OC4:OP Features
From OSIS Open Source Identity Systems
Feature-Support id_token Response Type
| list help copy as XML edit |
| OP Support id_token Response Type - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support id_token Response Type | Exchange with response_type of id_token | Works | Fails |
Tests
OC4:FeatureTest-Support id_token Response Type
Feature-Support code Response Type
| list help copy as XML edit |
| OP Support code Response Type - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support code Response Type | Exchange with response_type of code | Works | Fails |
Tests
OC4:FeatureTest-Support code Response Type
Feature-Support token Response Type
| list help copy as XML edit |
| OP Support token Response Type - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support token Response Type | Exchange with response_type of token | Works | Fails |
Tests
OC4:FeatureTest-Support token Response Type
Feature-Support Combination of id_token code Response Types
| list help copy as XML edit |
| OP Support Combination of id_token code Response Types - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support Combination of id_token code Response Types | Exchange with response_type of id_token code | Works | Fails |
Tests
OC4:FeatureTest-Support Combination of id_token code Response Types
Feature-Support Combination of id_token token Response Types
| list help copy as XML edit |
| OP Support Combination of id_token token Response Types - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support Combination of id_token token Response Types | Exchange with response_type of id_token token | Works | Fails |
Tests
OC4:FeatureTest-Support Combination of id_token token Response Types
Feature-Support Combination of code token Response Types
| list help copy as XML edit |
| OP Support Combination of code token Response Types - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Support Combination of code token Response Types | Exchange with response_type of code token | Works | Fails |
Tests
OC4:FeatureTest-Support Combination of code token Response Types
Feature-Support Combination of code id_token token Response Types
| list help copy as XML edit |
| OP Support Combination of code id_token token Response Types - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Support Combination of code id_token token Response Types | Exchange with response_type of code id_token token | Works | Fails |
Tests
OC4:FeatureTest-Support Combination of code id_token token Response Types
Feature-Support Authentication to Token Endpoint using HTTP Basic with POST
| list help copy as XML edit |
| OP Support Authentication to Token Endpoint using HTTP Basic with POST - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support Authentication to Token Endpoint using HTTP Basic with POST | Obtain Token using client_secret_basic Method with POST | Works | Fails |
Tests
OC4:FeatureTest-Support Authentication to Token Endpoint using HTTP Basic with POST
Feature-Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body
| list help copy as XML edit |
| OP Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body | Obtain Token using client_secret_post method | Works | Fails |
Tests
Feature-Support Authentication to Token Endpoint with Asymmetrically Signed JWTs
| list help copy as XML edit |
| OP Support Authentication to Token Endpoint with Asymmetrically Signed JWTs - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support Authentication to Token Endpoint with Asymmetrically Signed JWTs | Obtain Token using private_key_jwt Method | Works | Fails |
Tests
OC4:FeatureTest-Support Authentication to Token Endpoint with Asymmetrically Signed JWTs
Feature-Support Authentication to Token Endpoint with Symmetrically Signed JWTs
| list help copy as XML edit |
| OP Support Authentication to Token Endpoint with Symmetrically Signed JWTs - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support Authentication to Token Endpoint with Symmetrically Signed JWTs | Obtain Token using client_secret_jwt Method | Works | Fails |
Tests
OC4:FeatureTest-Support Authentication to Token Endpoint with Symmetrically Signed JWTs
Feature-UserInfo Endpoint
| list help copy as XML edit |
| OP UserInfo Endpoint - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| UserInfo Endpoint | Exchange Returning Claims from UserInfo Endpoint | Works | Fails |
Tests
OC4:FeatureTest-UserInfo Endpoint
Feature-UserInfo Endpoint Access with Header Method
| list help copy as XML edit |
| OP UserInfo Endpoint Access with Header Method - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| UserInfo Endpoint Access with Header Method | UserInfo Endpoint Exchange using Header Method | Works | Fails |
Tests
OC4:FeatureTest-UserInfo Endpoint Access with Header Method
Feature-UserInfo Endpoint Access with Form-Encoded Body Method
| list help copy as XML edit |
| OP UserInfo Endpoint Access with Form-Encoded Body Method - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| UserInfo Endpoint Access with Form-Encoded Body Method | UserInfo Endpoint Exchange using Form-Encoded Body Method | Works | Fails |
Tests
OC4:FeatureTest-UserInfo Endpoint Access with Form-Encoded Body Method
Feature-Support scope Requesting No Specific Claims
| list help copy as XML edit |
| OP Support scope Requesting No Specific Claims - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support scope Requesting No Specific Claims | Exchange with scope of openid | user_id claim returned | Fails |
Tests
OC4:FeatureTest-Support scope Requesting No Specific Claims
Feature-Support scope Requesting profile Claims
| list help copy as XML edit |
| OP Support scope Requesting profile Claims - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support scope Requesting profile Claims | Exchange with scope of openid profile | user_id and available default profile claims (name, family_name, given_name, middle_name, nickname, profile, picture, website, gender, birthday, zoneinfo, locale, updated_time) returned | Fails |
Tests
OC4:FeatureTest-Support scope Requesting profile Claims
Feature-Support scope Requesting email Claims
| list help copy as XML edit |
| OP Support scope Requesting email Claims - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support scope Requesting email Claims | Exchange with scope of openid email | user_id returned and email and verified claims returned, if available | Fails |
Tests
OC4:FeatureTest-Support scope Requesting email Claims
Feature-Support scope Requesting address Claims
| list help copy as XML edit |
| OP Support scope Requesting address Claims - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support scope Requesting address Claims | Exchange with scope of openid address | user_id returned and address claim returned, if available | Fails |
Tests
OC4:FeatureTest-Support scope Requesting address Claims
Feature-Support scope Requesting phone Claims
| list help copy as XML edit |
| OP Support scope Requesting phone Claims - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support scope Requesting phone Claims | Exchange with scope of openid phone | user_id returned and phone_number claim returned, if available | Fails |
Tests
OC4:FeatureTest-Support scope Requesting phone Claims
Feature-Support scope Requesting All Basic Claims
| list help copy as XML edit |
| OP Support scope Requesting All Basic Claims - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support scope Requesting All Basic Claims | Exchange with scope of openid profile email address phone | user_id returned and all other available Connect claims returned | Fails |
Tests
OC4:FeatureTest-Support scope Requesting All Basic Claims
Feature-Providing ID Token with max_age Restriction
| list help copy as XML edit |
| OP Providing ID Token with max_age Restriction - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Providing ID Token with max_age Restriction | Exchange with max_age request value of 30 seconds | Causes reauthentication when authentication age over 30 seconds | Fails |
Tests
OC4:FeatureTest-Providing ID Token with max_age Restriction
Feature-Support display value page
| list help copy as XML edit |
| OP Support display value page - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support display value page | Exchange with display value of page | Works | Fails |
Tests
OC4:FeatureTest-Support display value page
Feature-Support display value popup
| list help copy as XML edit |
| OP Support display value popup - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support display value popup | Exchange with display value of popup | Works | Fails |
Tests
OC4:FeatureTest-Support display value popup
Feature-Support prompt value none
| list help copy as XML edit |
| OP Support prompt value none - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support prompt value none | Exchange with prompt value of none | Works | Fails |
Tests
OC4:FeatureTest-Support prompt value none
Feature-Support prompt value login
| list help copy as XML edit |
| OP Support prompt value login - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support prompt value login | Exchange with prompt value of login | Works | Fails |
Tests
OC4:FeatureTest-Support prompt value login
Feature-Uses Asymmetric ID Token Signatures
| list help copy as XML edit |
| OP Uses Asymmetric ID Token Signatures - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Uses Asymmetric ID Token Signatures | Sign ID Token with RS256 | Works | Fails |
Tests
OC4:FeatureTest-Uses Asymmetric ID Token Signatures
Feature-Uses Symmetric ID Token Signatures
| list help copy as XML edit |
| OP Uses Symmetric ID Token Signatures - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Uses Symmetric ID Token Signatures | Sign ID Token with HS256 | Works | Fails |
Tests
OC4:FeatureTest-Uses Symmetric ID Token Signatures
Feature-Enables Discovery
| list help copy as XML edit |
| OP Enables Discovery - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Enables Discovery | Exchange in which Client Discovers and Uses OP Information | Works | Fails |
Tests
OC4:FeatureTest-Enables Discovery
Feature-Enables Dynamic Registration
| list help copy as XML edit |
| OP Enables Dynamic Registration - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Enables Dynamic Registration | Exchange Registering New Client | Works | Fails |
Tests
OC4:FeatureTest-Enables Dynamic Registration
Feature-Providing Aggregated Claims
| list help copy as XML edit |
| OP Providing Aggregated Claims - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Providing Aggregated Claims | Exchange with Aggregated Claims | Works | Fails |
Tests
OC4:FeatureTest-Providing Aggregated Claims
Feature-Providing Distributed Claims
| list help copy as XML edit |
| OP Providing Distributed Claims - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Providing Distributed Claims | Exchange with Distributed Claims | Works | Fails |
Tests
OC4:FeatureTest-Providing Distributed Claims
Feature-Providing public user_id Value
| list help copy as XML edit |
| OP Providing public user_id Value - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Providing public user_id Value | Exchange with public user_id Value | Works | Fails |
Tests
OC4:FeatureTest-Providing public user_id Value
Feature-Providing pairwise user_id Value
| list help copy as XML edit |
| OP Providing pairwise user_id Value - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Providing pairwise user_id Value | Exchange with pairwise user_id Value | Works | Fails |
Tests
OC4:FeatureTest-Providing pairwise user_id Value
Feature-Public and pairwise user_id Values Differ
| list help copy as XML edit |
| OP Public and pairwise user_id Values Differ - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Public and pairwise user_id Values Differ | Request public and pairwise user_id values and verify they differ | The public and pairwise user_id values differ | The public and pairwise user_id values are the same |
Tests
OC4:FeatureTest-Public and pairwise user_id Values Differ
Feature-Support Request File
| list help copy as XML edit |
| OP Support Request File - Maturity: Established (OC3 ) | |||
|---|---|---|---|
| Support Request File | Exchange with request_uri Referencing Request File | Works | Fails |
Tests
OC4:FeatureTest-Support Request File
Feature-Includes at_hash in ID Token when Implicit Flow Used
| list help copy as XML edit |
| OP
Receive request with response_type of token id_token Includes at_hash in ID Token when Implicit Flow Used - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Includes at_hash in ID Token when Implicit Flow Used | at_hash for token returned in id_token | at_hash not returned or incorrectly computed | |
Tests
OC4:FeatureTest-Includes at_hash in ID Token when Implicit Flow Used
Feature-Includes c_hash in ID Token when Code Flow Used
| list help copy as XML edit |
| OP Includes c_hash in ID Token when Code Flow Used - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Includes c_hash in ID Token when Code Flow Used | Receive request with response_type of code | c_hash for code returned in id_token | c_hash not returned or incorrectly computed |
Tests
OC4:FeatureTest-Includes c_hash in ID Token when Code Flow Used
Feature-Reject Request Without response_type
| list help copy as XML edit |
| OP Reject Request Without response_type - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Reject Request Without response_type | Receive authorization request missing the response_type parameter | Request is rejected | Request is accepted |
Tests
OC4:FeatureTest-Reject Request Without response_type
Feature-Ignores Extra Query Component in Request
| list help copy as XML edit |
| OP Ignores Extra Query Component in Request - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Ignores Extra Query Component in Request | Receive request with response_type of code and an extra query parameter | Extra query parameter ignored | Request fails |
Tests
OC4:FeatureTest-Ignores Extra Query Component in Request
Feature-Preserves Query Parameter in redirect_uri
| list help copy as XML edit |
| OP Preserves Query Parameter in redirect_uri - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Preserves Query Parameter in redirect_uri | Receive request with query parameter in redirect_uri | Query parameter included in authorization response | Query param not included |
Tests
OC4:FeatureTest-Preserves Query Parameter in redirect_uri
Feature-Preserves Query Parameter in Registered redirect_uri
| list help copy as XML edit |
| OP Preserves Query Parameter in Registered redirect_uri - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Preserves Query Parameter in Registered redirect_uri | Receive registration request in which the redirect_uri has a query component | Preserves query component | Discards query component |
Tests
OC4:FeatureTest-Preserves Query Parameter in Registered redirect_uri
Feature-Rejects redirect_uri when Query Parameter Does Not Match
| list help copy as XML edit |
| OP Rejects redirect_uri when Query Parameter Does Not Match - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Rejects redirect_uri when Query Parameter Does Not Match | Receive request with same base redirect_uri value but different query parameter in redirect_uri | Rejects request | Accepts request |
Tests
OC4:FeatureTest-Rejects redirect_uri when Query Parameter Does Not Match
Feature-Reject Registration of redirect_uri with Fragment
| list help copy as XML edit |
| OP Reject Registration of redirect_uri with Fragment - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Reject Registration of redirect_uri with Fragment | Receive registration request in which the redirect_uri has a fragment | Request is rejected | Request is accepted |
Tests
OC4:FeatureTest-Reject Registration of redirect_uri with Fragment
Feature-Reject redirect_uri Not Matching a Registered redirect_uri
| list help copy as XML edit |
| OP Reject redirect_uri Not Matching a Registered redirect_uri - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Reject redirect_uri Not Matching a Registered redirect_uri | Receive request with redirect_uri not matching a registered redirect_uri | Request is rejected | Request is accepted |
Tests
OC4:FeatureTest-Reject redirect_uri Not Matching a Registered redirect_uri
Feature-Accept Request Without redirect_uri when One Registered
| list help copy as XML edit |
| OP Accept Request Without redirect_uri when One Registered - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Accept Request Without redirect_uri when One Registered | Receive request without redirect_uri when one redirect_uri registered | Request accepted and registered redirect_uri is used | Request is rejected |
Tests
OC4:FeatureTest-Accept Request Without redirect_uri when One Registered
Feature-Reject Request Without redirect_uri when Multiple Registered
| list help copy as XML edit |
| OP Reject Request Without redirect_uri when Multiple Registered - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Reject Request Without redirect_uri when Multiple Registered | Receive request without redirect_uri when multiple redirect_uri values registered | Request is rejected | Request is accepted |
Tests
OC4:FeatureTest-Reject Request Without redirect_uri when Multiple Registered
Feature-Support Registration Update
| list help copy as XML edit |
| OP Support Registration Update - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Support Registration Update | Receive subsequent registration using client_update | Works | Fails |
Tests
OC4:FeatureTest-Support Registration Update
Feature-Support Registration Secret Rotation
| list help copy as XML edit |
| OP Support Registration Secret Rotation - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Support Registration Secret Rotation | Receive subsequent registration using rotate_secret | Works | Fails |
Tests
OC4:FeatureTest-Support Registration Secret Rotation
Feature-Support id_token Hint Parameter
| list help copy as XML edit |
| OP Support id_token Hint Parameter - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Support id_token Hint Parameter | Receive request with id_token parameter | Works | Fails |
Tests
OC4:FeatureTest-Support id_token Hint Parameter
Feature-Support Request Object Specifying user_id Value
| list help copy as XML edit |
| OP Support Request Object Specifying user_id Value - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Support Request Object Specifying user_id Value | Receive request specifying requested user_id value in request object | If that user is logged in, the request succeeds, otherwise it fails | Other behaviors |
Tests
OC4:FeatureTest-Support Request Object Specifying user_id Value
Feature-Support Request Object Specifying user_id Value when prompt none Used
| list help copy as XML edit |
| OP Support Request Object Specifying user_id Value when prompt none Used - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Support Request Object Specifying user_id Value when prompt none Used | Receive request specifying requested user_id value in request object and using the prompt value none | If that user is logged in without prompting for credentials, the request succeeds, otherwise it fails | Other behaviors |
Tests
OC4:FeatureTest-Support Request Object Specifying user_id Value when prompt none Used
Feature-Displays Logo in Login Page
| list help copy as XML edit |
| OP Displays Logo in Login Page - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Displays Logo in Login Page | OP displays registered client logo in login page | Shown | Not shown |
Tests
OC4:FeatureTest-Displays Logo in Login Page
Feature-Displays Policy URL in Login Page
| list help copy as XML edit |
| OP Displays Policy URL in Login Page - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Displays Policy URL in Login Page | OP displays registered policy URL in login page | Shown | Not shown |
Tests
OC4:FeatureTest-Displays Policy URL in Login Page
Feature-Supports Returning Claims in ID Token
| list help copy as XML edit |
| OP Supports Returning Claims in ID Token - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Supports Returning Claims in ID Token | Request object requests that the name and email and claims be returned in the ID Token and requests no claims from the UserInfo endpoint | Claims returned in ID Token and not the UserInfo endpoint | Claims not returned in ID Token or returned at UserInfo endpoint |
Tests
OC4:FeatureTest-Supports Returning Claims in ID Token
Feature-Supports Returning Different Claims in ID Token and UserInfo Endpoint
| list help copy as XML edit |
| OP Supports Returning Different Claims in ID Token and UserInfo Endpoint - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Supports Returning Different Claims in ID Token and UserInfo Endpoint | Request object requests that the name and email and claims be returned in the ID Token and requests the given_name and family_name claims from the UserInfo endpoint | Claims are returned from locations requested | Claims are not returned or are returned at the wrong locations |
Tests
OC4:FeatureTest-Supports Returning Different Claims in ID Token and UserInfo Endpoint
Feature-Supports Combining Claims Requested with scope and Request Object
| list help copy as XML edit |
| OP Supports Combining Claims Requested with scope and Request Object - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Supports Combining Claims Requested with scope and Request Object | Request uses email scope to request email and email_verified claims and request object to request given_name and family_name claims from UserInfo endpoint | The claims email, email_verified, given_name, and family_name are all returned from the UserInfo endpoint | Not all of the claims requested are returned |
Tests
OC4:FeatureTest-Supports Combining Claims Requested with scope and Request Object
Feature-Supports using Sector Identifier for Pairwise user_id Values
| list help copy as XML edit |
| OP Supports using Sector Identifier for Pairwise user_id Values - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Supports using Sector Identifier for Pairwise user_id Values | Pairwise user_id values returned computed using sector_identifier_url | Same pairwise user_id returned for different registered redirect_uri values | Different pairwise user_id values returned when sector identifier contains the redirect_uri values |
Tests
OC4:FeatureTest-Supports using Sector Identifier for Pairwise user_id Values
Feature-Rejects Sector Identifier Not Containing Registered redirect_uri Values
| list help copy as XML edit |
| OP Rejects Sector Identifier Not Containing Registered redirect_uri Values - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Rejects Sector Identifier Not Containing Registered redirect_uri Values | Registration request received in which the list of redirect_uri values at the sector_identifier_url does not include all the registered redirect_uri values | Request is rejected | Request succeeds |
Tests
OC4:FeatureTest-Rejects Sector Identifier Not Containing Registered redirect_uri Values
Feature-Support Requests Containing nonce
| list help copy as XML edit |
| OP Support Requests Containing nonce - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Support Requests Containing nonce | Receive request using implicit flow containing a nonce | Nonce value returned in ID Token | Nonce value not returned |
Tests
OC4:FeatureTest-Support Requests Containing nonce
Feature-Support Requests Without nonce
| list help copy as XML edit |
| OP Support Requests Without nonce - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Support Requests Without nonce | Receive request using code flow without a nonce | Works | Fails or nonce returned |
Tests
OC4:FeatureTest-Support Requests Without nonce
Feature-Reject Requests Without nonce Using Implicit Flow
| list help copy as XML edit |
| OP Reject Requests Without nonce Using Implicit Flow - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Reject Requests Without nonce Using Implicit Flow | Receive request using implicit flow without a nonce | Request is rejected | Request succeeds |
Tests
OC4:FeatureTest-Reject Requests Without nonce Using Implicit Flow
Feature-Providing Individually Requested Essential Claims
| list help copy as XML edit |
| OP Providing Individually Requested Essential Claims - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Providing Individually Requested Essential Claims | Exchange using OpenID Request Object with Essential name Claim | Specific requested claims returned and no others, or error returned if all not available | Fails |
Tests
OC4:FeatureTest-Providing Individually Requested Essential Claims
Feature-Providing Individually Requested Voluntary Claims
| list help copy as XML edit |
| OP Providing Individually Requested Voluntary Claims - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Providing Individually Requested Voluntary Claims | Exchange using OpenID Request Object with Voluntary email and picture Claims | Specific available voluntary claims returned and no others | Fails |
Tests
OC4:FeatureTest-Providing Individually Requested Voluntary Claims
Feature-Providing Individually Requested Essential and Voluntary Claims
| list help copy as XML edit |
| OP Providing Individually Requested Essential and Voluntary Claims - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Providing Individually Requested Essential and Voluntary Claims | Exchange using OpenID Request Object with Essential name and Voluntary email and picture Claims | Specific essential claims returned and available voluntary claims returned and no others, or error returned if all essential claims not available | Fails |
Tests
OC4:FeatureTest-Providing Individually Requested Essential and Voluntary Claims
Feature-Providing ID Token with Essential auth_time Claim
| list help copy as XML edit |
| OP Providing ID Token with Essential auth_time Claim - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Providing ID Token with Essential auth_time Claim | Exchange using OpenID Request Object with Essential auth_time Claim for ID Token | Works | Fails |
Tests
OC4:FeatureTest-Providing ID Token with Essential auth_time Claim
Feature-Providing ID Token with Essential acr Claim
| list help copy as XML edit |
| OP Providing ID Token with Essential acr Claim - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Providing ID Token with Essential acr Claim | Exchange requesting two acr claim values for ID Token returning one or an error | Returns one of available requested acr claim values if supported or else an error | Fails |
Tests
OC4:FeatureTest-Providing ID Token with Essential acr Claim
Feature-Providing ID Token with Voluntary acr Claim
| list help copy as XML edit |
| OP Providing ID Token with Voluntary acr Claim - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Providing ID Token with Voluntary acr Claim | Exchange requesting two specific voluntary acr claim values for ID Token returning one or zero | Returns one of available requested acr claim values if supported or else none | Fails |
Tests
OC4:FeatureTest-Providing ID Token with Voluntary acr Claim
Feature-Support Request for acr Value of 1
| list help copy as XML edit |
| OP Support Request for acr Value of 1 - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Support Request for acr Value of 1 | Exchange requesting essential acr claim value of 1 in ID Token
Returns ID Token with acr value of 1 Other behaviors | Enter the unacceptable result | |
Tests
OC4:FeatureTest-Support Request for acr Value of 1
Feature-Logout Initiated by OP
| list help copy as XML edit |
| OP Logout Initiated by OP - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Logout Initiated by OP | OP notifies RPs of logout state change | RPs notified of logout | RPs not notified |
Tests
OC4:FeatureTest-Logout Initiated by OP
Feature-Logout Received by OP
| list help copy as XML edit |
| OP Logout Received by OP - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Logout Received by OP | RP notifies OP of logout request | OP performs logout actions | Logout actions not performed |
Tests
OC4:FeatureTest-Logout Received by OP
Feature-State Change Other than Logout Communicated
| list help copy as XML edit |
| OP State Change Other than Logout Communicated - Maturity: New (OC4 ) | |||
|---|---|---|---|
| State Change Other than Logout Communicated | OP notifies RPs of switch user or reauthorization state change | RPs notified of state change | RPs not notified |
Tests
OC4:FeatureTest-State Change Other than Logout Communicated
Feature-Can Provide Signed UserInfo Response
| list help copy as XML edit |
| OP Can Provide Signed UserInfo Response - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Can Provide Signed UserInfo Response | Accept registration for signed UserInfo responses and send them | Accepts registration for signed UserInfo responses and sends them | Registration not accepted or UserInfo response not signed |
Tests
OC4:FeatureTest-Can Provide Signed UserInfo Response
Feature-Can Provide Encrypted UserInfo Response
| list help copy as XML edit |
| OP Can Provide Encrypted UserInfo Response - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Can Provide Encrypted UserInfo Response | Accept registration for encrypted UserInfo responses and send them | Accepts registration for encrypted UserInfo responses and sends them | Registration not accepted or UserInfo response not encrypted |
Tests
OC4:FeatureTest-Can Provide Encrypted UserInfo Response
Feature-Can Provide Signed and Encrypted UserInfo Response
| list help copy as XML edit |
| OP Can Provide Signed and Encrypted UserInfo Response - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Can Provide Signed and Encrypted UserInfo Response | Accept registration for signed and encrypted UserInfo responses and send them | Accepts registration for signed and encrypted UserInfo responses and sends them | Registration not accepted or UserInfo response not signed and encrypted |
Tests
OC4:FeatureTest-Can Provide Signed and Encrypted UserInfo Response
Feature-Can Provide Encrypted ID Token Response
| list help copy as XML edit |
| OP Can Provide Encrypted ID Token Response - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Can Provide Encrypted ID Token Response | Accept registration for encrypted ID Token responses and send them | Accepts registration for encrypted ID Token responses and sends them | Registration not accepted or ID Token response not encrypted |
Tests
OC4:FeatureTest-Can Provide Encrypted ID Token Response
Feature-Can Provide Signed and Encrypted ID Token Response
| list help copy as XML edit |
| OP Can Provide Signed and Encrypted ID Token Response - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Can Provide Signed and Encrypted ID Token Response | Accept registration for signed and encrypted ID Token responses and send them | Accepts registration for signed and encrypted ID Token responses and sends them | Registration not accepted or ID Token response not signed and encrypted |
Tests
OC4:FeatureTest-Can Provide Signed and Encrypted ID Token Response
Feature-Rejects Second Use of Access Code
| list help copy as XML edit |
| OP Rejects Second Use of Access Code - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Rejects Second Use of Access Code | OP receives request to use access code for a second time
Error returned Request succeeds | Enter the unacceptable result | |
Tests
OC4:FeatureTest-Rejects Second Use of Access Code
Feature-Second Use of Access Code Revokes Previously Issued Access Token
| list help copy as XML edit |
| OP Second Use of Access Code Revokes Previously Issued Access Token - Maturity: New (OC4 ) | |||
|---|---|---|---|
| Second Use of Access Code Revokes Previously Issued Access Token | OP receives request to use access code for a second time
Access token revoked Access token continues to work | Enter the unacceptable result | |
Tests
OC4:FeatureTest-Second Use of Access Code Revokes Previously Issued Access Token
