Remote Credential Verifier Test Matrix

This section provides the set of test cases designed for technical implementers and development teams responsible for creating and deploying Credential Verifiers solutions for remote flows. It is also intended for assessment bodies inspecting and validating the implementations of Credential Verifiers solutions for remote flows.

Note

References about official OpenID4VP test plans will update this section in future releases.

Test Case ID	Purpose	Description	Expected Result
RPR-01	Same Device Flow	Verify HTTP redirect (302) URL.	Relying Party issues a correct URL using the base url provided within its metadata.
RPR-02	Cross Device Flow	Verify QR Code generation for Wallet Instance.	Relying Party issues QR Code successfully.
RPR-03	Cross Device Flow	Verify QR Code contains correct URL parameters.	Relying Party issues the QR-Code containing an URL using the base url provided within its metadata.
RPR-04	Cross Device Flow	Test QR Code scanning in low light.	QR Code is scanned successfully.
RPR-05	Cross Device Flow	Verify QR Code error correction level.	QR Code remains readable if damaged.
RPR-06	Cross Device Flow	Test QR Code scanning with different devices.	QR Code is scanned successfully.
RPR-07	Request URI Method	Test request_uri_method as post.	Relying Party accepts Wallet Instance metadata via POST and replies with an updated Request Object.
RPR-08	Request URI Method	Test request_uri_method as get.	Relying Party issues the Request Object via HTTP GET response.
RPR-09	Request URI Method	Test absence of request_uri_method.	Relying Party accepts defaults to GET method.
RPR-10	Metadata	Verify parameters match OpenID Credential Verifier metadata.	Only allowed parameters will be considered.
RPR-11	User Consent	Test eligibility of a Credential Verifier in requesting User attributes.	User can modify data selection about optional attributes.
RPR-12	Authorization Response	Test sending of Presentation Response.	Relying Party receives and validates response with state and nonce values.
RPR-13	Authorization Response	Verify response encryption.	Relying Party evaluates the encrypted response using its public key (one of its keys).
RPR-14	Error Handling	Test invalid Request Object handling.	Error Response is sent.
RPR-15	Error Handling	Verify error logging.	Errors are logged appropriately.
RPR-16	Error Handling	Test recovery from Authorization Request Error.	Relying Party prompts the User to retry or scan new QR code.
RPR-17	Error Handling	Test fake HTTP Cookie.	Relying Party checks the User session consistency coupling the session http cookie and the state and nonces provided.
RPR-19	Redirect URI	Test redirection to Relying Party's endpoint.	User is redirected correctly, the endpoint works.
RPR-20	Redirect URI	Verify handling of invalid redirect_uri.	Error response is returned.
RPR-23	Credential Presentation	Verify response format compliance.	Relying Party supports all the Credential format included within its vp_formats_supported metadata parameter.
RPR-24	Authorization Response	Test handling of response timeouts.	Retries must be successful unless response is acquired.
RPR-25	Error Handling	Verify handling of malformed claims in presentation payload.	Authorization Error Response is sent.
RPR-26	Error Handling	Verify handling of malformed claims in presented credentials.	Authorization Error Response is sent.
RPR-27	Error Handling	Test handling of expired requests.	Holder is notified of expiration.
RPR-28	Relying Party Response	Verify inclusion of response code.	Response code is cryptographically random.
RPR-29	Relying Party Response	Test handling of invalid response codes.	Error response is returned.
RPR-30	Status Endpoint	Verify handling of unauthorized access.	Unauthorized access is denied.
RPR-31	Status Endpoint	Test handling of invalid session IDs.	Error response is returned.
RPR-32	Redirect URI	Verify handling of expired sessions.	Error response is returned.
RPR-33	Redirect URI	Test handling of server errors.	Error response is returned.
RPR-34	Same and Cross Device Flow	Verify handling of slow network conditions.	Relying Party provides the http response within the maximum limit of 2 seconds.
RPR-36	Presentation Response	Verify handling of large response payloads.	Response is evaluated within appropriate security thresholds.
RPR-37	Presentation Response	Test handling of response encryption failures.	Error response is returned.
RPR-38	Error Handling	Verify handling of invalid signatures.	Authorization Error Response is sent.
RPR-39	Error Handling	Test handling of invalid nonce values.	Error response is returned.
RPR-40	Relying Party Response	Verify handling of malformed responses.	Error response is returned.
RPR-41	Relying Party Response	Test handling of missing response parameters.	Error response is returned.
RPR-42	Status Endpoint	Verify handling of session timeouts.	Error response is returned.
RPR-43	Status Endpoint	Test handling of invalid status codes.	Error response is returned.
RPR-44	Redirect URI	Verify handling of invalid user sessions.	Error response is returned.
RPR-45	Redirect URI	Test handling of unavailable services.	Error response is returned.
RPR-46	Same Device Flow	Verify handling of user cancellations.	User can cancel the process.
RPR-47	Cross Device Flow	Test QR Code scanning with different apps.	QR Code is scanned successfully.
RPR-48	Cross Device Flow	Verify QR Code scanning with different lighting.	QR Code is scanned successfully.
RPR-49	Request URI Method	Test handling of unsupported content types.	Error response is returned.
RPR-50	User Consent	Verify user notification of consent changes.	User is informed about consent changes.
RPR-51	User Consent	Test user consent for sensitive data.	User can consent to sensitive data.
RPR-52	Authorization Response	Verify handling of response decryption failures.	Error response is returned.
RPR-53	Authorization Response	Test handling of response integrity checks.	Response integrity is verified.
RPR-54	Relying Party Response	Verify handling of response validation failures.	Error response is returned.
RPR-55	Relying Party Response	Test handling of response processing errors.	Error response is returned.
RPR-56	Protected Resource Endpoint	Verify handling of unauthorized session access.	Unauthorized access is denied.
RPR-57	Redirect URI	Verify handling of invalid redirect parameters.	Error response is returned.
RPR-58	Redirect URI	Test handling of redirect failures.	Error response is returned.
RPR-59	Same Device Flow	Verify handling of user interruptions.	User can resume or cancel the process.
RPR-60	Request URI Method	Test handling of invalid HTTP methods.	Error response is returned.
RPR-61	User Consent	Verify user notification of consent revocation.	User is informed about consent revocation.
RPR-62	User Consent	Test user consent for optional data.	User can consent to optional data.
RPR-63	Authorization Response	Verify handling of response signature failures.	Error response is returned.
RPR-64	Authorization Response	Test handling of response format errors.	Error response is returned.
RPR-65	Error Handling	Verify handling of invalid JWT signatures.	Authorization Error Response is sent.
RPR-66	Error Handling	Test handling of invalid JWT claims.	Error response is returned.
RPR-67	Relying Party Response	Verify handling of response parsing errors.	Error response is returned.
RPR-68	Relying Party Response	Test handling of response timeout errors.	Error response is returned.
RPR-69	Status Endpoint	Verify handling of session expiration.	Error response is returned.
RPR-70	Status Endpoint	Test handling of session renewal errors.	Error response is returned.
RPR-71	Redirect URI	Verify handling of redirect loop errors.	Error response is returned.
RPR-72	Redirect URI	Test handling of redirect security errors.	Error response is returned.
RPR-73	Same Device Flow	Verify handling of user timeouts.	User is notified of timeout.
RPR-74	Cross Device Flow	Test QR Code scanning with different devices.	QR Code is scanned successfully.
RPR-75	Cross Device Flow	Verify QR Code scanning with different apps.	QR Code is scanned successfully.
RPR-76	Request URI Method	Test handling of unsupported HTTP methods.	Error response is returned.
RPR-77	QR Code Generation	Verify that QR Code error correction level is Q (Quartile - up to 25%).	QR Code uses the required Q error correction level.
RPR-78	Wallet Attestation Request	Test that Wallet Attestation request uses standard DCQL query.	Wallet Attestation request correctly uses standard DCQL query.
RPR-79	Wallet Attestation Request	Verify that claims parameter is not included in DCQL query for Wallet Attestation.	claims parameter is not included in DCQL query for Wallet Attestation.
RPR-80	Wallet Attestation Request	Test that vct_values parameter is required in DCQL query for Wallet Attestation.	vct_values parameter is correctly required in DCQL query.
RPR-81	Wallet Nonce	Test that Relying Party checks wallet_nonce when present.	Relying Party correctly checks wallet_nonce when present.
RPR-82	Response Types	Verify that response_types_supported is set to vp_token when present.	response_types_supported is correctly set to vp_token.
RPR-83	Redirect URI	Test that Relying Party correctly provides redirect_uri parameter to Wallet Instance.	Relying Party correctly provides and handles redirect_uri.
RPR-84	Flow Support	Test that Relying Party supports required remote flows.	Relying Party supports both Same Device and Cross Device flows.
RPR-85	Endpoint Security	Test that request_uri is attested by trusted third party.	request_uri parameter is properly attested by trusted third party.
RPR-86	Privacy Protection	Test that Relying Party correctly validates Wallet Instance metadata without User information.	Relying Party correctly evaluates Wallet Instance technical capabilities.
RPR-87	Request URI POST Method	Test that Relying Party supports receiving Wallet Instance metadata via POST to request_uri endpoint with content type application/x-www-form-urlencoded.	Relying Party correctly accepts and processes Wallet Instance metadata sent via POST with the required content type.
RPR-88	Algorithm Validation	Test that JWT algorithm is supported and not none or MAC.	JWT algorithm is from supported list and not none or MAC identifier.
RPR-89	Media Type Validation	Test that JWT typ is set to oauth-authz-req+jwt.	JWT typ parameter is correctly set to oauth-authz-req+jwt.
RPR-90	Response Mode Validation	Test that response_mode is set to direct_post.jwt.	response_mode parameter is correctly set to direct_post.jwt.
RPR-91	Response Type Validation	Test that response_type is set to vp_token.	response_type parameter is correctly set to vp_token.
RPR-92	Response URI Usage	Test that Relying Party correctly provides response_uri parameter to Wallet Instance.	Relying Party sends Authorization Response to correct response_uri endpoint.
RPR-93	Nonce Entropy	Test that nonce has sufficient entropy (32+ digits).	nonce parameter has sufficient entropy with at least 32 digits.
RPR-94	JWT Expiration	Test that JWT exp is set correctly.	JWT exp parameter is correctly set and not expired.
RPR-95	Response URI Security	Test that response_uri is attested by trusted third party.	response_uri parameter is properly attested by trusted third party.
RPR-96	Client Metadata Handling	Test that Relying Party correctly handles Wallet Instance client_metadata.	The client_metadata is correctly aligned with Trust Chain metadata.
RPR-97	Wallet Attestation Request	Test that Relying Party requests Wallet Attestation via DCQL.	Relying Party correctly requests Wallet Attestation using DCQL query.
RPR-98	Error Response Format	Test that error response uses application/json content type.	Error response correctly uses application/json content type.
RPR-99	Error Response Parameters	Test that error response includes required parameters.	Error response includes error and error_description parameters.
RPR-100	Wallet Attestation Presentation	Test that Relying Party correctly requests Wallet Attestation from Wallet Instance.	Relying Party correctly evaluates Wallet Attestation when requested.
RPR-101	Presentation Array	Test that vp_token contains the requested signed presentations.	vp_token contains the requested signed presentations as required.
RPR-102	KB-JWT Inclusion	Test that Holder includes KB-JWT in SD-JWT.	Holder correctly includes KB-JWT in SD-JWT presentation.
RPR-103	KB-JWT Validation	Test that Relying Party validates KB-JWT signature.	Relying Party correctly validates KB-JWT signature using public key.
RPR-104	KB-JWT Header	Test that KB-JWT contains required header parameters.	KB-JWT contains required typ and alg header parameters.
RPR-105	KB-JWT Payload	Test that KB-JWT contains required payload parameters.	KB-JWT contains required iat, aud, nonce, and sd_hash parameters.
RPR-106	KB-JWT Audience	Test that KB-JWT aud matches Relying Party identifier.	KB-JWT aud parameter matches Relying Party unique entity identifier.
RPR-107	KB-JWT Nonce	Test that KB-JWT nonce matches request object nonce.	KB-JWT nonce parameter matches nonce from request object.
RPR-108	Authorization Error Response	Test that Relying Party correctly handles Wallet Instance Authorization Error Response on validation failure.	Relying Party correctly evaluates Authorization Error Response when validation fails.
RPR-109	Error Response Encoding	Test that Authorization Error Response is encoded correctly.	Authorization Error Response is encoded in application/x-www-form-urlencoded format.
RPR-110	Response Processing	Test that Response URI returns HTTP 200 on successful processing.	Response URI returns HTTP 200 with application/json content type.
RPR-111	Error Code Consistency	Test that error codes are consistent across different endpoints.	Error codes are consistent across all Relying Party endpoints.
RPR-112	Response Code Inclusion	Test that Relying Party includes response code in redirect_uri.	Relying Party includes fresh response code in redirect_uri.
RPR-113	Redirect URI Security	Test that redirect_uri is attested by trusted third party.	redirect_uri parameter is properly attested by trusted third party.
RPR-114	Validation Error Response	Test that Response URI returns error response on validation failure.	Response URI returns error response when validation checks fail.