1. 22 Sep, 2021 2 commits
  2. 14 Sep, 2021 3 commits
  3. 12 Sep, 2021 1 commit
  4. 10 Sep, 2021 3 commits
    • Joseph Heenan's avatar
      Explicitly convert nimbus JWK to JSON in logging · 6a8a47db
      Joseph Heenan authored
      This is a workaround for #662, albeit it's probably also a fairly
      decent thing to do in the long term - even if mongo didn't end up
      throwing a stackoverflow when logging a JWK that has an x5c, it does
      ending up logging a huge object as the JWK contains a parsedX5c entry
      that contains a lot of byte arrays.
      
      I'm not entirely clear if we should ever really allow people to just
      log java objects, it may make sense to just throw an exception if
      we get an unexpected java object, but I don't yet entirely follow how
      the mongodb converters are intended to work.
      6a8a47db
    • Joseph Heenan's avatar
      FAPI1Adv: Verify client keys in configuration are different · 34893111
      Joseph Heenan authored
      It's essential that the keys are different, otherwise
      fapi1-advanced-final-ensure-matching-key-in-authorization-request
      will fail. Check and show the user a failure if they're the same.
      34893111
    • Joseph Heenan's avatar
      FAPIBrazil: Payments: Seperate org keys & client keys · 10b1cb9e
      Joseph Heenan authored
      Currently the FAPI tests assume that the same key can be used for
      client authentication and for signing payment consent creation /
      payment initiation API requests.
      
      This is sort of true, but it means to pass the test
      fapi1-advanced-final-ensure-matching-key-in-authorization-request
      the tester has to supply clients that belong to different
      organisations, which is hard for many banks.
      
      This change allows separate keys to be used, so that the bank can
      supply two client private keys (which are not BRSEALs) along with one
      organisation key (supplied for both clients) that is a BRSEAL.
      
      closes #941
      10b1cb9e
  5. 08 Sep, 2021 1 commit
  6. 07 Sep, 2021 2 commits
    • Joseph Heenan's avatar
      Change oidcc-registration-policy-uri to use policy uri on correct host · 4cab649d
      Joseph Heenan authored
      The server 'should' verify that the policy_uri is on a host that
      exists in one of the redirect urls, so make the suites registration
      request comply with that criteria.
      4cab649d
    • Joseph Heenan's avatar
      Fix for exception in oidcc-registration-jwks-uri · bc6a894a
      Joseph Heenan authored
      If the authorization server tries to fetch the jwks during the dynamic
      registration call, it aborts the test.
      
      Fetching it at this point appears to be legal behaviour, so introduce
      a workaround that allows it.
      
      I also changed the url for the client jwks, so that the workaround
      only applies in this one case. (As I believe the detection of this error
      was originally for client tests to make it clear the client can't fetch
      the server jwks until the test has finished it's initial setup.)
      
      Tested locally by adding a sleep in CallDynamicRegistrationEndpoint and
      using curl to call the jwks endpoint.
      bc6a894a
  7. 06 Sep, 2021 2 commits
  8. 04 Sep, 2021 1 commit
  9. 03 Sep, 2021 1 commit
  10. 01 Sep, 2021 3 commits
  11. 27 Aug, 2021 3 commits
  12. 25 Aug, 2021 1 commit
  13. 24 Aug, 2021 5 commits
  14. 23 Aug, 2021 1 commit
  15. 20 Aug, 2021 1 commit
  16. 19 Aug, 2021 8 commits
  17. 18 Aug, 2021 2 commits