Exception in OP-UserInfo-Header test with implicit (id_token+token) response type

[gliu0]

We got following exception in OP-UserInfo-Header test with Implicit (id_token+token) response type.

0.806 exception AttributeError:'NoneType' object has no attribute 'capitalize'

No request was made to our userinfo endpoint in this case. The same test works with other response types.

• Basic (code) - OK
• Hybrid (code+id_token) – OK
• Hybrid (code+id_token+token) - OK
• Hybrid (code+token) – OK
• Implicit (id_token+token) – Exception

Also, OP-UserInfo-Body and OP-UserInfo-Endpoint work fine with the Implicit (id_token+token) response type.

It looks like an issue in the testing tool.

[zandbelt]

It seems your response is lacking the required token_type parameter when the access token is returned in the front channel. That follows out of the text in http://openid.net/specs/openid-connect-core-1_0.html#HybridAuthResponse although the non-normative example is wrong there. Adding the token_type parameter in your id_token+token OP response will fix this. On our side we'll handle:

• error messaging when the required token_type parameter is missing (esp. in Hybrid flows)
• file an issue with the spec editors to fix the non-normative example in the spec; @selfissued see: https://bitbucket.org/openid/connect/issues/1028/example-response-for-hybrid-flow-is

<edit> the sample is ok because for code+id_token instead of id_token+token...

[gliu0]

I see. Thank you very much Hans for looking into it!