-
Notifications
You must be signed in to change notification settings - Fork 52
About Conformance Test itself
Here information on Conformance Test itself is described. Please note that Conformance Test is still under development. What stated here is about tag:release-v3.0.2.
As for Certificate for OP(OpenID Provider), there are 2 conformance tests type and each corresponding test plans.
-
FAPI R/W OP w/ MTLS
In Conformance Test server's GUI, you need to select Test Plan "FAPI-RW-ID2:with mtls Test Plan".
-
FAPI R/W OP w/ Private Key
In Conformance Test server's GUI, you need to select Test Plan "FAPI-RW-ID2:with private key and mtls holder of key Test Plan".
Please refer to Conformance Testing for FAPI Read/Write OPs in detail.
Common points between test plans are the following:
- Target : Authorization Server (OP:OpenID Provider)
- Referred Specification : FAPI-RW-ID2(Implementer's Draft ver 2)
- How to realize Holder-of-Key Mechanism : [MTLS] Section 3 Mutual TLS Client Certificate-Bound Access Tokens
Differences between test plans are the following:
- How to authenticate OAuth2 Client
- FAPI R/W OP w/ MTLS : [MTLS] Section 2 Mutual TLS for OAuth Client Authentication (using X.509 Certificate presented from a client in TLS Handshake)
- FAPI R/W OP w/ Private Key : OIDC Section 9 Client Authentication private_key_jwt (Using JWS Client Assertion)
To run OP's Conformance Test, it seems that you need to prepare Resource Server which conforms to Resource Server's requirements in FAPI-RW-ID2. Please refer to the class AbstractFAPIRWID2ServerTestModule method requestProtectedResource() as an example.
Also, it seems that such the Resource Server need to conform to some part of OpenBanking's specifications. Please refer to Class CallAccountsEndpointWithBearerToken as an example.