Search Criteria : 148 assertions found for this search Review filtered assertions

Assertion

Applies to

Applied to
Not applied to

Coverage

Covered by
Not covered by
Id scheme
Assertion id
Status
Testable?
#Coverage
#Applies to
Comment
Predicate
Page
Tags
Last changed
Actions
ITI103ITI103-001to be reviewedTestable 0 0 The client issues a HTTP GET request to the well-known metadata endpoint associated with Authorization Server.19Section 3.103.4.1.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-002to be reviewedTestable 0 0 There are various ways of formulating this endpoint as described in [RFC8414, section 3.1], and [OpenID Connect Discovery, section 4]. Authorization Servers are recommended to follow one of these procedures, but may choose a different well-known endpoint location mechanism.19Section 3.103.4.1.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-003to be reviewedTestable 0 0 Upon receiving a metadata request, the Authorization Server should respond with the metadata document as described in ITI TF-2: 3.103.4.2.19Section 3.103.4.1.36/27/22 3:54:39 PM by vhofman
ITI103ITI103-004to be reviewedTestable 0 0 Implementations supporting multi-tenancy shall respond with different metadata documents for different tenants, providing at least a different issuer value.19Section 3.103.4.1.36/27/22 3:54:39 PM by vhofman
ITI103ITI103-005to be reviewedTestable 0 0 Requests for metadata for non-existing tenants shall result in a HTTP 404 (not found) response.19Section 3.103.4.1.36/27/22 3:54:39 PM by vhofman
ITI103ITI103-006to be reviewedTestable 0 0 The response shall be structured as a plain JSON document.20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-007to be reviewedTestable 0 0 The document shall be structured according to the rules set forth in [RFC8414, Section 2].20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-008to be reviewedTestable 0 0 The issuer URL shall use the "https" scheme.20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-009to be reviewedTestable 0 0 The issuer URL shall contain the domain name of the URL at which the metadata document can be retrieved.20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-010to be reviewedTestable 0 0 The issuer URL shall contain any path elements referring to a tenant.20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-011to be reviewedTestable 0 0 Other path elements of the issuer URL, such as those referring to the document location should be omitted.20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-012to be reviewedTestable 0 0 Authorization Server's "authorization_endpoint" is mandatory.20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-013to be reviewedTestable 0 0 Authorization Server's "token_endpoint" is mandatory.20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-014to be reviewedTestable 0 0 An Authorization Server that supports the JWT Token or SAML Token Options shall provide "jwks_uri" claim to communicate the public keys that can be used to verify JWT token or SAML token signatures.20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-015to be reviewedTestable 0 0 The list of scopes supported by the Authorization Server may be present.20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-016to be reviewedTestable 0 0 Authorization Servers may opt to publish a subset of the scopes usable.20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-017to be reviewedTestable 0 0 response_types_supported is required20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-018to be reviewedTestable 0 0 As the implicit grant flow is not supported in OAuth2.1, the response types should not include the value "token".20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-019to be reviewedTestable 0 0 Authorization Servers shall include the response type "code".20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman
ITI103ITI103-020to be reviewedTestable 0 0 Authorization Servers supporting [OpenId Connect] or other standards may include other token types, such as "id_token".20Section 3.103.4.2.26/27/22 3:54:39 PM by vhofman