Hi All, According to the spec [1] when prompt=none the result should as below.
> The Authorization Server MUST NOT display any authentication or consent > user interface pages. An error is returned if an End-User is not already > authenticated or the Client does not have per-configured consent for the > requested Claims or does not fulfill other conditions for processing the > request So if we consider a scenario like 1. User sends authorization request without any prompt value to the IS server 2. Server gives the login page 3. User provides credentials 4. Authentication successful and server returns consent page 5. User provides consent as 'Approve' 6. User send a authorization request with prompt =none According to our current implementation it gives an error page with consent-required error as the server does not have "trusted_always" in the db table or "skipConsent=true" in file. But when executing the OIDC compliance test cases in such a scenario it expects this as a successful authentication as we have set the consent as approve in the same session. So if we are doing this we need to skip the consent page if the their is a session with consent=approve. Do we need to change our implementation according to this? Any suggestions will be highly appreciated. The output of the test case is as below. Trace output 0.000497 ------------ AuthorizationRequest ------------ 0.000903 --> URL: https://210.90.95.XXX:9443/oauth2/authorize?scope=openid&state=hwcw3vhktnBaM99R&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60746%2Fauthz_cb&response_type=code&client_id=4rYClwGnY4CE_XXAkMCoWuI4mnIa 0.000910 --> BODY: None 70.472175 <-- code=de0696cf-7183-3c31-a13c-92695101e589&state=hwcw3vhktnBaM99R&session_state=927dc2d850b486e4a5d76a5f0d0dd3c1829b4e0007e11e58b1a9fbf17a3fff18._ynyYSwWWERr2-QI1X8sDg 70.472683 AuthorizationResponse: { "code": "de0696cf-7183-3c31-a13c-92695101e589", "session_state": "927dc2d850b486e4a5d76a5f0d0dd3c1829b4e0007e11e58b1a9fbf17a3fff18._ynyYSwWWERr2-QI1X8sDg", "state": "hwcw3vhktnBaM99R" } 70.473121 ------------ AccessTokenRequest ------------ 70.473556 --> URL: https://210.90.95.XXX:9443/oauth2/token 70.473561 --> BODY: code=de0696cf-7183-3c31-a13c-92695101e589&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60746%2Fauthz_cb 70.473575 --> HEADERS: {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': u'Basic NHJZQ2x3R25ZNENFX1hYQWtNQ29XdUk0bW5JYTpBdE8wenhmNjJLb1lhc1lUb2JPR1JYVlJaWHNh'} 74.644260 <-- STATUS: 200 74.644479 <-- BODY: {"access_token":"399d4582-967f-3083-831e-f5c4a6665e4a","refresh_token":"e9f533c3-a867-3758-8edc-2c10b2be0cd3","scope":"openid","id_token":"eyJ4NXQiOiJObUptT0dVeE16WmxZak0yWkRSaE5UWmxZVEExWXpkaFpUUmlPV0UwTldJMk0ySm1PVGMxWkEiLCJraWQiOiIxNTA4MzI3Zjg1M2RlODkzZWVhYTg2YzIwMTUyNjg5NWQxZTk1MTQzIiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoiQ1dSTWNFSkNDUURWeUtGMVlDWklmZyIsInN1YiI6ImFkbWluIiwiYXVkIjpbIjRyWUNsd0duWTRDRV9YWEFrTUNvV3VJNG1uSWEiXSwiYXpwIjoiNHJZQ2x3R25ZNENFX1hYQWtNQ29XdUk0bW5JYSIsImF1dGhfdGltZSI6MTQ2ODgzNTEwMCwiaXNzIjoiaHR0cHM6XC9cLzIwMy45NC45NS4yMTU6OTQ0M1wvIiwiZXhwIjoxNDY4ODM5OTQ0LCJpYXQiOjE0Njg4MzYzNDR9.M3Er8G4M05JPXmm-YOsOVcimGrzr9GwSmKeqGQBMTP0ZCpJ9NlFN-SR5HJ9xcH8Tc-dh201euilqPLzkfq2annbIS8V7gkS2ttnryjp0eTDIX3p4gKoLo1HfEARb4iB6r6ovDIzqytYMPacZj5t7uxBxSz2Aiu6qjkNOb5uY7Ss","token_type":"Bearer","expires_in":2056} 76.777209 AccessTokenResponse: { "access_token": "399d4582-967f-3083-831e-f5c4a6665e4a", "expires_in": 2056, "id_token": { "claims": { "at_hash": "CWRMcEJCCQDVyKF1YCZIfg", "aud": [ "4rYClwGnY4CE_XXAkMCoWuI4mnIa" ], "auth_time": 1468835100, "azp": "4rYClwGnY4CE_XXAkMCoWuI4mnIa", "exp": 1468839944, "iat": 1468836344, "iss": "https://210.90.95.XXX:9443/";, "sub": "admin" }, "jws header parameters": { "alg": "RS256", "kid": "1508327f853de893eeaa86c201526895d1e95143", "x5t": "NmJmOGUxMzZlYjM2ZDRhNTZlYTA1YzdhZTRiOWE0NWI2M2JmOTc1ZA" } }, "refresh_token": "e9f533c3-a867-3758-8edc-2c10b2be0cd3", "scope": "openid", "token_type": "Bearer" } 76.788640 ------------ AuthorizationRequest ------------ 76.789114 --> URL: https://210.90.95.XXX:9443/oauth2/authorize?prompt=none&state=AstNRnS88v73aAjI&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60746%2Fauthz_cb&response_type=code&client_id=4rYClwGnY4CE_XXAkMCoWuI4mnIa&scope=openid 76.789121 --> BODY: None 108.266371 <-- code=684a2084-b823-35fc-baed-d73fdb6a9694&state=AstNRnS88v73aAjI&session_state=62a0bd33903999d7245654681f715e9700377e6b5ccaaf84ecb98b40311d8214.9iW0pFCokaZQXs4mZAp1jg 108.266883 AuthorizationResponse: { "code": "684a2084-b823-35fc-baed-d73fdb6a9694", "session_state": "62a0bd33903999d7245654681f715e9700377e6b5ccaaf84ecb98b40311d8214.9iW0pFCokaZQXs4mZAp1jg", "state": "AstNRnS88v73aAjI" } 108.268413 ------------ AccessTokenRequest ------------ 108.268842 --> URL: https://210.90.95.XXX:9443/oauth2/token 108.268848 --> BODY: code=684a2084-b823-35fc-baed-d73fdb6a9694&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60746%2Fauthz_cb 108.268861 --> HEADERS: {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': u'Basic NHJZQ2x3R25ZNENFX1hYQWtNQ29XdUk0bW5JYTpBdE8wenhmNjJLb1lhc1lUb2JPR1JYVlJaWHNh'} 109.497011 <-- STATUS: 200 109.497233 <-- BODY: {"access_token":"399d4582-967f-3083-831e-f5c4a6665e4a","refresh_token":"e9f533c3-a867-3758-8edc-2c10b2be0cd3","scope":"openid","id_token":"eyJ4NXQiOiJObUptT0dVeE16WmxZak0yWkRSaE5UWmxZVEExWXpkaFpUUmlPV0UwTldJMk0ySm1PVGMxWkEiLCJraWQiOiIxNTA4MzI3Zjg1M2RlODkzZWVhYTg2YzIwMTUyNjg5NWQxZTk1MTQzIiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoiQ1dSTWNFSkNDUURWeUtGMVlDWklmZyIsInN1YiI6ImFkbWluIiwiYXVkIjpbIjRyWUNsd0duWTRDRV9YWEFrTUNvV3VJNG1uSWEiXSwiYXpwIjoiNHJZQ2x3R25ZNENFX1hYQWtNQ29XdUk0bW5JYSIsImF1dGhfdGltZSI6MTQ2ODgzNTEwMCwiaXNzIjoiaHR0cHM6XC9cLzIwMy45NC45NS4yMTU6OTQ0M1wvIiwiZXhwIjoxNDY4ODM5OTc5LCJpYXQiOjE0Njg4MzYzNzl9.R81RqhJpS_qteUfH_sEQLFYLTbqS5k8GkpM4gaya3rz1yj62OB6ruXOSXFcmTYm11O-5qqJf36FOB1WFfyGNqmfKKy6XIggd6QMCdCh8yhcm8YlDKv_7VUtuFY3O0juLFCN59WEABGcl2sbJTSOGgfcZMHFwFLjKEzAnv8smQEg","token_type":"Bearer","expires_in":2021} 109.503787 AccessTokenResponse: { "access_token": "399d4582-967f-3083-831e-f5c4a6665e4a", "expires_in": 2021, "id_token": { "claims": { "at_hash": "CWRMcEJCCQDVyKF1YCZIfg", "aud": [ "4rYClwGnY4CE_XXAkMCoWuI4mnIa" ], "auth_time": 1468835100, "azp": "4rYClwGnY4CE_XXAkMCoWuI4mnIa", "exp": 1468839979, "iat": 1468836379, "iss": "https://210.90.95.XXX:9443/";, "sub": "admin" }, "jws header parameters": { "alg": "RS256", "kid": "1508327f853de893eeaa86c201526895d1e95143", "x5t": "NmJmOGUxMzZlYjM2ZDRhNTZlYTA1YzdhZTRiOWE0NWI2M2JmOTc1ZA" } }, "refresh_token": "e9f533c3-a867-3758-8edc-2c10b2be0cd3", "scope": "openid", "token_type": "Bearer" } 109.515598 ==== END ==== ------------------------------ ResultPASSED Hasanthi Dissanayake Software Engineer | WSO2 E: hasan...@wso2.com M :0718407133| http://wso2.com <http://wso2.com/>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
