The UserInfo "sub" claim is not currently being validated

openid-certification / oidctest

THE CERTIFICATION TEST SUITE HAS BEEN MIGRATED TO A NEW SERVICE https://www.certificatinon.openid.net

Other

49 stars 15 forks source link

The UserInfo "sub" claim is not currently being validated #210

Open selfissued opened 4 years ago

selfissued commented 4 years ago

According to Roland in the certification thread "Checking 'sub' in userinfo response", he wrote an assertion check to verify that the "sub" values in the UserInfo Endpoint and ID Token match, but failed to apply that assertion to the actual certification tests.

Please add this assertion to the tests OP-UserInfo-Body, OP-UserInfo-Endpoint, and OP-UserInfo-Header.

rohe commented 4 years ago

Done.' Though I added the assertion check to all OP-UserInfo-* tests.

jogu commented 4 years ago

As I looked it up, relevant commit is https://github.com/rohe/oidctest/commit/1dadb5817d45961b6df369fafd39785b3992b6e2 in case that's useful to others in the future.