OC5:RP Features

From OSIS Open Source Identity Systems
Jump to: navigation, search

{{#vardefine:DtArticleSortKey|}}


Feature-Reject Invalid Asymmetric ID Token Signature

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Reject Invalid Asymmetric ID Token Signature|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Reject Invalid Asymmetric ID Token Signature - Maturity: Established {{#if: OC3 | (OC3 ) }}
Reject Invalid Asymmetric ID Token Signature Reject ID Token with Incorrect RS256 Signature Works Fails

Tests

OC5:FeatureTest-Reject Invalid Asymmetric ID Token Signature


Feature-Reject Invalid Symmetric ID Token Signature

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Reject Invalid Symmetric ID Token Signature|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Reject Invalid Symmetric ID Token Signature - Maturity: Established {{#if: OC3 | (OC3 ) }}
Reject Invalid Symmetric ID Token Signature Reject ID Token with Incorrect HS256 Signature Works Fails

Tests

OC5:FeatureTest-Reject Invalid Symmetric ID Token Signature


Feature-Requesting UserInfo Claims with scope Values

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Requesting UserInfo Claims with scope Values|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Requesting UserInfo Claims with scope Values - Maturity: Established {{#if: OC3 | (OC3 ) }}
Requesting UserInfo Claims with scope Values Request Claims using scope Value Displays claims returned that were requested with a scope value Fails

Tests

OC5:FeatureTest-Requesting UserInfo Claims with scope Values


Feature-Requesting UserInfo Claims with claims Request Parameter

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Requesting UserInfo Claims with claims Request Parameter|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Requesting UserInfo Claims with claims Request Parameter - Maturity: Established {{#if: OC3 | (OC3 ) }}
Requesting UserInfo Claims with claims Request Parameter Request name and email claims using claims request parameter Displays claims returned that were requested with the claims Request Parameter Fails

Tests

OC5:FeatureTest-Requesting UserInfo Claims with claims Request Parameter


Feature-Uses WebFinger Discovery

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses WebFinger Discovery|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Uses WebFinger Discovery - Maturity: Established {{#if: OC3 | (OC3 ) }}
Uses WebFinger Discovery Discover user's OP location with WebFinger Works Fails

Tests

OC5:FeatureTest-Uses WebFinger Discovery


Feature-Uses openid-configuration Discovery Information

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses openid-configuration Discovery Information|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Uses openid-configuration Discovery Information - Maturity: New {{#if: OC5 | (OC5 ) }}
Uses openid-configuration Discovery Information RP uses OP metadata published at <issuer>/.well-known/openid-configuration RP uses OP metadata RP does not use OP metadata

Tests

OC5:FeatureTest-Uses openid-configuration Discovery Information


Feature-Can Discover Identifiers using E-Mail Syntax

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Discover Identifiers using E-Mail Syntax|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Discover Identifiers using E-Mail Syntax - Maturity: Established {{#if: OC3 | (OC3 ) }}
Can Discover Identifiers using E-Mail Syntax Discover and Use OP for Identifier using E-Mail Syntax Works Fails

Tests

OC5:FeatureTest-Can Discover Identifiers using E-Mail Syntax


Feature-Can Discover Identifiers using URL Syntax

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Discover Identifiers using URL Syntax|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Discover Identifiers using URL Syntax - Maturity: Established {{#if: OC3 | (OC3 ) }}
Can Discover Identifiers using URL Syntax Discover and Use OP for Identifier using URL Syntax Works Fails

Tests

OC5:FeatureTest-Can Discover Identifiers using URL Syntax


Feature-Uses Dynamic Registration

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Dynamic Registration|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Uses Dynamic Registration - Maturity: Established {{#if: OC3 | (OC3 ) }}
Uses Dynamic Registration Dynamically Register Client with OP and Use OP Works Fails

Tests

OC5:FeatureTest-Uses Dynamic Registration


Feature-Uses Aggregated Claims

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Aggregated Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Uses Aggregated Claims - Maturity: Established {{#if: OC3 | (OC3 ) }}
Uses Aggregated Claims Display Aggregated Claims Received from OP Works Fails

Tests

OC5:FeatureTest-Uses Aggregated Claims


Feature-Uses Distributed Claims

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Distributed Claims|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Uses Distributed Claims - Maturity: Established {{#if: OC3 | (OC3 ) }}
Uses Distributed Claims Display Distributed Claims Received from OP Works Fails

Tests

OC5:FeatureTest-Uses Distributed Claims


Feature-Rejects Incorrect at_hash when Implicit Flow Used

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects Incorrect at_hash when Implicit Flow Used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Rejects Incorrect at_hash when Implicit Flow Used - Maturity: Established {{#if: OC4 | (OC4 ) }}
Rejects Incorrect at_hash when Implicit Flow Used Receive response to request using response_type token id_token with incorrect at_hash value Incorrect at_hash value rejected Response accepted

Tests

OC5:FeatureTest-Rejects Incorrect at_hash when Implicit Flow Used


Feature-Rejects Incorrect c_hash when Code Flow Used

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects Incorrect c_hash when Code Flow Used|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Rejects Incorrect c_hash when Code Flow Used - Maturity: Established {{#if: OC4 | (OC4 ) }}
Rejects Incorrect c_hash when Code Flow Used Receive response to request using response_type code with incorrect c_hash value Incorrect c_hash value rejected Response accepted

Tests

OC5:FeatureTest-Rejects Incorrect c_hash when Code Flow Used


Feature-Can Request and Use Claims in id_token

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Claims in id_token|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Request and Use Claims in id_token - Maturity: Established {{#if: OC4 | (OC4 ) }}
Can Request and Use Claims in id_token Request name and email claims be returned in the id_token Claims returned in id_token and accepted Fails

Tests

OC5:FeatureTest-Can Request and Use Claims in id_token


Feature-Can Use Self-Issued OP

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Use Self-Issued OP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Use Self-Issued OP - Maturity: Established {{#if: OC4 | (OC4 ) }}
Can Use Self-Issued OP Request name and email claims claims from self-issued OP Claims returned in id_token and accepted Fails

Tests

OC5:FeatureTest-Can Use Self-Issued OP


Feature-Can Make Access Token Request with client_secret_basic Authentication

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Access Token Request with client_secret_basic Authentication|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Make Access Token Request with client_secret_basic Authentication - Maturity: Established {{#if: OC4 | (OC4 ) }}
Can Make Access Token Request with client_secret_basic Authentication Send Access Token Request with client_secret_basic Authentication Works Fails

Tests

OC5:FeatureTest-Can Make Access Token Request with client_secret_basic Authentication


Feature-Can Make Access Token Request with client_secret_post Authentication

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Access Token Request with client_secret_post Authentication|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Make Access Token Request with client_secret_post Authentication - Maturity: Established {{#if: OC4 | (OC4 ) }}
Can Make Access Token Request with client_secret_post Authentication Send Access Token Request with client_secret_post Authentication Works Fails

Tests

OC5:FeatureTest-Can Make Access Token Request with client_secret_post Authentication


Feature-Can Make Access Token Request with private_key_jwt Authentication

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Access Token Request with private_key_jwt Authentication|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Make Access Token Request with private_key_jwt Authentication - Maturity: Established {{#if: OC4 | (OC4 ) }}
Can Make Access Token Request with private_key_jwt Authentication Send Access Token Request with private_key_jwt Authentication Works Fails

Tests

OC5:FeatureTest-Can Make Access Token Request with private_key_jwt Authentication


Feature-Can Make Access Token Request with client_secret_jwt Authentication

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Access Token Request with client_secret_jwt Authentication|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Make Access Token Request with client_secret_jwt Authentication - Maturity: Established {{#if: OC4 | (OC4 ) }}
Can Make Access Token Request with client_secret_jwt Authentication Send Access Token Request with client_secret_jwt Authentication Works Fails

Tests

OC5:FeatureTest-Can Make Access Token Request with client_secret_jwt Authentication


Feature-Logout Initiated by RP

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Logout Initiated by RP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Logout Initiated by RP - Maturity: Established {{#if: OC4 | (OC4 ) }}
Logout Initiated by RP Send logout request to OP Logout request sent to OP No logout request sent

Tests

OC5:FeatureTest-Logout Initiated by RP


Feature-Logout Received by RP

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Logout Received by RP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Logout Received by RP - Maturity: Established {{#if: OC4 | (OC4 ) }}
Logout Received by RP Detect and act upon OP initiated logout RP detects logout request and logs out RP not logged out

Tests

OC5:FeatureTest-Logout Received by RP


Feature-State Change Other than Logout Received by RP

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:State Change Other than Logout Received by RP|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP State Change Other than Logout Received by RP - Maturity: Established {{#if: OC4 | (OC4 ) }}
State Change Other than Logout Received by RP Change logged in user at the OP and notify RP Change detected by RP Change not detected

Tests

OC5:FeatureTest-State Change Other than Logout Received by RP


Feature-Can Request and Use Signed UserInfo Response

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Signed UserInfo Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Request and Use Signed UserInfo Response - Maturity: Established {{#if: OC4 | (OC4 ) }}
Can Request and Use Signed UserInfo Response Register for, request, and use signed UserInfo responses Can request and use signed UserInfo responses Cannot request or use signed UserInfo Responses

Tests

OC5:FeatureTest-Can Request and Use Signed UserInfo Response


Feature-Can Request and Use Encrypted UserInfo Response

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Encrypted UserInfo Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Request and Use Encrypted UserInfo Response - Maturity: Established {{#if: OC4 | (OC4 ) }}
Can Request and Use Encrypted UserInfo Response Register for, request, and use encrypted UserInfo responses Can request and use encrypted UserInfo responses Cannot request or use encrypted UserInfo Responses

Tests

OC5:FeatureTest-Can Request and Use Encrypted UserInfo Response


Feature-Can Request and Use Signed and Encrypted UserInfo Response

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Signed and Encrypted UserInfo Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Request and Use Signed and Encrypted UserInfo Response - Maturity: Established {{#if: OC4 | (OC4 ) }}
Can Request and Use Signed and Encrypted UserInfo Response Register for, request, and use signed and encrypted UserInfo responses Can request and use signed and encrypted UserInfo responses Cannot request or use signed and encrypted UserInfo Responses

Tests

OC5:FeatureTest-Can Request and Use Signed and Encrypted UserInfo Response


Feature-Can Request and Use Signed and Encrypted ID Token Response

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Signed and Encrypted ID Token Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Request and Use Signed and Encrypted ID Token Response - Maturity: Established {{#if: OC4 | (OC4 ) }}
Can Request and Use Signed and Encrypted ID Token Response Register for, request, and use signed and encrypted ID Token responses Can request and use signed and encrypted ID Token responses Cannot request or use signed and encrypted ID Token Responses

Tests

OC5:FeatureTest-Can Request and Use Signed and Encrypted ID Token Response


Feature-Can Request and Use Unsecured ID Token Response

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Request and Use Unsecured ID Token Response|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Request and Use Unsecured ID Token Response - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Request and Use Unsecured ID Token Response Register for, request, and use unsecured ID Token responses using the code flow and "alg":"none" Can request and use unsecured ID Token responses Cannot request or use unsecured ID Token Responses

Tests

OC5:FeatureTest-Can Request and Use Unsecured ID Token Response


Feature-Support Third-Party Initiated Login

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support Third-Party Initiated Login|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Support Third-Party Initiated Login - Maturity: New {{#if: OC5 | (OC5 ) }}
Support Third-Party Initiated Login Receive third-party initiated login request and login to the specified OP RP logged in at OP RP not logged in at OP

Tests

OC5:FeatureTest-Support Third-Party Initiated Login


Feature-Can Make Request with code Response Type

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Request with code Response Type|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Make Request with code Response Type - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Make Request with code Response Type Make a request using response_type=code Works Fails

Tests

OC5:FeatureTest-Can Make Request with code Response Type


Feature-Can Make Request with id_token Response Type

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Request with id_token Response Type|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Make Request with id_token Response Type - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Make Request with id_token Response Type Make a request using response_type=id_token Works Fails

Tests

OC5:FeatureTest-Can Make Request with id_token Response Type


Feature-Can Make Request with id_token token Response Type

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Request with id_token token Response Type|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Make Request with id_token token Response Type - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Make Request with id_token token Response Type Make a request using response_type=id_token token Works Fails

Tests

OC5:FeatureTest-Can Make Request with id_token token Response Type


Feature-Can Make Request with form_post Response Mode

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Make Request with form_post Response Mode|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Make Request with form_post Response Mode - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Make Request with form_post Response Mode Make a request using response_type=id_token token and response_mode=form_post HTML form post response processed resulting in query encoded parameters Fails

Tests

OC5:FeatureTest-Can Make Request with form_post Response Mode


Feature-Uses Keys Discovered with jwks_uri Value

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Uses Keys Discovered with jwks_uri Value|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Uses Keys Discovered with jwks_uri Value - Maturity: New {{#if: OC5 | (OC5 ) }}
Uses Keys Discovered with jwks_uri Value RP uses keys obtained from jwks_uri discovery parameter Works Fails

Tests

OC5:FeatureTest-Uses Keys Discovered with jwks_uri Value


Feature-Support OP Signing Key Rollover

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support OP Signing Key Rollover|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Support OP Signing Key Rollover - Maturity: New {{#if: OC5 | (OC5 ) }}
Support OP Signing Key Rollover OP rolls over signing key at its jwks_uri location after use by RP RP successfully uses old then new key Fails

Tests

OC5:FeatureTest-Support OP Signing Key Rollover


Feature-Can Rollover RP Signing Key

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Rollover RP Signing Key|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Rollover RP Signing Key - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Rollover RP Signing Key RP rolls over signing key at its jwks_uri location after use by OP OP successfully uses old then new key Fails

Tests

OC5:FeatureTest-Can Rollover RP Signing Key


Feature-Can Rollover RP Encryption Key

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Rollover RP Encryption Key|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Rollover RP Encryption Key - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Rollover RP Encryption Key RP rolls over encryption key at its jwks_uri location after use by OP OP successfully uses old then new key Fails

Tests

OC5:FeatureTest-Can Rollover RP Encryption Key


Feature-Support OP Encryption Key Rollover

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Support OP Encryption Key Rollover|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Support OP Encryption Key Rollover - Maturity: New {{#if: OC5 | (OC5 ) }}
Support OP Encryption Key Rollover OP rolls over encryption key at its jwks_uri location after use by RP RP successfully uses old then new key Fails

Tests

OC5:FeatureTest-Support OP Encryption Key Rollover


Feature-Rejects Discovered issuer Not Matching openid-configuration Path Prefix

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects Discovered issuer Not Matching openid-configuration Path Prefix|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Rejects Discovered issuer Not Matching openid-configuration Path Prefix - Maturity: New {{#if: OC5 | (OC5 ) }}
Rejects Discovered issuer Not Matching openid-configuration Path Prefix Retrieve openid-configuration information for OP from its .well-known/openid-configuration path Rejects config when concatenating .well-known/openid-configuration to retrieved issuer and openid-configuration path differ Accepts config when discovered issuer differs from config path prefix

Tests

OC5:FeatureTest-Rejects Discovered issuer Not Matching openid-configuration Path Prefix


Feature-Rejects ID Token with iss Not Matching Discovered issuer

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects ID Token with iss Not Matching Discovered issuer|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Rejects ID Token with iss Not Matching Discovered issuer - Maturity: New {{#if: OC5 | (OC5 ) }}
Rejects ID Token with iss Not Matching Discovered issuer Obtain ID token and compare iss value to discovered issuer value Rejects ID Token when iss and issuer values differ Accepts ID Token when iss and issuer values differ

Tests

OC5:FeatureTest-Rejects ID Token with iss Not Matching Discovered issuer


Feature-Rejects ID Token with Invalid Audience

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects ID Token with Invalid Audience|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Rejects ID Token with Invalid Audience - Maturity: New {{#if: OC5 | (OC5 ) }}
Rejects ID Token with Invalid Audience Obtain ID Token and compare its "aud" value to RP's Client ID Rejects ID Token when "aud" missing or doesn't match Client ID Accepts ID Token when "aud" missing or doesn't match Client ID

Tests

OC5:FeatureTest-Rejects ID Token with Invalid Audience


Feature-Rejects UserInfo with Invalid Subject

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Rejects UserInfo with Invalid Subject|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Rejects UserInfo with Invalid Subject - Maturity: New {{#if: OC5 | (OC5 ) }}
Rejects UserInfo with Invalid Subject Obtain UserInfo Endpoint result and compare its "sub" value to ID Token's "sub" claim Rejects UserInfo result when "sub" value missing or doesn't match ID Token "sub" claim Accepts UserInfo result when "sub" value missing or doesn't match ID Token "sub" claim

Tests

OC5:FeatureTest-Rejects UserInfo with Invalid Subject


Feature-Can Use request_uri Request Parameter with Unsecured Request

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Use request_uri Request Parameter with Unsecured Request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Use request_uri Request Parameter with Unsecured Request - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Use request_uri Request Parameter with Unsecured Request Exchange with request_uri referencing Request Object using "alg":"none" Works Fails

Tests

OC5:FeatureTest-Can Use request_uri Request Parameter with Unsecured Request


Feature-Can Use request_uri Request Parameter with Signed Request

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Use request_uri Request Parameter with Signed Request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Use request_uri Request Parameter with Signed Request - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Use request_uri Request Parameter with Signed Request Exchange with request_uri referencing Request Object signed with RS256 Works Fails

Tests

OC5:FeatureTest-Can Use request_uri Request Parameter with Signed Request


Feature-Can Use request_uri Request Parameter with Encrypted Request

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Use request_uri Request Parameter with Encrypted Request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Use request_uri Request Parameter with Encrypted Request - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Use request_uri Request Parameter with Encrypted Request Exchange with request_uri referencing Request Object encrypted with RSA1_5 and A128CBC-HS256 Works Fails

Tests

OC5:FeatureTest-Can Use request_uri Request Parameter with Encrypted Request


Feature-Can Use request_uri Request Parameter with Signed and Encrypted Request

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Use request_uri Request Parameter with Signed and Encrypted Request|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Use request_uri Request Parameter with Signed and Encrypted Request - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Use request_uri Request Parameter with Signed and Encrypted Request Exchange with request_uri referencing Request Object signed with RS256 and encrypted with RSA1_5 and A128CBC-HS256 Works Fails

Tests

OC5:FeatureTest-Can Use request_uri Request Parameter with Signed and Encrypted Request


Feature-Can Use Elliptic Curve ID Token Signatures

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Can Use Elliptic Curve ID Token Signatures|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Can Use Elliptic Curve ID Token Signatures - Maturity: New {{#if: OC5 | (OC5 ) }}
Can Use Elliptic Curve ID Token Signatures Register for ES256 ID Token signatures and use them Works Fails

Tests

OC5:FeatureTest-Can Use Elliptic Curve ID Token Signatures


Feature-Accesses UserInfo Endpoint with Header Method

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Accesses UserInfo Endpoint with Header Method|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Accesses UserInfo Endpoint with Header Method - Maturity: New {{#if: OC5 | (OC5 ) }}
Accesses UserInfo Endpoint with Header Method Access UserInfo Endpoint using Authorization Bearer header method to pass Access Token Verify that header parameter method used Another method used

Tests

OC5:FeatureTest-Accesses UserInfo Endpoint with Header Method


Feature-Does Not Access UserInfo Endpoint with Query Parameter Method

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|RP Features}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:Does Not Access UserInfo Endpoint with Query Parameter Method|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=Feature,from={{#var:page}},namespace=OC5|copy]]  [[Special:Call/DT Articles list XML,type=Feature,title={{#var:page}},namespace=OC5|as XML]]  edit
}}
RP Does Not Access UserInfo Endpoint with Query Parameter Method - Maturity: New {{#if: OC5 | (OC5 ) }}
Does Not Access UserInfo Endpoint with Query Parameter Method Access UserInfo Endpoint and verify that Query Parameter method not used to pass Access Token Query Parameter method not used Query Parameter method used

Tests

OC5:FeatureTest-Does Not Access UserInfo Endpoint with Query Parameter Method