OpenID Certification OP Tests
Explanations of legends at end of page
You are testing using:
- Implicit (id_token+token)
- Dynamic discovery
- Static registration
- crypto support ['encrypt', 'none', 'sign']
If you want to change this you can do it
here
Chose the next test flow you want to run from this list:
Response Type & Response Mode
Authorization request missing the response_type parameter [Basic, Implicit, Hybrid] (OP-Response-Missing) 
Request with response_type=id_token token [Implicit] (OP-Response-id_token+token) 
ID Token
Does the OP sign the ID Token and with what [Basic, Implicit, Hybrid] (OP-IDToken-Signature) 
ID Token has at_hash when ID Token and Access Token returned from Authorization Endpoint [Implicit, Hybrid] (OP-IDToken-at_hash) 
IDToken has kid [Basic, Implicit, Hybrid] (OP-IDToken-kid) 
Userinfo Endpoint
UserInfo Endpoint access with POST and bearer body [Basic, Implicit, Hybrid] (OP-UserInfo-Body) 
UserInfo Endpoint access with GET and bearer header [Basic, Implicit, Hybrid] (OP-UserInfo-Endpoint) 
UserInfo Endpoint access with POST and bearer header [Basic, Implicit, Hybrid] (OP-UserInfo-Header) 
nonce Request Parameter
Reject requests without nonce unless using the code flow [Implicit, Hybrid] (OP-nonce-NoReq-noncode) 
Request with nonce, verifies it was returned in ID Token [Implicit, Hybrid] (OP-nonce-noncode) 
scope Request Parameter
Scope requesting all claims [Basic, Implicit, Hybrid] (OP-scope-All) 
Scope requesting address claims [Basic, Implicit, Hybrid] (OP-scope-address) 
Scope requesting email claims [Basic, Implicit, Hybrid] (OP-scope-email) 
Scope requesting phone claims [Basic, Implicit, Hybrid] (OP-scope-phone) 
Scope requesting profile claims [Basic, Implicit, Hybrid] (OP-scope-profile) 
display Request Parameter
Request with display=page [Basic, Implicit, Hybrid] (OP-display-page) 
Request with display=popup [Basic, Implicit, Hybrid] (OP-display-popup) 
prompt Request Parameter
Request with prompt=login [Basic, Implicit, Hybrid] (OP-prompt-login) 
Request with prompt=none when logged in [Basic, Implicit, Hybrid] (OP-prompt-none-LoggedIn) 
Request with prompt=none when not logged in [Basic, Implicit, Hybrid] (OP-prompt-none-NotLoggedIn) 
Misc Request Parameters
Request with extra query component [Basic, Implicit, Hybrid] (OP-Req-NotUnderstood) 
Providing acr_values [Basic, Implicit, Hybrid] (OP-Req-acr_values) 
Providing claims_locales [Basic, Implicit, Hybrid] (OP-Req-claims_locales) 
Using prompt=none with user hint through id_token_hint [Basic, Implicit, Hybrid] (OP-Req-id_token_hint) 
Providing login_hint [Basic, Implicit, Hybrid] (OP-Req-login_hint) 
Requesting ID Token with max_age=1 seconds restriction [Basic, Implicit, Hybrid] (OP-Req-max_age=1) 
Requesting ID Token with max_age=10000 seconds restriction [Basic, Implicit, Hybrid] (OP-Req-max_age=10000) 
Providing ui_locales [Basic, Implicit, Hybrid] (OP-Req-ui_locales) 
redirect_uri
Sent redirect_uri does not match a registered redirect_uri [Basic, Implicit, Hybrid] (OP-redirect_uri-NotReg)
Discovery
Publishes openid-configuration discovery information [Config, Dynamic] (OP-Discovery-Config)
Keys in OP JWKs well formed [Config, Dynamic] (OP-Discovery-JWKs)
Verify that claims_supported is published [Config, Dynamic] (OP-Discovery-claims_supported)
Verify that jwks_uri is published [Config, Dynamic] (OP-Discovery-jwks_uri)
Key Rotation
Can rotate OP encryption keys [Extra] (OP-Rotation-OP-Enc)
request_uri Request Parameter
Support request_uri request parameter with unsigned request [Basic, Implicit, Hybrid] (OP-request_uri-Unsigned)
request Request Parameter
Support request request parameter with unsigned request [Basic, Implicit, Hybrid, Dynamic] (OP-request-Unsigned)
claims Request Parameter
Claims request with essential name claim [Basic, Implicit, Hybrid] (OP-claims-essential)
Legends
 | The test has not be run |
 | Success |
 | Warning, something was not as expected |
 | Failed |
 | The test flow wasn't completed. This may have been expected or not |
 | Signals the fact that there are trace information available for the test |