OC4:Oreo

From OSIS Open Source Identity Systems

Jump to: navigation, search

Oreo

   list help  copy  as XML  edit
OC4 Solution   Oreo
Identifier   oreo  
Description   eBay OpenID Connect implementation  
Product Page   https://openidconnect.ebay.com  
Project or solution logo (if different than Participant logo)  
Latest Version    
Latest Release Date    
Installation/Operation Instructions   https://openidconnect.ebay.com  
Operated by   eBay
Interop Roles   OP
https://openidconnect.ebay.com/.well-known/openid-configuration  
  RP
https://openidconnect.ebay.com/oreo/start.jsp  
   
   

Click here for help populating this chart.

OC4 OP FeatureTest List

   list help  copy  as XML  edit
Feature Tests for   Oreo
OpenID Provider Features    
Support id_token Response Type   Not Tested
Support code Response Type   Not Tested
Support token Response Type   Not Tested
Support Combination of id_token code Response Types   Not Tested
Support Combination of id_token token Response Types   Not Tested
Support Combination of code token Response Types   Not Tested
Support Combination of code id_token token Response Types   Not Tested
Support Authentication to Token Endpoint using HTTP Basic with POST   Not Tested
Support Authentication to Token Endpoint using Form-Encoded Client Credentials in POST Body   Not Tested
Support Authentication to Token Endpoint with Asymmetrically Signed JWTs   Not Tested
Support Authentication to Token Endpoint with Symmetrically Signed JWTs   Not Tested
UserInfo Endpoint   Not Tested
UserInfo Endpoint Access with Header Method   Not Tested
UserInfo Endpoint Access with Form-Encoded Body Method   Not Tested
Support scope Requesting No Specific Claims   Not Tested
Support scope Requesting profile Claims   Not Tested
Support scope Requesting email Claims   Not Tested
Support scope Requesting address Claims   Not Tested
Support scope Requesting phone Claims   Not Tested
Support scope Requesting All Basic Claims   Not Tested
Providing ID Token with max_age Restriction   Not Tested
Support display value page   Not Tested
Support display value popup   Not Tested
Support prompt value none   Not Tested
Support prompt value login   Not Tested
Uses Asymmetric ID Token Signatures   Not Tested
Uses Symmetric ID Token Signatures   Not Tested
Enables Discovery   Not Tested
Enables Dynamic Registration   Not Tested
Providing Aggregated Claims   Not Tested
Providing Distributed Claims   Not Tested
Providing public user_id Value   Not Tested
Providing pairwise user_id Value   Not Tested
Public and pairwise user_id Values Differ   Not Tested
Support Request File   Not Tested
Includes at_hash in ID Token when Implicit Flow Used   Not Tested
Includes c_hash in ID Token when Code Flow Used   Not Tested
Reject Request Without response_type   Not Tested
Ignores Extra Query Component in Request   Not Tested
Preserves Query Parameter in redirect_uri   Not Tested
Preserves Query Parameter in Registered redirect_uri   Not Tested
Rejects redirect_uri when Query Parameter Does Not Match   Not Tested
Reject Registration of redirect_uri with Fragment   Not Tested
Reject redirect_uri Not Matching a Registered redirect_uri   Not Tested
Accept Request Without redirect_uri when One Registered   Not Tested
Reject Request Without redirect_uri when Multiple Registered   Not Tested
Support Registration Update   Not Tested
Support Registration Secret Rotation   Not Tested
Support id_token Hint Parameter   Not Tested
Support Request Object Specifying user_id Value   Not Tested
Support Request Object Specifying user_id Value when prompt none Used   Not Tested
Displays Logo in Login Page   Not Tested
Displays Policy URL in Login Page   Not Tested
Supports Returning Claims in ID Token   Not Tested
Supports Returning Different Claims in ID Token and UserInfo Endpoint   Not Tested
Supports Combining Claims Requested with scope and Request Object   Not Tested
Supports using Sector Identifier for Pairwise user_id Values   Not Tested
Rejects Sector Identifier Not Containing Registered redirect_uri Values   Not Tested
Support Requests Containing nonce   Not Tested
Support Requests Without nonce   Not Tested
Reject Requests Without nonce Using Implicit Flow   Not Tested
Providing Individually Requested Essential Claims   Not Tested
Providing Individually Requested Voluntary Claims   Not Tested
Providing Individually Requested Essential and Voluntary Claims   Not Tested
Providing ID Token with Essential auth_time Claim   Not Tested
Providing ID Token with Essential acr Claim   Not Tested
Providing ID Token with Voluntary acr Claim   Not Tested
Support Request for acr Value of 1   Not Tested
Logout Initiated by OP   Not Tested
Logout Received by OP   Not Tested
State Change Other than Logout Communicated   Not Tested
Can Provide Signed UserInfo Response   Not Tested
Can Provide Encrypted UserInfo Response   Not Tested
Can Provide Signed and Encrypted UserInfo Response   Not Tested
Can Provide Encrypted ID Token Response   Not Tested
Can Provide Signed and Encrypted ID Token Response   Not Tested
Rejects Second Use of Access Code   Not Tested
Second Use of Access Code Revokes Previously Issued Access Token   Not Tested

OC4 RP FeatureTest List

   list help  copy  as XML  edit
Feature Tests for   Oreo
Relying Party Features    
Web Page Application   Not Tested
Native Client Application   Not Tested
Accept Valid Asymmetric ID Token Signature   Not Tested
Reject Invalid Asymmetric ID Token Signature   Not Tested
Accept Valid Symmetric ID Token Signature   Not Tested
Reject Invalid Symmetric ID Token Signature   Not Tested
Requesting UserInfo Claims with scope Values   Not Tested
Requesting UserInfo Claims with OpenID Request Object   Not Tested
Uses Discovery   Not Tested
Can Discover Identifiers using E-Mail Syntax   Not Tested
Can Discover Identifiers using URL Syntax   Not Tested
Uses Dynamic Registration   Not Tested
Uses Aggregated Claims   Not Tested
Uses Distributed Claims   Not Tested
Verifies Correct at_hash when Implicit Flow Used   Not Tested
Rejects Incorrect at_hash when Implicit Flow Used   Not Tested
Verifies Correct c_hash when Code Flow Used   Not Tested
Rejects Incorrect c_hash when Code Flow Used   Not Tested
Can Request and Use Claims in id_token   Not Tested
Can Use Self-Issued OP   Not Tested
Can Make Access Token Request with client_secret_basic Authentication   Not Tested
Can Make Access Token Request with client_secret_post Authentication   Not Tested
Can Make Access Token Request with private_key_jwt Authentication   Not Tested
Can Make Access Token Request with client_secret_jwt Authentication   Not Tested
Logout Initiated by RP   Not Tested
Logout Received by RP   Not Tested
State Change Other than Logout Received by RP   Not Tested
Can Request and Use Signed UserInfo Response   Not Tested
Can Request and Use Encrypted UserInfo Response   Not Tested
Can Request and Use Signed and Encrypted UserInfo Response   Not Tested
Can Request and Use Encrypted ID Token Response   Not Tested
Can Request and Use Signed and Encrypted ID Token Response   Not Tested
Retrieved from "http://osis.idcommons.net/wiki/OC4:Oreo"
Personal tools