Closed tobiaspc closed 4 months ago
Good catch, it seems a stupid regression
I have fixed it here https://github.com/italia/spid-cie-oidc-django/commit/87467470e7c491e91d0e6bb95ada85ec6f71ca77 and I also have added a check in the unit test related to the trust chain discovery with intermediate
I made a new release with this bugfix, thank you for the issue @tobiaspc
Expected Behavior
Resolve endpoint responds with a trust chain that conforms to the specification.
Current Behavior
Resolve endpoint responds with a partially nested trust chain, not conforming to the specification. The order of the returned JWTs is also wrong, i.e., the first two JWTs are entity configurations of the leaf and the TA, while the third JWT is a subordinate statement issued by the TA about the leaf.
Possible Solution
I guess the bug can be found in line 280
Steps to Reproduce
curl "https://trust-anchor.testbed.oidcfed.incubator.geant.org/resolve/?sub=https://cie-provider.testbed.oidcfed.incubator.geant.org/oidc/op/&anchor=https://trust-anchor.testbed.oidcfed.incubator.geant.org/"
JWT
full trust_chain