Hi Dmitry Yes, the OpenID Foundation conformance suite will include tests for DPoP as part of the FAPI2 test suite.
The tests already exist and can be run, but they are not yet complete (some negative tests are missing, nonces are not yet supported, etc). If you (or anyone else) would like to try the current tests please drop me an email off list and I can provide some guidance. Thanks Joseph > On 15 Nov 2022, at 00:42, Dmitry Telegin > <dmitryt=40backbase....@dmarc.ietf.org> wrote: > > - DPoP and Step-Up (hello Brian :) > > TL;DR: can we use DPoP and Step-Up together? > > The question is probably more about understanding of the process rather than > technical details. If I understand correctly, Step-Up is meant to > amend/extend RFC 6750. Can we say that the features defined in Step-Up > automatically become available for the specs that build on top of 6750, e.g. > DPoP? In other words, would the following response be considered valid: > > HTTP/1.1 401 Unauthorized > WWW-Authenticate: DPoP algs="ES256 PS256", > error="insufficient_user_authentication", > error_description="A different authentication level is required", > acr_values="myACR" > > - DPoP conformance > Is there any "official" conformance suite that could be used to test an AS/RS > for DPoP conformance? would that be the OIDC Conformance Suite (its FAPI2 > part)? > > Thanks, > Dmitry > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
