Requirements for the test suite

[FragLegs]

Start from this interop document

We can discuss the details in the comments of this issue.

[thomasdarimont]

I am working on tests for the Shared Signals Framework as part of the OpenID Conformance Test Suite.

The ‘plan’ is to provide two different test plans:

• SSF transmitter test (SSFTT)
• SSF receiver test (SSFRT)

We will start with the SSF transmitter test plan, which will cover the following:

• SSF transmitter metadata
• SSF stream management
• SSF subject management

After that, we will work on the SSF receiver test, with tests for:

• Receiving events via PUSH/PULL delivery mode

All of the above will implement checks according to SSF 1.0 and CAEP Interop requirements.

Additional remarks:

R1) Access to a working SSF transmitter and receiver implementation would speed up test development. Could someone provide access to such an environment, or point me to a suitable (free?) offering?

R2) I'm currently working with a PoC for SSF support in Keycloak, which I implement on the side.

R3) To test the Transmitter stream and subject management, I must provide suitable authorization for requests. I currently only allow testers to configure an access token for the requests; eventually, we'd like to allow users to configure client credentials to obtain an access token via the RFC6749 client_credentials grant.
We'll provide the necessary means to obtain OAuth server / OpenID Provider metadata to get tokens with suitable client credentials. Initially, we will start with a simple client_id and client_secret.

Using a preconfigured access token is sufficient for testing basic stream and subject management functionality; however, to test transmitter behavior with insufficient scopes, we need to be able to dynamically request tokens during the test.