correct c_hash when Code Flow Used | Receive response to request using response_type code with correct c_hash value | Correct c_hash value verified | Response rejected |
Tests
OC5:FeatureTest-Verifies Correct c_hash when Code Flow Used
Feature-Rejects Incorrect c_hash when Code Flow Used
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects Incorrect c_hash when Code Flow Used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Rejects Incorrect c_hash when Code Flow Used - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Rejects Incorrect c_hash when Code Flow Used | Receive response to request using response_type code with incorrect c_hash value | Incorrect c_hash value rejected | Response accepted |
Tests
OC5:FeatureTest-Rejects Incorrect c_hash when Code Flow Used
Feature-Can Request and Use Claims in id_token
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Claims in id_token|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Request and Use Claims in id_token - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Request and Use Claims in id_token | Request name and email claims be returned in the id_token | Claims returned in id_token and accepted | Fails |
Tests
OC5:FeatureTest-Can Request and Use Claims in id_token
Feature-Can Use Self-Issued OP
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Use Self-Issued OP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Use Self-Issued OP - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Use Self-Issued OP | Request name and email claims claims from self-issued OP | Claims returned in id_token and accepted | Fails |
Tests
OC5:FeatureTest-Can Use Self-Issued OP
Feature-Can Make Access Token Request with client_secret_basic Authentication
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Access Token Request with client_secret_basic Authentication|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Make Access Token Request with client_secret_basic Authentication - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Make Access Token Request with client_secret_basic Authentication | Send Access Token Request with client_secret_basic Authentication | Works | Fails |
Tests
OC5:FeatureTest-Can Make Access Token Request with client_secret_basic Authentication
Feature-Can Make Access Token Request with client_secret_post Authentication
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Access Token Request with client_secret_post Authentication|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Make Access Token Request with client_secret_post Authentication - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Make Access Token Request with client_secret_post Authentication | Send Access Token Request with client_secret_post Authentication | Works | Fails |
Tests
OC5:FeatureTest-Can Make Access Token Request with client_secret_post Authentication
Feature-Can Make Access Token Request with private_key_jwt Authentication
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Access Token Request with private_key_jwt Authentication|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Make Access Token Request with private_key_jwt Authentication - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Make Access Token Request with private_key_jwt Authentication | Send Access Token Request with private_key_jwt Authentication | Works | Fails |
Tests
OC5:FeatureTest-Can Make Access Token Request with private_key_jwt Authentication
Feature-Can Make Access Token Request with client_secret_jwt Authentication
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Access Token Request with client_secret_jwt Authentication|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Make Access Token Request with client_secret_jwt Authentication - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Make Access Token Request with client_secret_jwt Authentication | Send Access Token Request with client_secret_jwt Authentication | Works | Fails |
Tests
OC5:FeatureTest-Can Make Access Token Request with client_secret_jwt Authentication
Feature-Logout Initiated by RP
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Logout Initiated by RP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Logout Initiated by RP - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Logout Initiated by RP | Send logout request to OP | Logout request sent to OP | No logout request sent |
Tests
OC5:FeatureTest-Logout Initiated by RP
Feature-Logout Received by RP
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Logout Received by RP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Logout Received by RP - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Logout Received by RP | Detect and act upon OP initiated logout | RP detects logout request and logs out | RP not logged out |
Tests
OC5:FeatureTest-Logout Received by RP
Feature-State Change Other than Logout Received by RP
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:State Change Other than Logout Received by RP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP State Change Other than Logout Received by RP - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| State Change Other than Logout Received by RP | Change logged in user at the OP and notify RP | Change detected by RP | Change not detected |
Tests
OC5:FeatureTest-State Change Other than Logout Received by RP
Feature-Can Request and Use Signed UserInfo Response
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Signed UserInfo Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Request and Use Signed UserInfo Response - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Request and Use Signed UserInfo Response | Register for, request, and use signed UserInfo responses | Can request and use signed UserInfo responses | Cannot request or use signed UserInfo Responses |
Tests
OC5:FeatureTest-Can Request and Use Signed UserInfo Response
Feature-Can Request and Use Encrypted UserInfo Response
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Encrypted UserInfo Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Request and Use Encrypted UserInfo Response - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Request and Use Encrypted UserInfo Response | Register for, request, and use encrypted UserInfo responses | Can request and use encrypted UserInfo responses | Cannot request or use encrypted UserInfo Responses |
Tests
OC5:FeatureTest-Can Request and Use Encrypted UserInfo Response
Feature-Can Request and Use Signed and Encrypted UserInfo Response
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Signed and Encrypted UserInfo Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Request and Use Signed and Encrypted UserInfo Response - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Request and Use Signed and Encrypted UserInfo Response | Register for, request, and use signed and encrypted UserInfo responses | Can request and use signed and encrypted UserInfo responses | Cannot request or use signed and encrypted UserInfo Responses |
Tests
OC5:FeatureTest-Can Request and Use Signed and Encrypted UserInfo Response
Feature-Can Request and Use Encrypted ID Token Response
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Encrypted ID Token Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Request and Use Encrypted ID Token Response - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Request and Use Encrypted ID Token Response | Register for, request, and use encrypted ID Token responses | Can request and use encrypted ID Token responses | Cannot request or use encrypted ID Token Responses |
Tests
OC5:FeatureTest-Can Request and Use Encrypted ID Token Response
Feature-Can Request and Use Signed and Encrypted ID Token Response
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Signed and Encrypted ID Token Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Request and Use Signed and Encrypted ID Token Response - Maturity: New {{#if: OC4 | (OC4 ) }} | |||
|---|---|---|---|
| Can Request and Use Signed and Encrypted ID Token Response | Register for, request, and use signed and encrypted ID Token responses | Can request and use signed and encrypted ID Token responses | Cannot request or use signed and encrypted ID Token Responses |
Tests
OC5:FeatureTest-Can Request and Use Signed and Encrypted ID Token Response
Feature-Support Third-Party Initiated Login
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Third-Party Initiated Login|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Support Third-Party Initiated Login - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support Third-Party Initiated Login | Receive third-party initiated login request and login to the specified OP | RP logged in at OP | RP not logged in at OP |
Tests
OC5:FeatureTest-Support Third-Party Initiated Login
Feature-Can Make Request with code Response Type
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Request with code Response Type|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Make Request with code Response Type - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Can Make Request with code Response Type | Make a request using response_type=code | Works | Fails |
Tests
OC5:FeatureTest-Can Make Request with code Response Type
Feature-Can Make Request with id_token Response Type
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Request with id_token Response Type|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Make Request with id_token Response Type - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Can Make Request with id_token Response Type | Make a request using response_type=id_token | Works | Fails |
Tests
OC5:FeatureTest-Can Make Request with id_token Response Type
Feature-Can Make Request with id_token token Response Type
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Request with id_token token Response Type|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Make Request with id_token token Response Type - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Can Make Request with id_token token Response Type | Make a request using response_type=id_token token | Works | Fails |
Tests
OC5:FeatureTest-Can Make Request with id_token token Response Type
Feature-Can Make Request with form_post Response Mode
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Request with form_post Response Mode|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Make Request with form_post Response Mode - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Can Make Request with form_post Response Mode | Make a request using response_type=id_token token and response_mode=form_post | HTML form post response processed resulting in query encoded parameters | Fails |
Tests
OC5:FeatureTest-Can Make Request with form_post Response Mode
Feature-Uses Keys Discovered with jwks_uri Value
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Keys Discovered with jwks_uri Value|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Uses Keys Discovered with jwks_uri Value - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Uses Keys Discovered with jwks_uri Value | RP uses keys obtained from jwks_uri discovery parameter | Works | Fails |
Tests
OC5:FeatureTest-Uses Keys Discovered with jwks_uri Value
Feature-Support OP Signing Key Rollover
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support OP Signing Key Rollover|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Support OP Signing Key Rollover - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support OP Signing Key Rollover | OP rolls over signing key at its jwks_uri location after use by RP | RP successfully uses old then new key | Fails |
Tests
OC5:FeatureTest-Support OP Signing Key Rollover
Feature-Can Rollover RP Signing Key
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Rollover RP Signing Key|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Rollover RP Signing Key - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Can Rollover RP Signing Key | RP rolls over signing key at its jwks_uri location after use by OP | OP successfully uses old then new key | Fails |
Tests
OC5:FeatureTest-Can Rollover RP Signing Key
Feature-Can Rollover RP Encryption Key
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Rollover RP Encryption Key|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Can Rollover RP Encryption Key - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Can Rollover RP Encryption Key | RP rolls over encryption key at its jwks_uri location after use by OP | OP successfully uses old then new key | Fails |
Tests
OC5:FeatureTest-Can Rollover RP Encryption Key
Feature-Support OP Encryption Key Rollover
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support OP Encryption Key Rollover|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Support OP Encryption Key Rollover - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Support OP Encryption Key Rollover | OP rolls over encryption key at its jwks_uri location after use by RP | RP successfully uses old then new key | Fails |
Tests
OC5:FeatureTest-Support OP Encryption Key Rollover
Feature-Rejects Discovered issuer Not Matching openid-configuration Path Prefix
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects Discovered issuer Not Matching openid-configuration Path Prefix|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Rejects Discovered issuer Not Matching openid-configuration Path Prefix - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Rejects Discovered issuer Not Matching openid-configuration Path Prefix | Retrieve openid-configuration information for OP from its .well-known/openid-configuration path | Rejects config when concatenating .well-known/openid-configuration to retrieved issuer and openid-configuration path differ | Accepts config when discovered issuer differs from config path prefix |
Tests
OC5:FeatureTest-Rejects Discovered issuer Not Matching openid-configuration Path Prefix
Feature-Rejects Discovered issuer Not Matching ID Token iss Value
{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects Discovered issuer Not Matching ID Token iss Value|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||
| {{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} | {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}} list help [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]] [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]] edit |
| RP Rejects Discovered issuer Not Matching ID Token iss Value - Maturity: New {{#if: OC5 | (OC5 ) }} | |||
|---|---|---|---|
| Rejects Discovered issuer Not Matching ID Token iss Value | Obtain ID token and compare iss value to discovered issuer value | Rejects ID Token when iss and issuer values differ | Accepts ID Token when iss and issuer values differ |
Tests
OC5:FeatureTest-Rejects Discovered issuer Not Matching ID Token iss Value
