-
-
Save nov/3937697 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nov@tov:op_config (master)$ oic_flow_tests.py nov_local | |
+ (oic-verify)Special flow used to find necessary user interactions - OK | |
+ (oic-discovery)Provider configuration discovery - OK | |
+ (mj-00)Client registration Request - OK | |
+ (mj-01)Request with response_type=code - OK | |
+ (mj-02)Request with response_type=token - OK | |
X (mj-51)Login no nonce - CRITICAL ([u"Didn't get a response of the type I expected:", u" 'ErrorResponse' instead of 'AuthorizationErrorResponse', content:'state=STATE0&error_description=nonce+required&error=invalid_request'"]) | |
+ (oic-token-userinfo)Implicit flow and Userinfo request - OK | |
+ (oic-token-userinfo_bb)Implicit flow, UserInfo request using POST and bearer body | |
authentication - OK | |
+ (mj-03)Request with response_type=id_token - OK | |
+ (mj-04)Request with response_type=code token - OK | |
+ (oic-code+token-token)Flow with response_type='code token' - OK | |
+ (oic-code+token-userinfo)Flow with response_type='code token' and Userinfo request - OK | |
+ (mj-05)Request with response_type=code id_token - OK | |
+ (oic-code+idtoken-token)Flow with response_type='code idtoken' - OK | |
+ (oic-code+idtoken-token-userinfo)Flow with response_type='code idtoken' and Userinfo request - OK | |
+ (mj-06)Request with response_type=id_token token - OK | |
+ (oic-idtoken+token-userinfo)Flow with response_type='token idtoken' and Userinfo request - OK | |
+ (mj-07)Request with response_type=code id_token token - OK | |
+ (oic-code+idtoken+token-token)Flow with response_type='code token idtoken' - OK | |
+ (oic-code+idtoken+token-token-userinfo)Flow with response_type='code idtoken token' | |
grab a second token using the code and then do a Userinfo | |
request - OK | |
+ (oic-code+idtoken+token-userinfo)Flow with response_type='code idtoken token' and Userinfo | |
request - OK | |
+ (mj-12)UserInfo Endpoint Access with POST and bearer_header - OK | |
X (mj-64)Can Provide Encrypted UserInfo Response - CRITICAL (Userinfo alg algorithm not supported) | |
+ (mj-13)UserInfo Endpoint Access with POST and bearer_body - OK | |
+ (mj-14)Scope Requesting profile Claims - OK | |
+ (mj-15)Scope Requesting email Claims - OK | |
+ (mj-16)Scope Requesting address Claims - OK | |
+ (mj-17)Scope Requesting phone Claims - OK | |
+ (mj-18)Scope Requesting all Claims - OK | |
X (mj-19)OpenID Request Object with Required name Claim - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
X (mj-20)OpenID Request Object with Optional email and picture Claim - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
X (mj-21)OpenID Request Object with Required name and Optional email and picture Claim - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
X (mj-22)Requesting ID Token with auth_time essential Claim - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
X (mj-23)Requesting ID Token with Required specific acr Claim - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
X (mj-24)Requesting ID Token with Optional acr Claim - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
X (mj-25)Requesting ID Token with max_age=1 seconds Restriction - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
+ (mj-26)Request with display=page - OK | |
+ (mj-27)Request with display=popup - OK | |
X (mj-28)Request with prompt=none - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 191, in run_sequence\n stat = chk(environ, test_output)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/check.py", line 50, in __call__\n _stat = self.response(**self._func(environ))\n', u'TypeError: response() argument after ** must be a mapping, not NoneType\n']) | |
+ (mj-29)Request with prompt=login - OK | |
+ (mj-30)Access token request with client_secret_basic authentication - OK | |
+ (mj-31)Request with response_type=code and extra query component - OK | |
X (mj-32)Request with redirect_uri with query component - CRITICAL (OP error) | |
+ (mj-33)Registration where a redirect_uri has a query component - OK | |
X (mj-34)Registration where a redirect_uri has a fragment - CRITICAL (Expected error message) | |
X (mj-35)Authorization request missing the 'response_type' parameter - CRITICAL (Expected redirect) | |
X (mj-36)The sent redirect_uri does not match the registered - CRITICAL (Expected error message) | |
X (mj-37)Access token request with client_secret_jwt authentication - CRITICAL (Auth type not supported) | |
X (mj-38)Access token request with public_key_jwt authentication - CRITICAL (Auth type not supported) | |
+ (mj-41)Registration and later registration update - OK | |
X (mj-42)Registration and later secret rotate - CRITICAL (OP error) | |
{u'status': 3, u'id': u'policy_url_on_page', u'name': u''} | |
{u'status': 3, u'id': u'logo_url_on_page', u'name': u''} | |
! (mj-45)Registration with policy_url and logo_url - ERROR | |
+ (mj-46)Registration of wish for public user_id - OK | |
+ (mj-47)Registration of sector-identifier-uri - OK | |
X (mj-48)Incorrect registration of sector-identifier-uri - CRITICAL (Expected error message) | |
+ (mj-49)Registration of wish for pairwise user_id - OK | |
+ (mj-50)Verify change in user_id - OK | |
X (mj-52)Requesting ID Token with Email claims - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
X (mj-53)using prompt=none with user hint through IdToken - CRITICAL (Not an response I expected) | |
X (mj-54)using prompt=none with user hint through user_id in request - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 349, in __call__\n response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
X (mj-55)Rejects redirect_uri when Query Parameter Does Not Match - CRITICAL (Expected error message) | |
X (mj-58)Requesting ID Token with Required acr Claim - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
X (mj-60)RP wants signed UserInfo returned - CRITICAL (Signed UserInfo not supported) | |
X (mj-61)RP wants symmetric IdToken signature - CRITICAL (Signed Id Token algorithm not supported) | |
X (mj-68)User hint through user_id in request - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 370, in __call__\n response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) | |
+ (mj-69)Registration of sector-identifier-uri - OK | |
+ (oic-code-token)Simple authorization grant flow - OK | |
+ (mj-39)Trying to use access code twice should result in an error - OK | |
X (mj-40)Trying to use access code twice should result in revoking previous issued tokens - CRITICAL (Expected error message) | |
+ (mj-43)No redirect_uri in request, one registered - OK | |
X (mj-44)No redirect_uri in request, multi registered - CRITICAL (OP error) | |
+ (oic-code-token-userinfo_bb)Authorization grant flow response_type='code token', | |
UserInfo request using POST and bearer body authentication - OK | |
X (mj-57)Support Request File - CRITICAL ([u'Traceback (most recent call last):\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/base.py", line 180, in run_sequence\n part = req(environ, trace, url, response, content, features)\n', u' File "/Library/Python/2.7/site-packages/oictest-0.1.1-py2.7.egg/oictest/oic_operations.py", line 118, in __call__\n **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 443, in construct_AuthorizationRequest\n _req = make_openid_request(areq, **kwargs)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oic/__init__.py", line 272, in make_openid_request\n return oir.to_jwt(key=keys, algorithm=algorithm)\n', u' File "/Library/Python/2.7/site-packages/oic-0.3.0-py2.7.egg/oic/oauth2/message.py", line 350, in to_jwt\n return jws.sign(self.to_json(lev), key, algorithm)\n', u' File "/Library/Python/2.7/site-packages/pyjwkest-0.1.0-py2.7.egg/jwkest/jws.py", line 202, in sign\n key = str(keys["hmac"][0])\n', u'KeyError: 0\n']) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment