Closed nynymike closed 4 years ago
We can't run OB OIDC Conformance Suite because we don't have MTLS support, https://github.com/GluuFederation/oxAuth/issues/946
we stuck with this ticket. We have 2 problems:
what is expected by test suite here?
"resource": {
"resourceUrl": "https://FIXME-your-resource-server.com/open-banking/v1.1/",
"institution_id": "value for x-fapi-financial-id header (ie. the banks org id in the directory)"
}
When run simple discovery suite shows blank error
From mail
For resourceUrl: this needs to point at base folder (inc. version
number) in a resource server that implements the OB accounts API consent
creation and ‘get accounts’ endpoints.
See:
https://openbanking.atlassian.net/wiki/spaces/DZ/pages/937656404/Read+Write+Data+API+Specification+-+v3.1
And:
https://openbanking.atlassian.net/wiki/spaces/DZ/pages/937820271/Account+and+Transaction+API+Specification+-+v3.1
The implementations of these can be pretty minimal if you’re not
aiming to provide a full bank implementation.
(The obvious next question is: why do I need a resource server; there
are two reasons:
a) because an OB compliant AS won’t issue an access token unless you
give it a intent_id in the request object, which is obtained from the
resource server as per my second link, and
b) because without a resource server we can’t test MTLS access token
binding is correctly implemented
)
For institution_id - this should be the value your AS is expecting in
the x-fapi-financial-id hitp header; if your AS isn’t integrated to
the OB sandbox then you can pick whatever value you like.
For the error message: No idea; it looks like it got some kind of error
from the backend API which for some reason it hasn’t reported; switch
on network recording in the browser and see what went on. If it is still
reproducible and looks like a real bug feel free to raise a bug report
at
https://gitlab.com/fintechlabs/fapi-conformance-suite/issues/new?nav_source=navbar
with the FULL reproduction steps.
FAPI RW tests are passed. We will need to pass CIBA related tests when it's ready.
4.2 is certified for FAPI R/W OP w/ MTLS
and FAPI R/W OP w/ Private Key
.
It can be checked on public page here https://openid.net/certification/.
We need to make sure we can comply with these requirements: https://openbanking.atlassian.net/wiki/spaces/DZ/pages/23856067/OB+OIDC+Conformance+Suite