- edited description
CDR Conformance Bugs
Ticket to collate bugs encountered within the Conformance Suite using the CDR profile. Some of these might (hopefully!) already be resolved as I’ve had a high latency on coming back to this. I’ll look to edit the main ticket in the short term as I add things.
- The conformance suite expects the keys within the JWKS to be in a deterministic order notably that the signing key must be the first entry. When the first key is of type
enc
the conformance suite barfs auth_time
is not being specified as an essential claim in the request object of fapi-rw-id2 so is untested but it’s support is mandatory in CDRoffline_access
scope acceptance is untested. It is not required by CDR but it’s presence is meant, at worst, to be ignoredaud
for assertions are expected to be the called uri, the issuer or the token endpoint regardless of endpoint
Note: This one might already be the case but haven’t run through the permutationsscope
parameters involving “Detailed” scopes must require “Basic” scopes to be present or be rejected with an undefined error probablyinvalid_request
- Access Token’s issued must expire in no more than 10 minutes but this is not checked
expires_in
within Token Response is read but does not appear to be mandatory (CDR makes this mandatory)refresh_token_expires_at
must be present within the ID Token obtained from the Token endpoint- Acceptable
acr
values is missingurn:cds.au:cdr:3
-
For
sharing_duration
the following values are considered invalid and perhaps should be tested:- Not an integer
- Value larger than 31536000 (more than 1 year)
- Value <0
-
The
sharing_expires_at
claim is mandatory when a sharing duration of >0 is requested, this is currently parsed but not checked
Comments (17)
-
reporter -
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter I think this is a semi complete list now. @Joseph Heenan it would be good to have a chat with conformance team to walk these through.
-
reporter -
assigned issue to
-
assigned issue to
-
Thanks Stuart - I’ve raised this into the conformance suite issue tracker here: https://bitbucket.org/openid/fapi/issues/365/cdr-conformance-bugs
-
Should I change the designation to the conformance suite instead of Part 2?
-
- changed component to Certification
-
- changed status to open
-
@Joseph Heenan can this be closed?
-
- changed status to resolved
yeah, we’re tracking it in a conformance suite ticket, https://gitlab.com/openid/conformance-suite/-/issues/875 so can close it here.
- Log in to comment