This test suite tests for compliance with the DPop-based, 2020 version of the WebID-OIDC protocol. It contains 4 parts:
- Fetch openid config
- Fetch webid profile
- authorize endpoint
This one is quite trivial and it should be a quick win for you. Simply make your server expose a https website on port 443, and present a JSON file with a few pointers and parameters at /.well-known/openid-configuration.
This should be trivial as well; specify an ALICE_WEBID url in env.file (see example), and at that URL, this
text/turtle document will comply. The https://localhost:3002 trusted app will be used in the authorize endpoint test.
- authorize endpoint (as announced by your server in /.well-known/openid-configuration) without cookie, should redirect to a login form
- authorize endpoint (as announced by your server in /.well-known/openid-configuration) with cookie, should redirect to a consent form
- if the app is trusted (trusted app coolApp2 at http://localhost:3002), it should automatically give consent and redirect back to the authorize endpoint
- if consent is given, it should redirect back to the app at the app’s redirect callback.
- There should be a
id_tokenin the result of the authorize flow
id_tokenshould be a valid JWT with certain values
id_token.c_hashshould be the RS256 has of
code(this is used by the client for the DPop system).
- The JWT should be signed with one of the keys from the server’s
jwks, converted to RSA pem.