Bump to OpenID Federation draft 43 (#311)

* Rename trust_mark_id to trust_mark_type

* Add new informational metadata claims

* Bump to conformance tests v5.1.35

* Add version constraint to openid lib

Author: cicnavi

.github/workflows/test.yaml

@@ -210,7 +210,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       SUITE_BASE_URL: https://localhost.emobix.co.uk:8443
-      VERSION: release-v4.1.45
+      VERSION: release-v5.1.35
     steps:
       - uses: actions/checkout@v4
         with:

CONFORMANCE_TEST.md

@@ -14,8 +14,7 @@ Clone the conformance test git repo, build the software and run it.
 ```bash
 git clone https://gitlab.com/openid/conformance-suite.git
 cd conformance-suite
-# Version 4.1.10 has a bug when building
-git checkout release-v4.1.45
+git checkout release-v5.1.35
 MAVEN_CACHE=./m2 docker-compose -f builder-compose.yml run builder
 docker-compose up
 ```

UPGRADE.md

@@ -52,10 +52,15 @@ and optionally a port (as in all previous module versions).
   - signer algorithm
   - entity statement duration
   - organization name
+  - display name
+  - description
+  - keywords
   - contacts
   - logo URI
   - policy URI
-  - homepage URI
+  - information URI
+  - homepage URI (renamed to organization_uri in draft-43)
+  - organization URI
 
 ## Major impact changes
 

config/module_oidc.php.dist

@@ -375,20 +375,20 @@ $config = [
 //        'eyJ...GHg',
     ],
 
-    // (optional) Federation Trust Marks for dynamic fetching. An array of key-value pairs, where key is Trust Mark ID
-    // and value is Trust Mark Issuer ID, each representing a Trust Mark issued to this entity. Each Trust Mark ID
-    // in this array will be dynamically fetched from noted Trust Mark Issuer as necessary. If federation caching
-    // is enabled (recommended), fetched Trust Marks will also be cached until their expiry.
+    // (optional) Federation Trust Marks for dynamic fetching. An array of key-value pairs, where key is Trust Mark Type
+    // and value is Trust Mark Issuer ID, each representing a Trust Mark issued to this entity. Each Trust Mark Type
+    // in this array will be dynamically fetched from the noted Trust Mark Issuer as necessary. If federation
+    // caching is enabled (recommended), fetched Trust Marks will also be cached until their expiry.
     ModuleConfig::OPTION_FEDERATION_DYNAMIC_TRUST_MARKS => [
-//        'trust-mark-id' => 'trust-mark-issuer-id',
+//        'trust-mark-type' => 'trust-mark-issuer-id',
     ],
 
     // (optional) Federation participation limit by Trust Marks. This is an array with the following format:
     // [
     //    'trust-anchor-id' => [
     //         'limit-id' => [
-    //              'trust-mark-id',
-    //              'trust-mark-id-2',
+    //              'trust-mark-type',
+    //              'trust-mark-type-2',
     //          ],
     //     ],
     // ],
@@ -399,13 +399,13 @@ $config = [
         'https://ta.example.org/' => [
             // Entities must have (at least) one Trust Mark from the list below.
             \SimpleSAML\Module\oidc\Codebooks\LimitsEnum::OneOf->value => [
-                'trust-mark-id',
-                'trust-mark-id-2',
+                'trust-mark-type',
+                'trust-mark-type-2',
             ],
             // Entities must have all Trust Marks from the list below.
             \SimpleSAML\Module\oidc\Codebooks\LimitsEnum::AllOf->value => [
-                'trust-mark-id-3',
-                'trust-mark-id-4',
+                'trust-mark-type-3',
+                'trust-mark-type-4',
             ],
         ],
     ],
@@ -471,10 +471,21 @@ $config = [
     // Common federation entity parameters:
     // https://openid.net/specs/openid-federation-1_0.html#name-common-metadata-parameters
     ModuleConfig::OPTION_ORGANIZATION_NAME => null,
+    ModuleConfig::OPTION_DISPLAY_NAME => null,
+    ModuleConfig::OPTION_DESCRIPTION => null,
+    ModuleConfig::OPTION_KEYWORDS => [
+        // 'some-keyword',
+    ],
     ModuleConfig::OPTION_CONTACTS => [
         // 'John Doe [email protected]',
     ],
     ModuleConfig::OPTION_LOGO_URI => null,
     ModuleConfig::OPTION_POLICY_URI => null,
+    ModuleConfig::OPTION_INFORMATION_URI => null,
+    ModuleConfig::OPTION_ORGANIZATION_URI => null,
+    /**
+     * @deprecated In Draft-43 of OIDFed specification, metadata claim 'homepage_uri' has been renamed to
+     * 'organization_uri'. Use 'organization_uri' instead.
+     */
     ModuleConfig::OPTION_HOMEPAGE_URI => null,
 ];

locales/en/LC_MESSAGES/oidc.po

@@ -491,7 +491,7 @@ msgstr ""
 msgid "Trust Anchors"
 msgstr ""
 
-msgid "Trust Mark ID"
+msgid "Trust Mark Type"
 msgstr ""
 
 msgid ""

locales/es/LC_MESSAGES/oidc.po

@@ -491,7 +491,7 @@ msgstr ""
 msgid "Trust Anchors"
 msgstr ""
 
-msgid "Trust Mark ID"
+msgid "Trust Mark Type"
 msgstr ""
 
 msgid ""

locales/fr/LC_MESSAGES/oidc.po

@@ -491,7 +491,7 @@ msgstr ""
 msgid "Trust Anchors"
 msgstr ""
 
-msgid "Trust Mark ID"
+msgid "Trust Mark Type"
 msgstr ""
 
 msgid ""

locales/hr/LC_MESSAGES/oidc.po

@@ -525,7 +525,7 @@ msgstr "IDevi sidra povjerenja"
 msgid "Trust Anchors"
 msgstr "Sidra povjerenja"
 
-msgid "Trust Mark ID"
+msgid "Trust Mark Type"
 msgstr "ID oznake povjerenja"
 
 msgid ""

locales/it/LC_MESSAGES/oidc.po

@@ -491,7 +491,7 @@ msgstr ""
 msgid "Trust Anchors"
 msgstr ""
 
-msgid "Trust Mark ID"
+msgid "Trust Mark Type"
 msgstr ""
 
 msgid ""

locales/nl/LC_MESSAGES/oidc.po

@@ -459,7 +459,7 @@ msgstr "Vertrouwde anker-ID's"
 msgid "Trust Anchors"
 msgstr "Vertrouw op ankers"
 
-msgid "Trust Mark ID"
+msgid "Trust Mark Type"
 msgstr "Vertrouwensmerk-ID"
 
 msgid "Trust Mark validation passed (there were no warnings or errors during validation)."