internal/certification/C.F.T.T.s.tar
./OP-Req-login_hint.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000014461�13313422663�015116� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-login_hint
Test description: Providing login_hint
Timestamp: 2018-06-23T10:49:23Z
============================================================
Trace output
0.0 phase <--<-- 0 --- VerifyConfiguration -->-->
0.0 phase <--<-- 1 --- Note -->-->
1.343 phase <--<-- 2 --- Webfinger -->-->
1.343 not expected to do WebFinger
1.343 phase <--<-- 3 --- Discovery -->-->
1.343 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.425 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.427 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.427 phase <--<-- 4 --- Registration -->-->
1.427 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.427 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#xKydLDc8jeSHuwnb"
],
"response_types": [
"code"
]
}
1.62 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.621 RegistrationResponse {
"client_id": "e26c0a67-8f52-4ce7-a07c-9eac7d27ce20",
"client_secret": "-Bpt7NDuIHs3",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "e26c0a67-8f52-4ce7-a07c-9eac7d27ce20",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#xKydLDc8jeSHuwnb"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.621 phase <--<-- 5 --- AsyncAuthn -->-->
1.621 AuthorizationRequest {
"client_id": "e26c0a67-8f52-4ce7-a07c-9eac7d27ce20",
"login_hint": "foo@bar.com",
"nonce": "rviIHKFwvI5A9nUc",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "2o88jse9euiKGexb"
}
1.621 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=e26c0a67-8f52-4ce7-a07c-9eac7d27ce20&state=2o88jse9euiKGexb&response_type=code&nonce=rviIHKFwvI5A9nUc&login_hint=foo%40bar.com
1.622 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=e26c0a67-8f52-4ce7-a07c-9eac7d27ce20&state=2o88jse9euiKGexb&response_type=code&nonce=rviIHKFwvI5A9nUc&login_hint=foo%40bar.com
5.51 response Response URL with query part
5.51 response {'state': '2o88jse9euiKGexb', 'scope': 'openid', 'code': '-5syrbZX5UKD0Sa4YDoWb4aTzw0K40aNMV5mCL65-E0.4q3iNhJpRRp9JZueXI6vzNZ71F1UUbcFkFp_XM9j76Q'}
5.51 response {'state': '2o88jse9euiKGexb', 'scope': 'openid', 'code': '-5syrbZX5UKD0Sa4YDoWb4aTzw0K40aNMV5mCL65-E0.4q3iNhJpRRp9JZueXI6vzNZ71F1UUbcFkFp_XM9j76Q'}
5.511 AuthorizationResponse {
"code": "-5syrbZX5UKD0Sa4YDoWb4aTzw0K40aNMV5mCL65-E0.4q3iNhJpRRp9JZueXI6vzNZ71F1UUbcFkFp_XM9j76Q",
"scope": "openid",
"state": "2o88jse9euiKGexb"
}
5.511 phase <--<-- 6 --- Done -->-->
5.511 end
5.511 assertion VerifyAuthnResponse
5.511 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
5.511 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-IDToken-RS256.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000023346�13313422214�014305� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-IDToken-RS256
Test description: Asymmetric ID Token signature with RS256
Timestamp: 2018-06-23T10:44:28Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.085 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.087 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.087 phase <--<-- 2 --- Registration -->-->
0.087 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'id_token_signed_response_alg': 'RS256', 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.087 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id_token_signed_response_alg": "RS256",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#4k6amLHIs3k6Ra09"
],
"response_types": [
"code"
]
}
0.242 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.243 RegistrationResponse {
"client_id": "d5949b53-660c-4eeb-a850-068c67a74469",
"client_secret": "bLCYOZl72BiD",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "d5949b53-660c-4eeb-a850-068c67a74469",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#4k6amLHIs3k6Ra09"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.243 phase <--<-- 3 --- AsyncAuthn -->-->
0.244 AuthorizationRequest {
"client_id": "d5949b53-660c-4eeb-a850-068c67a74469",
"nonce": "x4dnXvoHgbsiYnpc",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "FU3IeNJ6iGAFQ9Ec"
}
0.244 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=d5949b53-660c-4eeb-a850-068c67a74469&state=FU3IeNJ6iGAFQ9Ec&response_type=code&nonce=x4dnXvoHgbsiYnpc
0.244 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=d5949b53-660c-4eeb-a850-068c67a74469&state=FU3IeNJ6iGAFQ9Ec&response_type=code&nonce=x4dnXvoHgbsiYnpc
2.244 response Response URL with query part
2.245 response {'state': 'FU3IeNJ6iGAFQ9Ec', 'scope': 'openid', 'code': 'a7BAb3PECCndJJrWeGYVo3dw2z7VfYlmmDEy92jLMds.m2i2WLBlaK11-YcnlTmqcAhNRg22emGLEZ4k84tdXK8'}
2.245 response {'state': 'FU3IeNJ6iGAFQ9Ec', 'scope': 'openid', 'code': 'a7BAb3PECCndJJrWeGYVo3dw2z7VfYlmmDEy92jLMds.m2i2WLBlaK11-YcnlTmqcAhNRg22emGLEZ4k84tdXK8'}
2.245 AuthorizationResponse {
"code": "a7BAb3PECCndJJrWeGYVo3dw2z7VfYlmmDEy92jLMds.m2i2WLBlaK11-YcnlTmqcAhNRg22emGLEZ4k84tdXK8",
"scope": "openid",
"state": "FU3IeNJ6iGAFQ9Ec"
}
2.245 phase <--<-- 4 --- AccessToken -->-->
2.245 --> request op_args: {'state': 'FU3IeNJ6iGAFQ9Ec'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.245 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'FU3IeNJ6iGAFQ9Ec', 'code': 'a7BAb3PECCndJJrWeGYVo3dw2z7VfYlmmDEy92jLMds.m2i2WLBlaK11-YcnlTmqcAhNRg22emGLEZ4k84tdXK8', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'd5949b53-660c-4eeb-a850-068c67a74469'}, 'state': 'FU3IeNJ6iGAFQ9Ec'}
2.246 AccessTokenRequest {
"code": "a7BAb3PECCndJJrWeGYVo3dw2z7VfYlmmDEy92jLMds.m2i2WLBlaK11-YcnlTmqcAhNRg22emGLEZ4k84tdXK8",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "FU3IeNJ6iGAFQ9Ec"
}
2.246 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.246 request_http_args {'headers': {'Authorization': 'Basic ZDU5NDliNTMtNjYwYy00ZWViLWE4NTAtMDY4YzY3YTc0NDY5OmJMQ1lPWmw3MkJpRA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.246 request code=a7BAb3PECCndJJrWeGYVo3dw2z7VfYlmmDEy92jLMds.m2i2WLBlaK11-YcnlTmqcAhNRg22emGLEZ4k84tdXK8&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=FU3IeNJ6iGAFQ9Ec
2.459 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.46 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZDU5NDliNTMtNjYwYy00ZWViLWE4NTAtMDY4YzY3YTc0NDY5Il0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MjY4LCJpYXQiOjE1Mjk3NTA2NjgsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjJjNzc2MWFjLTU5ZjYtNGE3ZS04Yjk2LWU2ZDZjNjU0ZTIyNiIsIm5vbmNlIjoieDRkblh2b0hnYnNpWW5wYyIsInJhdCI6MTUyOTc1MDY2Niwic3ViIjoiZm9vQGJhci5jb20ifQ.qgz3Bqg1uLvpeBdAr7Yk9wVBtOnQmQVvLQU5jgFavYqL9BPbPN-ALzM6P-1rEWTV8vSES8-Q3Ax2XwRD9F43tNGlZL5n0UApUiRbKDalVlQNoOfzW5c3WZL-Iv3yKmnSPKSqJbucBznSfbQ6ewDTxmOIFhO3hM5DTyyH1Mxu2ETdAEK92xTI6YXrYlHLVhw0eq1wdhsb-VH8yH8te4MPKMuXdIe5bxZn5fZfmY1xCKyyOBXNT8VfDTHCAC8BrFCfsGKhf6FsblqCb1BZtpfKpS1qITgNBGS7FtpfBhc0HoC2UcAvlGSVFsOohrXCag4KUYQrtJrNaDK32uVMlrFetJJ7Ap3saIH8vsHi4P1pFGdel6VBMsvgWopWvnwFGjNlg7kJzh3i8vWo-VG9_4d1-0aVrwmQCQzKbVU3j8UA7ydeSnYePTz2EalALlpR5XGRxC1g9RHiePN5BmRi6I7L1JBslYPhuBIn1zbE9vIfLO8gCcBSSnCY4-nsJId3WwL8QJwcXp57ib0bE7lvGg4xrGemfKiR-xZzUXnEG9yNP4sJ-FlVwz0cHudDBVy8JcOsnf6s10-235penDzUEdX7c65XGz3G6XpCkyxWJaeZlJdy9ciKq1x7UavfvS1BnoHNsiY4d38awE6FlFhip0EE-MGNpfR7-1KesVfijsKWarc', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': '2OyFz89sXpFPwHlBlHcJVMALxh7-HrJCSj2Kqy5DTB4.HdnQTD7UrhmjfFDXegNb7sI2raK0DfGWSRzReAqWnXM', 'scope': 'openid'}
2.544 AccessTokenResponse {
"access_token": "2OyFz89sXpFPwHlBlHcJVMALxh7-HrJCSj2Kqy5DTB4.HdnQTD7UrhmjfFDXegNb7sI2raK0DfGWSRzReAqWnXM",
"expires_in": 3599,
"id_token": {
"aud": [
"d5949b53-660c-4eeb-a850-068c67a74469"
],
"auth_time": 1529750592,
"exp": 1529754268,
"iat": 1529750668,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "2c7761ac-59f6-4a7e-8b96-e6d6c654e226",
"nonce": "x4dnXvoHgbsiYnpc",
"rat": 1529750666,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.545 phase <--<-- 5 --- Done -->-->
2.545 end
2.545 assertion VerifyResponse
2.545 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.545 assertion VerifySignedIdToken
2.545 condition verify-idtoken-is-signed: status=OK [Verifies that an ID Token is signed]
2.546 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-idtoken-is-signed: status=OK [Verifies that an ID Token is signed]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-Sector-Bad.txt��������������������������������������������������������������������0000644�0000000�0000000�00000013160�13313422121�016612� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-Sector-Bad
Test description: Incorrect registration of sector_identifier_uri
Timestamp: 2018-06-23T10:43:29Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.075 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.075 phase <--<-- 2 --- Registration -->-->
0.075 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'sector_identifier_uri': 'https://op.certification.openid.net:61353/export/siu.json', 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.075 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#pgLJVctDVerylLpy"
],
"response_types": [
"code"
],
"sector_identifier_uri": "https://op.certification.openid.net:61353/export/siu.json"
}
0.306 http response url:https://oidc-certification.ory.sh:8443/clients status_code:400 message:{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed","error_hint":"Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.","status_code":400,"error_debug":"Redirect URL \"https://op.certification.openid.net:61353/authz_cb\" does not match values from sector_identifier_uri."}
0.307 ErrorResponse {
"error": "invalid_request",
"error_debug": "Redirect URL \"https://op.certification.openid.net:61353/authz_cb\" does not match values from sector_identifier_uri.",
"error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed",
"error_hint": "Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.",
"status_code": 400
}
0.307 exception RegistrationError:{'error_debug': 'Redirect URL "https://op.certification.openid.net:61353/authz_cb" does not match values from sector_identifier_uri.', 'error_description': 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed', 'status_code': 400, 'error': 'invalid_request', 'error_hint': 'Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.'}
0.307 event got expected exception RegistrationError
0.307 phase <--<-- 3 --- Done -->-->
0.307 end
0.307 condition Done: status=OK
============================================================
Conditions
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-display-popup.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000014355�13313422306�015041� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-display-popup
Test description: Request with display=popup
Timestamp: 2018-06-23T10:45:26Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.129 phase <--<-- 1 --- Webfinger -->-->
1.129 not expected to do WebFinger
1.13 phase <--<-- 2 --- Discovery -->-->
1.13 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.204 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.205 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.205 phase <--<-- 3 --- Registration -->-->
1.206 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.206 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#sFV83q2g4CcNZYgN"
],
"response_types": [
"code"
]
}
1.366 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.367 RegistrationResponse {
"client_id": "fdcfa78e-4dc5-43bf-9646-63083604c42a",
"client_secret": "qiF3s_DWSIcy",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "fdcfa78e-4dc5-43bf-9646-63083604c42a",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#sFV83q2g4CcNZYgN"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.367 phase <--<-- 4 --- AsyncAuthn -->-->
1.368 AuthorizationRequest {
"client_id": "fdcfa78e-4dc5-43bf-9646-63083604c42a",
"display": "popup",
"nonce": "Zh3sLaPYEccBfrmF",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "zoP7AW4A6y52PKyr"
}
1.368 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=fdcfa78e-4dc5-43bf-9646-63083604c42a&state=zoP7AW4A6y52PKyr&response_type=code&nonce=Zh3sLaPYEccBfrmF&display=popup
1.368 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=fdcfa78e-4dc5-43bf-9646-63083604c42a&state=zoP7AW4A6y52PKyr&response_type=code&nonce=Zh3sLaPYEccBfrmF&display=popup
3.83 response Response URL with query part
3.831 response {'state': 'zoP7AW4A6y52PKyr', 'scope': 'openid', 'code': '6EDv7AOo28h3V5KicwJekf0YWZdGFFJjdmeZ1AA2E2A.aogVGCd522_sIjW2ZZbxX6ViZsF6iU5ntEEzvm-t-Co'}
3.831 response {'state': 'zoP7AW4A6y52PKyr', 'scope': 'openid', 'code': '6EDv7AOo28h3V5KicwJekf0YWZdGFFJjdmeZ1AA2E2A.aogVGCd522_sIjW2ZZbxX6ViZsF6iU5ntEEzvm-t-Co'}
3.831 AuthorizationResponse {
"code": "6EDv7AOo28h3V5KicwJekf0YWZdGFFJjdmeZ1AA2E2A.aogVGCd522_sIjW2ZZbxX6ViZsF6iU5ntEEzvm-t-Co",
"scope": "openid",
"state": "zoP7AW4A6y52PKyr"
}
3.831 phase <--<-- 5 --- Done -->-->
3.831 end
3.832 assertion VerifyResponse
3.832 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.832 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-nonce-NoReq-code.txt���������������������������������������������������������������������������0000644�0000000�0000000�00000014111�13313422312�015252� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-nonce-NoReq-code
Test description: Login no nonce, code flow [Basic]
Timestamp: 2018-06-23T10:45:30Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.088 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.089 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.09 phase <--<-- 2 --- Registration -->-->
0.09 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.09 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#u7laEba6aRPu3CO3"
],
"response_types": [
"code"
]
}
0.244 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.245 RegistrationResponse {
"client_id": "eb73d30c-23c0-4438-b38a-3d43aea4fa70",
"client_secret": "GG8q4Nc6i2bv",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "eb73d30c-23c0-4438-b38a-3d43aea4fa70",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#u7laEba6aRPu3CO3"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.245 phase <--<-- 3 --- AsyncAuthn -->-->
0.245 AuthorizationRequest {
"client_id": "eb73d30c-23c0-4438-b38a-3d43aea4fa70",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "3bJSWLUyoOqqIo3I"
}
0.246 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?state=3bJSWLUyoOqqIo3I&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=eb73d30c-23c0-4438-b38a-3d43aea4fa70
0.246 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?state=3bJSWLUyoOqqIo3I&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=eb73d30c-23c0-4438-b38a-3d43aea4fa70
2.421 response Response URL with query part
2.421 response {'state': '3bJSWLUyoOqqIo3I', 'scope': 'openid', 'code': 'kYKzpZfqgngmmLJoGSOiAh3KQ3lQ4queP480yoTgjkE.3Rve3DXCqo7FJ5df78k-hqNSGisBq59xcVajvel1kew'}
2.422 response {'state': '3bJSWLUyoOqqIo3I', 'scope': 'openid', 'code': 'kYKzpZfqgngmmLJoGSOiAh3KQ3lQ4queP480yoTgjkE.3Rve3DXCqo7FJ5df78k-hqNSGisBq59xcVajvel1kew'}
2.422 AuthorizationResponse {
"code": "kYKzpZfqgngmmLJoGSOiAh3KQ3lQ4queP480yoTgjkE.3Rve3DXCqo7FJ5df78k-hqNSGisBq59xcVajvel1kew",
"scope": "openid",
"state": "3bJSWLUyoOqqIo3I"
}
2.422 phase <--<-- 4 --- Done -->-->
2.422 end
2.423 assertion VerifyResponse
2.423 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.423 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-RegFrag.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000011526�13313422436�016227� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-RegFrag
Test description: Reject registration where a redirect_uri has a fragment
Timestamp: 2018-06-23T10:46:54Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.072 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb#foobar'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.074 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb#foobar"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#dzxLL2yTZHS9OrlH"
],
"response_types": [
"code"
]
}
0.179 http response url:https://oidc-certification.ory.sh:8443/clients status_code:400 message:{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed","error_hint":"Redirect URIs must not contain fragments (#)","status_code":400}
0.18 ErrorResponse {
"error": "invalid_request",
"error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed",
"error_hint": "Redirect URIs must not contain fragments (#)",
"status_code": 400
}
0.18 exception RegistrationError:{'error_description': 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed', 'status_code': 400, 'error': 'invalid_request', 'error_hint': 'Redirect URIs must not contain fragments (#)'}
0.18 event got expected exception RegistrationError
0.18 phase <--<-- 3 --- Done -->-->
0.18 end
0.181 assertion VerifyErrorMessage
0.181 condition verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
0.181 condition Done: status=OK
============================================================
Conditions
verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-OAuth-2nd.txt����������������������������������������������������������������������������������0000644�0000000�0000000�00000030515�13313422725�013735� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd
Test description: Trying to use authorization code twice should result in an error
Timestamp: 2018-06-23T10:49:57Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.083 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.085 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.085 phase <--<-- 2 --- Registration -->-->
0.085 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.085 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#FL581Lz6aG6iwVOy"
],
"response_types": [
"code"
]
}
0.242 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.243 RegistrationResponse {
"client_id": "d082c01c-91c4-49df-aa46-33b71608ad1e",
"client_secret": "Ra1Zab_HDS8j",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "d082c01c-91c4-49df-aa46-33b71608ad1e",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#FL581Lz6aG6iwVOy"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.243 phase <--<-- 3 --- Note -->-->
1.421 phase <--<-- 4 --- AsyncAuthn -->-->
1.421 AuthorizationRequest {
"client_id": "d082c01c-91c4-49df-aa46-33b71608ad1e",
"nonce": "yEeKuZL8WoGk8s9H",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "fUctXcDznly6yE0o"
}
1.421 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=d082c01c-91c4-49df-aa46-33b71608ad1e&state=fUctXcDznly6yE0o&response_type=code&nonce=yEeKuZL8WoGk8s9H
1.421 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=d082c01c-91c4-49df-aa46-33b71608ad1e&state=fUctXcDznly6yE0o&response_type=code&nonce=yEeKuZL8WoGk8s9H
4.004 response Response URL with query part
4.005 response {'state': 'fUctXcDznly6yE0o', 'scope': 'openid', 'code': 'oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8'}
4.005 response {'state': 'fUctXcDznly6yE0o', 'scope': 'openid', 'code': 'oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8'}
4.005 AuthorizationResponse {
"code": "oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8",
"scope": "openid",
"state": "fUctXcDznly6yE0o"
}
4.005 phase <--<-- 5 --- AccessToken -->-->
4.006 --> request op_args: {'state': 'fUctXcDznly6yE0o'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.006 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'fUctXcDznly6yE0o', 'code': 'oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'd082c01c-91c4-49df-aa46-33b71608ad1e'}, 'state': 'fUctXcDznly6yE0o'}
4.006 AccessTokenRequest {
"code": "oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "fUctXcDznly6yE0o"
}
4.006 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.006 request_http_args {'headers': {'Authorization': 'Basic ZDA4MmMwMWMtOTFjNC00OWRmLWFhNDYtMzNiNzE2MDhhZDFlOlJhMVphYl9IRFM4ag==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.006 request code=oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=fUctXcDznly6yE0o
4.217 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.218 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZDA4MmMwMWMtOTFjNC00OWRmLWFhNDYtMzNiNzE2MDhhZDFlIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiZXhwIjoxNTI5NzU0NTk2LCJpYXQiOjE1Mjk3NTA5OTcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjIyNTkxNDMyLThhZjQtNGQzMy05ZTc3LTA0ZTg5ZjIxZjg3OSIsIm5vbmNlIjoieUVlS3VaTDhXb0drOHM5SCIsInJhdCI6MTUyOTc1MDk5NCwic3ViIjoiZm9vQGJhci5jb20ifQ.zYM76KEEBI9ExJlVNFalJrXgliJ0JIhNSJhHENueOFx4sT4jL2xnKrUGh5XyMeDZLM9QdkSgLpg3KyzcB7UsNigw5A_76E80rHDSJLmE80nJJ96_ljLm0Jgf0Wh8uJusdBDQDipTEKAlO_Yq7Zi3IlPY6tZ2bJwM4L5HYZV7aEjTOnJgoXeUqxSmj4JKLkdpQb-n1TvHH3lj-epCLwlEwRjzvTo5o-Tnsr9_RYr2RCVjplRtFKCs2VTPY5yOsY4KdEn5r_N_aPpJQuTtShOjkNFXovxbQIq-hB3VtEWFA5kJ-Q0_SeF--uA_pLr4KmikbfNQwp_TE1_6ultiPZLiLAOOxvRQobM2Bybfkb2Uk7cQKPVfn6669BJJSLXhxP7KZfhD578TU2e0uZdxrMhwgStP1FvwWR63McFNxWFn1cKsRUplV6N8qZmGGiFtwTZUNmRsS04oSQxGSjbAXbg-Tcs5aBfBcgemBf5OjjP4tf9PKRRwwz5tLIkUuXUHENGfRskczsBF2UEGkI6J4-imHNu3KEyU83FarDidHQpom929bfq6vptrrvrulaR9zRkpzOsaZIWIlOU-p1Z3SYT7ZpDgHqIeVkrLwsoairipKHfXxLQkflVlK2OTUT3hyqmujm6QHkkbCAeenV5YSwtAcIVtRxoaxAVVn-IuwwKx0QY', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'jKnTPzMdvcxFXMJNUr2lsP_bAOO0F3RRIftv-RZetK8.JINGTI8dGGa1s2uAvA_a1rZxUXZmZYJJbvvqh6iFSIc', 'scope': 'openid'}
4.306 AccessTokenResponse {
"access_token": "jKnTPzMdvcxFXMJNUr2lsP_bAOO0F3RRIftv-RZetK8.JINGTI8dGGa1s2uAvA_a1rZxUXZmZYJJbvvqh6iFSIc",
"expires_in": 3599,
"id_token": {
"aud": [
"d082c01c-91c4-49df-aa46-33b71608ad1e"
],
"auth_time": 1529750975,
"exp": 1529754596,
"iat": 1529750997,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "22591432-8af4-4d33-9e77-04e89f21f879",
"nonce": "yEeKuZL8WoGk8s9H",
"rat": 1529750994,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
4.306 phase <--<-- 6 --- AccessToken -->-->
4.306 --> request op_args: {'state': 'fUctXcDznly6yE0o'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.306 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'fUctXcDznly6yE0o', 'code': 'oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'd082c01c-91c4-49df-aa46-33b71608ad1e'}, 'state': 'fUctXcDznly6yE0o'}
4.307 AccessTokenRequest {
"code": "oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "fUctXcDznly6yE0o"
}
4.307 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.307 request_http_args {'headers': {'Authorization': 'Basic ZDA4MmMwMWMtOTFjNC00OWRmLWFhNDYtMzNiNzE2MDhhZDFlOlJhMVphYl9IRFM4ag==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.307 request code=oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=fUctXcDznly6yE0o
4.467 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
4.467 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
4.467 event Got expected error
4.468 TokenErrorResponse {
"error": "invalid_grant",
"error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code": 400
}
4.468 phase <--<-- 7 --- Done -->-->
4.468 end
4.468 assertion VerifyResponse
4.468 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
4.468 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Discovery-JWKs.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000006113�13313422113�015003� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Discovery-JWKs
Test description: Keys in OP JWKs well formed
Timestamp: 2018-06-23T10:43:23Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.108 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.11 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.11 phase <--<-- 2 --- Done -->-->
0.11 end
0.11 assertion CheckHTTPResponse
0.11 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
0.111 assertion VerifyBase64URL
0.212 http response url:https://oidc-certification.ory.sh:8443/.well-known/jwks.json status_code:200
0.213 condition verify-base64url: status=OK [Verifies that the base64 encoded parts of a JWK is in fact base64url encoded and not just base64 encoded]
0.213 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-base64url: status=OK [Verifies that the base64 encoded parts of a JWK is in fact base64url encoded and not just base64 encoded]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-scope-profile.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000027155�13313422505�015005� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-profile
Test description: Scope requesting profile claims
Timestamp: 2018-06-23T10:47:33Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.076 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.078 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.078 phase <--<-- 2 --- Registration -->-->
0.078 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.078 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#tcc6BgTp9FrxyYqN"
],
"response_types": [
"code"
]
}
0.236 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.237 RegistrationResponse {
"client_id": "ee74b2f5-49e7-40f7-b353-b0b8dfbcd3fa",
"client_secret": "Ihw.pkGKulT.",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "ee74b2f5-49e7-40f7-b353-b0b8dfbcd3fa",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#tcc6BgTp9FrxyYqN"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.237 phase <--<-- 3 --- AsyncAuthn -->-->
0.238 condition Check support: status=WARNING, message=No support for: scopes_supported=['profile']
0.238 AuthorizationRequest {
"client_id": "ee74b2f5-49e7-40f7-b353-b0b8dfbcd3fa",
"nonce": "eQScCTUwFg4AGv11",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid profile",
"state": "5v4IYw9xlYe4H7FL"
}
0.238 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+profile&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ee74b2f5-49e7-40f7-b353-b0b8dfbcd3fa&state=5v4IYw9xlYe4H7FL&response_type=code&nonce=eQScCTUwFg4AGv11
0.238 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+profile&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ee74b2f5-49e7-40f7-b353-b0b8dfbcd3fa&state=5v4IYw9xlYe4H7FL&response_type=code&nonce=eQScCTUwFg4AGv11
2.233 response Response URL with query part
2.233 response {'state': '5v4IYw9xlYe4H7FL', 'scope': 'openid profile', 'code': 'KuUP72LVCo0fW4dXLrrpTmjV8VlI2MYcTvp6GaK61Rg.bDxB6ts5XofLOxbcm6OGLzELNAQD80tqDO8goNkUbW0'}
2.234 response {'state': '5v4IYw9xlYe4H7FL', 'scope': 'openid profile', 'code': 'KuUP72LVCo0fW4dXLrrpTmjV8VlI2MYcTvp6GaK61Rg.bDxB6ts5XofLOxbcm6OGLzELNAQD80tqDO8goNkUbW0'}
2.234 AuthorizationResponse {
"code": "KuUP72LVCo0fW4dXLrrpTmjV8VlI2MYcTvp6GaK61Rg.bDxB6ts5XofLOxbcm6OGLzELNAQD80tqDO8goNkUbW0",
"scope": "openid profile",
"state": "5v4IYw9xlYe4H7FL"
}
2.234 phase <--<-- 4 --- AccessToken -->-->
2.234 --> request op_args: {'state': '5v4IYw9xlYe4H7FL'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.234 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '5v4IYw9xlYe4H7FL', 'code': 'KuUP72LVCo0fW4dXLrrpTmjV8VlI2MYcTvp6GaK61Rg.bDxB6ts5XofLOxbcm6OGLzELNAQD80tqDO8goNkUbW0', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'ee74b2f5-49e7-40f7-b353-b0b8dfbcd3fa'}, 'state': '5v4IYw9xlYe4H7FL'}
2.234 AccessTokenRequest {
"code": "KuUP72LVCo0fW4dXLrrpTmjV8VlI2MYcTvp6GaK61Rg.bDxB6ts5XofLOxbcm6OGLzELNAQD80tqDO8goNkUbW0",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "5v4IYw9xlYe4H7FL"
}
2.234 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.234 request_http_args {'headers': {'Authorization': 'Basic ZWU3NGIyZjUtNDllNy00MGY3LWIzNTMtYjBiOGRmYmNkM2ZhOklody5wa0dLdWxULg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.234 request code=KuUP72LVCo0fW4dXLrrpTmjV8VlI2MYcTvp6GaK61Rg.bDxB6ts5XofLOxbcm6OGLzELNAQD80tqDO8goNkUbW0&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=5v4IYw9xlYe4H7FL
2.449 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.45 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZWU3NGIyZjUtNDllNy00MGY3LWIzNTMtYjBiOGRmYmNkM2ZhIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NDUyLCJpYXQiOjE1Mjk3NTA4NTIsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImU1ZDYwOWYwLTE4MmYtNDk3OC1hZGE1LTc5NjA1NDQ4Zjk2NCIsIm5vbmNlIjoiZVFTY0NUVXdGZzRBR3YxMSIsInJhdCI6MTUyOTc1MDg1MCwic3ViIjoiZm9vQGJhci5jb20ifQ.YhKWpW6tAgcWx1QJgP_bHIC66Mw1wwQLF1U6ERdveq9x1gn25mMoRnQqUZU5tWrQq2wubiwTf4ap_hJ1myhK_R19MW1hUl2lM_fhuJ6_2hS3ArlLtoFPKg4lpRFDf-La0aukCw2Su-HYeN8ON8j6bdyg2wlyfUVAHzkKD9StHxGqG27F59dtxv15TfftTYAkyMHS0qUwTafu6Lamq4D-16iqAhHcUeWxo7hOGGD4z6-PKoKgQg96MejkMl8WlhJ4qw6-uqwgk1QcYKlxzngyfxq2SelEJqytxIElO8-oVP0pAipvhuZdtH_1fTarhs_TJiWP1kll_YtAS2dzZoh1clwzZjDwB4LyX61weE_zlfnuZwFx7_OQ2mCQLGnQon3NLpjSjJu1CUyALggFGYdvAQ4rN6zqduIZt1cw5shtDNA0ylwC6pnRlwvM74wNsGcuIFH_5Q8gFjtBC5chAo-shh8pxEiF0j7xV-fi-q7CMFSZWRAr3iWnnzNuq-PavWjm7fI-OYcMdoFSIp_CJtRbsv9ZW3vmZl0y0D4PBJO0CuMDadmy1odLneQ44QVxZh_WymKa4iC2Wj56-TS1fSspLQKOKdtjyFTyWm4bzVYZL9jPL8wJQP2Y0Y4gQ-xaD_zDOrOPD9lQRTOZ0-lOCf5Yki9awh6m9bdWn7JaM0EYTK8', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'zxfTfPSKKF0SgpFF_nWHy4lErzRNNC9YAk_CC9oGk_M.o_e5AIPL-_RU8b2JeOF1iAR8DdCKuqapabwNVP2J6Y4', 'scope': 'openid profile'}
2.533 AccessTokenResponse {
"access_token": "zxfTfPSKKF0SgpFF_nWHy4lErzRNNC9YAk_CC9oGk_M.o_e5AIPL-_RU8b2JeOF1iAR8DdCKuqapabwNVP2J6Y4",
"expires_in": 3599,
"id_token": {
"aud": [
"ee74b2f5-49e7-40f7-b353-b0b8dfbcd3fa"
],
"auth_time": 1529750749,
"exp": 1529754452,
"iat": 1529750852,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "e5d609f0-182f-4978-ada5-79605448f964",
"nonce": "eQScCTUwFg4AGv11",
"rat": 1529750850,
"sub": "foo@bar.com"
},
"scope": "openid profile",
"token_type": "bearer"
}
2.533 phase <--<-- 5 --- UserInfo -->-->
2.533 do_user_info_request kwargs:{'state': '5v4IYw9xlYe4H7FL', 'method': 'GET', 'authn_method': 'bearer_header'}
2.533 request {'body': None}
2.533 request_url https://oidc-certification.ory.sh:8443/userinfo
2.533 request_http_args {'headers': {'Authorization': 'Bearer zxfTfPSKKF0SgpFF_nWHy4lErzRNNC9YAk_CC9oGk_M.o_e5AIPL-_RU8b2JeOF1iAR8DdCKuqapabwNVP2J6Y4'}}
2.606 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
2.607 OpenIDSchema {
"sub": "foo@bar.com"
}
2.607 OpenIDSchema {
"sub": "foo@bar.com"
}
2.607 phase <--<-- 6 --- Done -->-->
2.607 end
2.607 assertion CheckHTTPResponse
2.607 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
2.608 assertion VerifyResponse
2.608 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.608 assertion VerifyScopes
2.608 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username'] [Verifies that the claims corresponding to the requested scopes are returned]
2.608 condition Done: status=OK
============================================================
Conditions
Check support: status=WARNING, message=No support for: scopes_supported=['profile']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
No support for: scopes_supported=['profile']
The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username']
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-UserInfo-RS256.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000025203�13313422266�014543� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-UserInfo-RS256
Test description: RP registers userinfo_signed_response_alg to signal that it wants signed UserInfo returned
Timestamp: 2018-06-23T10:45:10Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.092 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.093 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.093 phase <--<-- 2 --- Registration -->-->
0.094 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'userinfo_signed_response_alg': 'RS256'}
0.094 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Ztc7biwTsjlG3fdD"
],
"response_types": [
"code"
],
"userinfo_signed_response_alg": "RS256"
}
0.249 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.25 RegistrationResponse {
"client_id": "da4bd40a-7787-4977-a0c4-fe4a83c590e3",
"client_secret": "wvuX4KT9oOBp",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "da4bd40a-7787-4977-a0c4-fe4a83c590e3",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Ztc7biwTsjlG3fdD"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "RS256"
}
0.25 phase <--<-- 3 --- AsyncAuthn -->-->
0.251 AuthorizationRequest {
"client_id": "da4bd40a-7787-4977-a0c4-fe4a83c590e3",
"nonce": "NCy0gQtufCd5PQsv",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "2MJFLy7CHGvobA3G"
}
0.251 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=da4bd40a-7787-4977-a0c4-fe4a83c590e3&state=2MJFLy7CHGvobA3G&response_type=code&nonce=NCy0gQtufCd5PQsv
0.251 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=da4bd40a-7787-4977-a0c4-fe4a83c590e3&state=2MJFLy7CHGvobA3G&response_type=code&nonce=NCy0gQtufCd5PQsv
2.225 response Response URL with query part
2.225 response {'state': '2MJFLy7CHGvobA3G', 'scope': 'openid', 'code': 'xOw-vY3U5TfJXnVh9yN7wvB3x5EoRcx-9kFayPoIjjE.5IDHzDod24rCpK3mgVTGiPTpYrMuLPDk1owLCXRDtmc'}
2.226 response {'state': '2MJFLy7CHGvobA3G', 'scope': 'openid', 'code': 'xOw-vY3U5TfJXnVh9yN7wvB3x5EoRcx-9kFayPoIjjE.5IDHzDod24rCpK3mgVTGiPTpYrMuLPDk1owLCXRDtmc'}
2.226 AuthorizationResponse {
"code": "xOw-vY3U5TfJXnVh9yN7wvB3x5EoRcx-9kFayPoIjjE.5IDHzDod24rCpK3mgVTGiPTpYrMuLPDk1owLCXRDtmc",
"scope": "openid",
"state": "2MJFLy7CHGvobA3G"
}
2.226 phase <--<-- 4 --- AccessToken -->-->
2.226 --> request op_args: {'state': '2MJFLy7CHGvobA3G'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.226 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '2MJFLy7CHGvobA3G', 'code': 'xOw-vY3U5TfJXnVh9yN7wvB3x5EoRcx-9kFayPoIjjE.5IDHzDod24rCpK3mgVTGiPTpYrMuLPDk1owLCXRDtmc', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'da4bd40a-7787-4977-a0c4-fe4a83c590e3'}, 'state': '2MJFLy7CHGvobA3G'}
2.226 AccessTokenRequest {
"code": "xOw-vY3U5TfJXnVh9yN7wvB3x5EoRcx-9kFayPoIjjE.5IDHzDod24rCpK3mgVTGiPTpYrMuLPDk1owLCXRDtmc",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "2MJFLy7CHGvobA3G"
}
2.226 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.226 request_http_args {'headers': {'Authorization': 'Basic ZGE0YmQ0MGEtNzc4Ny00OTc3LWEwYzQtZmU0YTgzYzU5MGUzOnd2dVg0S1Q5b09CcA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.226 request code=xOw-vY3U5TfJXnVh9yN7wvB3x5EoRcx-9kFayPoIjjE.5IDHzDod24rCpK3mgVTGiPTpYrMuLPDk1owLCXRDtmc&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=2MJFLy7CHGvobA3G
2.451 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.452 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZGE0YmQ0MGEtNzc4Ny00OTc3LWEwYzQtZmU0YTgzYzU5MGUzIl0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MzEwLCJpYXQiOjE1Mjk3NTA3MTAsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjMyZWYwNWY1LWM0ZjMtNDIxMi1iMmE5LTExNTExNDY5ODA1MyIsIm5vbmNlIjoiTkN5MGdRdHVmQ2Q1UFFzdiIsInJhdCI6MTUyOTc1MDcwOCwic3ViIjoiZm9vQGJhci5jb20ifQ.t7-Bopt6G9ai7hh5jErVJd9PA3z23u2ZAcudonXC3iKlQq3uiVYHNjrq_ntbv8IOZP9CTuNC_mGDpdbs8O5qW16k0Aj3wirLCda_mh2uaHSZAg3cGCZcdJddrnpaSJDBuf6YJByJQN52iJ05YZKfN4CgZzOKmiKQd9QiUq9eJJlJwH-yqxdWKEJnbbgEgA0UvH5yD35AR0w_swbQedFGWn-V1Qj1-E5U3CqFuON7fa5qw3qWC03Pi5cE99xnbrj39HVzbc9icBtHv4OiAQ60arhM4NoL_0gV6V8NoD_FANdV68u5B9iiz0A5W53AIK3RG1nbgZWMPqBbwsJt2BrEkvEmPthLt9aRrZlQal6xvojGnHWpYaSWWcX2UtIkpocAFaa-8fImqvoUU3uOOxSnicLVM-8hLlt1LLAF3s-vZXSEOt3SqSuDAurPi60D3d18lO0SDd30kmbvuz9NYVI3voE4ba2YHcipuPlKzIN-yIiCWTODlt6KXcFMxCQWNILoTC137KgXoCYyxiqUZv3vd7QWiFD6mJc5tDLfGe6CUyjkYi_IlmmEkRn2e4fR8yT_7kOObNMT_UeodC-3IRdNcjnRA58GgYB_XrQReQhkCBfOOzniCIIdBy4k-rFy43oooRyWBfpi6qXCvwjDbDnmrKAGfcrz7y3zoYPssCwBAlU', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': '49imjZ6rmSX5edbq0ufODE_P6lmvSy168GTdhYwWynU.Hz4S_JToZtIMrZI-kaMunN30jN9VjyvmfPKIo8atT7E', 'scope': 'openid'}
2.539 AccessTokenResponse {
"access_token": "49imjZ6rmSX5edbq0ufODE_P6lmvSy168GTdhYwWynU.Hz4S_JToZtIMrZI-kaMunN30jN9VjyvmfPKIo8atT7E",
"expires_in": 3599,
"id_token": {
"aud": [
"da4bd40a-7787-4977-a0c4-fe4a83c590e3"
],
"auth_time": 1529750592,
"exp": 1529754310,
"iat": 1529750710,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "32ef05f5-c4f3-4212-b2a9-115114698053",
"nonce": "NCy0gQtufCd5PQsv",
"rat": 1529750708,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.539 phase <--<-- 5 --- UserInfo -->-->
2.539 do_user_info_request kwargs:{'state': '2MJFLy7CHGvobA3G', 'method': 'GET', 'authn_method': 'bearer_header', 'ctype': 'jwt'}
2.539 request {'body': None}
2.539 request_url https://oidc-certification.ory.sh:8443/userinfo
2.539 request_http_args {'headers': {'Authorization': 'Bearer 49imjZ6rmSX5edbq0ufODE_P6lmvSy168GTdhYwWynU.Hz4S_JToZtIMrZI-kaMunN30jN9VjyvmfPKIo8atT7E'}}
2.67 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
2.674 OpenIDSchema {
"aud": [
"da4bd40a-7787-4977-a0c4-fe4a83c590e3"
],
"iss": "https://oidc-certification.ory.sh:8443/",
"sub": "foo@bar.com"
}
2.674 OpenIDSchema {
"aud": [
"da4bd40a-7787-4977-a0c4-fe4a83c590e3"
],
"iss": "https://oidc-certification.ory.sh:8443/",
"sub": "foo@bar.com"
}
2.674 phase <--<-- 6 --- Done -->-->
2.674 end
2.675 assertion VerifyResponse
2.675 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.675 assertion CheckAsymSignedUserInfo
2.675 condition asym-signed-userinfo: status=OK [Verifies that the UserInfo was signed with a RSA key]
2.675 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
asym-signed-userinfo: status=OK [Verifies that the UserInfo was signed with a RSA key]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-UserInfo-Body.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000024105�13313422245�014654� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-UserInfo-Body
Test description: UserInfo Endpoint access with POST and bearer body
Timestamp: 2018-06-23T10:44:54Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.075 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.077 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#CN4s4BIc0vrzjlqu"
],
"response_types": [
"code"
]
}
0.269 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.27 RegistrationResponse {
"client_id": "23fe7a9e-36ec-48be-8eb4-69769144093e",
"client_secret": "qTPBRtqBGWQj",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "23fe7a9e-36ec-48be-8eb4-69769144093e",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#CN4s4BIc0vrzjlqu"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.27 phase <--<-- 3 --- AsyncAuthn -->-->
0.271 AuthorizationRequest {
"client_id": "23fe7a9e-36ec-48be-8eb4-69769144093e",
"nonce": "8JSArgkq5bDA8TYy",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "55wA3cTDwiw71zfG"
}
0.271 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=23fe7a9e-36ec-48be-8eb4-69769144093e&state=55wA3cTDwiw71zfG&response_type=code&nonce=8JSArgkq5bDA8TYy
0.271 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=23fe7a9e-36ec-48be-8eb4-69769144093e&state=55wA3cTDwiw71zfG&response_type=code&nonce=8JSArgkq5bDA8TYy
3.044 response Response URL with query part
3.044 response {'state': '55wA3cTDwiw71zfG', 'scope': 'openid', 'code': 'YlXoApyliGDYrTYk3-xRug2cQtLYjmk8NWlZMwn1SdE.qRH358g22a2csGVt-wk6UhrhBd3u2GNMloOF6bH93vs'}
3.044 response {'state': '55wA3cTDwiw71zfG', 'scope': 'openid', 'code': 'YlXoApyliGDYrTYk3-xRug2cQtLYjmk8NWlZMwn1SdE.qRH358g22a2csGVt-wk6UhrhBd3u2GNMloOF6bH93vs'}
3.045 AuthorizationResponse {
"code": "YlXoApyliGDYrTYk3-xRug2cQtLYjmk8NWlZMwn1SdE.qRH358g22a2csGVt-wk6UhrhBd3u2GNMloOF6bH93vs",
"scope": "openid",
"state": "55wA3cTDwiw71zfG"
}
3.045 phase <--<-- 4 --- AccessToken -->-->
3.045 --> request op_args: {'state': '55wA3cTDwiw71zfG'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.045 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '55wA3cTDwiw71zfG', 'code': 'YlXoApyliGDYrTYk3-xRug2cQtLYjmk8NWlZMwn1SdE.qRH358g22a2csGVt-wk6UhrhBd3u2GNMloOF6bH93vs', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '23fe7a9e-36ec-48be-8eb4-69769144093e'}, 'state': '55wA3cTDwiw71zfG'}
3.045 AccessTokenRequest {
"code": "YlXoApyliGDYrTYk3-xRug2cQtLYjmk8NWlZMwn1SdE.qRH358g22a2csGVt-wk6UhrhBd3u2GNMloOF6bH93vs",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "55wA3cTDwiw71zfG"
}
3.045 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.045 request_http_args {'headers': {'Authorization': 'Basic MjNmZTdhOWUtMzZlYy00OGJlLThlYjQtNjk3NjkxNDQwOTNlOnFUUEJSdHFCR1dRag==', 'Content-Type': 'application/x-www-form-urlencoded'}}
3.045 request code=YlXoApyliGDYrTYk3-xRug2cQtLYjmk8NWlZMwn1SdE.qRH358g22a2csGVt-wk6UhrhBd3u2GNMloOF6bH93vs&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=55wA3cTDwiw71zfG
3.275 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.276 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMjNmZTdhOWUtMzZlYy00OGJlLThlYjQtNjk3NjkxNDQwOTNlIl0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MjkzLCJpYXQiOjE1Mjk3NTA2OTMsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImExNGYwYmVjLTY5N2YtNGUwMC05NzJhLTQ3YTM0M2ExYmFlYyIsIm5vbmNlIjoiOEpTQXJna3E1YkRBOFRZeSIsInJhdCI6MTUyOTc1MDY5MSwic3ViIjoiZm9vQGJhci5jb20ifQ.OGONV5FRSqkX1mbRXpPELAkhViP4jSZkchX5EpdH7MNqt6LS6UTVKKMjOWl3CZ2gxO0vA6oY8FlpuBvsCvzVEZUgx8u25Mpse7ivWKZJqN8nPCFMWQCvDPdPWFCGlsv2DbsuN2HXjpnb_1pCcUkBAw41ff6FCGnfhywZVEeDLJBZui54vo8BDmmI0u9RACg1AYOYLPA5ZknHjp8yAAoXioLxy9_UFf4rMtMiMMowuImU1fK-YB_s-ibN5pliBxbnCi5HyGQYIxYDXNd2r2mgzTOYki7g6etf3fbimeUs6VVAbLDKxFvoOCdS_FdVNpnqyE2GD4YXn3pmi4Usa66xotaHuBqBV2K_lAvq3G7weoE9PsGFcI2oZIkiOFuLFGi7TMOYRVLc44iWltM_xyEHhNIcZhWzvHbwGLX2MXmmTm2RCHy6pON7pPO_CzkcgCDBZ7CaeF9gMYOeeeK7enZLRVNPX8dWndWwQ03mU7-ZKpR5aKneG--wch2XCW4NsD_VgjJfKN4t15C-qL1O-HE3kals76i8LqiuhB07p52Fnkmxljn7sVepOuepZ3hnNfhGPAudmqp_ic-ENWT2nrZTxsQz9xiwfAonPOFxCrOUHKUxWLQznNcxVjausWVtCCyZBMG2I324BLY2FI_o16G2vcfnJL2QPFZ_uGHTw6yYT6E', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'J26bERU5tBLxOLxoMlN3rry8S7q_eR8PHTGMRxD1Ovg.PgWCiK8aHQh2B22Gk2jCBOTHM64oI5RwoUOT6HBJyn8', 'scope': 'openid'}
3.358 AccessTokenResponse {
"access_token": "J26bERU5tBLxOLxoMlN3rry8S7q_eR8PHTGMRxD1Ovg.PgWCiK8aHQh2B22Gk2jCBOTHM64oI5RwoUOT6HBJyn8",
"expires_in": 3599,
"id_token": {
"aud": [
"23fe7a9e-36ec-48be-8eb4-69769144093e"
],
"auth_time": 1529750592,
"exp": 1529754293,
"iat": 1529750693,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "a14f0bec-697f-4e00-972a-47a343a1baec",
"nonce": "8JSArgkq5bDA8TYy",
"rat": 1529750691,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.359 phase <--<-- 5 --- UserInfo -->-->
3.359 do_user_info_request kwargs:{'state': '55wA3cTDwiw71zfG', 'method': 'POST', 'authn_method': 'token_in_message_body'}
3.359 request {'body': 'access_token=J26bERU5tBLxOLxoMlN3rry8S7q_eR8PHTGMRxD1Ovg.PgWCiK8aHQh2B22Gk2jCBOTHM64oI5RwoUOT6HBJyn8'}
3.359 request_url https://oidc-certification.ory.sh:8443/userinfo
3.359 request_http_args {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
3.439 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
3.439 OpenIDSchema {
"sub": "foo@bar.com"
}
3.439 OpenIDSchema {
"sub": "foo@bar.com"
}
3.439 phase <--<-- 6 --- Done -->-->
3.44 end
3.44 assertion VerifyResponse
3.44 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.44 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-Query-Mismatch.txt����������������������������������������������������������������0000644�0000000�0000000�00000011122�13313422421�017544� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-Query-Mismatch
Test description: Rejects redirect_uri when query parameter does not match what is registed
Timestamp: 2018-06-23T10:46:41Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.075 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.075 phase <--<-- 2 --- Registration -->-->
0.075 register kwargs:{'application_name': 'OIC test tool', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'redirect_uri': ['https://op.certification.openid.net:61353/authz_cb?foo=bar']}
0.075 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#LtySycnhFcGnHiXR"
],
"response_types": [
"code"
]
}
0.236 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.237 RegistrationResponse {
"client_id": "ecb012c6-512d-4236-b362-a17e856e054f",
"client_secret": "xjeZZSzBwdMu",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "ecb012c6-512d-4236-b362-a17e856e054f",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#LtySycnhFcGnHiXR"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.237 phase <--<-- 3 --- Note -->-->
============================================================
Conditions
============================================================
RESULT: PARTIAL RESULT
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-ClientAuth-SecretPost-Dynamic.txt��������������������������������������������������������������0000644�0000000�0000000�00000023346�13313422237�017751� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-ClientAuth-SecretPost-Dynamic
Test description: Access token request with client_secret_post authentication
Timestamp: 2018-06-23T10:44:47Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.109 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.11 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.11 phase <--<-- 2 --- Registration -->-->
0.11 register kwargs:{'application_name': 'OIC test tool', 'token_endpoint_auth_method': 'client_secret_post', 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'response_types': ['code'], 'url': 'https://oidc-certification.ory.sh:8443/clients', 'application_type': 'web'}
0.111 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#poWXZDCsCiLPxp5X"
],
"response_types": [
"code"
],
"token_endpoint_auth_method": "client_secret_post"
}
0.265 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.266 RegistrationResponse {
"client_id": "fa7e3e69-4c47-4bd6-a85e-e631eb5f370e",
"client_secret": "XJHCjQFO4huZ",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "fa7e3e69-4c47-4bd6-a85e-e631eb5f370e",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#poWXZDCsCiLPxp5X"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_post",
"userinfo_signed_response_alg": "none"
}
0.266 phase <--<-- 3 --- AsyncAuthn -->-->
0.267 AuthorizationRequest {
"client_id": "fa7e3e69-4c47-4bd6-a85e-e631eb5f370e",
"nonce": "IEifmKIFyjEpAt2h",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "iQgoWHDARhVIYd3N"
}
0.267 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=fa7e3e69-4c47-4bd6-a85e-e631eb5f370e&state=iQgoWHDARhVIYd3N&response_type=code&nonce=IEifmKIFyjEpAt2h
0.267 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=fa7e3e69-4c47-4bd6-a85e-e631eb5f370e&state=iQgoWHDARhVIYd3N&response_type=code&nonce=IEifmKIFyjEpAt2h
3.303 response Response URL with query part
3.303 response {'state': 'iQgoWHDARhVIYd3N', 'scope': 'openid', 'code': 'aarGe7yRXxpiaMYLFg15pSt1pC5nyb9PcQ_bhzTdBjo.lhA4be3O4jDEPpIi0ZzSm6mWbQuyW2iFL5L-ib1sBkE'}
3.304 response {'state': 'iQgoWHDARhVIYd3N', 'scope': 'openid', 'code': 'aarGe7yRXxpiaMYLFg15pSt1pC5nyb9PcQ_bhzTdBjo.lhA4be3O4jDEPpIi0ZzSm6mWbQuyW2iFL5L-ib1sBkE'}
3.304 AuthorizationResponse {
"code": "aarGe7yRXxpiaMYLFg15pSt1pC5nyb9PcQ_bhzTdBjo.lhA4be3O4jDEPpIi0ZzSm6mWbQuyW2iFL5L-ib1sBkE",
"scope": "openid",
"state": "iQgoWHDARhVIYd3N"
}
3.304 phase <--<-- 4 --- AccessToken -->-->
3.304 --> request op_args: {'state': 'iQgoWHDARhVIYd3N', 'authn_method': 'client_secret_post'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.304 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'iQgoWHDARhVIYd3N', 'code': 'aarGe7yRXxpiaMYLFg15pSt1pC5nyb9PcQ_bhzTdBjo.lhA4be3O4jDEPpIi0ZzSm6mWbQuyW2iFL5L-ib1sBkE', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'fa7e3e69-4c47-4bd6-a85e-e631eb5f370e'}, 'state': 'iQgoWHDARhVIYd3N', 'authn_method': 'client_secret_post'}
3.305 AccessTokenRequest {
"client_id": "fa7e3e69-4c47-4bd6-a85e-e631eb5f370e",
"client_secret": "XJHCjQFO4huZ",
"code": "aarGe7yRXxpiaMYLFg15pSt1pC5nyb9PcQ_bhzTdBjo.lhA4be3O4jDEPpIi0ZzSm6mWbQuyW2iFL5L-ib1sBkE",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "iQgoWHDARhVIYd3N"
}
3.305 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.305 request_http_args {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
3.305 request code=aarGe7yRXxpiaMYLFg15pSt1pC5nyb9PcQ_bhzTdBjo.lhA4be3O4jDEPpIi0ZzSm6mWbQuyW2iFL5L-ib1sBkE&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=fa7e3e69-4c47-4bd6-a85e-e631eb5f370e&grant_type=authorization_code&state=iQgoWHDARhVIYd3N&client_secret=XJHCjQFO4huZ
3.516 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.517 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZmE3ZTNlNjktNGM0Ny00YmQ2LWE4NWUtZTYzMWViNWYzNzBlIl0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0Mjg2LCJpYXQiOjE1Mjk3NTA2ODcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImIyM2E2YTNkLWNlZWItNDhlOS1hZTQ5LWI1OTkyMjc4MDJiMiIsIm5vbmNlIjoiSUVpZm1LSUZ5akVwQXQyaCIsInJhdCI6MTUyOTc1MDY4NCwic3ViIjoiZm9vQGJhci5jb20ifQ.kjOYWeGnPnvxLIY9-9C5zz6efn7eojl0FSfXF7lNVN4cmnC1fxd48bFmLSnQcpPVm0W-YVc7tBv2K3_mUn1zU-yhzpwgSgMAIjPZPdt8YN2bq6IeRclN0sowEJg4jycxpJoph-dlgfc8CwoRbpnKxJ7uwFySg6BidVtrsPpV-MiH9nzvq4jA5K-kAAnWXPQzvIkQsihHKphXuZnLMZ5bWyQUZEVgY1YrFoUYFxD0-3Hr-dx6-Zc0QsTiWPLXknqkJoS9Jxj7SmamMUydC89VRKM4V2_R8ggy1P70IxrrVIIBR64uis0Tw-tcwQxvSHLxE9fkix4wiV5ZR2JAbsLYnI3GcQ5a4dhutfeG_Bh_gZGU57oevpK-UJ6EjeznoKYd22NDA4uuG6DZ4kmIlhMuVyYLP6398uSJ9Yr0hSucL990CVQVuROQIC6rexonpVjCIRjghLoAN_t9VMD1Xolhj9DC9Fg_qw1C70Mt3dzQdpdHHzFbQOON1EQWzY9E1MEjXaHBrwNhPXvSqxvprbU-3ffzbFwR-xYh8zH7GmtjiAC45SQBszfjD2aiSuEm65JYHLuJ1vH21q9MFvq3VAEVZoapmE0wRykpifi29ycdhltnSxZodtLxN4K19pQh6YKa9jsAizaz_4gMnH17MQHrw1aPXuyNU4dUyTINXeOiHXs', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'RR093LmuXffnh3U_kyzJ7VH8bsLqsMPTzUENPj6fJ1A.GARSHaWDXwLTzlWsqJsgezglRIKJz0LSl9nL8LXYiH0', 'scope': 'openid'}
3.63 AccessTokenResponse {
"access_token": "RR093LmuXffnh3U_kyzJ7VH8bsLqsMPTzUENPj6fJ1A.GARSHaWDXwLTzlWsqJsgezglRIKJz0LSl9nL8LXYiH0",
"expires_in": 3599,
"id_token": {
"aud": [
"fa7e3e69-4c47-4bd6-a85e-e631eb5f370e"
],
"auth_time": 1529750592,
"exp": 1529754286,
"iat": 1529750687,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "b23a6a3d-ceeb-48e9-ae49-b599227802b2",
"nonce": "IEifmKIFyjEpAt2h",
"rat": 1529750684,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.63 phase <--<-- 5 --- Done -->-->
3.63 end
3.631 assertion VerifyResponse
3.631 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.631 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-jwks.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000037433�13313422125�015662� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-jwks
Test description: Uses keys registered with jwks value
Timestamp: 2018-06-23T10:43:33Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.092 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.093 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.093 phase <--<-- 2 --- Registration -->-->
0.094 register kwargs:{'application_name': 'OIC test tool', 'jwks': {'keys': [{'use': 'enc', 'kty': 'RSA', 'n': 'pKXuY5tuT9ibmEcq4B6VRx3MafdSsajrOndAk5FjJFedlA6qSpdqDUr9wWUkNeO8h_efdLfg43CHXk3mH6Fp1t2gbHzBQ4-SzT3_X5tsdG2PPqvngem7f5NHO6Kefhq11Zk5q4-FyTL9FUQQW6ZANbrU7GifSAs82Ck20ciIvFdv7cPCphk_THMVv14aW5w0eKEXumgx4Bc7HrQFXQUHSze3dVAKg8hKHDIQOGUU0fkolEFmOC4Gb-G57RpBJryZxXqgdUdEG66xl1f37tqpYgaLViFDWDiI8S7BMVHEbGHN4-f_MD9f6gMduaxrL6a6SfyIW1So2VqtvlAyanesTw', 'e': 'AQAB', 'kid': 'gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww'}, {'use': 'sig', 'kty': 'RSA', 'n': '1Z8lhYNb0tHZsVrzIQs-JetNCLIBWeOHXblcirxQgFLt6z4Rr-9vxPbEsrmRmZbPuuoL8nGehqOK11LAgqa1QfCR4TKxr2srlbTv4A4Gyf-suhO_KKt0JWv2q9olREZcoIE4FCwK0vuWTqD5q4qL_uqt_kHltzhdkJ4LySdCRCbxG1kcEcXoPNIhZERttqbZTIQviJxJ2HqC7CbwocmZMnbMAzP52bVX86vLxosmI-pqkG1RG8jMTZMhvc2GmYe6CfleW7bRxS0078sWDM_iACSQVOqLk5rcW_C-a61EYzNNN7BMw-VxFSDtoGgNgb6XGM6FTf9fkdJjIRL2VZAt0Q', 'e': 'AQAB', 'kid': 'wt25OgyR_nzG3OoQ7daa2rL6-gMnFdfRzBjhUVPu8RQ'}, {'x': 'aruz0ufjUGuEQwg2Q3ewyy5DnEIWWmIEO5stN8MfUTA', 'use': 'sig', 'kty': 'EC', 'y': 'dZnZMUOQAvzOD6q1f11PEho4-aX7nWdmive8zdxUbrA', 'crv': 'P-256', 'kid': 'AZXCzT401BtqezIxAdHOEez1ApQUu3O5hjcfRFKxXtQ'}, {'x': 'AeI9gyN_hcFae8vO2HgaH7Fh-MVX1YXJdWg-T16g1kM', 'use': 'enc', 'kty': 'EC', 'y': '5ASt8rCvPWTKMAh6wvR8_-OEbl_9TTkkgAd7LXW8H48', 'crv': 'P-256', 'kid': 'CrXNdVSdrZ-lOToSPso6OlcZnP-Et4U9CzOIZOZPvLw'}]}, 'token_endpoint_auth_method': 'private_key_jwt', 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'grant_types': ['authorization_code'], 'response_types': ['code'], 'url': 'https://oidc-certification.ory.sh:8443/clients', 'application_type': 'web'}
0.094 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks": {
"keys": [
{
"e": "AQAB",
"kid": "gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww",
"kty": "RSA",
"n": "pKXuY5tuT9ibmEcq4B6VRx3MafdSsajrOndAk5FjJFedlA6qSpdqDUr9wWUkNeO8h_efdLfg43CHXk3mH6Fp1t2gbHzBQ4-SzT3_X5tsdG2PPqvngem7f5NHO6Kefhq11Zk5q4-FyTL9FUQQW6ZANbrU7GifSAs82Ck20ciIvFdv7cPCphk_THMVv14aW5w0eKEXumgx4Bc7HrQFXQUHSze3dVAKg8hKHDIQOGUU0fkolEFmOC4Gb-G57RpBJryZxXqgdUdEG66xl1f37tqpYgaLViFDWDiI8S7BMVHEbGHN4-f_MD9f6gMduaxrL6a6SfyIW1So2VqtvlAyanesTw",
"use": "enc"
},
{
"e": "AQAB",
"kid": "wt25OgyR_nzG3OoQ7daa2rL6-gMnFdfRzBjhUVPu8RQ",
"kty": "RSA",
"n": "1Z8lhYNb0tHZsVrzIQs-JetNCLIBWeOHXblcirxQgFLt6z4Rr-9vxPbEsrmRmZbPuuoL8nGehqOK11LAgqa1QfCR4TKxr2srlbTv4A4Gyf-suhO_KKt0JWv2q9olREZcoIE4FCwK0vuWTqD5q4qL_uqt_kHltzhdkJ4LySdCRCbxG1kcEcXoPNIhZERttqbZTIQviJxJ2HqC7CbwocmZMnbMAzP52bVX86vLxosmI-pqkG1RG8jMTZMhvc2GmYe6CfleW7bRxS0078sWDM_iACSQVOqLk5rcW_C-a61EYzNNN7BMw-VxFSDtoGgNgb6XGM6FTf9fkdJjIRL2VZAt0Q",
"use": "sig"
},
{
"crv": "P-256",
"kid": "AZXCzT401BtqezIxAdHOEez1ApQUu3O5hjcfRFKxXtQ",
"kty": "EC",
"use": "sig",
"x": "aruz0ufjUGuEQwg2Q3ewyy5DnEIWWmIEO5stN8MfUTA",
"y": "dZnZMUOQAvzOD6q1f11PEho4-aX7nWdmive8zdxUbrA"
},
{
"crv": "P-256",
"kid": "CrXNdVSdrZ-lOToSPso6OlcZnP-Et4U9CzOIZOZPvLw",
"kty": "EC",
"use": "enc",
"x": "AeI9gyN_hcFae8vO2HgaH7Fh-MVX1YXJdWg-T16g1kM",
"y": "5ASt8rCvPWTKMAh6wvR8_-OEbl_9TTkkgAd7LXW8H48"
}
]
},
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#hJz8quGQztGsPTS8"
],
"response_types": [
"code"
],
"token_endpoint_auth_method": "private_key_jwt"
}
0.282 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.283 RegistrationResponse {
"client_id": "1cf701c5-bb2e-4d69-adad-23cde091db7b",
"client_secret": "Fp9mcCQWBlQp",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "1cf701c5-bb2e-4d69-adad-23cde091db7b",
"jwks": {
"keys": [
{
"e": "AQAB",
"kid": "gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww",
"kty": "RSA",
"n": "pKXuY5tuT9ibmEcq4B6VRx3MafdSsajrOndAk5FjJFedlA6qSpdqDUr9wWUkNeO8h_efdLfg43CHXk3mH6Fp1t2gbHzBQ4-SzT3_X5tsdG2PPqvngem7f5NHO6Kefhq11Zk5q4-FyTL9FUQQW6ZANbrU7GifSAs82Ck20ciIvFdv7cPCphk_THMVv14aW5w0eKEXumgx4Bc7HrQFXQUHSze3dVAKg8hKHDIQOGUU0fkolEFmOC4Gb-G57RpBJryZxXqgdUdEG66xl1f37tqpYgaLViFDWDiI8S7BMVHEbGHN4-f_MD9f6gMduaxrL6a6SfyIW1So2VqtvlAyanesTw",
"use": "enc"
},
{
"e": "AQAB",
"kid": "wt25OgyR_nzG3OoQ7daa2rL6-gMnFdfRzBjhUVPu8RQ",
"kty": "RSA",
"n": "1Z8lhYNb0tHZsVrzIQs-JetNCLIBWeOHXblcirxQgFLt6z4Rr-9vxPbEsrmRmZbPuuoL8nGehqOK11LAgqa1QfCR4TKxr2srlbTv4A4Gyf-suhO_KKt0JWv2q9olREZcoIE4FCwK0vuWTqD5q4qL_uqt_kHltzhdkJ4LySdCRCbxG1kcEcXoPNIhZERttqbZTIQviJxJ2HqC7CbwocmZMnbMAzP52bVX86vLxosmI-pqkG1RG8jMTZMhvc2GmYe6CfleW7bRxS0078sWDM_iACSQVOqLk5rcW_C-a61EYzNNN7BMw-VxFSDtoGgNgb6XGM6FTf9fkdJjIRL2VZAt0Q",
"use": "sig"
},
{
"crv": "P-256",
"kid": "AZXCzT401BtqezIxAdHOEez1ApQUu3O5hjcfRFKxXtQ",
"kty": "EC",
"use": "sig",
"x": "aruz0ufjUGuEQwg2Q3ewyy5DnEIWWmIEO5stN8MfUTA",
"y": "dZnZMUOQAvzOD6q1f11PEho4-aX7nWdmive8zdxUbrA"
},
{
"crv": "P-256",
"kid": "CrXNdVSdrZ-lOToSPso6OlcZnP-Et4U9CzOIZOZPvLw",
"kty": "EC",
"use": "enc",
"x": "AeI9gyN_hcFae8vO2HgaH7Fh-MVX1YXJdWg-T16g1kM",
"y": "5ASt8rCvPWTKMAh6wvR8_-OEbl_9TTkkgAd7LXW8H48"
}
]
},
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#hJz8quGQztGsPTS8"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "private_key_jwt",
"userinfo_signed_response_alg": "none"
}
0.283 phase <--<-- 3 --- AsyncAuthn -->-->
0.284 AuthorizationRequest {
"client_id": "1cf701c5-bb2e-4d69-adad-23cde091db7b",
"nonce": "6VGUlP2kd4aEPc5j",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "pi2vuIJpsTHD6JyL"
}
0.284 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=1cf701c5-bb2e-4d69-adad-23cde091db7b&state=pi2vuIJpsTHD6JyL&response_type=code&nonce=6VGUlP2kd4aEPc5j
0.284 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=1cf701c5-bb2e-4d69-adad-23cde091db7b&state=pi2vuIJpsTHD6JyL&response_type=code&nonce=6VGUlP2kd4aEPc5j
2.81 response Response URL with query part
2.81 response {'state': 'pi2vuIJpsTHD6JyL', 'scope': 'openid', 'code': 'tw9Ris3XV0JCPHlRK7ug2TGj4uJo8LXqgEzmCVEJzAI.o_QkF_2i10ONH3LPve8RadpDrzsr71tqcsz9chcNZ5g'}
2.81 response {'state': 'pi2vuIJpsTHD6JyL', 'scope': 'openid', 'code': 'tw9Ris3XV0JCPHlRK7ug2TGj4uJo8LXqgEzmCVEJzAI.o_QkF_2i10ONH3LPve8RadpDrzsr71tqcsz9chcNZ5g'}
2.811 AuthorizationResponse {
"code": "tw9Ris3XV0JCPHlRK7ug2TGj4uJo8LXqgEzmCVEJzAI.o_QkF_2i10ONH3LPve8RadpDrzsr71tqcsz9chcNZ5g",
"scope": "openid",
"state": "pi2vuIJpsTHD6JyL"
}
2.811 phase <--<-- 4 --- AccessToken -->-->
2.811 --> request op_args: {'state': 'pi2vuIJpsTHD6JyL', 'authn_method': 'private_key_jwt'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.811 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'pi2vuIJpsTHD6JyL', 'code': 'tw9Ris3XV0JCPHlRK7ug2TGj4uJo8LXqgEzmCVEJzAI.o_QkF_2i10ONH3LPve8RadpDrzsr71tqcsz9chcNZ5g', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '1cf701c5-bb2e-4d69-adad-23cde091db7b'}, 'state': 'pi2vuIJpsTHD6JyL', 'authn_method': 'private_key_jwt'}
2.811 AccessTokenRequest {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiMWNmNzAxYzUtYmIyZS00ZDY5LWFkYWQtMjNjZGUwOTFkYjdiIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiMWNmNzAxYzUtYmIyZS00ZDY5LWFkYWQtMjNjZGUwOTFkYjdiIiwgImlhdCI6IDE1Mjk3NTA2MTIsICJqdGkiOiAiZjhleElKek1GVTVYRkpMNFg3cVNOdjVSR3VaUGZYNTMiLCAiZXhwIjogMTUyOTc1MTIxMn0.c6JaBlLtyZLYG_c060vcz-q3nLmfZZ0V_rkydl1flR-V8IyuqNHw0b-rYXr82gqfJom7_rc0lRWuPD5cc58NUgrRZY9gELOHX6tqWJG4WtrL8Fmf_MJu3DWNG4Rr140Dv4unLOp8U1aYCutrwaD6zvXQtskgWC-qHIEul17C-u9DyewosQWKJI1vDWPqjK_G7iGHvOVIt2_VGlCLhZgLq_sQvkGIvIwLz7v_vBxIs11JKJbauGRKxsN4CO4JYr5oPNjWktD0IPLq7pF7gKU0Z5j0W7k9nw-c4FCgdv6Ct-2pZyKs0KfLjaB-8HDz6doAhd1EINspf_RiXnfq4My0dg",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "tw9Ris3XV0JCPHlRK7ug2TGj4uJo8LXqgEzmCVEJzAI.o_QkF_2i10ONH3LPve8RadpDrzsr71tqcsz9chcNZ5g",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "pi2vuIJpsTHD6JyL"
}
2.817 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.817 request_http_args {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
2.817 request code=tw9Ris3XV0JCPHlRK7ug2TGj4uJo8LXqgEzmCVEJzAI.o_QkF_2i10ONH3LPve8RadpDrzsr71tqcsz9chcNZ5g&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=pi2vuIJpsTHD6JyL&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiMWNmNzAxYzUtYmIyZS00ZDY5LWFkYWQtMjNjZGUwOTFkYjdiIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiMWNmNzAxYzUtYmIyZS00ZDY5LWFkYWQtMjNjZGUwOTFkYjdiIiwgImlhdCI6IDE1Mjk3NTA2MTIsICJqdGkiOiAiZjhleElKek1GVTVYRkpMNFg3cVNOdjVSR3VaUGZYNTMiLCAiZXhwIjogMTUyOTc1MTIxMn0.c6JaBlLtyZLYG_c060vcz-q3nLmfZZ0V_rkydl1flR-V8IyuqNHw0b-rYXr82gqfJom7_rc0lRWuPD5cc58NUgrRZY9gELOHX6tqWJG4WtrL8Fmf_MJu3DWNG4Rr140Dv4unLOp8U1aYCutrwaD6zvXQtskgWC-qHIEul17C-u9DyewosQWKJI1vDWPqjK_G7iGHvOVIt2_VGlCLhZgLq_sQvkGIvIwLz7v_vBxIs11JKJbauGRKxsN4CO4JYr5oPNjWktD0IPLq7pF7gKU0Z5j0W7k9nw-c4FCgdv6Ct-2pZyKs0KfLjaB-8HDz6doAhd1EINspf_RiXnfq4My0dg
2.983 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.984 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMWNmNzAxYzUtYmIyZS00ZDY5LWFkYWQtMjNjZGUwOTFkYjdiIl0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MjEyLCJpYXQiOjE1Mjk3NTA2MTIsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImQ4ZjliMGJlLTJkZjUtNDA1NS1hNzE3LWQ0MTljOWY3MWNlOCIsIm5vbmNlIjoiNlZHVWxQMmtkNGFFUGM1aiIsInJhdCI6MTUyOTc1MDYxMCwic3ViIjoiZm9vQGJhci5jb20ifQ.BUjDkue8e5KWI9ke_A3L3RBqCEhDxzNocRBYYXP-r4ekdfbnh5CDVFZNXfgZ1fRkjvDoMTKgp5oGdnBKmzCB_Jw0nFSSX3U2rxKk9VBOkbkSWsUdYLmUtpxop2ramiquUUucFX3y9DmmJR0l5SDVYqvVI2JpVnmqIWAAJJKJnQR2rsR7qd6EAmEBF6crdbSaenLyMp0m_5B0zQ58d_-N164-8FEHG9GKcjDqav3xgw7mJi47JpWcykdlg9ux8DEADTenovv0jC0PPrDYo5i8MnsSPpnvHFU1ZeYH-K0pIJZHPHN861jwMqcvHnK-xQ-z64c9LdNpw8LMOBqEwhO6rKskwVvz0xSNlnYBu3FuNYmNaEZmOwjPZKbSXFovtqNyjdHBocVz8B7W-LfgcF6DflyBhOaGvuQye3KsNmi4dNPy0o06cFdLtnnZhaYQ4yiovcMLvKJvNI3btdDVJROQWdPmkbzqUoX1K6gIvajgY4KkvLUn_PcqFTCJwKj3OZB2AlGPDsK_rvdoCs3F-Csy98Aft4NtFkFV9fV-SgJawdjR9hjCVfkZlqfJJ8p_hG8GnSXMAdCAbf01dO2NzcgDAWeyC2AqgK_IU6nP4CRA-gdGZVBYJH8AY_XXxqBgtCFtTOM0l6hGrQ_9OjUvv3-Fz2ahTw8oroOBtKSbhV8xTLU', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'zzLwtd-HSt0GQh-4I5F17cyQjW96SalXqrKaIMvMeLk.K2wL8vzSg9ZYvghK0Cr38ftWnnYvPMs7p6oxv-MTQyk', 'scope': 'openid'}
3.066 AccessTokenResponse {
"access_token": "zzLwtd-HSt0GQh-4I5F17cyQjW96SalXqrKaIMvMeLk.K2wL8vzSg9ZYvghK0Cr38ftWnnYvPMs7p6oxv-MTQyk",
"expires_in": 3599,
"id_token": {
"aud": [
"1cf701c5-bb2e-4d69-adad-23cde091db7b"
],
"auth_time": 1529750592,
"exp": 1529754212,
"iat": 1529750612,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "d8f9b0be-2df5-4055-a717-d419c9f71ce8",
"nonce": "6VGUlP2kd4aEPc5j",
"rat": 1529750610,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.066 phase <--<-- 5 --- Done -->-->
3.066 end
3.067 assertion VerifyResponse
3.067 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.067 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Rotation-OP-Sig.txt����������������������������������������������������������������������������0000644�0000000�0000000�00000011554�13313423024�015062� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Rotation-OP-Sig
Test description: Can rotate OP signing keys
Timestamp: 2018-06-23T10:51:00Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.072 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- FetchKeys -->-->
0.147 phase <--<-- 3 --- Note -->-->
8.548 phase <--<-- 4 --- Webfinger -->-->
8.548 not expected to do WebFinger
8.548 phase <--<-- 5 --- Discovery -->-->
8.548 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
8.626 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
8.627 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
8.627 phase <--<-- 6 --- FetchKeys -->-->
8.737 phase <--<-- 7 --- Done -->-->
8.737 end
8.738 assertion CheckHTTPResponse
8.738 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
8.738 assertion NewSigningKeys
8.738 condition new-signing-keys: status=OK [Verifies that two set of signing keys are not the same]
8.738 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
new-signing-keys: status=OK [Verifies that two set of signing keys are not the same]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-jwks_uri.txt����������������������������������������������������������������������0000644�0000000�0000000�00000026325�13313422140�016534� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-jwks_uri
Test description: Uses keys registered with jwks_uri value
Timestamp: 2018-06-23T10:43:44Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.08 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.082 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.082 phase <--<-- 2 --- Registration -->-->
0.082 register kwargs:{'application_name': 'OIC test tool', 'token_endpoint_auth_method': 'private_key_jwt', 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'response_types': ['code'], 'url': 'https://oidc-certification.ory.sh:8443/clients', 'application_type': 'web'}
0.082 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#DJag6msYGkIEs0Gl"
],
"response_types": [
"code"
],
"token_endpoint_auth_method": "private_key_jwt"
}
0.24 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.241 RegistrationResponse {
"client_id": "bbdb0da4-0ef4-4e52-a7e1-7886d8a75941",
"client_secret": "4f~A_g2.OD7p",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "bbdb0da4-0ef4-4e52-a7e1-7886d8a75941",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#DJag6msYGkIEs0Gl"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "private_key_jwt",
"userinfo_signed_response_alg": "none"
}
0.241 phase <--<-- 3 --- AsyncAuthn -->-->
0.242 AuthorizationRequest {
"client_id": "bbdb0da4-0ef4-4e52-a7e1-7886d8a75941",
"nonce": "AjVnT1wp1y1um8fG",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "qv6n7TUvrXnULueo"
}
0.242 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=bbdb0da4-0ef4-4e52-a7e1-7886d8a75941&state=qv6n7TUvrXnULueo&response_type=code&nonce=AjVnT1wp1y1um8fG
0.242 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=bbdb0da4-0ef4-4e52-a7e1-7886d8a75941&state=qv6n7TUvrXnULueo&response_type=code&nonce=AjVnT1wp1y1um8fG
2.764 response Response URL with query part
2.764 response {'state': 'qv6n7TUvrXnULueo', 'scope': 'openid', 'code': '9lilQ3nKKmBECZFkZPKhHdLUNzi1eNzUi1iMSmTDTg0.RjmLsqscpzS5_BiZREu2o2TAxGTlq9_dTJehbcxbh8E'}
2.764 response {'state': 'qv6n7TUvrXnULueo', 'scope': 'openid', 'code': '9lilQ3nKKmBECZFkZPKhHdLUNzi1eNzUi1iMSmTDTg0.RjmLsqscpzS5_BiZREu2o2TAxGTlq9_dTJehbcxbh8E'}
2.765 AuthorizationResponse {
"code": "9lilQ3nKKmBECZFkZPKhHdLUNzi1eNzUi1iMSmTDTg0.RjmLsqscpzS5_BiZREu2o2TAxGTlq9_dTJehbcxbh8E",
"scope": "openid",
"state": "qv6n7TUvrXnULueo"
}
2.765 phase <--<-- 4 --- AccessToken -->-->
2.765 --> request op_args: {'state': 'qv6n7TUvrXnULueo', 'authn_method': 'private_key_jwt'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.765 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'qv6n7TUvrXnULueo', 'code': '9lilQ3nKKmBECZFkZPKhHdLUNzi1eNzUi1iMSmTDTg0.RjmLsqscpzS5_BiZREu2o2TAxGTlq9_dTJehbcxbh8E', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'bbdb0da4-0ef4-4e52-a7e1-7886d8a75941'}, 'state': 'qv6n7TUvrXnULueo', 'authn_method': 'private_key_jwt'}
2.765 AccessTokenRequest {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiYmJkYjBkYTQtMGVmNC00ZTUyLWE3ZTEtNzg4NmQ4YTc1OTQxIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiYmJkYjBkYTQtMGVmNC00ZTUyLWE3ZTEtNzg4NmQ4YTc1OTQxIiwgImlhdCI6IDE1Mjk3NTA2MjQsICJqdGkiOiAib0ZYMEhWbVF5aW9RT0RuNzB2bTQyZXVkWENMNFZOQ2IiLCAiZXhwIjogMTUyOTc1MTIyNH0.NWkYR-d33B-sHimw-IX4DcFccjp1eDuHaS9q-U1IVLEiZPvrPCUdngAcfL9Am04_LgqeM7ShuW63a3LQppS7m3Fq-zTtKz0qscdgGVuCX4Rs2EUP3KSEKpslSIDnaaOXFs5JamfP70f64HIhVGd-Ep_8O3-mIQH7WgjHaDlcmAgy75WXj0uLaGlc52V2NZjIYp5JFmcqJrD0wJCWQ6ZaIKaEedG9YVSLmYhNjar8w0fsCeN_sOgNUj0WV7ruOMHJXMh6qWZQdquY6suPINYuR30pien3DdXqAXuzheppqp779kJPauScigxfkY22VaQxfJ9FE3BKG4QGI2DzbB4s4A",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "9lilQ3nKKmBECZFkZPKhHdLUNzi1eNzUi1iMSmTDTg0.RjmLsqscpzS5_BiZREu2o2TAxGTlq9_dTJehbcxbh8E",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "qv6n7TUvrXnULueo"
}
2.769 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.769 request_http_args {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
2.769 request code=9lilQ3nKKmBECZFkZPKhHdLUNzi1eNzUi1iMSmTDTg0.RjmLsqscpzS5_BiZREu2o2TAxGTlq9_dTJehbcxbh8E&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=qv6n7TUvrXnULueo&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiYmJkYjBkYTQtMGVmNC00ZTUyLWE3ZTEtNzg4NmQ4YTc1OTQxIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiYmJkYjBkYTQtMGVmNC00ZTUyLWE3ZTEtNzg4NmQ4YTc1OTQxIiwgImlhdCI6IDE1Mjk3NTA2MjQsICJqdGkiOiAib0ZYMEhWbVF5aW9RT0RuNzB2bTQyZXVkWENMNFZOQ2IiLCAiZXhwIjogMTUyOTc1MTIyNH0.NWkYR-d33B-sHimw-IX4DcFccjp1eDuHaS9q-U1IVLEiZPvrPCUdngAcfL9Am04_LgqeM7ShuW63a3LQppS7m3Fq-zTtKz0qscdgGVuCX4Rs2EUP3KSEKpslSIDnaaOXFs5JamfP70f64HIhVGd-Ep_8O3-mIQH7WgjHaDlcmAgy75WXj0uLaGlc52V2NZjIYp5JFmcqJrD0wJCWQ6ZaIKaEedG9YVSLmYhNjar8w0fsCeN_sOgNUj0WV7ruOMHJXMh6qWZQdquY6suPINYuR30pien3DdXqAXuzheppqp779kJPauScigxfkY22VaQxfJ9FE3BKG4QGI2DzbB4s4A
2.93 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.932 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYmJkYjBkYTQtMGVmNC00ZTUyLWE3ZTEtNzg4NmQ4YTc1OTQxIl0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MjI0LCJpYXQiOjE1Mjk3NTA2MjQsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImI4MzU3MGFmLWE5ZjQtNGM4MS1hMTU5LWM5OTBjZDljNWRjYSIsIm5vbmNlIjoiQWpWblQxd3AxeTF1bThmRyIsInJhdCI6MTUyOTc1MDYyMiwic3ViIjoiZm9vQGJhci5jb20ifQ.CzjfghDP-AIkmdS5CN3rkMJ6NyMe8yWl_rFQaz3vUmmCdtSvc-lsdXun4eL6sqZB85N1nATR0ucmuoR-UpPhWQTRJ7rztVNt3tQ9a40AnHZS7IemFevEnqzE72ync7fnH_Wrx8XIgTtOHxRHZnUlzO9ip3fcjHCk5yuOILFdVhEaa7J0qC6mzaYX8_Rq8Cmo8p29tTcrEnBN-Wbhxw8W6hYtAMl-5z5KkyFBAcazWsTiV_55GcDpUWHbB7QJOU6nieTjl6MYDhlspQOUQA63Syp2PYUEv81iKRJefH9LPWx8UxL-ScTKZS3vV190WmzPUL8-FHkx9Co6lyCHC4HGWC8sau1vWlsoitg4VPvTB0Jq8eanj22zy5hs9VtNse34pPaLIhsFP4D5AliHGgYC0LuXZ2aVreR6iOl-N-onq_YacLUyx2Fzaig3lcD_w0Pgbh1C_xkZGuv-eGQcAAl2Yk5FVE9dWF09autP-8Iky5TZ3MgBj6uHbXvot5tW1oS5F8xuGmxiaRYAksDeH-tM-b2ejnQ6HN2A7iiq6sdj7OcRN8_de6uuMb23Y9APbqA9hyPBs9qM4NZHrK92IE3_YsZrg3FkK_2Utr7Ebw-4GA3_xeYdt8_dZuTRKJQUjld8XXNy8XKCbVa9IIAqFCIJG923IIfbZ0dq1oi5bZP64FA', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': '-X01qotFl-SU05bQEWsWZDhW7Vom0envPM5CUmf06mE.Y62sII-yPfwCeInPgLGPu4avFXmyJP2HFK079ZC5uFw', 'scope': 'openid'}
3.015 AccessTokenResponse {
"access_token": "-X01qotFl-SU05bQEWsWZDhW7Vom0envPM5CUmf06mE.Y62sII-yPfwCeInPgLGPu4avFXmyJP2HFK079ZC5uFw",
"expires_in": 3599,
"id_token": {
"aud": [
"bbdb0da4-0ef4-4e52-a7e1-7886d8a75941"
],
"auth_time": 1529750592,
"exp": 1529754224,
"iat": 1529750624,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "b83570af-a9f4-4c81-a159-c990cd9c5dca",
"nonce": "AjVnT1wp1y1um8fG",
"rat": 1529750622,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.015 phase <--<-- 5 --- Done -->-->
3.015 end
3.016 assertion VerifyResponse
3.016 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.016 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Req-max_age=10000.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000035517�13313422710�015041� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-max_age=10000
Test description: Requesting ID Token with max_age=10000 seconds restriction
Timestamp: 2018-06-23T10:49:44Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.075 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.077 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#DXuQUZ3bXuPFPvU4"
],
"response_types": [
"code"
]
}
0.232 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.233 RegistrationResponse {
"client_id": "70cccb54-e0f4-4299-a099-f2975a3fcf5b",
"client_secret": "zFXlj9CwVdS-",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "70cccb54-e0f4-4299-a099-f2975a3fcf5b",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#DXuQUZ3bXuPFPvU4"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.233 phase <--<-- 3 --- AsyncAuthn -->-->
0.234 AuthorizationRequest {
"client_id": "70cccb54-e0f4-4299-a099-f2975a3fcf5b",
"nonce": "DV8BFYgpi39cIokJ",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "j1NsamVKz6wIzlW9"
}
0.234 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=70cccb54-e0f4-4299-a099-f2975a3fcf5b&state=j1NsamVKz6wIzlW9&response_type=code&nonce=DV8BFYgpi39cIokJ
0.234 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=70cccb54-e0f4-4299-a099-f2975a3fcf5b&state=j1NsamVKz6wIzlW9&response_type=code&nonce=DV8BFYgpi39cIokJ
2.96 response Response URL with query part
2.96 response {'state': 'j1NsamVKz6wIzlW9', 'scope': 'openid', 'code': 'l4166QgxrsPnK3EbJGb9youJsnHbIeqY2LQvM6HXkfw.Rr9fgSuxDf0jCMikWr9lIEC4xF12AyDI_k1QzsHg9Tc'}
2.96 response {'state': 'j1NsamVKz6wIzlW9', 'scope': 'openid', 'code': 'l4166QgxrsPnK3EbJGb9youJsnHbIeqY2LQvM6HXkfw.Rr9fgSuxDf0jCMikWr9lIEC4xF12AyDI_k1QzsHg9Tc'}
2.961 AuthorizationResponse {
"code": "l4166QgxrsPnK3EbJGb9youJsnHbIeqY2LQvM6HXkfw.Rr9fgSuxDf0jCMikWr9lIEC4xF12AyDI_k1QzsHg9Tc",
"scope": "openid",
"state": "j1NsamVKz6wIzlW9"
}
2.961 phase <--<-- 4 --- AccessToken -->-->
2.961 --> request op_args: {'state': 'j1NsamVKz6wIzlW9'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.961 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'j1NsamVKz6wIzlW9', 'code': 'l4166QgxrsPnK3EbJGb9youJsnHbIeqY2LQvM6HXkfw.Rr9fgSuxDf0jCMikWr9lIEC4xF12AyDI_k1QzsHg9Tc', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '70cccb54-e0f4-4299-a099-f2975a3fcf5b'}, 'state': 'j1NsamVKz6wIzlW9'}
2.961 AccessTokenRequest {
"code": "l4166QgxrsPnK3EbJGb9youJsnHbIeqY2LQvM6HXkfw.Rr9fgSuxDf0jCMikWr9lIEC4xF12AyDI_k1QzsHg9Tc",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "j1NsamVKz6wIzlW9"
}
2.961 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.961 request_http_args {'headers': {'Authorization': 'Basic NzBjY2NiNTQtZTBmNC00Mjk5LWEwOTktZjI5NzVhM2ZjZjViOnpGWGxqOUN3VmRTLQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.961 request code=l4166QgxrsPnK3EbJGb9youJsnHbIeqY2LQvM6HXkfw.Rr9fgSuxDf0jCMikWr9lIEC4xF12AyDI_k1QzsHg9Tc&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=j1NsamVKz6wIzlW9
3.22 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.221 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNzBjY2NiNTQtZTBmNC00Mjk5LWEwOTktZjI5NzVhM2ZjZjViIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiZXhwIjoxNTI5NzU0NTgyLCJpYXQiOjE1Mjk3NTA5ODIsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImI4MTkxZjEyLWZmMzktNDhhOC1hNjg5LTI0MDgyMmM4ZjJhNSIsIm5vbmNlIjoiRFY4QkZZZ3BpMzljSW9rSiIsInJhdCI6MTUyOTc1MDk3OSwic3ViIjoiZm9vQGJhci5jb20ifQ.bBpHTeHACkHQZBhs2Q9J5x0TfOmSpH3rOlm3BxclV8F12b_6gBVfiPC6vcH4JQwTyS1Ouo4lCfcdIyxnuUjF7n0N6gvuZdbjUfoXbVZ2SGu7_PwZChFRWC_ErNaiDSP9ZRdvElD3yL72pgQSLopT1RiLbgCIyJTsqES6YsYs3nmwz3vDwoD0Ru0WRAOa_NiMBrmLP9ekQw9b0wHs6OlYcJ03UzVarfTp9EEmdAgkNhSfbvb2NmuxtpaF8xDOEg5iAZhRBfHKwckKtBkO4Jf8XiNfImqWh06UgSu916JzRfGxRbSvpHOeXYcW4BLyYv__v4CbcpT_nB6xe9LT7WCbshJ4FPN05ORjK9IX2MD0cgb_OXFZV_UMnMcM1A9YZLRsVHjliZyw30mXFjDhMxdPmB9JZywnSsqW5okGcoAyQGQFitn38qh1IIkDl7AnAe0mhUDI7S8hGo3efpfZfR6sQi6NZWPXUZm5TfVsRKpBUfIDD76KIxKXW2Yaqyw96AsJK2CJFB_Ao9K7Nay2fEWYc2PautExwQBaDn2uVqJlOeV38kMOPesA2qELQaCN3ou4fTnJIuej79xTFbrx-POQiDlXQpvfJuAkMBVPpbENqHwLVOpaJlNKpGpTuYDtanRp8mCJyMBKuA7C2BjQ8neKB4R3RiVIA289ofvbI0zdKmw', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'Qts-uQQqOOTjwpkwJGOVDRWn5wsysUSlj_urWCkv2gc.JsG9HriNfIzYmPOYC3ycJZH5bwFV9FHTBn2lbr993Ks', 'scope': 'openid'}
3.299 AccessTokenResponse {
"access_token": "Qts-uQQqOOTjwpkwJGOVDRWn5wsysUSlj_urWCkv2gc.JsG9HriNfIzYmPOYC3ycJZH5bwFV9FHTBn2lbr993Ks",
"expires_in": 3599,
"id_token": {
"aud": [
"70cccb54-e0f4-4299-a099-f2975a3fcf5b"
],
"auth_time": 1529750975,
"exp": 1529754582,
"iat": 1529750982,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "b8191f12-ff39-48a8-a689-240822c8f2a5",
"nonce": "DV8BFYgpi39cIokJ",
"rat": 1529750979,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.299 phase <--<-- 5 --- AsyncAuthn -->-->
3.3 AuthorizationRequest {
"client_id": "70cccb54-e0f4-4299-a099-f2975a3fcf5b",
"max_age": 10000,
"nonce": "pCda3IRJ4cGzulp0",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "JAX1SGm3GQFzTDpk"
}
3.3 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?max_age=10000&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=70cccb54-e0f4-4299-a099-f2975a3fcf5b&state=JAX1SGm3GQFzTDpk&response_type=code&nonce=pCda3IRJ4cGzulp0
3.3 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?max_age=10000&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=70cccb54-e0f4-4299-a099-f2975a3fcf5b&state=JAX1SGm3GQFzTDpk&response_type=code&nonce=pCda3IRJ4cGzulp0
4.977 response Response URL with query part
4.977 response {'state': 'JAX1SGm3GQFzTDpk', 'scope': 'openid', 'code': 'W_5QuSN7YDwP3j7FJKptV26vGdhNOrIXrHD-XaEhWPE.mLt8BexOYI2kZjI7cd-a9AbsDs4MDSq7IirB1vPRXAk'}
4.977 response {'state': 'JAX1SGm3GQFzTDpk', 'scope': 'openid', 'code': 'W_5QuSN7YDwP3j7FJKptV26vGdhNOrIXrHD-XaEhWPE.mLt8BexOYI2kZjI7cd-a9AbsDs4MDSq7IirB1vPRXAk'}
4.978 AuthorizationResponse {
"code": "W_5QuSN7YDwP3j7FJKptV26vGdhNOrIXrHD-XaEhWPE.mLt8BexOYI2kZjI7cd-a9AbsDs4MDSq7IirB1vPRXAk",
"scope": "openid",
"state": "JAX1SGm3GQFzTDpk"
}
4.978 phase <--<-- 6 --- AccessToken -->-->
4.978 --> request op_args: {'state': 'JAX1SGm3GQFzTDpk'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.978 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'JAX1SGm3GQFzTDpk', 'code': 'W_5QuSN7YDwP3j7FJKptV26vGdhNOrIXrHD-XaEhWPE.mLt8BexOYI2kZjI7cd-a9AbsDs4MDSq7IirB1vPRXAk', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '70cccb54-e0f4-4299-a099-f2975a3fcf5b'}, 'state': 'JAX1SGm3GQFzTDpk'}
4.978 AccessTokenRequest {
"code": "W_5QuSN7YDwP3j7FJKptV26vGdhNOrIXrHD-XaEhWPE.mLt8BexOYI2kZjI7cd-a9AbsDs4MDSq7IirB1vPRXAk",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "JAX1SGm3GQFzTDpk"
}
4.978 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.978 request_http_args {'headers': {'Authorization': 'Basic NzBjY2NiNTQtZTBmNC00Mjk5LWEwOTktZjI5NzVhM2ZjZjViOnpGWGxqOUN3VmRTLQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.978 request code=W_5QuSN7YDwP3j7FJKptV26vGdhNOrIXrHD-XaEhWPE.mLt8BexOYI2kZjI7cd-a9AbsDs4MDSq7IirB1vPRXAk&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=JAX1SGm3GQFzTDpk
5.232 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
5.233 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNzBjY2NiNTQtZTBmNC00Mjk5LWEwOTktZjI5NzVhM2ZjZjViIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiZXhwIjoxNTI5NzU0NTg0LCJpYXQiOjE1Mjk3NTA5ODQsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjhlM2FhYjI1LTZkMDAtNDllNi05ZTViLTcxMWM3YTgxNTJiNyIsIm5vbmNlIjoicENkYTNJUko0Y0d6dWxwMCIsInJhdCI6MTUyOTc1MDk4Miwic3ViIjoiZm9vQGJhci5jb20ifQ.UnElRkqLWq6vMpPE57S6St_QWy33pCNniyySzDNPbUQtocnputlFAeFot72E6xiUy9SB9TgJR0ty_HJ_TV0cZoPFgWxICeYtgumoziLhvWHbQn5b3eMEiqVOkDcroo7Q3xfs0Uny144cfTHXI2dGmP4lBiU1xDudGxC37lOcyQJ9-nVUwTiCa-nnj5WhYyrlGfhb_qlfIzaEqBKKzSiTkyHgZG08anVqyCiboRymhjtzqQbb6mjePQBJhQ3Ienm-XIaIB8dZk1AS7HoHBZfLtmF5_4c3bNCL3wefgw3pVnV9vFCGyX7iLq3DDTRuPmo1fMh1k0GA4RT1tG7zG4EG8jfbvtc0lGuaBT1wcPWEBzgUy2i3uG4CnWuYS7E3iZQgTkcbZBfshduH5htkMIhK2eADiAT5abCv1XhILMWOst1yi5jQytyvZHkS5_F4lJ9AcxttUBv_nM0wGl8cvteAi3l9TV2MshDfn6Og6n0TRUUtz5EK1A_FBZjHBFjMTged31WYMXOwnr0KGE-3rZo1OuGBrvxF-7PGCksBM814hzlok5zpOJatqDuSUz-3IzPw9gp1ewLdPc-ofLDfs_d7Mc1Kv-9NI_PKbEhkjcQFvqGucssBQ5s97KV8mAMUs-6fxtBygF4Wso4pOQeDx9y5oBLPUzbUwtooChvbJDNbHVQ', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'DJLtc3HNFiIJ80TT8bi2Ib3pfsSkzfhpH9U5wtVHyVA.5LA7HqMvRFyUO0iHk-AZVU7IzgqPk5QDXJThnfdJ3uo', 'scope': 'openid'}
5.237 AccessTokenResponse {
"access_token": "DJLtc3HNFiIJ80TT8bi2Ib3pfsSkzfhpH9U5wtVHyVA.5LA7HqMvRFyUO0iHk-AZVU7IzgqPk5QDXJThnfdJ3uo",
"expires_in": 3599,
"id_token": {
"aud": [
"70cccb54-e0f4-4299-a099-f2975a3fcf5b"
],
"auth_time": 1529750975,
"exp": 1529754584,
"iat": 1529750984,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "8e3aab25-6d00-49e6-9e5b-711c7a8152b7",
"nonce": "pCda3IRJ4cGzulp0",
"rat": 1529750982,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
5.237 phase <--<-- 7 --- Done -->-->
5.237 end
5.237 assertion AuthTimeCheck
5.238 condition auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
5.238 assertion VerifyResponse
5.238 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
5.238 assertion SameAuthn
5.238 condition same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
5.239 assertion ClaimsCheck
5.239 condition claims-check: status=OK [Checks if specific claims is present or not]
5.239 condition Done: status=OK
============================================================
Conditions
auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
claims-check: status=OK [Checks if specific claims is present or not]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-request-Unsigned.txt���������������������������������������������������������������������������0000644�0000000�0000000�00000016451�13313422443�015476� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-request-Unsigned
Test description: Support request request parameter with unsigned request
Timestamp: 2018-06-23T10:46:59Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.143 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.144 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.144 phase <--<-- 2 --- Registration -->-->
0.144 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'request_object_signing_alg': 'none'}
0.145 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "none",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#jfQdJ2iwLxaUTAt9"
],
"response_types": [
"code"
]
}
0.303 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.304 RegistrationResponse {
"client_id": "1b567dbb-9164-428a-9340-340ab8c7d341",
"client_secret": "hEibpZ6INKO0",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "1b567dbb-9164-428a-9340-340ab8c7d341",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "none",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#jfQdJ2iwLxaUTAt9"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.304 phase <--<-- 3 --- AsyncAuthn -->-->
0.305 AuthorizationRequest {
"client_id": "1b567dbb-9164-428a-9340-340ab8c7d341",
"nonce": "L72FDNOM5JEgt209",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"request": "eyJhbGciOiJub25lIn0.eyJzY29wZSI6ICJvcGVuaWQiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjYxMzUzL2F1dGh6X2NiIiwgImNsaWVudF9pZCI6ICIxYjU2N2RiYi05MTY0LTQyOGEtOTM0MC0zNDBhYjhjN2QzNDEiLCAic3RhdGUiOiAiMVRyNnFkYWNhU1p4ZE83RiIsICJyZXNwb25zZV90eXBlIjogImNvZGUiLCAibm9uY2UiOiAiTDcyRkROT001SkVndDIwOSJ9.",
"response_type": "code",
"scope": "openid",
"state": "1Tr6qdacaSZxdO7F"
}
0.305 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=1b567dbb-9164-428a-9340-340ab8c7d341&response_type=code&state=1Tr6qdacaSZxdO7F&request=eyJhbGciOiJub25lIn0.eyJzY29wZSI6ICJvcGVuaWQiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjYxMzUzL2F1dGh6X2NiIiwgImNsaWVudF9pZCI6ICIxYjU2N2RiYi05MTY0LTQyOGEtOTM0MC0zNDBhYjhjN2QzNDEiLCAic3RhdGUiOiAiMVRyNnFkYWNhU1p4ZE83RiIsICJyZXNwb25zZV90eXBlIjogImNvZGUiLCAibm9uY2UiOiAiTDcyRkROT001SkVndDIwOSJ9.&nonce=L72FDNOM5JEgt209
0.305 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=1b567dbb-9164-428a-9340-340ab8c7d341&response_type=code&state=1Tr6qdacaSZxdO7F&request=eyJhbGciOiJub25lIn0.eyJzY29wZSI6ICJvcGVuaWQiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjYxMzUzL2F1dGh6X2NiIiwgImNsaWVudF9pZCI6ICIxYjU2N2RiYi05MTY0LTQyOGEtOTM0MC0zNDBhYjhjN2QzNDEiLCAic3RhdGUiOiAiMVRyNnFkYWNhU1p4ZE83RiIsICJyZXNwb25zZV90eXBlIjogImNvZGUiLCAibm9uY2UiOiAiTDcyRkROT001SkVndDIwOSJ9.&nonce=L72FDNOM5JEgt209
3.163 response Response URL with query part
3.164 response {'state': '1Tr6qdacaSZxdO7F', 'scope': 'openid', 'code': '_QWM6y9PX-kHdJdDy7Xq_A8rJQkGA1BPCUd5_8BwF4s.Hm0Z9AW4fjZbQ8F9fnoU27dQtQVdYX6DlR0-XZz8Hpc'}
3.164 response {'state': '1Tr6qdacaSZxdO7F', 'scope': 'openid', 'code': '_QWM6y9PX-kHdJdDy7Xq_A8rJQkGA1BPCUd5_8BwF4s.Hm0Z9AW4fjZbQ8F9fnoU27dQtQVdYX6DlR0-XZz8Hpc'}
3.164 AuthorizationResponse {
"code": "_QWM6y9PX-kHdJdDy7Xq_A8rJQkGA1BPCUd5_8BwF4s.Hm0Z9AW4fjZbQ8F9fnoU27dQtQVdYX6DlR0-XZz8Hpc",
"scope": "openid",
"state": "1Tr6qdacaSZxdO7F"
}
3.165 phase <--<-- 4 --- Done -->-->
3.165 end
3.165 assertion VerifyAuthnOrErrorResponse
3.165 condition authn-response-or-error: status=OK [Checks that the last response was a JSON encoded authentication or error message]
3.165 condition Done: status=OK
============================================================
Conditions
authn-response-or-error: status=OK [Checks that the last response was a JSON encoded authentication or error message]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-ClientAuth-Basic-Dynamic.txt�������������������������������������������������������������������0000644�0000000�0000000�00000023237�13313422224�016672� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-ClientAuth-Basic-Dynamic
Test description: Access token request with client_secret_basic authentication
Timestamp: 2018-06-23T10:44:36Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.081 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.082 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.082 phase <--<-- 2 --- Registration -->-->
0.082 register kwargs:{'application_name': 'OIC test tool', 'token_endpoint_auth_method': 'client_secret_basic', 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'response_types': ['code'], 'url': 'https://oidc-certification.ory.sh:8443/clients', 'application_type': 'web'}
0.083 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Uk7Qb5p2QPgnoUJs"
],
"response_types": [
"code"
],
"token_endpoint_auth_method": "client_secret_basic"
}
0.24 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.241 RegistrationResponse {
"client_id": "f0852d80-b05c-4f0b-8ebb-2fc758dfc979",
"client_secret": "jUVlAj7TntjH",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "f0852d80-b05c-4f0b-8ebb-2fc758dfc979",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Uk7Qb5p2QPgnoUJs"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.241 phase <--<-- 3 --- AsyncAuthn -->-->
0.242 AuthorizationRequest {
"client_id": "f0852d80-b05c-4f0b-8ebb-2fc758dfc979",
"nonce": "fn5gv4fWICWN5kEK",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "xiFdT0JBP8plW93q"
}
0.242 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=f0852d80-b05c-4f0b-8ebb-2fc758dfc979&state=xiFdT0JBP8plW93q&response_type=code&nonce=fn5gv4fWICWN5kEK
0.242 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=f0852d80-b05c-4f0b-8ebb-2fc758dfc979&state=xiFdT0JBP8plW93q&response_type=code&nonce=fn5gv4fWICWN5kEK
2.139 response Response URL with query part
2.14 response {'state': 'xiFdT0JBP8plW93q', 'scope': 'openid', 'code': 'V0A0eFhM93IYa7WEhh31E2aqNI_FY_RaFFxF50a-nGQ.gnKBFCsJXBOY12bslUEEQmNxfbYVvqb6Gy3W303XPqA'}
2.14 response {'state': 'xiFdT0JBP8plW93q', 'scope': 'openid', 'code': 'V0A0eFhM93IYa7WEhh31E2aqNI_FY_RaFFxF50a-nGQ.gnKBFCsJXBOY12bslUEEQmNxfbYVvqb6Gy3W303XPqA'}
2.14 AuthorizationResponse {
"code": "V0A0eFhM93IYa7WEhh31E2aqNI_FY_RaFFxF50a-nGQ.gnKBFCsJXBOY12bslUEEQmNxfbYVvqb6Gy3W303XPqA",
"scope": "openid",
"state": "xiFdT0JBP8plW93q"
}
2.14 phase <--<-- 4 --- AccessToken -->-->
2.141 --> request op_args: {'state': 'xiFdT0JBP8plW93q', 'authn_method': 'client_secret_basic'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.141 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'xiFdT0JBP8plW93q', 'code': 'V0A0eFhM93IYa7WEhh31E2aqNI_FY_RaFFxF50a-nGQ.gnKBFCsJXBOY12bslUEEQmNxfbYVvqb6Gy3W303XPqA', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'f0852d80-b05c-4f0b-8ebb-2fc758dfc979'}, 'state': 'xiFdT0JBP8plW93q', 'authn_method': 'client_secret_basic'}
2.141 AccessTokenRequest {
"code": "V0A0eFhM93IYa7WEhh31E2aqNI_FY_RaFFxF50a-nGQ.gnKBFCsJXBOY12bslUEEQmNxfbYVvqb6Gy3W303XPqA",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "xiFdT0JBP8plW93q"
}
2.141 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.141 request_http_args {'headers': {'Authorization': 'Basic ZjA4NTJkODAtYjA1Yy00ZjBiLThlYmItMmZjNzU4ZGZjOTc5OmpVVmxBajdUbnRqSA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.141 request code=V0A0eFhM93IYa7WEhh31E2aqNI_FY_RaFFxF50a-nGQ.gnKBFCsJXBOY12bslUEEQmNxfbYVvqb6Gy3W303XPqA&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=xiFdT0JBP8plW93q
2.356 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.357 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZjA4NTJkODAtYjA1Yy00ZjBiLThlYmItMmZjNzU4ZGZjOTc5Il0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0Mjc2LCJpYXQiOjE1Mjk3NTA2NzYsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjUzZTQxODU5LWFlOGMtNGY3Ni04YzgwLTljMGVkYmZiZTIzYyIsIm5vbmNlIjoiZm41Z3Y0ZldJQ1dONWtFSyIsInJhdCI6MTUyOTc1MDY3NCwic3ViIjoiZm9vQGJhci5jb20ifQ.cmg2s22ZDs_e8Pdu_LVMDmN10eobgTtExq56Zqx_obYAJ4KvjF6JEAFbgZy-4xQuB4wajt3AQ7y34HEqa_ShqRnssO7ENLhSLOTwUeyJsQIS2bziWHlANxNBjg4uWmMPBowQl1hJ1ZyQWu6XGHaQs4qhKGtD32wZDentaH5EugE45t1dEwx8wkjzUA9dpP511o9dtvnFmiGw4vb_qnjPi5oqmaFVUtefHqfrPmnlFgKTH65BXN6TC3cPHzl7DfytrLqxNm2otaw3w2IkHlpzjufJ95B8UWa6ZcLgZt5_edP-994SoKYFHm5yML0E3Zia2tA-wCbwFwLEd_SyoklXc_ljFKjBp_RXKTyM0SN5SdbAfoJkxRvEmrgnkat-yFY51KR-1Ih8n0cD7zbyHfElDP6zx9zRTyBBp2u2atJvH3bnwi6DgZvqI_DfIER0ET8JciDYOsA_7Uwul-R2JPiyUkp4txERA6FiX0C0IxkTgU9vUFygoIs6FSP-wqEzjIM1jD5KBRf_hS7Bp4YuMiHQBpKnpOCewGcr94QwSj4b5mbQpwbhrOW4WeTdLn_bpFk1OcNuusy7pAYFS46E2CmSBtwwALTyixgpFFn55XZ5mCgDtiQHziuAfijDjVogovgWZiN3kACTE1T8Ytk8eKSiCM6hAtky20JNIU-s3UdhvOA', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': '7fmF8tKzJ_-loZhTKANHUwK-IU9M0DQdabnlcCnyBnQ.752n8w_2cHkPaJ7JKNZeaP0moSMj-06avj8CwbNkm-E', 'scope': 'openid'}
2.441 AccessTokenResponse {
"access_token": "7fmF8tKzJ_-loZhTKANHUwK-IU9M0DQdabnlcCnyBnQ.752n8w_2cHkPaJ7JKNZeaP0moSMj-06avj8CwbNkm-E",
"expires_in": 3599,
"id_token": {
"aud": [
"f0852d80-b05c-4f0b-8ebb-2fc758dfc979"
],
"auth_time": 1529750592,
"exp": 1529754276,
"iat": 1529750676,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "53e41859-ae8c-4f76-8c80-9c0edbfbe23c",
"nonce": "fn5gv4fWICWN5kEK",
"rat": 1529750674,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.441 phase <--<-- 5 --- Done -->-->
2.441 end
2.441 assertion VerifyResponse
2.441 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.441 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Discovery-claims_supported.txt�����������������������������������������������������������������0000644�0000000�0000000�00000005777�13313422114�017562� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Discovery-claims_supported
Test description: Verify that claims_supported is published
Timestamp: 2018-06-23T10:43:24Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.116 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.117 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.118 phase <--<-- 2 --- Done -->-->
0.118 end
0.118 assertion CheckHTTPResponse
0.118 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
0.118 assertion CheckHasClaimsSupported
0.118 condition providerinfo-has-claims_supported: status=OK [Check that the claims_supported discovery metadata value is in the provider_info]
0.118 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
providerinfo-has-claims_supported: status=OK [Check that the claims_supported discovery metadata value is in the provider_info]
Done: status=OK
============================================================
RESULT: PASSED
�./OP-Registration-logo_uri.txt����������������������������������������������������������������������0000644�0000000�0000000�00000014557�13313422172�016527� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-logo_uri
Test description: Registration with logo_uri
Timestamp: 2018-06-23T10:44:10Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.082 phase <--<-- 1 --- Webfinger -->-->
1.082 not expected to do WebFinger
1.082 phase <--<-- 2 --- Discovery -->-->
1.082 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.18 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.181 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.182 phase <--<-- 3 --- Registration -->-->
1.182 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'logo_uri': 'https://op.certification.openid.net:61353/static/logo.png'}
1.182 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"logo_uri": "https://op.certification.openid.net:61353/static/logo.png",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#3J63oL6NYS9csBrt"
],
"response_types": [
"code"
]
}
1.343 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.344 RegistrationResponse {
"client_id": "87135160-a662-4fb3-b2ab-f5025517c1a1",
"client_secret": "iflKX8b.ioLO",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "87135160-a662-4fb3-b2ab-f5025517c1a1",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"logo_uri": "https://op.certification.openid.net:61353/static/logo.png",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#3J63oL6NYS9csBrt"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.344 phase <--<-- 4 --- AsyncAuthn -->-->
1.345 AuthorizationRequest {
"client_id": "87135160-a662-4fb3-b2ab-f5025517c1a1",
"nonce": "uxjLGBv3XKggTGwl",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "AfCsHJqVmUwtTqSe"
}
1.345 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=87135160-a662-4fb3-b2ab-f5025517c1a1&state=AfCsHJqVmUwtTqSe&response_type=code&nonce=uxjLGBv3XKggTGwl
1.345 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=87135160-a662-4fb3-b2ab-f5025517c1a1&state=AfCsHJqVmUwtTqSe&response_type=code&nonce=uxjLGBv3XKggTGwl
3.106 response Response URL with query part
3.106 response {'state': 'AfCsHJqVmUwtTqSe', 'scope': '', 'code': 'yVG-Y5soqHrmFH3y-MLa_hnSQXVb5eWfIEyFhMcI1fc.PvP_zMJHlL-JpSnL7yKs4_rkHcbK2h54fmjRh2mHBj0'}
3.107 response {'state': 'AfCsHJqVmUwtTqSe', 'code': 'yVG-Y5soqHrmFH3y-MLa_hnSQXVb5eWfIEyFhMcI1fc.PvP_zMJHlL-JpSnL7yKs4_rkHcbK2h54fmjRh2mHBj0'}
3.107 AuthorizationResponse {
"code": "yVG-Y5soqHrmFH3y-MLa_hnSQXVb5eWfIEyFhMcI1fc.PvP_zMJHlL-JpSnL7yKs4_rkHcbK2h54fmjRh2mHBj0",
"state": "AfCsHJqVmUwtTqSe"
}
3.107 phase <--<-- 5 --- Done -->-->
3.107 end
3.108 assertion VerifyAuthnResponse
3.108 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
3.108 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-Query-OK.txt����������������������������������������������������������������������0000644�0000000�0000000�00000015207�13313422434�016324� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-Query-OK
Test description: Request with a redirect_uri with a query component when a redirect_uri with the same query component is registered
Timestamp: 2018-06-23T10:46:52Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.079 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.08 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.08 phase <--<-- 2 --- Registration -->-->
0.08 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb?foo=bar'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.08 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb?foo=bar"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#74G38lF4NGcBjIWN"
],
"response_types": [
"code"
]
}
0.27 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.271 RegistrationResponse {
"client_id": "7d1128b3-4954-4ba1-828f-19865971c75f",
"client_secret": "JON-4DslGitJ",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "7d1128b3-4954-4ba1-828f-19865971c75f",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb?foo=bar"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#74G38lF4NGcBjIWN"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.271 phase <--<-- 3 --- AsyncAuthn -->-->
0.272 AuthorizationRequest {
"client_id": "7d1128b3-4954-4ba1-828f-19865971c75f",
"nonce": "Z0fIcSjs3zD1cAW1",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb?foo=bar",
"response_type": "code",
"scope": "openid",
"state": "5NSRt1eD5V8rHyLi"
}
0.272 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Ffoo%3Dbar&client_id=7d1128b3-4954-4ba1-828f-19865971c75f&state=5NSRt1eD5V8rHyLi&response_type=code&nonce=Z0fIcSjs3zD1cAW1
0.272 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Ffoo%3Dbar&client_id=7d1128b3-4954-4ba1-828f-19865971c75f&state=5NSRt1eD5V8rHyLi&response_type=code&nonce=Z0fIcSjs3zD1cAW1
3.934 response Response URL with query part
3.935 response {'state': '5NSRt1eD5V8rHyLi', 'scope': 'openid', 'code': 'wdY6RkkVbzOn4pg2g4YMDBkxNtkyughZK0m_hn3w4ls.slFPZhEBARhYaNynmc_C7ZVHlVx11NoK4vGLDHsH6Sk', 'foo': 'bar'}
3.936 response {'state': '5NSRt1eD5V8rHyLi', 'scope': 'openid', 'code': 'wdY6RkkVbzOn4pg2g4YMDBkxNtkyughZK0m_hn3w4ls.slFPZhEBARhYaNynmc_C7ZVHlVx11NoK4vGLDHsH6Sk', 'foo': 'bar'}
3.936 AuthorizationResponse {
"code": "wdY6RkkVbzOn4pg2g4YMDBkxNtkyughZK0m_hn3w4ls.slFPZhEBARhYaNynmc_C7ZVHlVx11NoK4vGLDHsH6Sk",
"foo": "bar",
"scope": "openid",
"state": "5NSRt1eD5V8rHyLi"
}
3.936 phase <--<-- 4 --- Done -->-->
3.936 end
3.937 assertion VerifyResponse
3.937 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.937 assertion CheckQueryPart
3.937 condition check-query-part: status=OK [Check that a query part send in the Authorization Request is returned in the Authorization response.]
3.937 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
check-query-part: status=OK [Check that a query part send in the Authorization Request is returned in the Authorization response.]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-IDToken-kid.txt��������������������������������������������������������������������������������0000644�0000000�0000000�00000023340�13313422221�014263� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-IDToken-kid
Test description: IDToken has kid [Basic, Implicit, Hybrid]
Timestamp: 2018-06-23T10:44:33Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.079 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.08 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.081 phase <--<-- 2 --- Registration -->-->
0.081 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.081 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#7rutQ0b4oNUGNckW"
],
"response_types": [
"code"
]
}
0.248 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.249 RegistrationResponse {
"client_id": "eceec431-1a95-44af-ab84-602c71ff3239",
"client_secret": "~~wLy6mN1M_A",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "eceec431-1a95-44af-ab84-602c71ff3239",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#7rutQ0b4oNUGNckW"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.249 phase <--<-- 3 --- AsyncAuthn -->-->
0.249 AuthorizationRequest {
"client_id": "eceec431-1a95-44af-ab84-602c71ff3239",
"nonce": "jB7FX3wlH6Ju2TV0",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "RTqYTScT57zw7o67"
}
0.249 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=eceec431-1a95-44af-ab84-602c71ff3239&state=RTqYTScT57zw7o67&response_type=code&nonce=jB7FX3wlH6Ju2TV0
0.249 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=eceec431-1a95-44af-ab84-602c71ff3239&state=RTqYTScT57zw7o67&response_type=code&nonce=jB7FX3wlH6Ju2TV0
2.417 response Response URL with query part
2.418 response {'state': 'RTqYTScT57zw7o67', 'scope': 'openid', 'code': 'fsU6T8oJheLs6MYZc5_ZgPIbWxBz71ItggXEliSMQSo.-twObSgCWxbYzoCg4CpLh0oJQWn4umOWUv6_ZDUyCUw'}
2.418 response {'state': 'RTqYTScT57zw7o67', 'scope': 'openid', 'code': 'fsU6T8oJheLs6MYZc5_ZgPIbWxBz71ItggXEliSMQSo.-twObSgCWxbYzoCg4CpLh0oJQWn4umOWUv6_ZDUyCUw'}
2.419 AuthorizationResponse {
"code": "fsU6T8oJheLs6MYZc5_ZgPIbWxBz71ItggXEliSMQSo.-twObSgCWxbYzoCg4CpLh0oJQWn4umOWUv6_ZDUyCUw",
"scope": "openid",
"state": "RTqYTScT57zw7o67"
}
2.419 phase <--<-- 4 --- AccessToken -->-->
2.419 --> request op_args: {'state': 'RTqYTScT57zw7o67'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.419 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'RTqYTScT57zw7o67', 'code': 'fsU6T8oJheLs6MYZc5_ZgPIbWxBz71ItggXEliSMQSo.-twObSgCWxbYzoCg4CpLh0oJQWn4umOWUv6_ZDUyCUw', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'eceec431-1a95-44af-ab84-602c71ff3239'}, 'state': 'RTqYTScT57zw7o67'}
2.419 AccessTokenRequest {
"code": "fsU6T8oJheLs6MYZc5_ZgPIbWxBz71ItggXEliSMQSo.-twObSgCWxbYzoCg4CpLh0oJQWn4umOWUv6_ZDUyCUw",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "RTqYTScT57zw7o67"
}
2.419 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.419 request_http_args {'headers': {'Authorization': 'Basic ZWNlZWM0MzEtMWE5NS00NGFmLWFiODQtNjAyYzcxZmYzMjM5OiU3RSU3RXdMeTZtTjFNX0E=', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.419 request code=fsU6T8oJheLs6MYZc5_ZgPIbWxBz71ItggXEliSMQSo.-twObSgCWxbYzoCg4CpLh0oJQWn4umOWUv6_ZDUyCUw&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=RTqYTScT57zw7o67
2.63 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.632 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZWNlZWM0MzEtMWE5NS00NGFmLWFiODQtNjAyYzcxZmYzMjM5Il0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MjcyLCJpYXQiOjE1Mjk3NTA2NzIsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImQyYjYzOWU2LTJjNDctNDJkNC04YTg1LTFjZjY2ZGRjOTM0MiIsIm5vbmNlIjoiakI3Rlgzd2xINkp1MlRWMCIsInJhdCI6MTUyOTc1MDY3MCwic3ViIjoiZm9vQGJhci5jb20ifQ.b_UJ5cuRy199i0hfyV9upPWX5T0hDqfSt1C02-M6cMAemOuco3750vYrVJkjIPWqoPDR4FE0GkHJCTthauRXaHt7KL0E9xhEvWo1lAZ6-bytI5DB5WkoPHidPmGgbWBn8vT39punFrRodMp2iou-6LEIonvVMUkCVTcGY9ifo_M1-EszakxLyYMcoF4Bkhz7PkLEsPmSw1mf3fhbNxYvXh3XpH9RMHbM3lsgJUiV2mX7pFszqgNNOY9hXvNDGTKuqqUQyPdwN0PSe9vyl8fiNfkiIwpR-ZW5qmozr1jiGAsgj3N5gf10XZDxLU7KthTXKKYHIJ6RBrx-XCbCr8EVNQfUnTc_uYyBy1nP8HycXEENkuJpwxn4wwPka2hvIbJDYoGmzdNi57MJ7OkfvYagO01gZgsxNsaACDOXVNsFmKTZzoT4Eb6oT7vZu26_85q5cILsh_SvZhPOEqt-fqWJ1x_8i0NOteBKbHG4GIGvJHBrXn5miAa_IRc9397o1_15ovqLdYCwza8sl0k61z_mgVrL1H-y8x5B2JKpeETjvmWdBIYvbGB6OOh1Gx2DZM7Tz4T3FC5Fu4GOuJrt1L_7gT_W1X4WvVXbYex51vGrhepAew-quKdUSA06DwPKzx_Z0rx-iq-_AxmaYx4fHnlVcnmZigJidzuflNlSQYY-Ui0', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'S_MwiGHdaqk7DVgRdqaE35haMvgex1h-35z1bvLXwqQ.zKY1x1PvDDS2GSZF7oao1Uv1Qe8_7CDFTni4IsmCRQw', 'scope': 'openid'}
2.714 AccessTokenResponse {
"access_token": "S_MwiGHdaqk7DVgRdqaE35haMvgex1h-35z1bvLXwqQ.zKY1x1PvDDS2GSZF7oao1Uv1Qe8_7CDFTni4IsmCRQw",
"expires_in": 3599,
"id_token": {
"aud": [
"eceec431-1a95-44af-ab84-602c71ff3239"
],
"auth_time": 1529750592,
"exp": 1529754272,
"iat": 1529750672,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "d2b639e6-2c47-42d4-8a85-1cf66ddc9342",
"nonce": "jB7FX3wlH6Ju2TV0",
"rat": 1529750670,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.714 phase <--<-- 5 --- Done -->-->
2.714 end
2.714 assertion VerifySignedIdTokenHasKID
2.714 condition verify-signed-idtoken-has-kid: status=OK [Verifies that the header of a signed IDToken includes a kid claim.]
2.715 assertion VerifyResponse
2.715 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.715 condition Done: status=OK
============================================================
Conditions
verify-signed-idtoken-has-kid: status=OK [Verifies that the header of a signed IDToken includes a kid claim.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Req-claims_locales.txt�������������������������������������������������������������������������0000644�0000000�0000000�00000024316�13313422623�015732� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-claims_locales
Test description: Providing claims_locales
Timestamp: 2018-06-23T10:48:51Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
2.992 phase <--<-- 1 --- Webfinger -->-->
2.992 not expected to do WebFinger
2.992 phase <--<-- 2 --- Discovery -->-->
2.992 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
3.077 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
3.079 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
3.079 phase <--<-- 3 --- Registration -->-->
3.079 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
3.079 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#dqKFhoFEBSQe8hpu"
],
"response_types": [
"code"
]
}
3.268 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
3.269 RegistrationResponse {
"client_id": "eb9588cc-88e5-4207-9241-7df27bdbbcd9",
"client_secret": "Rlp16I6tzwgt",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "eb9588cc-88e5-4207-9241-7df27bdbbcd9",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#dqKFhoFEBSQe8hpu"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
3.269 phase <--<-- 4 --- AsyncAuthn -->-->
3.27 AuthorizationRequest {
"claims_locales": "se",
"client_id": "eb9588cc-88e5-4207-9241-7df27bdbbcd9",
"nonce": "VmzEXEut5GvFGWFR",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "kcQ8nNRmAMUzvLWw"
}
3.27 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=eb9588cc-88e5-4207-9241-7df27bdbbcd9&state=kcQ8nNRmAMUzvLWw&response_type=code&nonce=VmzEXEut5GvFGWFR&claims_locales=se
3.27 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=eb9588cc-88e5-4207-9241-7df27bdbbcd9&state=kcQ8nNRmAMUzvLWw&response_type=code&nonce=VmzEXEut5GvFGWFR&claims_locales=se
6.571 response Response URL with query part
6.572 response {'state': 'kcQ8nNRmAMUzvLWw', 'scope': 'openid', 'code': 'Tq7nqV5Aoj3vp3oLXiXLMJLOwQoWgz9nC8DkP4UHOCk.HUzY9a92LFqD4frV4bxnxFjuQPc0_Lsk6ZODlG6AS5s'}
6.572 response {'state': 'kcQ8nNRmAMUzvLWw', 'scope': 'openid', 'code': 'Tq7nqV5Aoj3vp3oLXiXLMJLOwQoWgz9nC8DkP4UHOCk.HUzY9a92LFqD4frV4bxnxFjuQPc0_Lsk6ZODlG6AS5s'}
6.572 AuthorizationResponse {
"code": "Tq7nqV5Aoj3vp3oLXiXLMJLOwQoWgz9nC8DkP4UHOCk.HUzY9a92LFqD4frV4bxnxFjuQPc0_Lsk6ZODlG6AS5s",
"scope": "openid",
"state": "kcQ8nNRmAMUzvLWw"
}
6.572 phase <--<-- 5 --- AccessToken -->-->
6.573 --> request op_args: {'state': 'kcQ8nNRmAMUzvLWw'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
6.573 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'kcQ8nNRmAMUzvLWw', 'code': 'Tq7nqV5Aoj3vp3oLXiXLMJLOwQoWgz9nC8DkP4UHOCk.HUzY9a92LFqD4frV4bxnxFjuQPc0_Lsk6ZODlG6AS5s', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'eb9588cc-88e5-4207-9241-7df27bdbbcd9'}, 'state': 'kcQ8nNRmAMUzvLWw'}
6.573 AccessTokenRequest {
"code": "Tq7nqV5Aoj3vp3oLXiXLMJLOwQoWgz9nC8DkP4UHOCk.HUzY9a92LFqD4frV4bxnxFjuQPc0_Lsk6ZODlG6AS5s",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "kcQ8nNRmAMUzvLWw"
}
6.573 request_url https://oidc-certification.ory.sh:8443/oauth2/token
6.573 request_http_args {'headers': {'Authorization': 'Basic ZWI5NTg4Y2MtODhlNS00MjA3LTkyNDEtN2RmMjdiZGJiY2Q5OlJscDE2STZ0endndA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
6.573 request code=Tq7nqV5Aoj3vp3oLXiXLMJLOwQoWgz9nC8DkP4UHOCk.HUzY9a92LFqD4frV4bxnxFjuQPc0_Lsk6ZODlG6AS5s&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=kcQ8nNRmAMUzvLWw
6.789 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
6.79 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZWI5NTg4Y2MtODhlNS00MjA3LTkyNDEtN2RmMjdiZGJiY2Q5Il0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NTMxLCJpYXQiOjE1Mjk3NTA5MzEsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjUxZjliMWMxLWZlOGItNGE1OC1hMzViLTQ3ODg4MmFhNDE5YiIsIm5vbmNlIjoiVm16RVhFdXQ1R3ZGR1dGUiIsInJhdCI6MTUyOTc1MDkyOCwic3ViIjoiZm9vQGJhci5jb20ifQ.BBK8rBwBiQIpF2GgNNJWME4D3jCVIZr1ooXI6QTJhNXH2W7PZixS3ljKU_16a-fom1vqZkW4DNtNj5JG9qczLznva8dS9AGNaUuP13v7i1LIoVQS7OFR6SQ5meFIZzshDaumacQTpNOBEZ15cMFb_Rd2GlEQNcsug6Tqdd2TrNlFaTIW-GpJgPvAmfPFv0T-dy4Y69z8FRz5gULp9qU2U6mwKuZAsjWLCcLDZ2-1Il9pN7g8Y7dgGO4V0u7jeiYCyw8EB6Fb8oK0OOU8PO2YoglbNsbI4C8sUcB1tbrcLx9CwpglyxdzWTnWOD1iHH2Azb5Jj84zloIAlsZWctGSy_gOu0XpRjFki9z3uDS9JgJmJmSDoAKFFUQZvHyOngiiYVlTpJVV8_7DOZzJvtIRHiLgX0mGfqKRXA4saVY1eSbD02BNoaM2kvev4iyoirnahMfVQW1pK-7Sf5U1Jz0Wk-cb9ridv-XODZzXk3llI9cKcGOOL3thSVdQrm3ZOUixuwXD_CI8xrQUFhXJVWBEfq0NzTRMihm1gqpwsgDE6PfRnRReuOtBMw8cvMlDbnHaCFcMvdJ3SyUqSOFcQ0Wr4AyyrK_JlYTbCYUBhAkATcnpp3bfoVI_iWnAprIu6j6hsgB5lWAVZHGxVx4o7VB4dGD5gdibvEE-gx1gSINmOdI', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'rbH3lY0AT2P2aqRSf7ve4Vx54Y7uGOGcu_HlKQ123iM.-ljPYmb1xENPMT9LT-1kXz6oQ4h0XLJ5h893a6GBtdQ', 'scope': 'openid'}
7.116 AccessTokenResponse {
"access_token": "rbH3lY0AT2P2aqRSf7ve4Vx54Y7uGOGcu_HlKQ123iM.-ljPYmb1xENPMT9LT-1kXz6oQ4h0XLJ5h893a6GBtdQ",
"expires_in": 3599,
"id_token": {
"aud": [
"eb9588cc-88e5-4207-9241-7df27bdbbcd9"
],
"auth_time": 1529750749,
"exp": 1529754531,
"iat": 1529750931,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "51f9b1c1-fe8b-4a58-a35b-478882aa419b",
"nonce": "VmzEXEut5GvFGWFR",
"rat": 1529750928,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
7.116 phase <--<-- 6 --- UserInfo -->-->
7.116 do_user_info_request kwargs:{'state': 'kcQ8nNRmAMUzvLWw', 'method': 'GET', 'authn_method': 'bearer_header'}
7.117 request {'body': None}
7.117 request_url https://oidc-certification.ory.sh:8443/userinfo
7.117 request_http_args {'headers': {'Authorization': 'Bearer rbH3lY0AT2P2aqRSf7ve4Vx54Y7uGOGcu_HlKQ123iM.-ljPYmb1xENPMT9LT-1kXz6oQ4h0XLJ5h893a6GBtdQ'}}
7.19 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
7.191 OpenIDSchema {
"sub": "foo@bar.com"
}
7.191 OpenIDSchema {
"sub": "foo@bar.com"
}
7.191 phase <--<-- 7 --- DisplayUserInfo -->-->
7.191 phase <--<-- 8 --- Done -->-->
7.191 end
7.192 assertion CheckHTTPResponse
7.192 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
7.192 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Rotation-RP-Sig.txt����������������������������������������������������������������������������0000644�0000000�0000000�00000040662�13313423031�015065� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Rotation-RP-Sig
Test description: Request access token, change RSA signing key and request another access token
Timestamp: 2018-06-23T10:51:06Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.113 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.115 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.115 phase <--<-- 2 --- Registration -->-->
0.115 register kwargs:{'application_name': 'OIC test tool', 'token_endpoint_auth_method': 'private_key_jwt', 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'refresh_token'], 'response_types': ['code'], 'url': 'https://oidc-certification.ory.sh:8443/clients', 'application_type': 'web'}
0.115 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"refresh_token"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#9oVL9l6dfiAKN4Rx"
],
"response_types": [
"code"
],
"token_endpoint_auth_method": "private_key_jwt"
}
0.278 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.279 RegistrationResponse {
"client_id": "94defbce-9d19-444e-82ff-063166893d73",
"client_secret": "ypMiMiH9eHu~",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"refresh_token"
],
"id": "94defbce-9d19-444e-82ff-063166893d73",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#9oVL9l6dfiAKN4Rx"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "private_key_jwt",
"userinfo_signed_response_alg": "none"
}
0.28 phase <--<-- 3 --- AsyncAuthn -->-->
0.28 AuthorizationRequest {
"client_id": "94defbce-9d19-444e-82ff-063166893d73",
"nonce": "78KLPiZTCvbRLGSv",
"prompt": [
"consent"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid offline_access",
"state": "ZPnami488m175HIA"
}
0.28 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=consent&scope=openid+offline_access&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=94defbce-9d19-444e-82ff-063166893d73&state=ZPnami488m175HIA&response_type=code&nonce=78KLPiZTCvbRLGSv
0.28 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=consent&scope=openid+offline_access&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=94defbce-9d19-444e-82ff-063166893d73&state=ZPnami488m175HIA&response_type=code&nonce=78KLPiZTCvbRLGSv
3.569 response Response URL with query part
3.57 response {'state': 'ZPnami488m175HIA', 'scope': 'openid offline_access', 'code': '_ox-YKllX_eyuQg8FDthnD7bynxyCCBvBbLwAfXo29k.IqqWILdWNOxqdYJYCuzF_q28R29wBxdJA-7QFzOQp44'}
3.57 response {'state': 'ZPnami488m175HIA', 'scope': 'openid offline_access', 'code': '_ox-YKllX_eyuQg8FDthnD7bynxyCCBvBbLwAfXo29k.IqqWILdWNOxqdYJYCuzF_q28R29wBxdJA-7QFzOQp44'}
3.57 AuthorizationResponse {
"code": "_ox-YKllX_eyuQg8FDthnD7bynxyCCBvBbLwAfXo29k.IqqWILdWNOxqdYJYCuzF_q28R29wBxdJA-7QFzOQp44",
"scope": "openid offline_access",
"state": "ZPnami488m175HIA"
}
3.57 phase <--<-- 4 --- AccessToken -->-->
3.57 --> request op_args: {'state': 'ZPnami488m175HIA', 'authn_method': 'private_key_jwt'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.571 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'ZPnami488m175HIA', 'code': '_ox-YKllX_eyuQg8FDthnD7bynxyCCBvBbLwAfXo29k.IqqWILdWNOxqdYJYCuzF_q28R29wBxdJA-7QFzOQp44', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '94defbce-9d19-444e-82ff-063166893d73'}, 'state': 'ZPnami488m175HIA', 'authn_method': 'private_key_jwt'}
3.571 AccessTokenRequest {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiOTRkZWZiY2UtOWQxOS00NDRlLTgyZmYtMDYzMTY2ODkzZDczIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiOTRkZWZiY2UtOWQxOS00NDRlLTgyZmYtMDYzMTY2ODkzZDczIiwgImlhdCI6IDE1Mjk3NTEwNjUsICJqdGkiOiAiYWtVSXVmbHJWd3dFVVlJTEkzcnpSeER6b0R2R1FhRVMiLCAiZXhwIjogMTUyOTc1MTY2NX0.gNaR_ICpkvhYIUkYH7nvdJ5G7YprXlipQcrfsQuzSfKyPHiIJDDkWbtwQnOmMjoaAvIZnejD3rAeHR8JXZbyO64gc31hH-8ISrTlUDCnsj-au6y9UEsW-262wPrOneFUMSArq0-toqYEBGQP7-6ze_gBCO0O6Ds-2p4sodTxllpoAaiP2CFMpmO6n8y4RNYhfd07tl9ccbjN4MtQLz2d2538ryJ8VClJq1h4ymn4j3Oxr2fyDvjZFm0voSe7VhnV5_51JkXtlGrO--qCKun0aS_szGHQBBuhsHFN1b4pyDqGhF9BddtW6hX4pXNN3OOr6uL7_YqkRNZau7DgAztFvg",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "_ox-YKllX_eyuQg8FDthnD7bynxyCCBvBbLwAfXo29k.IqqWILdWNOxqdYJYCuzF_q28R29wBxdJA-7QFzOQp44",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "ZPnami488m175HIA"
}
3.574 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.574 request_http_args {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
3.574 request code=_ox-YKllX_eyuQg8FDthnD7bynxyCCBvBbLwAfXo29k.IqqWILdWNOxqdYJYCuzF_q28R29wBxdJA-7QFzOQp44&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=ZPnami488m175HIA&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiOTRkZWZiY2UtOWQxOS00NDRlLTgyZmYtMDYzMTY2ODkzZDczIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiOTRkZWZiY2UtOWQxOS00NDRlLTgyZmYtMDYzMTY2ODkzZDczIiwgImlhdCI6IDE1Mjk3NTEwNjUsICJqdGkiOiAiYWtVSXVmbHJWd3dFVVlJTEkzcnpSeER6b0R2R1FhRVMiLCAiZXhwIjogMTUyOTc1MTY2NX0.gNaR_ICpkvhYIUkYH7nvdJ5G7YprXlipQcrfsQuzSfKyPHiIJDDkWbtwQnOmMjoaAvIZnejD3rAeHR8JXZbyO64gc31hH-8ISrTlUDCnsj-au6y9UEsW-262wPrOneFUMSArq0-toqYEBGQP7-6ze_gBCO0O6Ds-2p4sodTxllpoAaiP2CFMpmO6n8y4RNYhfd07tl9ccbjN4MtQLz2d2538ryJ8VClJq1h4ymn4j3Oxr2fyDvjZFm0voSe7VhnV5_51JkXtlGrO--qCKun0aS_szGHQBBuhsHFN1b4pyDqGhF9BddtW6hX4pXNN3OOr6uL7_YqkRNZau7DgAztFvg
3.702 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.703 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOTRkZWZiY2UtOWQxOS00NDRlLTgyZmYtMDYzMTY2ODkzZDczIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiZXhwIjoxNTI5NzU0NjY1LCJpYXQiOjE1Mjk3NTEwNjUsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjNhZDFhNzJiLWFjNzEtNDA5OS04MGFjLWE5NmFmYzg5NDA0OSIsIm5vbmNlIjoiNzhLTFBpWlRDdmJSTEdTdiIsInJhdCI6MTUyOTc1MTA2Miwic3ViIjoiZm9vQGJhci5jb20ifQ.iAwTmRufOWvHsc8VFBM9ztznJJjbXryE4wKpkyzpqwnaJ2kIcsFzxzIhwKjHrj5smva66Uyp2doIP6kNEku5qmcN1hTaE-XyrEkwCzrTKqG6CZJq9IRMV6CxcXCeeN6huMN3iJUXwNmqcFejEKgfT3d6nZXzzWuhKNxvuJ7OHY0ArXdCowhQahSDYBG0FKNfaokhkEP27mbzb6p0FR16EWWE7iuEp7hF9G3f-VlLSfzhGYpeY9hqYrQsS27Xq2r3vEqPEOX_5HZiMUAdVRPyC4AgTiN59w3rQ0_IhWp0zWSFCMGS-T6sjquVNm908Xrkopk726i7ZGvC38SAPRx8paerlZgrqzGd2mJmoz0VNsyO6nIXb0JX0EgchAMFFFVXyDCLmGZ7tlSAMpouJoh2r-3C5Rf0zE971lcrm6TKm2hB3n4asAOPMvfiuETLgwonZL8xV4U00wQaIUUHv7wgGwV_5I-3AUBwKyrB2kYzz4mpVAX_XyIsFRMqZ-YFFW3REYfJVBxU5MTfG7s7M0Pg5sNModiot4hUPgskiHqISEwBNJuutlIGrO5ghB37_-kKc1Jp8eVE0pGKq9kiPkL-4l792hp1-5_0WHO5ozZnku_wigH5pl5V88rHlnPSU2i5XiQtPW1CqnD_hnC-3g8_4z4kGfjivhfaopuhZfJiPg8', 'scope': 'openid offline_access', 'access_token': 'IeVz0vz8NQdA327xdFMGBgW_mrQiVy_eY06rxAoRAeM.k5C1n5drAdms2RRmvb3AitKTRdrtCHcvhevwcMLzfCQ', 'refresh_token': 'hoIr1vEHsEnXJpaDSXnv2Ll3LExhQ_In1q7ktnGRMfs.4_7o2b9QNBMFCC4-jsNdiuGdSbYmxUSP0_uW3_OTbzQ', 'token_type': 'bearer', 'expires_in': 3599}
3.783 AccessTokenResponse {
"access_token": "IeVz0vz8NQdA327xdFMGBgW_mrQiVy_eY06rxAoRAeM.k5C1n5drAdms2RRmvb3AitKTRdrtCHcvhevwcMLzfCQ",
"expires_in": 3599,
"id_token": {
"aud": [
"94defbce-9d19-444e-82ff-063166893d73"
],
"auth_time": 1529750975,
"exp": 1529754665,
"iat": 1529751065,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "3ad1a72b-ac71-4099-80ac-a96afc894049",
"nonce": "78KLPiZTCvbRLGSv",
"rat": 1529751062,
"sub": "foo@bar.com"
},
"refresh_token": "hoIr1vEHsEnXJpaDSXnv2Ll3LExhQ_In1q7ktnGRMfs.4_7o2b9QNBMFCC4-jsNdiuGdSbYmxUSP0_uW3_OTbzQ",
"scope": "openid offline_access",
"token_type": "bearer"
}
3.783 phase <--<-- 5 --- RotateSigKeys -->-->
3.829 phase <--<-- 6 --- RefreshAccessToken -->-->
3.833 RefreshAccessTokenRequest {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkJlYTFmMHRNOWFhRmpkTU5YSmk4RXJhbDhFR0dWdjducF9NVjdUdlJ0UFEifQ.eyJpc3MiOiAiOTRkZWZiY2UtOWQxOS00NDRlLTgyZmYtMDYzMTY2ODkzZDczIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiOTRkZWZiY2UtOWQxOS00NDRlLTgyZmYtMDYzMTY2ODkzZDczIiwgImlhdCI6IDE1Mjk3NTEwNjUsICJqdGkiOiAiZjBJOFhEWGc1bXZHWnZUdnRmcFgzWjIxSkpFeXZXeTMiLCAiZXhwIjogMTUyOTc1MTY2NX0.JJtCb3fnOy4Y3NBrO8QkebS0VvoRrgcyQnCK3GXyNhQJw-u7K0b9Mu6E-ubhqBWkClSdlEN7bM5QbqRkpHIHSoXJnb7RhlF8ZBMYSmYVG8cl72LyEVHLeuprD5OvyBCvwvIpQcUHHiPyzPekOB9nsHhEmN69939vMfsW3SoM4SFpeyZQTTPaW3pmepzpIgwExVnajFEGfxbQ-KJxCEYbmgDFGVvcU7Lu37kugrIH52KfRr7FaGGJs0T-lzDrpNPVUmsJ15rdAqnUrZSpNQY1LMAkTV5pQmNlYDTn4KfRfUHphdd5HRsbVA6RQXsVY6YqOVSi2nxLKAGbwby8IR86Ig",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"grant_type": "refresh_token",
"refresh_token": "hoIr1vEHsEnXJpaDSXnv2Ll3LExhQ_In1q7ktnGRMfs.4_7o2b9QNBMFCC4-jsNdiuGdSbYmxUSP0_uW3_OTbzQ",
"scope": "openid offline_access"
}
3.837 request {'client_assertion': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IkJlYTFmMHRNOWFhRmpkTU5YSmk4RXJhbDhFR0dWdjducF9NVjdUdlJ0UFEifQ.eyJpc3MiOiAiOTRkZWZiY2UtOWQxOS00NDRlLTgyZmYtMDYzMTY2ODkzZDczIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiOTRkZWZiY2UtOWQxOS00NDRlLTgyZmYtMDYzMTY2ODkzZDczIiwgImlhdCI6IDE1Mjk3NTEwNjUsICJqdGkiOiAiZjBJOFhEWGc1bXZHWnZUdnRmcFgzWjIxSkpFeXZXeTMiLCAiZXhwIjogMTUyOTc1MTY2NX0.JJtCb3fnOy4Y3NBrO8QkebS0VvoRrgcyQnCK3GXyNhQJw-u7K0b9Mu6E-ubhqBWkClSdlEN7bM5QbqRkpHIHSoXJnb7RhlF8ZBMYSmYVG8cl72LyEVHLeuprD5OvyBCvwvIpQcUHHiPyzPekOB9nsHhEmN69939vMfsW3SoM4SFpeyZQTTPaW3pmepzpIgwExVnajFEGfxbQ-KJxCEYbmgDFGVvcU7Lu37kugrIH52KfRr7FaGGJs0T-lzDrpNPVUmsJ15rdAqnUrZSpNQY1LMAkTV5pQmNlYDTn4KfRfUHphdd5HRsbVA6RQXsVY6YqOVSi2nxLKAGbwby8IR86Ig', 'scope': 'openid offline_access', 'grant_type': 'refresh_token', 'client_assertion_type': 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer', 'refresh_token': 'hoIr1vEHsEnXJpaDSXnv2Ll3LExhQ_In1q7ktnGRMfs.4_7o2b9QNBMFCC4-jsNdiuGdSbYmxUSP0_uW3_OTbzQ'}
3.966 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.966 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.966 handle_response kwargs:{'r': <Response [200]>, 'csi': <oic.oic.message.RefreshAccessTokenRequest object at 0x7f2440115eb8>}
3.967 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOTRkZWZiY2UtOWQxOS00NDRlLTgyZmYtMDYzMTY2ODkzZDczIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiZXhwIjoxNTI5NzU0NjY1LCJpYXQiOjE1Mjk3NTEwNjUsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImY4YzgwNDAwLTE5YzgtNDM2NS05MjM0LWRkNGE0NDFkYWY1MyIsIm5vbmNlIjoiIiwicmF0IjoxNTI5NzUxMDYyLCJzdWIiOiJmb29AYmFyLmNvbSJ9.Yn3F778rHoILy6xyoA88frqDu_wTTy5zBW-bJ8vDKliiV7RgnrjWSlGYufxgvs59etatv2_sd8qX--hLv0lWgGXVfIZKbD8rVrRFFeo0Y-9xgRK6j_OcpWhp9vaHnOuuvE2us_-hk8qvvKGAR4OAyDybaQcelldb6vmvmOG6AIlQJ3SEt1AETg063K-yEPE-WP7y849E329IOiUxIyvggsjNU5nIVe26I2R-fQ6BYLzqL2QKzotQK_Bht_kXdV2Z8Nf2Zqcnfk6wNmy4ihV0YKjOXZTs0MzR4KBghlWueE0C2nr6ww-uofE7hJJWzebJUHCuK0lxOxIAyBnP4iAvI2vZah5avOuUSywpPQy1-cDinTIG7DXG8BobaHaauOfPhLd0XzGQoUilGe1X8Y6e2UE83sBaDfJV6ayr8kcYZ7nlDTB0alyMjzI8wRhK7CbFnfHwbiPTUJB6VuIsp4IDGvnEWQoEr3nuP5fP48th4taIrSvyuiMt4irkq9xtPfDJQFaxE5oykOQbkYWv4zQbM18k5msAHEVDEzi-kSdQzQYVSVr_mJlGFBobxnWdtRBH81BMaAapYWA-7gdGmHchf8qXr-OQ_XGz3yTstdEtQYKvIIMPhpddQiH_QC0q3Uu_vmBD2WKepVh-z-uCBE9Nj0V1fbYpkBjuNY8Tx02Nxmo', 'scope': 'openid offline_access', 'access_token': '2gCjRUPGKTRXQPWlUUHG3GQWHR9iTwZMNQdqWtdbgQw.UlR0HCq0qY_gdRlwhwr85jiKbR3eAGQD6Aq1_mef-Z0', 'refresh_token': 'Ruk0UHb-qp4MCkl8Jvyexg_JqxrpfP5wzkKKcFedXHI.j--8O2dT8AOu2W9kiN2Pwpz3dkfVZrmbZ1Reee4tw9Q', 'token_type': 'bearer', 'expires_in': 3599}
3.97 jws header {'typ': 'JWT', 'alg': 'RS256', 'kid': 'public:0acf6c64-4d55-4888-abb9-b2a3f661ee7f'}
3.97 AccessTokenResponse {
"access_token": "2gCjRUPGKTRXQPWlUUHG3GQWHR9iTwZMNQdqWtdbgQw.UlR0HCq0qY_gdRlwhwr85jiKbR3eAGQD6Aq1_mef-Z0",
"expires_in": 3599,
"id_token": {
"aud": [
"94defbce-9d19-444e-82ff-063166893d73"
],
"auth_time": 1529750975,
"exp": 1529754665,
"iat": 1529751065,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "f8c80400-19c8-4365-9234-dd4a441daf53",
"rat": 1529751062,
"sub": "foo@bar.com"
},
"refresh_token": "Ruk0UHb-qp4MCkl8Jvyexg_JqxrpfP5wzkKKcFedXHI.j--8O2dT8AOu2W9kiN2Pwpz3dkfVZrmbZ1Reee4tw9Q",
"scope": "openid offline_access",
"token_type": "bearer"
}
3.97 phase <--<-- 7 --- Done -->-->
3.97 end
3.971 assertion CheckHTTPResponse
3.971 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
3.971 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������./OP-OAuth-2nd-Revokes.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000033305�13313423003�015337� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd-Revokes
Test description: Trying to use authorization code twice should result in revoking previously issued access tokens
Timestamp: 2018-06-23T10:50:43Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.076 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.077 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.077 phase <--<-- 2 --- Registration -->-->
0.078 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.078 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#XBw87oVdSVU8JxPO"
],
"response_types": [
"code"
]
}
0.242 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.243 RegistrationResponse {
"client_id": "ce8e94bb-b051-4d75-91cb-8f8f99bddb18",
"client_secret": "DdcrL1_M5qmy",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "ce8e94bb-b051-4d75-91cb-8f8f99bddb18",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#XBw87oVdSVU8JxPO"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.243 phase <--<-- 3 --- Note -->-->
1.568 phase <--<-- 4 --- AsyncAuthn -->-->
1.569 AuthorizationRequest {
"client_id": "ce8e94bb-b051-4d75-91cb-8f8f99bddb18",
"nonce": "dqgkYo3H5I69iFX2",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "vo0F5zs0z6N5iLSf"
}
1.569 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ce8e94bb-b051-4d75-91cb-8f8f99bddb18&state=vo0F5zs0z6N5iLSf&response_type=code&nonce=dqgkYo3H5I69iFX2
1.569 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ce8e94bb-b051-4d75-91cb-8f8f99bddb18&state=vo0F5zs0z6N5iLSf&response_type=code&nonce=dqgkYo3H5I69iFX2
5.951 response Response URL with query part
5.951 response {'state': 'vo0F5zs0z6N5iLSf', 'scope': 'openid', 'code': 'SOfv2rr_HYydZ5epx3H-S2sUb2cDbL-U3AwOML96bO8.fY-Nw_9SU-VefjGtGzaBxYPqnuWez5BkZJ3Y8xH0XX8'}
5.951 response {'state': 'vo0F5zs0z6N5iLSf', 'scope': 'openid', 'code': 'SOfv2rr_HYydZ5epx3H-S2sUb2cDbL-U3AwOML96bO8.fY-Nw_9SU-VefjGtGzaBxYPqnuWez5BkZJ3Y8xH0XX8'}
5.952 AuthorizationResponse {
"code": "SOfv2rr_HYydZ5epx3H-S2sUb2cDbL-U3AwOML96bO8.fY-Nw_9SU-VefjGtGzaBxYPqnuWez5BkZJ3Y8xH0XX8",
"scope": "openid",
"state": "vo0F5zs0z6N5iLSf"
}
5.952 phase <--<-- 5 --- AccessToken -->-->
5.952 --> request op_args: {'state': 'vo0F5zs0z6N5iLSf'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
5.952 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'vo0F5zs0z6N5iLSf', 'code': 'SOfv2rr_HYydZ5epx3H-S2sUb2cDbL-U3AwOML96bO8.fY-Nw_9SU-VefjGtGzaBxYPqnuWez5BkZJ3Y8xH0XX8', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'ce8e94bb-b051-4d75-91cb-8f8f99bddb18'}, 'state': 'vo0F5zs0z6N5iLSf'}
5.952 AccessTokenRequest {
"code": "SOfv2rr_HYydZ5epx3H-S2sUb2cDbL-U3AwOML96bO8.fY-Nw_9SU-VefjGtGzaBxYPqnuWez5BkZJ3Y8xH0XX8",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "vo0F5zs0z6N5iLSf"
}
5.952 request_url https://oidc-certification.ory.sh:8443/oauth2/token
5.952 request_http_args {'headers': {'Authorization': 'Basic Y2U4ZTk0YmItYjA1MS00ZDc1LTkxY2ItOGY4Zjk5YmRkYjE4OkRkY3JMMV9NNXFteQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
5.952 request code=SOfv2rr_HYydZ5epx3H-S2sUb2cDbL-U3AwOML96bO8.fY-Nw_9SU-VefjGtGzaBxYPqnuWez5BkZJ3Y8xH0XX8&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=vo0F5zs0z6N5iLSf
6.232 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
6.233 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiY2U4ZTk0YmItYjA1MS00ZDc1LTkxY2ItOGY4Zjk5YmRkYjE4Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiZXhwIjoxNTI5NzU0NjQyLCJpYXQiOjE1Mjk3NTEwNDMsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImZmOGIxYmM4LTk3MDItNDBjZS1iZjQxLTZjMTc3MzgzN2E3ZCIsIm5vbmNlIjoiZHFna1lvM0g1STY5aUZYMiIsInJhdCI6MTUyOTc1MTAzOCwic3ViIjoiZm9vQGJhci5jb20ifQ.bJG06MkuiZQS_XjpyWJP_U8gHU0rHzKscC6dM3UaBtoO7nPchcCa05VAMQRyetTn7VU98lEOT0UXo5rDyxQmVWFpy_4vL-hwdaReVHAiTv0YmsJIP4L0WFE4BhW5q_6YnPWJRX3zls7h6dbCvjxho-oRa5-d1fUM55JqsXn66JE14p7jdY2BmUXEr1ribfMc4HYcHtMYkCV9IHw89nHUneq4nq-IdQyciQVbodkIxGQ5s6jj2YO0udJhgZfwT3yix45YA1YRFmjRGfvpfAD2Pkgvu08mD1NkddVJLphkGejGnpr_hIKvyAHPq2FAjjICLplV5mIjzqi47jsaZxSUNOb5wtnJh50I3sqlkBVY1uHBgVTcbkX0Ss2JLeJsbLpUxV3j5k_SRb2-J5i1iWz8V74A6e8aMEJWc7ewM_nQjzzpRmXFl1sR_GKuGboUXGzJugkzRg6o2K_YfQGG-k7LD108U4WyVA4vTl7-IfxknUL9iOwOoF9S__bigypffx80gtf_PpqHtS6BHKangw7ZFgC3JB-ykhgZ3eVr0zHg_hk-E-LBPw_YlLwSEFquP9GgiM3UFwc53U28j394VgydOmce5dvxJoAego19T7uUtXTcrqGp_oFDAGqfDhfyhREK7fMJ5uiprpFLlSFDyAE5NeAdUw-8ST1XnPdpofJCQj0', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'L6jTyeUSvhHNK1xLNf3BNrdQ9ksIj3aKAu4yOhuN8A0.URku-iZj4qSi7X5SpIBeOpF1_ejXxm2OmGeJg82E4d0', 'scope': 'openid'}
6.349 AccessTokenResponse {
"access_token": "L6jTyeUSvhHNK1xLNf3BNrdQ9ksIj3aKAu4yOhuN8A0.URku-iZj4qSi7X5SpIBeOpF1_ejXxm2OmGeJg82E4d0",
"expires_in": 3599,
"id_token": {
"aud": [
"ce8e94bb-b051-4d75-91cb-8f8f99bddb18"
],
"auth_time": 1529750975,
"exp": 1529754642,
"iat": 1529751043,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "ff8b1bc8-9702-40ce-bf41-6c1773837a7d",
"nonce": "dqgkYo3H5I69iFX2",
"rat": 1529751038,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
6.35 phase <--<-- 6 --- AccessToken -->-->
6.35 --> request op_args: {'state': 'vo0F5zs0z6N5iLSf'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
6.35 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'vo0F5zs0z6N5iLSf', 'code': 'SOfv2rr_HYydZ5epx3H-S2sUb2cDbL-U3AwOML96bO8.fY-Nw_9SU-VefjGtGzaBxYPqnuWez5BkZJ3Y8xH0XX8', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'ce8e94bb-b051-4d75-91cb-8f8f99bddb18'}, 'state': 'vo0F5zs0z6N5iLSf'}
6.35 AccessTokenRequest {
"code": "SOfv2rr_HYydZ5epx3H-S2sUb2cDbL-U3AwOML96bO8.fY-Nw_9SU-VefjGtGzaBxYPqnuWez5BkZJ3Y8xH0XX8",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "vo0F5zs0z6N5iLSf"
}
6.35 request_url https://oidc-certification.ory.sh:8443/oauth2/token
6.35 request_http_args {'headers': {'Authorization': 'Basic Y2U4ZTk0YmItYjA1MS00ZDc1LTkxY2ItOGY4Zjk5YmRkYjE4OkRkY3JMMV9NNXFteQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
6.35 request code=SOfv2rr_HYydZ5epx3H-S2sUb2cDbL-U3AwOML96bO8.fY-Nw_9SU-VefjGtGzaBxYPqnuWez5BkZJ3Y8xH0XX8&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=vo0F5zs0z6N5iLSf
6.513 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
6.513 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
6.513 event Got expected error
6.513 TokenErrorResponse {
"error": "invalid_grant",
"error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code": 400
}
6.514 phase <--<-- 7 --- UserInfo -->-->
6.514 do_user_info_request kwargs:{'state': 'vo0F5zs0z6N5iLSf', 'method': 'GET', 'authn_method': 'bearer_header'}
6.514 request {'body': None}
6.514 request_url https://oidc-certification.ory.sh:8443/userinfo
6.514 request_http_args {'headers': {'Authorization': 'Bearer L6jTyeUSvhHNK1xLNf3BNrdQ9ksIj3aKAu4yOhuN8A0.URku-iZj4qSi7X5SpIBeOpF1_ejXxm2OmGeJg82E4d0'}}
6.622 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:401 message:{"error":"request_unauthorized","error_description":"The request could not be authorized","error_hint":"Check that you provided valid credentials in the right format.","status_code":401,"error_debug":"A validator returned an error"}
6.623 event Expected error not received: got request_unauthorized
6.623 ErrorResponse {
"error": "request_unauthorized",
"error_debug": "A validator returned an error",
"error_description": "The request could not be authorized",
"error_hint": "Check that you provided valid credentials in the right format.",
"status_code": 401
}
6.623 ErrorResponse {
"error": "request_unauthorized",
"error_debug": "A validator returned an error",
"error_description": "The request could not be authorized",
"error_hint": "Check that you provided valid credentials in the right format.",
"status_code": 401
}
6.623 phase <--<-- 8 --- Done -->-->
6.623 end
6.624 assertion VerifyResponse
6.624 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
6.624 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Discovery-Config.txt���������������������������������������������������������������������������0000644�0000000�0000000�00000006700�13313422111�015372� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Discovery-Config
Test description: Publishes openid-configuration discovery information
Timestamp: 2018-06-23T10:43:21Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.106 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.107 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.107 phase <--<-- 2 --- Done -->-->
0.107 end
0.108 assertion CheckHTTPResponse
0.108 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
0.108 assertion VerifyIdTokenSigningAlgorithmIsSupported
0.108 condition verify-id_token_signing-algorithm-is-supported: status=OK [Verify that required algorithms in id_token_signing_alg_values_supported]
0.108 assertion VerifyHTTPSUsage
0.108 condition verify-https-usage: status=OK [Verify that specific endpoints uses https]
0.109 assertion VerifyOPEndpointsUseHTTPS
0.109 condition verify-op-endpoints-use-https: status=OK [Verify that all OP endpoints uses https]
0.109 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-id_token_signing-algorithm-is-supported: status=OK [Verify that required algorithms in id_token_signing_alg_values_supported]
verify-https-usage: status=OK [Verify that specific endpoints uses https]
verify-op-endpoints-use-https: status=OK [Verify that all OP endpoints uses https]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������./OP-scope-All.txt����������������������������������������������������������������������������������0000644�0000000�0000000�00000030100�13313422463�014040� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-All
Test description: Scope requesting all claims
Timestamp: 2018-06-23T10:47:15Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.101 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.102 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.102 phase <--<-- 2 --- Registration -->-->
0.102 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.103 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#afOCONhA3tHSUiZg"
],
"response_types": [
"code"
]
}
0.261 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.262 RegistrationResponse {
"client_id": "5ffbb9c1-0c63-4074-9491-28f0e0fc277c",
"client_secret": "UF_gwCY8VDz6",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "5ffbb9c1-0c63-4074-9491-28f0e0fc277c",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#afOCONhA3tHSUiZg"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.262 phase <--<-- 3 --- AsyncAuthn -->-->
0.262 condition Check support: status=WARNING, message=No support for: scopes_supported=['profile', 'email', 'address', 'phone']
0.262 AuthorizationRequest {
"client_id": "5ffbb9c1-0c63-4074-9491-28f0e0fc277c",
"nonce": "1yrzOHQx6krgPSXA",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid profile email address phone",
"state": "xuXhK2ICXRbT6sfG"
}
0.263 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+profile+email+address+phone&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=5ffbb9c1-0c63-4074-9491-28f0e0fc277c&state=xuXhK2ICXRbT6sfG&response_type=code&nonce=1yrzOHQx6krgPSXA
0.263 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+profile+email+address+phone&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=5ffbb9c1-0c63-4074-9491-28f0e0fc277c&state=xuXhK2ICXRbT6sfG&response_type=code&nonce=1yrzOHQx6krgPSXA
4.3 response Response URL with query part
4.301 response {'state': 'xuXhK2ICXRbT6sfG', 'scope': 'openid profile email address phone', 'code': 'WZA8FZ037sbc_g7mUW-VKuj4tgkhdWk75z2JRY2ZHkw.kZ76IRcCgFSCex4roQ3IZ_Dd6GqJ5epOnYIieb_xY-I'}
4.301 response {'state': 'xuXhK2ICXRbT6sfG', 'scope': 'openid profile email address phone', 'code': 'WZA8FZ037sbc_g7mUW-VKuj4tgkhdWk75z2JRY2ZHkw.kZ76IRcCgFSCex4roQ3IZ_Dd6GqJ5epOnYIieb_xY-I'}
4.301 AuthorizationResponse {
"code": "WZA8FZ037sbc_g7mUW-VKuj4tgkhdWk75z2JRY2ZHkw.kZ76IRcCgFSCex4roQ3IZ_Dd6GqJ5epOnYIieb_xY-I",
"scope": "openid profile email address phone",
"state": "xuXhK2ICXRbT6sfG"
}
4.301 phase <--<-- 4 --- AccessToken -->-->
4.301 --> request op_args: {'state': 'xuXhK2ICXRbT6sfG'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.301 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'xuXhK2ICXRbT6sfG', 'code': 'WZA8FZ037sbc_g7mUW-VKuj4tgkhdWk75z2JRY2ZHkw.kZ76IRcCgFSCex4roQ3IZ_Dd6GqJ5epOnYIieb_xY-I', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '5ffbb9c1-0c63-4074-9491-28f0e0fc277c'}, 'state': 'xuXhK2ICXRbT6sfG'}
4.302 AccessTokenRequest {
"code": "WZA8FZ037sbc_g7mUW-VKuj4tgkhdWk75z2JRY2ZHkw.kZ76IRcCgFSCex4roQ3IZ_Dd6GqJ5epOnYIieb_xY-I",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "xuXhK2ICXRbT6sfG"
}
4.302 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.302 request_http_args {'headers': {'Authorization': 'Basic NWZmYmI5YzEtMGM2My00MDc0LTk0OTEtMjhmMGUwZmMyNzdjOlVGX2d3Q1k4VkR6Ng==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.302 request code=WZA8FZ037sbc_g7mUW-VKuj4tgkhdWk75z2JRY2ZHkw.kZ76IRcCgFSCex4roQ3IZ_Dd6GqJ5epOnYIieb_xY-I&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=xuXhK2ICXRbT6sfG
4.517 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.518 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNWZmYmI5YzEtMGM2My00MDc0LTk0OTEtMjhmMGUwZmMyNzdjIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NDM1LCJpYXQiOjE1Mjk3NTA4MzUsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjdiZWI1YWQwLTFkOWQtNGU4OS1iZmU4LWNkMDRhMTkxZmE1ZCIsIm5vbmNlIjoiMXlyek9IUXg2a3JnUFNYQSIsInJhdCI6MTUyOTc1MDgzMSwic3ViIjoiZm9vQGJhci5jb20ifQ.VBZognv-Jiul9LshSodEeX0fXvnL_B54t-LNfBWXN-7d7TB5hgjsZmPGbvaSSbx0qdnnE3aaTk6eArzBG2cd-Ih3MGc2NeAGvWqFmFD-TF3ASBLy4Er-1HSrxvYGhSe_M4uhNDsYwx2ULxZokOuDlniYFQym9mTzLy9MfvtIxWZHnchtTT2SulR1I1JseiGV_ry-1-d41dKa7CZG2Hy01LALTpU3M1v2L7ZDAzFgQDKi8YGGPlbXL1Chh_rzmNaSjhWKHRq3EZ6nWb3P1FeswjqEslf_XEJYGtKtM502i9s4K0_LbBkhq0CQwtejd4wdhG3hgDAbtX68AobdRg6HsLspHThM71G8un5l281ZiipAUNpkE9eJwdnPkHRNWd30PurypTl3hKbfB5ULBg2Vle1UEaq6WCykmvrKqVnO88YtnCjEjZowMUTDOXLzReRUzjkWtJ-qy9UcbVC53yV8_LqjEeiKXiU_FcTrzj0CEOk1x1b3UYHp2uA_qe2lWee9VigRmKl2r49SebnKQpyQMVrLXZb2J6fIhzx4OE-9LN3Qj8Gt8E5UlwpIdUQcTLd9bCJuCyiQr-JJqJxhwrB5qF5NidNiIBUbmb5VHwZ7j8IbOIhNg_Fcxp2sQOrtgW1Yx6i42Ezyyr2FIDG1qPBgpNbbpIhjwO-OHnhyMlSL4AU', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': '_FiJ3LpkzW0ydTMcrRrFqQURyOPeseUkLcG40A8MDnE.7iMcWKgftVNmNLHTFolNxhMB_WhXEA4wxzy0NXAbhFo', 'scope': 'openid profile email address phone'}
4.604 AccessTokenResponse {
"access_token": "_FiJ3LpkzW0ydTMcrRrFqQURyOPeseUkLcG40A8MDnE.7iMcWKgftVNmNLHTFolNxhMB_WhXEA4wxzy0NXAbhFo",
"expires_in": 3599,
"id_token": {
"aud": [
"5ffbb9c1-0c63-4074-9491-28f0e0fc277c"
],
"auth_time": 1529750749,
"exp": 1529754435,
"iat": 1529750835,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "7beb5ad0-1d9d-4e89-bfe8-cd04a191fa5d",
"nonce": "1yrzOHQx6krgPSXA",
"rat": 1529750831,
"sub": "foo@bar.com"
},
"scope": "openid profile email address phone",
"token_type": "bearer"
}
4.604 phase <--<-- 5 --- UserInfo -->-->
4.604 do_user_info_request kwargs:{'state': 'xuXhK2ICXRbT6sfG', 'method': 'GET', 'authn_method': 'bearer_header'}
4.605 request {'body': None}
4.605 request_url https://oidc-certification.ory.sh:8443/userinfo
4.605 request_http_args {'headers': {'Authorization': 'Bearer _FiJ3LpkzW0ydTMcrRrFqQURyOPeseUkLcG40A8MDnE.7iMcWKgftVNmNLHTFolNxhMB_WhXEA4wxzy0NXAbhFo'}}
4.698 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
4.699 OpenIDSchema {
"sub": "foo@bar.com"
}
4.699 OpenIDSchema {
"sub": "foo@bar.com"
}
4.699 phase <--<-- 6 --- Done -->-->
4.699 end
4.7 assertion CheckHTTPResponse
4.7 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
4.7 assertion VerifyResponse
4.7 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
4.701 assertion VerifyScopes
4.701 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username', 'email', 'email_verified', 'address', 'phone_number', 'phone_number_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
4.701 condition Done: status=OK
============================================================
Conditions
Check support: status=WARNING, message=No support for: scopes_supported=['profile', 'email', 'address', 'phone']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username', 'email', 'email_verified', 'address', 'phone_number', 'phone_number_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
No support for: scopes_supported=['profile', 'email', 'address', 'phone']
The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username', 'email', 'email_verified', 'address', 'phone_number', 'phone_number_verified']
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-Query-Added.txt�������������������������������������������������������������������0000644�0000000�0000000�00000016330�13313422424�017011� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-Query-Added
Test description: Request with redirect_uri with query component when registered redirect_uri has no query component
Timestamp: 2018-06-23T10:46:44Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.075 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.075 phase <--<-- 2 --- Registration -->-->
0.075 register kwargs:{'application_name': 'OIC test tool', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'redirect_uri': ['https://op.certification.openid.net:61353/authz_cb?foo=bar']}
0.075 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#LtySycnhFcGnHiXR"
],
"response_types": [
"code"
]
}
0.236 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.237 RegistrationResponse {
"client_id": "ecb012c6-512d-4236-b362-a17e856e054f",
"client_secret": "xjeZZSzBwdMu",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "ecb012c6-512d-4236-b362-a17e856e054f",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#LtySycnhFcGnHiXR"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.237 phase <--<-- 3 --- Note -->-->
15.249 phase <--<-- 4 --- AsyncAuthn -->-->
15.249 AuthorizationRequest {
"client_id": "ecb012c6-512d-4236-b362-a17e856e054f",
"nonce": "BOoxee6CpKSapklm",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb?bar=foo",
"response_type": "code",
"scope": "openid",
"state": "llkFogf4uGclH9hQ"
}
15.25 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Fbar%3Dfoo&client_id=ecb012c6-512d-4236-b362-a17e856e054f&state=llkFogf4uGclH9hQ&response_type=code&nonce=BOoxee6CpKSapklm
15.25 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Fbar%3Dfoo&client_id=ecb012c6-512d-4236-b362-a17e856e054f&state=llkFogf4uGclH9hQ&response_type=code&nonce=BOoxee6CpKSapklm
16.2 phase <--<-- 4 --- AsyncAuthn -->-->
16.201 AuthorizationRequest {
"client_id": "ecb012c6-512d-4236-b362-a17e856e054f",
"nonce": "APR9OMfToXZqwWYp",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb?bar=foo",
"response_type": "code",
"scope": "openid",
"state": "qf39DpT37XADhfJF"
}
16.201 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Fbar%3Dfoo&client_id=ecb012c6-512d-4236-b362-a17e856e054f&state=qf39DpT37XADhfJF&response_type=code&nonce=APR9OMfToXZqwWYp
16.201 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Fbar%3Dfoo&client_id=ecb012c6-512d-4236-b362-a17e856e054f&state=qf39DpT37XADhfJF&response_type=code&nonce=APR9OMfToXZqwWYp
17.286 phase <--<-- 4 --- AsyncAuthn -->-->
17.287 AuthorizationRequest {
"client_id": "ecb012c6-512d-4236-b362-a17e856e054f",
"nonce": "nB4DhCj8O8crsBh3",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb?bar=foo",
"response_type": "code",
"scope": "openid",
"state": "6UwXfce74GGdK9TQ"
}
17.287 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Fbar%3Dfoo&client_id=ecb012c6-512d-4236-b362-a17e856e054f&state=6UwXfce74GGdK9TQ&response_type=code&nonce=nB4DhCj8O8crsBh3
17.287 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Fbar%3Dfoo&client_id=ecb012c6-512d-4236-b362-a17e856e054f&state=6UwXfce74GGdK9TQ&response_type=code&nonce=nB4DhCj8O8crsBh3
============================================================
Conditions
============================================================
RESULT: PARTIAL RESULT
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-Missing.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000011212�13313422371�016311� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-Missing
Test description: Reject request without redirect_uri when multiple registered
Timestamp: 2018-06-23T10:46:17Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.079 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.08 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.08 phase <--<-- 2 --- Registration -->-->
0.08 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb', 'https://op.certification.openid.net:61353/cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.08 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb",
"https://op.certification.openid.net:61353/cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#pUFK3PHKWFcdh5dO"
],
"response_types": [
"code"
]
}
0.277 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.277 RegistrationResponse {
"client_id": "1244821b-a593-4921-875c-30f57414b5d5",
"client_secret": "oi0Cwy.0Hctg",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "1244821b-a593-4921-875c-30f57414b5d5",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb",
"https://op.certification.openid.net:61353/cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#pUFK3PHKWFcdh5dO"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.278 phase <--<-- 3 --- Note -->-->
============================================================
Conditions
============================================================
RESULT: PARTIAL RESULT
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-NotReg.txt������������������������������������������������������������������������0000644�0000000�0000000�00000012665�13313422421�016107� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-NotReg
Test description: Sent redirect_uri does not match a registered redirect_uri
Timestamp: 2018-06-23T10:46:41Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.075 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.075 phase <--<-- 2 --- Registration -->-->
0.075 register kwargs:{'application_name': 'OIC test tool', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'redirect_uri': ['https://op.certification.openid.net:61353/authz_cb?foo=bar']}
0.075 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#LtySycnhFcGnHiXR"
],
"response_types": [
"code"
]
}
0.236 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.237 RegistrationResponse {
"client_id": "ecb012c6-512d-4236-b362-a17e856e054f",
"client_secret": "xjeZZSzBwdMu",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "ecb012c6-512d-4236-b362-a17e856e054f",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#LtySycnhFcGnHiXR"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.237 phase <--<-- 3 --- Note -->-->
15.249 phase <--<-- 4 --- AsyncAuthn -->-->
15.249 AuthorizationRequest {
"client_id": "ecb012c6-512d-4236-b362-a17e856e054f",
"nonce": "BOoxee6CpKSapklm",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb?bar=foo",
"response_type": "code",
"scope": "openid",
"state": "llkFogf4uGclH9hQ"
}
15.25 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Fbar%3Dfoo&client_id=ecb012c6-512d-4236-b362-a17e856e054f&state=llkFogf4uGclH9hQ&response_type=code&nonce=BOoxee6CpKSapklm
15.25 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Fbar%3Dfoo&client_id=ecb012c6-512d-4236-b362-a17e856e054f&state=llkFogf4uGclH9hQ&response_type=code&nonce=BOoxee6CpKSapklm
============================================================
Conditions
============================================================
RESULT: PARTIAL RESULT
���������������������������������������������������������������������������./OP-Req-ui_locales.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000014342�13313422717�015101� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-ui_locales
Test description: Providing ui_locales
Timestamp: 2018-06-23T10:49:51Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.153 phase <--<-- 1 --- Webfinger -->-->
1.153 not expected to do WebFinger
1.153 phase <--<-- 2 --- Discovery -->-->
1.153 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.26 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.261 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.262 phase <--<-- 3 --- Registration -->-->
1.262 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.262 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#TDE4KqFk8ntzOfJI"
],
"response_types": [
"code"
]
}
1.42 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.421 RegistrationResponse {
"client_id": "75bab0be-6a42-46e3-a89b-3fad9678c640",
"client_secret": "dlQGv--UZQ-I",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "75bab0be-6a42-46e3-a89b-3fad9678c640",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#TDE4KqFk8ntzOfJI"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.421 phase <--<-- 4 --- AsyncAuthn -->-->
1.422 AuthorizationRequest {
"client_id": "75bab0be-6a42-46e3-a89b-3fad9678c640",
"nonce": "U9weuTEXF2LiK4LZ",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "PU1OyxDSKAY1JwMb",
"ui_locales": "se"
}
1.422 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?ui_locales=se&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=75bab0be-6a42-46e3-a89b-3fad9678c640&state=PU1OyxDSKAY1JwMb&response_type=code&nonce=U9weuTEXF2LiK4LZ
1.422 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?ui_locales=se&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=75bab0be-6a42-46e3-a89b-3fad9678c640&state=PU1OyxDSKAY1JwMb&response_type=code&nonce=U9weuTEXF2LiK4LZ
4.385 response Response URL with query part
4.386 response {'state': 'PU1OyxDSKAY1JwMb', 'scope': 'openid', 'code': 'Mx7TA1Lf5cwf42AVv3xvku_lJeozK5s0lJasPmI2AbU.rqo4xZdN31BEtL9gOnufcAjD8XizSnbTSTGdaQIxAdg'}
4.386 response {'state': 'PU1OyxDSKAY1JwMb', 'scope': 'openid', 'code': 'Mx7TA1Lf5cwf42AVv3xvku_lJeozK5s0lJasPmI2AbU.rqo4xZdN31BEtL9gOnufcAjD8XizSnbTSTGdaQIxAdg'}
4.386 AuthorizationResponse {
"code": "Mx7TA1Lf5cwf42AVv3xvku_lJeozK5s0lJasPmI2AbU.rqo4xZdN31BEtL9gOnufcAjD8XizSnbTSTGdaQIxAdg",
"scope": "openid",
"state": "PU1OyxDSKAY1JwMb"
}
4.387 phase <--<-- 5 --- Done -->-->
4.387 end
4.387 assertion VerifyAuthnResponse
4.387 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
4.387 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-prompt-login.txt�������������������������������������������������������������������������������0000644�0000000�0000000�00000034661�13313422331�014662� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-prompt-login
Test description: Request with prompt=login
Timestamp: 2018-06-23T10:45:45Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.075 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.075 phase <--<-- 2 --- Registration -->-->
0.075 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#hXWMLsxMEZ7z6KnS"
],
"response_types": [
"code"
]
}
0.244 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.245 RegistrationResponse {
"client_id": "e6e5d6ab-950a-4534-801e-e12781fb9516",
"client_secret": "a-IJPhIH5ClD",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "e6e5d6ab-950a-4534-801e-e12781fb9516",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#hXWMLsxMEZ7z6KnS"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.245 phase <--<-- 3 --- AsyncAuthn -->-->
0.245 AuthorizationRequest {
"client_id": "e6e5d6ab-950a-4534-801e-e12781fb9516",
"nonce": "ghtrPbyPuirnuLbo",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "bYXnjDF4uAczmtnQ"
}
0.246 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=e6e5d6ab-950a-4534-801e-e12781fb9516&state=bYXnjDF4uAczmtnQ&response_type=code&nonce=ghtrPbyPuirnuLbo
0.246 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=e6e5d6ab-950a-4534-801e-e12781fb9516&state=bYXnjDF4uAczmtnQ&response_type=code&nonce=ghtrPbyPuirnuLbo
2.91 response Response URL with query part
2.91 response {'state': 'bYXnjDF4uAczmtnQ', 'scope': 'openid', 'code': 'q8ylankd9P7W1MyAI5s41uXmidsODni7nWkmYStOZgQ.bmtXi4y15cNeY8CkLdIYs76hQ32JTE3V4xC9alWvpEg'}
2.91 response {'state': 'bYXnjDF4uAczmtnQ', 'scope': 'openid', 'code': 'q8ylankd9P7W1MyAI5s41uXmidsODni7nWkmYStOZgQ.bmtXi4y15cNeY8CkLdIYs76hQ32JTE3V4xC9alWvpEg'}
2.911 AuthorizationResponse {
"code": "q8ylankd9P7W1MyAI5s41uXmidsODni7nWkmYStOZgQ.bmtXi4y15cNeY8CkLdIYs76hQ32JTE3V4xC9alWvpEg",
"scope": "openid",
"state": "bYXnjDF4uAczmtnQ"
}
2.911 phase <--<-- 4 --- AccessToken -->-->
2.911 --> request op_args: {'state': 'bYXnjDF4uAczmtnQ'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.911 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'bYXnjDF4uAczmtnQ', 'code': 'q8ylankd9P7W1MyAI5s41uXmidsODni7nWkmYStOZgQ.bmtXi4y15cNeY8CkLdIYs76hQ32JTE3V4xC9alWvpEg', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'e6e5d6ab-950a-4534-801e-e12781fb9516'}, 'state': 'bYXnjDF4uAczmtnQ'}
2.911 AccessTokenRequest {
"code": "q8ylankd9P7W1MyAI5s41uXmidsODni7nWkmYStOZgQ.bmtXi4y15cNeY8CkLdIYs76hQ32JTE3V4xC9alWvpEg",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "bYXnjDF4uAczmtnQ"
}
2.912 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.912 request_http_args {'headers': {'Authorization': 'Basic ZTZlNWQ2YWItOTUwYS00NTM0LTgwMWUtZTEyNzgxZmI5NTE2OmEtSUpQaElINUNsRA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.912 request code=q8ylankd9P7W1MyAI5s41uXmidsODni7nWkmYStOZgQ.bmtXi4y15cNeY8CkLdIYs76hQ32JTE3V4xC9alWvpEg&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=bYXnjDF4uAczmtnQ
3.126 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.127 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZTZlNWQ2YWItOTUwYS00NTM0LTgwMWUtZTEyNzgxZmI5NTE2Il0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MzQwLCJpYXQiOjE1Mjk3NTA3NDAsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImFhYmZhZTA1LWQzN2UtNDM0Ni05ODRhLTAwNGU1YWVlNDExMCIsIm5vbmNlIjoiZ2h0clBieVB1aXJudUxibyIsInJhdCI6MTUyOTc1MDczNywic3ViIjoiZm9vQGJhci5jb20ifQ.b3LDZ0CizWz1lIoJ1Wt6nGQGsImQCGHjj0XpeeBJPY5JYHQwOoH_Ifc8bHPzMHmc7KhZ9sdln5OHHfgXpCThmqTLUb1kdakJ2AFJeV7iu5hbBbJ8eX_1OmIBZGWe5UoxK0sQBAbxXxMecXtVQuVumHxJFjh22pXHpxSQwY6BDkvhxrFc_dz0rUlSr4SGeStZqp_97rAY1PFYvrZfdAD2uncDrk8ps7zw_Ew3jcRn3t077iut_PTu5sAK3u_FHJIpHqmjFJ0fNo2ix5ona4D8xppz5OwgvMO5U30zzHszFsxhlkZZw1xyZDngbdJLmPAkGSPYWdx9b6CKWLz2Fvjy2XvoGZtlMnxhWMAzoQ60eok78XdmsdQ_P8xWjL9OOlMyUzciqrWN4PWkxH94Qkn-JEu6rL0v8C2hyCuzvx_Ej0qz3vvUBCScQulTHcbd2oyWM9HMeC3yXUSGLSw3Ov6xGeuR4Vf_FNpepE-yq0ImxGqYFZK1fB5JJ83OVk9fVKlHgnvuaZwNLxXXjIo4H1soKpKgBAuTsr7vinmI8BDuOxCYjHke-RalnApSmytvSF7_d4yWxHzGbpMKplm5UOuyiYzaeFE07stIG0TK9LyOyPopl7ABYRzsgVIlqa9-i_znjHmkj82OqMes4xwVKqWa1q5sSOSW89eTGYVcQAy9ql0', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'uIjyvWq2Qco8ALae-1XmNw2tX0eA_ie6K3TvBM-7B2g.IslXBdiw-P2LUodKwxAveu4gskoq4-1PqBJxLHWgPB0', 'scope': 'openid'}
3.204 AccessTokenResponse {
"access_token": "uIjyvWq2Qco8ALae-1XmNw2tX0eA_ie6K3TvBM-7B2g.IslXBdiw-P2LUodKwxAveu4gskoq4-1PqBJxLHWgPB0",
"expires_in": 3599,
"id_token": {
"aud": [
"e6e5d6ab-950a-4534-801e-e12781fb9516"
],
"auth_time": 1529750592,
"exp": 1529754340,
"iat": 1529750740,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "aabfae05-d37e-4346-984a-004e5aee4110",
"nonce": "ghtrPbyPuirnuLbo",
"rat": 1529750737,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.204 phase <--<-- 5 --- Note -->-->
4.551 phase <--<-- 6 --- AsyncAuthn -->-->
4.551 AuthorizationRequest {
"client_id": "e6e5d6ab-950a-4534-801e-e12781fb9516",
"nonce": "WLnmIFq8SN7COL2r",
"prompt": [
"login"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "qRoPEHDE9rwcYJA2"
}
4.551 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=login&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=e6e5d6ab-950a-4534-801e-e12781fb9516&state=qRoPEHDE9rwcYJA2&response_type=code&nonce=WLnmIFq8SN7COL2r
4.551 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=login&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=e6e5d6ab-950a-4534-801e-e12781fb9516&state=qRoPEHDE9rwcYJA2&response_type=code&nonce=WLnmIFq8SN7COL2r
7.782 response Response URL with query part
7.782 response {'state': 'qRoPEHDE9rwcYJA2', 'scope': 'openid', 'code': 'U7xfLQrCoHL6vtnH8BqOJ57aJkT8IDK8WvoETbhNdp8.FajaFGq-Q6z0tddojqtBrqVs5rDDXkDrTPjw5NodwLM'}
7.782 response {'state': 'qRoPEHDE9rwcYJA2', 'scope': 'openid', 'code': 'U7xfLQrCoHL6vtnH8BqOJ57aJkT8IDK8WvoETbhNdp8.FajaFGq-Q6z0tddojqtBrqVs5rDDXkDrTPjw5NodwLM'}
7.783 AuthorizationResponse {
"code": "U7xfLQrCoHL6vtnH8BqOJ57aJkT8IDK8WvoETbhNdp8.FajaFGq-Q6z0tddojqtBrqVs5rDDXkDrTPjw5NodwLM",
"scope": "openid",
"state": "qRoPEHDE9rwcYJA2"
}
7.783 phase <--<-- 7 --- AccessToken -->-->
7.783 --> request op_args: {'state': 'qRoPEHDE9rwcYJA2'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
7.783 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'qRoPEHDE9rwcYJA2', 'code': 'U7xfLQrCoHL6vtnH8BqOJ57aJkT8IDK8WvoETbhNdp8.FajaFGq-Q6z0tddojqtBrqVs5rDDXkDrTPjw5NodwLM', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'e6e5d6ab-950a-4534-801e-e12781fb9516'}, 'state': 'qRoPEHDE9rwcYJA2'}
7.783 AccessTokenRequest {
"code": "U7xfLQrCoHL6vtnH8BqOJ57aJkT8IDK8WvoETbhNdp8.FajaFGq-Q6z0tddojqtBrqVs5rDDXkDrTPjw5NodwLM",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "qRoPEHDE9rwcYJA2"
}
7.783 request_url https://oidc-certification.ory.sh:8443/oauth2/token
7.783 request_http_args {'headers': {'Authorization': 'Basic ZTZlNWQ2YWItOTUwYS00NTM0LTgwMWUtZTEyNzgxZmI5NTE2OmEtSUpQaElINUNsRA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
7.783 request code=U7xfLQrCoHL6vtnH8BqOJ57aJkT8IDK8WvoETbhNdp8.FajaFGq-Q6z0tddojqtBrqVs5rDDXkDrTPjw5NodwLM&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=qRoPEHDE9rwcYJA2
8.001 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
8.002 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZTZlNWQ2YWItOTUwYS00NTM0LTgwMWUtZTEyNzgxZmI5NTE2Il0sImF1dGhfdGltZSI6MTUyOTc1MDc0NCwiZXhwIjoxNTI5NzU0MzQ1LCJpYXQiOjE1Mjk3NTA3NDUsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImNiZWNhZTAxLTM3ZGItNGQ3OS04MzgzLTA0N2YyY2E2Nzg1MiIsIm5vbmNlIjoiV0xubUlGcThTTjdDT0wyciIsInJhdCI6MTUyOTc1MDc0Miwic3ViIjoiZm9vQGJhci5jb20ifQ.grgWZcVRDvOP2QH-IeBfbFLpLm3-zzNzfb_41pItj40SV8N3V4oV1gl3XURvM4czzzv5wt_8T6ADbD3oBm9lGTFqP3Jt4SvsGzKHrH0O-goNhEhw9kLcY9QIBfJzMdiuZRa6FcDFvTO5Q0dbqsQmTJzWkpNw7d0p5aH45uoIFyzJA-OmmYrjcne1NJrArGUg0J4ikX6UJzsZtaIbc_DcwnSBVv3Rt71bu68aDjlXCvKLE5hBvd0tZMyAzbWucPG2Iy40OtJEx6Xs0VlXg0yUSueaJuNOu8xfWRMUulqRhXpBUdFDOEYw0GTbpwO1HHTNlZDvVXBF6eian75W0B8gFtqv2yQT3eE61Re3DQEWCxs9y8yxwKTkBbcfERAVPJVRZ2oYwtCAGZ8S5tgLh8pqgqy0ms5D0ohMB5RFqKmwQSsXG2qaIy3G6Vq89PRmJZCe63-KYRDuLzvMpXLfcXIJlr___jNz9FgoRk56cCjQe3-dQoKXGq0IyI-hXvDomCXHGsDhNDsTSxYZHbypL8QRB7-NGTuGBeGx2sWn0daFc4pB7UkTS43U3XqiB_RIo2vJGOzoaYErDkK5MunMkaZMqB8rE8-69WCsgMkDaaNw4eTFpRIkNpJGClHVkuYjcfViAj0t8OhzkgrZB8aIX4jtW-uZwpxKynr08yhmAjtQwEw', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'P1tmPbeHlZ9ZlyMWZJrEjpjBW5hKnaczymehndmdy1s.oWSsWwagQ3imZmwaeYO5Knq0jp5aF6KlqRmGVpIU5Ew', 'scope': 'openid'}
8.006 AccessTokenResponse {
"access_token": "P1tmPbeHlZ9ZlyMWZJrEjpjBW5hKnaczymehndmdy1s.oWSsWwagQ3imZmwaeYO5Knq0jp5aF6KlqRmGVpIU5Ew",
"expires_in": 3599,
"id_token": {
"aud": [
"e6e5d6ab-950a-4534-801e-e12781fb9516"
],
"auth_time": 1529750744,
"exp": 1529754345,
"iat": 1529750745,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "cbecae01-37db-4d79-8383-047f2ca67852",
"nonce": "WLnmIFq8SN7COL2r",
"rat": 1529750742,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
8.006 phase <--<-- 8 --- Done -->-->
8.006 end
8.006 assertion VerifyResponse
8.006 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
8.007 assertion MultipleSignOn
8.007 condition multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
8.007 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������./OP-Response-Missing.txt���������������������������������������������������������������������������0000644�0000000�0000000�00000015105�13313422074�015434� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Response-Missing
Test description: Authorization request missing the response_type parameter
Timestamp: 2018-06-23T10:43:08Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.141 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.153 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.154 phase <--<-- 2 --- Registration -->-->
0.154 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.154 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Si4UYQrtfWIg8h1Y"
],
"response_types": [
"code"
]
}
0.353 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.354 RegistrationResponse {
"client_id": "65f52f63-0ce2-4f34-8b28-7a655854acdb",
"client_secret": "L701-PZArCjQ",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "65f52f63-0ce2-4f34-8b28-7a655854acdb",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Si4UYQrtfWIg8h1Y"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.355 phase <--<-- 3 --- Note -->-->
1.651 phase <--<-- 4 --- AsyncAuthn -->-->
1.652 AuthorizationRequest {
"client_id": "65f52f63-0ce2-4f34-8b28-7a655854acdb",
"nonce": "7nQtj2WpXvPDKOLZ",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"scope": "openid",
"state": "QP5hDgKl8HxTW7F6"
}
1.652 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?state=QP5hDgKl8HxTW7F6&scope=openid&nonce=7nQtj2WpXvPDKOLZ&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=65f52f63-0ce2-4f34-8b28-7a655854acdb
1.652 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?state=QP5hDgKl8HxTW7F6&scope=openid&nonce=7nQtj2WpXvPDKOLZ&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=65f52f63-0ce2-4f34-8b28-7a655854acdb
2.368 response Response URL with query part
2.368 response {'error_debug': 'The request is missing the response_type parameter', 'error_description': 'The authorization server does not support obtaining a token using this method', 'state': '', 'error': 'unsupported_response_type'}
2.369 response {'error_debug': 'The request is missing the response_type parameter', 'error_description': 'The authorization server does not support obtaining a token using this method', 'error': 'unsupported_response_type'}
2.369 AuthorizationErrorResponse {
"error": "unsupported_response_type",
"error_debug": "The request is missing the response_type parameter",
"error_description": "The authorization server does not support obtaining a token using this method"
}
2.369 AuthorizationErrorResponse {
"error": "unsupported_response_type",
"error_debug": "The request is missing the response_type parameter",
"error_description": "The authorization server does not support obtaining a token using this method"
}
2.369 phase <--<-- 5 --- Done -->-->
2.369 end
2.37 assertion VerifyErrorMessage
2.37 condition verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
2.37 condition Done: status=OK
============================================================
Conditions
verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-UserInfo-Endpoint.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000024042�13313422257�015542� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-UserInfo-Endpoint
Test description: UserInfo Endpoint access with GET and bearer header
Timestamp: 2018-06-23T10:45:03Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.074 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#dS4H9oQi7M3amgkM"
],
"response_types": [
"code"
]
}
0.236 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.237 RegistrationResponse {
"client_id": "26991bdc-d9de-4007-9348-c302b9572d19",
"client_secret": "OLC_FYl5_x6k",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "26991bdc-d9de-4007-9348-c302b9572d19",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#dS4H9oQi7M3amgkM"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.237 phase <--<-- 3 --- AsyncAuthn -->-->
0.237 AuthorizationRequest {
"client_id": "26991bdc-d9de-4007-9348-c302b9572d19",
"nonce": "JgZv8B58VKjNmj6P",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "7GWJAnloMV7r7NLC"
}
0.238 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=26991bdc-d9de-4007-9348-c302b9572d19&state=7GWJAnloMV7r7NLC&response_type=code&nonce=JgZv8B58VKjNmj6P
0.238 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=26991bdc-d9de-4007-9348-c302b9572d19&state=7GWJAnloMV7r7NLC&response_type=code&nonce=JgZv8B58VKjNmj6P
1.922 response Response URL with query part
1.923 response {'state': '7GWJAnloMV7r7NLC', 'scope': 'openid', 'code': 'u3sg2MxtP-MIaMcDqUoq4OwJT1-9giC0QVAlRVQEj88.XzDWQudzDssVnvmHBWFoMpN1IqZ-fHsI3rxa2umv7PA'}
1.923 response {'state': '7GWJAnloMV7r7NLC', 'scope': 'openid', 'code': 'u3sg2MxtP-MIaMcDqUoq4OwJT1-9giC0QVAlRVQEj88.XzDWQudzDssVnvmHBWFoMpN1IqZ-fHsI3rxa2umv7PA'}
1.923 AuthorizationResponse {
"code": "u3sg2MxtP-MIaMcDqUoq4OwJT1-9giC0QVAlRVQEj88.XzDWQudzDssVnvmHBWFoMpN1IqZ-fHsI3rxa2umv7PA",
"scope": "openid",
"state": "7GWJAnloMV7r7NLC"
}
1.923 phase <--<-- 4 --- AccessToken -->-->
1.923 --> request op_args: {'state': '7GWJAnloMV7r7NLC'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
1.923 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '7GWJAnloMV7r7NLC', 'code': 'u3sg2MxtP-MIaMcDqUoq4OwJT1-9giC0QVAlRVQEj88.XzDWQudzDssVnvmHBWFoMpN1IqZ-fHsI3rxa2umv7PA', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '26991bdc-d9de-4007-9348-c302b9572d19'}, 'state': '7GWJAnloMV7r7NLC'}
1.924 AccessTokenRequest {
"code": "u3sg2MxtP-MIaMcDqUoq4OwJT1-9giC0QVAlRVQEj88.XzDWQudzDssVnvmHBWFoMpN1IqZ-fHsI3rxa2umv7PA",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "7GWJAnloMV7r7NLC"
}
1.924 request_url https://oidc-certification.ory.sh:8443/oauth2/token
1.924 request_http_args {'headers': {'Authorization': 'Basic MjY5OTFiZGMtZDlkZS00MDA3LTkzNDgtYzMwMmI5NTcyZDE5Ok9MQ19GWWw1X3g2aw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
1.924 request code=u3sg2MxtP-MIaMcDqUoq4OwJT1-9giC0QVAlRVQEj88.XzDWQudzDssVnvmHBWFoMpN1IqZ-fHsI3rxa2umv7PA&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=7GWJAnloMV7r7NLC
2.169 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.17 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMjY5OTFiZGMtZDlkZS00MDA3LTkzNDgtYzMwMmI5NTcyZDE5Il0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MzAyLCJpYXQiOjE1Mjk3NTA3MDIsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6Ijc2NDA1YjkwLTc4NjQtNGQ1Yy04MTFhLTNiMDhhNTJiNzcxMiIsIm5vbmNlIjoiSmdadjhCNThWS2pObWo2UCIsInJhdCI6MTUyOTc1MDcwMSwic3ViIjoiZm9vQGJhci5jb20ifQ.YTYm69ZMPcU9epaeVXZ9QPVZsgtz_Wk0rvC0qIdOZQBlZEdixvQVXr9qd_2_7N37fA3N6-3k5qpaPnnElKVsM3_EtGvnslPAGIT3V7fysVT6CtT1WqOGbet5wgZjKT5txNXhRkbclndVGXGHP_JWQ4rl9GqZOPH00bEiBhHGp7uWDwQW3EF0XR1PE1HG3LG-wMhspBHfAGhG86rfkD39wI-ay8F4YByMW9IPEk_htjUe2DqvFGDl2z9RzFFHJiWObUpi5zcOanJPnngx8LRi2T8GZl49FdRzPIx2Yf7EGeDm5VEfUsjr6tArv3A0LdjyP31OQHw3Gx3D6S_7hk-b3sNeNUO0QjASIJ-Vr64yxK2zfYmy084GUsrJmYwQ_NKova1-CqBcHTeGBMlYxXuvXnyYSCye5pY9MMT71XBZbbd_RI7hY8losFhBNIQfdatEkfG_nCyl3OujV3_ZQCDRogSsbjkS-EtasHNhcvTAoWyJJohnpvB8Y1R8i0hOEpbw3o0Bfs2EQD1OqV1ouhz1mHoI8ii5AEbAj6uK7aLdA82YlfBBB2ltkKbsvqaOYdrnIEY86oCosxPB6ZABOE4D0BMH5kCTIAmzdml__Q4S8omblushaahN6N6nuielnJaoyP-aPG4cvu2xRExqQ0ihudh1ty3yN7-tLcCM8pBCR-E', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'o544Fmn8gB1tahnB3pzNzhnBnIB21AS3lVH8N79llik.1WpXmdMxQEDG3-BMy-la_b5ptkey7Fvxh5oSpFtr8CU', 'scope': 'openid'}
2.252 AccessTokenResponse {
"access_token": "o544Fmn8gB1tahnB3pzNzhnBnIB21AS3lVH8N79llik.1WpXmdMxQEDG3-BMy-la_b5ptkey7Fvxh5oSpFtr8CU",
"expires_in": 3599,
"id_token": {
"aud": [
"26991bdc-d9de-4007-9348-c302b9572d19"
],
"auth_time": 1529750592,
"exp": 1529754302,
"iat": 1529750702,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "76405b90-7864-4d5c-811a-3b08a52b7712",
"nonce": "JgZv8B58VKjNmj6P",
"rat": 1529750701,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.253 phase <--<-- 5 --- UserInfo -->-->
2.253 do_user_info_request kwargs:{'state': '7GWJAnloMV7r7NLC', 'method': 'GET', 'authn_method': 'bearer_header'}
2.253 request {'body': None}
2.253 request_url https://oidc-certification.ory.sh:8443/userinfo
2.253 request_http_args {'headers': {'Authorization': 'Bearer o544Fmn8gB1tahnB3pzNzhnBnIB21AS3lVH8N79llik.1WpXmdMxQEDG3-BMy-la_b5ptkey7Fvxh5oSpFtr8CU'}}
2.331 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
2.332 OpenIDSchema {
"sub": "foo@bar.com"
}
2.332 OpenIDSchema {
"sub": "foo@bar.com"
}
2.332 phase <--<-- 6 --- Done -->-->
2.332 end
2.332 assertion VerifyResponse
2.332 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.332 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Req-id_token_hint.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000043520�13313422653�015577� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-id_token_hint
Test description: Using prompt=none with user hint through id_token_hint
Timestamp: 2018-06-23T10:49:15Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.117 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.118 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.118 phase <--<-- 2 --- Registration -->-->
0.118 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.119 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#1WWcE2792QFTeUxF"
],
"response_types": [
"code"
]
}
0.319 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.32 RegistrationResponse {
"client_id": "ff067afc-f729-4ebd-a3c1-52378407deaf",
"client_secret": "pK96NV.d8Re-",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "ff067afc-f729-4ebd-a3c1-52378407deaf",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#1WWcE2792QFTeUxF"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.32 phase <--<-- 3 --- AsyncAuthn -->-->
0.321 AuthorizationRequest {
"client_id": "ff067afc-f729-4ebd-a3c1-52378407deaf",
"nonce": "DCfHCfeJMtDXjewS",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "IvQFjZusTqYXb9X3"
}
0.321 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ff067afc-f729-4ebd-a3c1-52378407deaf&state=IvQFjZusTqYXb9X3&response_type=code&nonce=DCfHCfeJMtDXjewS
0.321 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ff067afc-f729-4ebd-a3c1-52378407deaf&state=IvQFjZusTqYXb9X3&response_type=code&nonce=DCfHCfeJMtDXjewS
2.678 response Response URL with query part
2.678 response {'state': 'IvQFjZusTqYXb9X3', 'scope': 'openid', 'code': '3_fwm3bVHIFDqKU5RV_CCtMIlKV1ZMl3hIdAPiMfNBg.LWxWRQfU-HzTSLs8V6voZSDeVLDH25Bzip1-a1zA-AI'}
2.678 response {'state': 'IvQFjZusTqYXb9X3', 'scope': 'openid', 'code': '3_fwm3bVHIFDqKU5RV_CCtMIlKV1ZMl3hIdAPiMfNBg.LWxWRQfU-HzTSLs8V6voZSDeVLDH25Bzip1-a1zA-AI'}
2.679 AuthorizationResponse {
"code": "3_fwm3bVHIFDqKU5RV_CCtMIlKV1ZMl3hIdAPiMfNBg.LWxWRQfU-HzTSLs8V6voZSDeVLDH25Bzip1-a1zA-AI",
"scope": "openid",
"state": "IvQFjZusTqYXb9X3"
}
2.679 phase <--<-- 4 --- AccessToken -->-->
2.679 --> request op_args: {'state': 'IvQFjZusTqYXb9X3'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.679 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'IvQFjZusTqYXb9X3', 'code': '3_fwm3bVHIFDqKU5RV_CCtMIlKV1ZMl3hIdAPiMfNBg.LWxWRQfU-HzTSLs8V6voZSDeVLDH25Bzip1-a1zA-AI', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'ff067afc-f729-4ebd-a3c1-52378407deaf'}, 'state': 'IvQFjZusTqYXb9X3'}
2.679 AccessTokenRequest {
"code": "3_fwm3bVHIFDqKU5RV_CCtMIlKV1ZMl3hIdAPiMfNBg.LWxWRQfU-HzTSLs8V6voZSDeVLDH25Bzip1-a1zA-AI",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "IvQFjZusTqYXb9X3"
}
2.679 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.679 request_http_args {'headers': {'Authorization': 'Basic ZmYwNjdhZmMtZjcyOS00ZWJkLWEzYzEtNTIzNzg0MDdkZWFmOnBLOTZOVi5kOFJlLQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.679 request code=3_fwm3bVHIFDqKU5RV_CCtMIlKV1ZMl3hIdAPiMfNBg.LWxWRQfU-HzTSLs8V6voZSDeVLDH25Bzip1-a1zA-AI&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=IvQFjZusTqYXb9X3
2.937 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.939 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZmYwNjdhZmMtZjcyOS00ZWJkLWEzYzEtNTIzNzg0MDdkZWFmIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NTQ3LCJpYXQiOjE1Mjk3NTA5NDcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImM0ODQ3ZDlkLWUxM2MtNDNlNC1hMTMyLTA2N2RkNDNjNzE3NiIsIm5vbmNlIjoiRENmSENmZUpNdERYamV3UyIsInJhdCI6MTUyOTc1MDk0NSwic3ViIjoiZm9vQGJhci5jb20ifQ.kgcqm3iUGExUECXjrJ9gnJgHbkh69Z0WlDpcjEvicz8RVvYv_04t6DQQPt8L0goot4rQYzNNsL3znktu0yOaSGJ4e8nOdpOFIlB8J9kU9vtZ8xjD2Gt8Rt1eYpIvT619wXSGLbM4Fy3X_XunS8hdMtT_tJhb8nhCOj19JgMOp-_ejaFcHNr3jnvnUsPf0h6Boe6tqsCFEruyamrvkFe0bGzriaylRlhANQcOAgHHUz_ViHRGlJrnRPX3MEZjJQljXirqPKDaG1upJb_-nPxaasc8bYYsVqv-tvPAlRJsLRLcbpsvyyJCEVm8-Wbf28XCJO9jnBAMWAZqO-hYZRTB62tPTTsStlwPkwoAbo_WZRht8SBEJxB4S3zpjrIpQUWsG4kRp6gHg6tVvbPYhAxSq3AiXabUq8tP_17wSO4dJg3EgydtgpbGp50aG38G8_T3R53mbJCINSn95g5cYpghgtb2-y6WQrvsY__oMwxqtMRosIjHU-UFwya4avj_ihh-Ftt1gYuDp6tyN26y6N6DCx1KjXnip3k7VkTs33yRBeCWhjthDfKlY_ahJKgu3OqwW87oyjXFqeLVJ9TmFXzxOEyfFEOH3wV00NyDgopE5QJ1Ei7qtiNBp9ezhv7h1iLEyl2xmlh8eWstRSBxX1NYPVSSOJSfM_2wTQelPO_uvL8', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'rLck6Jqpm8s4VhgnKrx_dukjW6fBsGKfepHibcqBQ7I.Cp_7kFeSwan6NYAetD-jEZuBtac8b2SZrADp_k6Zitg', 'scope': 'openid'}
3.02 AccessTokenResponse {
"access_token": "rLck6Jqpm8s4VhgnKrx_dukjW6fBsGKfepHibcqBQ7I.Cp_7kFeSwan6NYAetD-jEZuBtac8b2SZrADp_k6Zitg",
"expires_in": 3599,
"id_token": {
"aud": [
"ff067afc-f729-4ebd-a3c1-52378407deaf"
],
"auth_time": 1529750749,
"exp": 1529754547,
"iat": 1529750947,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "c4847d9d-e13c-43e4-a132-067dd43c7176",
"nonce": "DCfHCfeJMtDXjewS",
"rat": 1529750945,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.02 phase <--<-- 5 --- AsyncAuthn -->-->
3.021 AuthorizationRequest {
"client_id": "ff067afc-f729-4ebd-a3c1-52378407deaf",
"id_token_hint": "eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZmYwNjdhZmMtZjcyOS00ZWJkLWEzYzEtNTIzNzg0MDdkZWFmIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NTQ3LCJpYXQiOjE1Mjk3NTA5NDcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImM0ODQ3ZDlkLWUxM2MtNDNlNC1hMTMyLTA2N2RkNDNjNzE3NiIsIm5vbmNlIjoiRENmSENmZUpNdERYamV3UyIsInJhdCI6MTUyOTc1MDk0NSwic3ViIjoiZm9vQGJhci5jb20ifQ.kgcqm3iUGExUECXjrJ9gnJgHbkh69Z0WlDpcjEvicz8RVvYv_04t6DQQPt8L0goot4rQYzNNsL3znktu0yOaSGJ4e8nOdpOFIlB8J9kU9vtZ8xjD2Gt8Rt1eYpIvT619wXSGLbM4Fy3X_XunS8hdMtT_tJhb8nhCOj19JgMOp-_ejaFcHNr3jnvnUsPf0h6Boe6tqsCFEruyamrvkFe0bGzriaylRlhANQcOAgHHUz_ViHRGlJrnRPX3MEZjJQljXirqPKDaG1upJb_-nPxaasc8bYYsVqv-tvPAlRJsLRLcbpsvyyJCEVm8-Wbf28XCJO9jnBAMWAZqO-hYZRTB62tPTTsStlwPkwoAbo_WZRht8SBEJxB4S3zpjrIpQUWsG4kRp6gHg6tVvbPYhAxSq3AiXabUq8tP_17wSO4dJg3EgydtgpbGp50aG38G8_T3R53mbJCINSn95g5cYpghgtb2-y6WQrvsY__oMwxqtMRosIjHU-UFwya4avj_ihh-Ftt1gYuDp6tyN26y6N6DCx1KjXnip3k7VkTs33yRBeCWhjthDfKlY_ahJKgu3OqwW87oyjXFqeLVJ9TmFXzxOEyfFEOH3wV00NyDgopE5QJ1Ei7qtiNBp9ezhv7h1iLEyl2xmlh8eWstRSBxX1NYPVSSOJSfM_2wTQelPO_uvL8",
"nonce": "wTR3Yfgt9n5uojPq",
"prompt": [
"none"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "FmSlcEa8rY6NQEHn"
}
3.021 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ff067afc-f729-4ebd-a3c1-52378407deaf&state=FmSlcEa8rY6NQEHn&id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZmYwNjdhZmMtZjcyOS00ZWJkLWEzYzEtNTIzNzg0MDdkZWFmIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NTQ3LCJpYXQiOjE1Mjk3NTA5NDcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImM0ODQ3ZDlkLWUxM2MtNDNlNC1hMTMyLTA2N2RkNDNjNzE3NiIsIm5vbmNlIjoiRENmSENmZUpNdERYamV3UyIsInJhdCI6MTUyOTc1MDk0NSwic3ViIjoiZm9vQGJhci5jb20ifQ.kgcqm3iUGExUECXjrJ9gnJgHbkh69Z0WlDpcjEvicz8RVvYv_04t6DQQPt8L0goot4rQYzNNsL3znktu0yOaSGJ4e8nOdpOFIlB8J9kU9vtZ8xjD2Gt8Rt1eYpIvT619wXSGLbM4Fy3X_XunS8hdMtT_tJhb8nhCOj19JgMOp-_ejaFcHNr3jnvnUsPf0h6Boe6tqsCFEruyamrvkFe0bGzriaylRlhANQcOAgHHUz_ViHRGlJrnRPX3MEZjJQljXirqPKDaG1upJb_-nPxaasc8bYYsVqv-tvPAlRJsLRLcbpsvyyJCEVm8-Wbf28XCJO9jnBAMWAZqO-hYZRTB62tPTTsStlwPkwoAbo_WZRht8SBEJxB4S3zpjrIpQUWsG4kRp6gHg6tVvbPYhAxSq3AiXabUq8tP_17wSO4dJg3EgydtgpbGp50aG38G8_T3R53mbJCINSn95g5cYpghgtb2-y6WQrvsY__oMwxqtMRosIjHU-UFwya4avj_ihh-Ftt1gYuDp6tyN26y6N6DCx1KjXnip3k7VkTs33yRBeCWhjthDfKlY_ahJKgu3OqwW87oyjXFqeLVJ9TmFXzxOEyfFEOH3wV00NyDgopE5QJ1Ei7qtiNBp9ezhv7h1iLEyl2xmlh8eWstRSBxX1NYPVSSOJSfM_2wTQelPO_uvL8&response_type=code&nonce=wTR3Yfgt9n5uojPq
3.021 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ff067afc-f729-4ebd-a3c1-52378407deaf&state=FmSlcEa8rY6NQEHn&id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZmYwNjdhZmMtZjcyOS00ZWJkLWEzYzEtNTIzNzg0MDdkZWFmIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NTQ3LCJpYXQiOjE1Mjk3NTA5NDcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImM0ODQ3ZDlkLWUxM2MtNDNlNC1hMTMyLTA2N2RkNDNjNzE3NiIsIm5vbmNlIjoiRENmSENmZUpNdERYamV3UyIsInJhdCI6MTUyOTc1MDk0NSwic3ViIjoiZm9vQGJhci5jb20ifQ.kgcqm3iUGExUECXjrJ9gnJgHbkh69Z0WlDpcjEvicz8RVvYv_04t6DQQPt8L0goot4rQYzNNsL3znktu0yOaSGJ4e8nOdpOFIlB8J9kU9vtZ8xjD2Gt8Rt1eYpIvT619wXSGLbM4Fy3X_XunS8hdMtT_tJhb8nhCOj19JgMOp-_ejaFcHNr3jnvnUsPf0h6Boe6tqsCFEruyamrvkFe0bGzriaylRlhANQcOAgHHUz_ViHRGlJrnRPX3MEZjJQljXirqPKDaG1upJb_-nPxaasc8bYYsVqv-tvPAlRJsLRLcbpsvyyJCEVm8-Wbf28XCJO9jnBAMWAZqO-hYZRTB62tPTTsStlwPkwoAbo_WZRht8SBEJxB4S3zpjrIpQUWsG4kRp6gHg6tVvbPYhAxSq3AiXabUq8tP_17wSO4dJg3EgydtgpbGp50aG38G8_T3R53mbJCINSn95g5cYpghgtb2-y6WQrvsY__oMwxqtMRosIjHU-UFwya4avj_ihh-Ftt1gYuDp6tyN26y6N6DCx1KjXnip3k7VkTs33yRBeCWhjthDfKlY_ahJKgu3OqwW87oyjXFqeLVJ9TmFXzxOEyfFEOH3wV00NyDgopE5QJ1Ei7qtiNBp9ezhv7h1iLEyl2xmlh8eWstRSBxX1NYPVSSOJSfM_2wTQelPO_uvL8&response_type=code&nonce=wTR3Yfgt9n5uojPq
10.565 response Response URL with query part
10.565 response {'state': 'FmSlcEa8rY6NQEHn', 'scope': 'openid', 'code': 'lw8ZcvVYO7oxVR_dYuvk36uoLA-NTTImmKvTldXWWjQ.EIwo2mjKW3pnrs8PX2W8ewtUn64RyKkc_6Ahm_QVbrs'}
10.565 response {'state': 'FmSlcEa8rY6NQEHn', 'scope': 'openid', 'code': 'lw8ZcvVYO7oxVR_dYuvk36uoLA-NTTImmKvTldXWWjQ.EIwo2mjKW3pnrs8PX2W8ewtUn64RyKkc_6Ahm_QVbrs'}
10.566 AuthorizationResponse {
"code": "lw8ZcvVYO7oxVR_dYuvk36uoLA-NTTImmKvTldXWWjQ.EIwo2mjKW3pnrs8PX2W8ewtUn64RyKkc_6Ahm_QVbrs",
"scope": "openid",
"state": "FmSlcEa8rY6NQEHn"
}
10.566 phase <--<-- 6 --- AccessToken -->-->
10.566 --> request op_args: {'state': 'FmSlcEa8rY6NQEHn'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
10.566 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'FmSlcEa8rY6NQEHn', 'code': 'lw8ZcvVYO7oxVR_dYuvk36uoLA-NTTImmKvTldXWWjQ.EIwo2mjKW3pnrs8PX2W8ewtUn64RyKkc_6Ahm_QVbrs', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'ff067afc-f729-4ebd-a3c1-52378407deaf'}, 'state': 'FmSlcEa8rY6NQEHn'}
10.566 AccessTokenRequest {
"code": "lw8ZcvVYO7oxVR_dYuvk36uoLA-NTTImmKvTldXWWjQ.EIwo2mjKW3pnrs8PX2W8ewtUn64RyKkc_6Ahm_QVbrs",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "FmSlcEa8rY6NQEHn"
}
10.566 request_url https://oidc-certification.ory.sh:8443/oauth2/token
10.566 request_http_args {'headers': {'Authorization': 'Basic ZmYwNjdhZmMtZjcyOS00ZWJkLWEzYzEtNTIzNzg0MDdkZWFmOnBLOTZOVi5kOFJlLQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
10.566 request code=lw8ZcvVYO7oxVR_dYuvk36uoLA-NTTImmKvTldXWWjQ.EIwo2mjKW3pnrs8PX2W8ewtUn64RyKkc_6Ahm_QVbrs&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=FmSlcEa8rY6NQEHn
10.796 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
10.797 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZmYwNjdhZmMtZjcyOS00ZWJkLWEzYzEtNTIzNzg0MDdkZWFmIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NTU1LCJpYXQiOjE1Mjk3NTA5NTUsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImQzNDYxNDI4LWU2ZjgtNGU3Ny1hYTMyLThkNDAwNjg4ZmUzMiIsIm5vbmNlIjoid1RSM1lmZ3Q5bjV1b2pQcSIsInJhdCI6MTUyOTc1MDk0OCwic3ViIjoiZm9vQGJhci5jb20ifQ.Zh1KpuHVpRg90sXaPbs7dzvSHkgBKYtMTBLJMzh1C0adyTEyZsmCt-OwI1xojHhHu8qMXqLej8PqdcclGsAGlOs-abllxrRQQuqD_a-ohzq3J9qKelJLjo7fApjtRHSoQwB8WCyKJ8eIudAxjvQg1CyQekpfzl9RudPp-0bhfnV_VPZP_Ez_nK-VcFqHsBnkhdeJ-ZtmBqW4qZGoZX3JdB9-DB8bkw6wQSmJ1dd4dHzxgZZU5v-p3GLYh1_nZc45CVfulmYIv3Di5gUkmrp3zoPzosfjSM--MKbaL4GT73tqGCGTJD5PM-kRdHZ8T066-LGcWlu5KBxLTTvDDMMJlXlYvG04m4bzc4Oy3qAnXMIXoFilOKOOuQZpyuZW0DGzagSXlMnx5JKvmlpay_dTfFKknoLDcy_rT6Tutb7usUpa8MsW3dgHMXjCroH6Me3rqM4Q9VyBnRReYq0vGKo2Ad_pr2DvBS9UtpcIkTOAT4rjZVh1qRCf0doSqxaJLJAkjcGFrih0-q_0YxRX8GIgPJN8XoAcyFuk7oxxXQztbgLBmBK5KXYPIAHZXIplKimteLQmQoyjama0fdyVqqC9pLaEhvp1HrmTdJMV_M5e7XI9jV1nzURl6kIGN5wmGGfxpXoYjPkXr-kZKAooN8YZ4RNX4oEVhDiDDBhJPQ8-afo', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'oOzUA99d7m5oDwL3Z-ZohMfRCVxzrbumQ7JV5qEjh6I.wQ4KIyfovk4GD-QG8gjfVISPmGtymYqKW_Z4IDK9aTE', 'scope': 'openid'}
10.801 AccessTokenResponse {
"access_token": "oOzUA99d7m5oDwL3Z-ZohMfRCVxzrbumQ7JV5qEjh6I.wQ4KIyfovk4GD-QG8gjfVISPmGtymYqKW_Z4IDK9aTE",
"expires_in": 3599,
"id_token": {
"aud": [
"ff067afc-f729-4ebd-a3c1-52378407deaf"
],
"auth_time": 1529750749,
"exp": 1529754555,
"iat": 1529750955,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "d3461428-e6f8-4e77-aa32-8d400688fe32",
"nonce": "wTR3Yfgt9n5uojPq",
"rat": 1529750948,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
10.801 phase <--<-- 7 --- Done -->-->
10.801 end
10.801 assertion VerifyResponse
10.801 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
10.802 assertion SameAuthn
10.802 condition same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
10.802 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-tos_uri.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000014625�13313422164�016371� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-tos_uri
Test description: Registration with tos_uri
Timestamp: 2018-06-23T10:44:04Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.09 phase <--<-- 1 --- Webfinger -->-->
1.09 not expected to do WebFinger
1.09 phase <--<-- 2 --- Discovery -->-->
1.09 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.172 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.174 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.174 phase <--<-- 3 --- Registration -->-->
1.174 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'tos_uri': 'https://op.certification.openid.net:61353/static/tos.html', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.174 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#7LsDldjXGsu24rqB"
],
"response_types": [
"code"
],
"tos_uri": "https://op.certification.openid.net:61353/static/tos.html"
}
1.329 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.33 RegistrationResponse {
"client_id": "b9f3defb-96fb-4f5f-a4c1-3da0c0b8245f",
"client_secret": "sEJ_Jj149xEj",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "b9f3defb-96fb-4f5f-a4c1-3da0c0b8245f",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#7LsDldjXGsu24rqB"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"tos_uri": "https://op.certification.openid.net:61353/static/tos.html",
"userinfo_signed_response_alg": "none"
}
1.33 phase <--<-- 4 --- AsyncAuthn -->-->
1.331 AuthorizationRequest {
"client_id": "b9f3defb-96fb-4f5f-a4c1-3da0c0b8245f",
"nonce": "sBCJg0CTIeMKEYCo",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "xBj0nldKDfD34aq7"
}
1.331 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=b9f3defb-96fb-4f5f-a4c1-3da0c0b8245f&state=xBj0nldKDfD34aq7&response_type=code&nonce=sBCJg0CTIeMKEYCo
1.331 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=b9f3defb-96fb-4f5f-a4c1-3da0c0b8245f&state=xBj0nldKDfD34aq7&response_type=code&nonce=sBCJg0CTIeMKEYCo
4.773 response Response URL with query part
4.773 response {'state': 'xBj0nldKDfD34aq7', 'scope': 'openid', 'code': 'CnJRaupaStC3ecxsVUrIX_gO4MWYo6ap4sZsIFAPxU4.oXBBjtX8OlXI7KrLbona60PxiazGJYSQvhNeLKlS-rs'}
4.774 response {'state': 'xBj0nldKDfD34aq7', 'scope': 'openid', 'code': 'CnJRaupaStC3ecxsVUrIX_gO4MWYo6ap4sZsIFAPxU4.oXBBjtX8OlXI7KrLbona60PxiazGJYSQvhNeLKlS-rs'}
4.774 AuthorizationResponse {
"code": "CnJRaupaStC3ecxsVUrIX_gO4MWYo6ap4sZsIFAPxU4.oXBBjtX8OlXI7KrLbona60PxiazGJYSQvhNeLKlS-rs",
"scope": "openid",
"state": "xBj0nldKDfD34aq7"
}
4.774 phase <--<-- 5 --- Done -->-->
4.774 end
4.775 assertion VerifyAuthnResponse
4.775 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
4.775 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������./OP-prompt-none-NotLoggedIn.txt��������������������������������������������������������������������0000644�0000000�0000000�00000015403�13313422354�016656� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-prompt-none-NotLoggedIn
Test description: Request with prompt=none when not logged in
Timestamp: 2018-06-23T10:46:04Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
2.55 phase <--<-- 1 --- Webfinger -->-->
2.55 not expected to do WebFinger
2.55 phase <--<-- 2 --- Discovery -->-->
2.55 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
2.624 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
2.625 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
2.625 phase <--<-- 3 --- Registration -->-->
2.625 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
2.626 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#n0iVlSqvBXqBieXQ"
],
"response_types": [
"code"
]
}
2.785 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
2.786 RegistrationResponse {
"client_id": "68557ec6-8e9f-4ff1-b50c-6d95713e5977",
"client_secret": "SxP6GFsvbnIk",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "68557ec6-8e9f-4ff1-b50c-6d95713e5977",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#n0iVlSqvBXqBieXQ"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
2.786 phase <--<-- 4 --- AsyncAuthn -->-->
2.787 AuthorizationRequest {
"client_id": "68557ec6-8e9f-4ff1-b50c-6d95713e5977",
"nonce": "i3OljxAGcNCbqIiA",
"prompt": [
"none"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "q1An4wJ1Y5ITWTL4"
}
2.787 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=68557ec6-8e9f-4ff1-b50c-6d95713e5977&state=q1An4wJ1Y5ITWTL4&response_type=code&nonce=i3OljxAGcNCbqIiA
2.787 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=68557ec6-8e9f-4ff1-b50c-6d95713e5977&state=q1An4wJ1Y5ITWTL4&response_type=code&nonce=i3OljxAGcNCbqIiA
3.226 response Response URL with query part
3.226 response {'error_debug': 'Prompt "none" was requested, but no existing login session was found', 'error_description': 'The Authorization Server requires End-User authentication', 'state': 'q1An4wJ1Y5ITWTL4', 'error': 'login_required'}
3.227 response {'error_debug': 'Prompt "none" was requested, but no existing login session was found', 'error_description': 'The Authorization Server requires End-User authentication', 'state': 'q1An4wJ1Y5ITWTL4', 'error': 'login_required'}
3.227 AuthorizationErrorResponse {
"error": "login_required",
"error_debug": "Prompt \"none\" was requested, but no existing login session was found",
"error_description": "The Authorization Server requires End-User authentication",
"state": "q1An4wJ1Y5ITWTL4"
}
3.227 AuthorizationErrorResponse {
"error": "login_required",
"error_debug": "Prompt \"none\" was requested, but no existing login session was found",
"error_description": "The Authorization Server requires End-User authentication",
"state": "q1An4wJ1Y5ITWTL4"
}
3.227 phase <--<-- 5 --- Done -->-->
3.227 end
3.228 assertion VerifyErrorMessage
3.228 condition verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
3.228 condition Done: status=OK
============================================================
Conditions
verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-request_uri-Unsigned.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000015413�13313422455�016355� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-request_uri-Unsigned
Test description: Support request_uri request parameter with unsigned request
Timestamp: 2018-06-23T10:47:09Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.108 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.109 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.109 phase <--<-- 2 --- Registration -->-->
0.109 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'request_object_signing_alg': 'none'}
0.11 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "none",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#y3yJCj9aUwijFwLb"
],
"response_types": [
"code"
]
}
0.266 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.267 RegistrationResponse {
"client_id": "7e003ff3-922d-46c7-9aed-14229d2dcd77",
"client_secret": "uDrA6HdvFjX_",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "7e003ff3-922d-46c7-9aed-14229d2dcd77",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "none",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#y3yJCj9aUwijFwLb"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.267 phase <--<-- 3 --- AsyncAuthn -->-->
0.269 AuthorizationRequest {
"client_id": "7e003ff3-922d-46c7-9aed-14229d2dcd77",
"nonce": "J399ANqxm0zU5D12",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"request_uri": "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#y3yJCj9aUwijFwLb",
"response_type": "code",
"scope": "openid",
"state": "4mLRZhS3TmIfT4PC"
}
0.269 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?request_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Frequests%2Fe3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9%23y3yJCj9aUwijFwLb&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=7e003ff3-922d-46c7-9aed-14229d2dcd77&state=4mLRZhS3TmIfT4PC&response_type=code&nonce=J399ANqxm0zU5D12
0.269 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?request_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Frequests%2Fe3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9%23y3yJCj9aUwijFwLb&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=7e003ff3-922d-46c7-9aed-14229d2dcd77&state=4mLRZhS3TmIfT4PC&response_type=code&nonce=J399ANqxm0zU5D12
4.007 response Response URL with query part
4.007 response {'state': '4mLRZhS3TmIfT4PC', 'scope': 'openid', 'code': 'RC9sPmg6uGLiz7AOGzyMJlz3WRO3TnuDp4ukq6SLn9w.z1UQnAQdHLjEGtAcoTKzJKMuh3OupD8C6-XyXQf0AZw'}
4.008 response {'state': '4mLRZhS3TmIfT4PC', 'scope': 'openid', 'code': 'RC9sPmg6uGLiz7AOGzyMJlz3WRO3TnuDp4ukq6SLn9w.z1UQnAQdHLjEGtAcoTKzJKMuh3OupD8C6-XyXQf0AZw'}
4.008 AuthorizationResponse {
"code": "RC9sPmg6uGLiz7AOGzyMJlz3WRO3TnuDp4ukq6SLn9w.z1UQnAQdHLjEGtAcoTKzJKMuh3OupD8C6-XyXQf0AZw",
"scope": "openid",
"state": "4mLRZhS3TmIfT4PC"
}
4.008 phase <--<-- 4 --- Done -->-->
4.008 end
4.009 assertion VerifyResponse
4.009 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
4.009 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Response-code.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000014213�13313422104�014726� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Response-code
Test description: Request with response_type=code
Timestamp: 2018-06-23T10:43:16Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.106 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.107 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.107 phase <--<-- 2 --- Registration -->-->
0.107 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.107 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#93s4J36rqeQJiHsM"
],
"response_types": [
"code"
]
}
0.298 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.299 RegistrationResponse {
"client_id": "7aaec6a8-b0a8-438f-af5f-6f2fe5d378dc",
"client_secret": "O1AMWod5wybF",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "7aaec6a8-b0a8-438f-af5f-6f2fe5d378dc",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#93s4J36rqeQJiHsM"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.299 phase <--<-- 3 --- AsyncAuthn -->-->
0.299 AuthorizationRequest {
"client_id": "7aaec6a8-b0a8-438f-af5f-6f2fe5d378dc",
"nonce": "SRMa3MgSMgr6Bjm6",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "fE1XuV4S8dvmxiPT"
}
0.3 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=7aaec6a8-b0a8-438f-af5f-6f2fe5d378dc&state=fE1XuV4S8dvmxiPT&response_type=code&nonce=SRMa3MgSMgr6Bjm6
0.3 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=7aaec6a8-b0a8-438f-af5f-6f2fe5d378dc&state=fE1XuV4S8dvmxiPT&response_type=code&nonce=SRMa3MgSMgr6Bjm6
7.414 response Response URL with query part
7.415 response {'state': 'fE1XuV4S8dvmxiPT', 'scope': 'openid', 'code': 'QdzPnGJ2hEUhGi_Xc2swEZz9BOV1okGsf_03oI6DDmw.YH0sAo_sBk69q7O6Nljqg25K8MHtRyBn64qkqIdJtxA'}
7.415 response {'state': 'fE1XuV4S8dvmxiPT', 'scope': 'openid', 'code': 'QdzPnGJ2hEUhGi_Xc2swEZz9BOV1okGsf_03oI6DDmw.YH0sAo_sBk69q7O6Nljqg25K8MHtRyBn64qkqIdJtxA'}
7.415 AuthorizationResponse {
"code": "QdzPnGJ2hEUhGi_Xc2swEZz9BOV1okGsf_03oI6DDmw.YH0sAo_sBk69q7O6Nljqg25K8MHtRyBn64qkqIdJtxA",
"scope": "openid",
"state": "fE1XuV4S8dvmxiPT"
}
7.415 phase <--<-- 4 --- Done -->-->
7.415 end
7.416 assertion VerifyAuthnResponse
7.416 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
7.416 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Req-acr_values.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000023513�13313422532�015101� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-acr_values
Test description: Providing acr_values
Timestamp: 2018-06-23T10:47:54Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.072 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.074 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#5ofEKGPE4swDCLVE"
],
"response_types": [
"code"
]
}
0.235 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.236 RegistrationResponse {
"client_id": "45fcfb4e-4c2d-4da4-95f7-e6b24f5a96d1",
"client_secret": "8JdoRG7cbXg9",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "45fcfb4e-4c2d-4da4-95f7-e6b24f5a96d1",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#5ofEKGPE4swDCLVE"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.236 phase <--<-- 3 --- AsyncAuthn -->-->
0.237 AuthorizationRequest {
"acr_values": "1 2",
"client_id": "45fcfb4e-4c2d-4da4-95f7-e6b24f5a96d1",
"nonce": "eU8NNDTqE5vMy3JB",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "nbwase0KVlKytapU"
}
0.237 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=45fcfb4e-4c2d-4da4-95f7-e6b24f5a96d1&state=nbwase0KVlKytapU&acr_values=1+2&response_type=code&nonce=eU8NNDTqE5vMy3JB
0.237 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=45fcfb4e-4c2d-4da4-95f7-e6b24f5a96d1&state=nbwase0KVlKytapU&acr_values=1+2&response_type=code&nonce=eU8NNDTqE5vMy3JB
2.425 response Response URL with query part
2.425 response {'state': 'nbwase0KVlKytapU', 'scope': 'openid', 'code': '4EAM2YmrQcMgZdhPslm3OwP8yBCvC3gX24FKqbiDGxw.wfU4oM_1PpAlM-cxYCUSjL-N9MPFqYN3pFMMYp4q7Dw'}
2.426 response {'state': 'nbwase0KVlKytapU', 'scope': 'openid', 'code': '4EAM2YmrQcMgZdhPslm3OwP8yBCvC3gX24FKqbiDGxw.wfU4oM_1PpAlM-cxYCUSjL-N9MPFqYN3pFMMYp4q7Dw'}
2.426 AuthorizationResponse {
"code": "4EAM2YmrQcMgZdhPslm3OwP8yBCvC3gX24FKqbiDGxw.wfU4oM_1PpAlM-cxYCUSjL-N9MPFqYN3pFMMYp4q7Dw",
"scope": "openid",
"state": "nbwase0KVlKytapU"
}
2.426 phase <--<-- 4 --- AccessToken -->-->
2.426 --> request op_args: {'state': 'nbwase0KVlKytapU'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.426 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'nbwase0KVlKytapU', 'code': '4EAM2YmrQcMgZdhPslm3OwP8yBCvC3gX24FKqbiDGxw.wfU4oM_1PpAlM-cxYCUSjL-N9MPFqYN3pFMMYp4q7Dw', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '45fcfb4e-4c2d-4da4-95f7-e6b24f5a96d1'}, 'state': 'nbwase0KVlKytapU'}
2.426 AccessTokenRequest {
"code": "4EAM2YmrQcMgZdhPslm3OwP8yBCvC3gX24FKqbiDGxw.wfU4oM_1PpAlM-cxYCUSjL-N9MPFqYN3pFMMYp4q7Dw",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "nbwase0KVlKytapU"
}
2.426 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.426 request_http_args {'headers': {'Authorization': 'Basic NDVmY2ZiNGUtNGMyZC00ZGE0LTk1ZjctZTZiMjRmNWE5NmQxOjhKZG9SRzdjYlhnOQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.426 request code=4EAM2YmrQcMgZdhPslm3OwP8yBCvC3gX24FKqbiDGxw.wfU4oM_1PpAlM-cxYCUSjL-N9MPFqYN3pFMMYp4q7Dw&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=nbwase0KVlKytapU
2.64 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.641 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhY3IiOiIwIiwiYXVkIjpbIjQ1ZmNmYjRlLTRjMmQtNGRhNC05NWY3LWU2YjI0ZjVhOTZkMSJdLCJhdXRoX3RpbWUiOjE1Mjk3NTA3NDksImV4cCI6MTUyOTc1NDQ3MywiaWF0IjoxNTI5NzUwODczLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJlNGRhNmIwMi05OTRlLTRhNWQtYjMzNy0wYzE5NTI1YTg4NTEiLCJub25jZSI6ImVVOE5ORFRxRTV2TXkzSkIiLCJyYXQiOjE1Mjk3NTA4NzEsInN1YiI6ImZvb0BiYXIuY29tIn0.c2_g5zxoyoWGUv-bQIPhrFGLGQPzEVNHcAzFc7jbTe61hCDWVc44rlm50s8Nq0oCMjLLBRO_OJsoQsC9esXrdY8deNn8tJ0gjpszgf8a17K7g5VhXenRFqTWD0fVIPL8GodWtiBhfSZJSYgrbKt9d_pjntg6oY1Eak9sHQemD4nKF1IZpMOpsWalO-SC0mUhoVcSNpGUtZ-FCkBkRRXUfUCo7fq83Anmr0IMrCzz6abkVJZk_yOpEq7GE8JesnaQeHT28O3l8LEYOJrzoDZmYuue3nXzesyGNd5D_qrK3MECzvLEMcVQOtJA2dzhjiBy3l61sD_vBbE-s40i7wfTixee_hS8N8I6iF2bZpmXO_fySuCHOvheKtIQ6E8fn6RZ0y_J4XitA1QY_yd5hlGeF5HxBx1X0oGAlFqCK2ur6IJ-fABx4NDvokuPEM2R0RS_YY1xbUYzDQoa2Y99CAREeOhppSCXw7m0sRxgMvHvo5iEEHgX4PZFCj72wFXyLQxoJISiabzWRWCiEo_VigK9TsLo45afZMEhOUfshHkO20HQyrBIi6B5LV2KwbEJeBdBYCFdBYUd2-vpi9lU-Mqt9KX3p0D7Gp6-varcIqHH4brXmB7NfySen_okkQZO0LxyRLXY8mKJT5-yIuda1LJ4BvIXUucob1lTulZgtLEEUro', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'DuS8ueyN2zvYCaP1SCamSzNPUkCiNlH4Z8yNsxUCMPQ.wQDN-_MniAoevr1J9-yavV9WY5lEyXxqPBAsRwScHus', 'scope': 'openid'}
2.72 AccessTokenResponse {
"access_token": "DuS8ueyN2zvYCaP1SCamSzNPUkCiNlH4Z8yNsxUCMPQ.wQDN-_MniAoevr1J9-yavV9WY5lEyXxqPBAsRwScHus",
"expires_in": 3599,
"id_token": {
"acr": "0",
"aud": [
"45fcfb4e-4c2d-4da4-95f7-e6b24f5a96d1"
],
"auth_time": 1529750749,
"exp": 1529754473,
"iat": 1529750873,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "e4da6b02-994e-4a5d-b337-0c19525a8851",
"nonce": "eU8NNDTqE5vMy3JB",
"rat": 1529750871,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.72 phase <--<-- 5 --- Done -->-->
2.72 end
2.72 assertion VerifyResponse
2.72 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.721 assertion UsedAcrValue
2.721 condition used-acr-value: status=WARNING, message=Used acr value: 0, preferred: ['1', '2'] [The acr value in the ID Token]
2.721 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
used-acr-value: status=WARNING, message=Used acr value: 0, preferred: ['1', '2'] [The acr value in the ID Token]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
Used acr value: 0, preferred: ['1', '2']
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-scope-address.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000026164�13313422470�014772� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-address
Test description: Scope requesting address claims
Timestamp: 2018-06-23T10:47:20Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.545 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.546 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.547 phase <--<-- 2 --- Registration -->-->
0.547 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.547 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#WKsM4xjlUcIg9WDq"
],
"response_types": [
"code"
]
}
0.713 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.714 RegistrationResponse {
"client_id": "a5e1c85e-0347-4ca0-a459-5ad6355ae4e4",
"client_secret": "pf84VVUUcxVF",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "a5e1c85e-0347-4ca0-a459-5ad6355ae4e4",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#WKsM4xjlUcIg9WDq"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.714 phase <--<-- 3 --- AsyncAuthn -->-->
0.715 condition Check support: status=WARNING, message=No support for: scopes_supported=['address']
0.715 AuthorizationRequest {
"client_id": "a5e1c85e-0347-4ca0-a459-5ad6355ae4e4",
"nonce": "1UY1L6Ve7Nab89lx",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid address",
"state": "rz8Zr1KZkZGGEBx3"
}
0.715 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+address&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=a5e1c85e-0347-4ca0-a459-5ad6355ae4e4&state=rz8Zr1KZkZGGEBx3&response_type=code&nonce=1UY1L6Ve7Nab89lx
0.715 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+address&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=a5e1c85e-0347-4ca0-a459-5ad6355ae4e4&state=rz8Zr1KZkZGGEBx3&response_type=code&nonce=1UY1L6Ve7Nab89lx
2.792 response Response URL with query part
2.792 response {'state': 'rz8Zr1KZkZGGEBx3', 'scope': 'openid address', 'code': 'Ij3tPFq6yFy4E-8c_W1hnaCaaYo6JfbIakUBejy8hnA.BhoMQ5IAA4M04KB-2Gp1y4Mi2geoA_qPdJ-ehwQAN18'}
2.793 response {'state': 'rz8Zr1KZkZGGEBx3', 'scope': 'openid address', 'code': 'Ij3tPFq6yFy4E-8c_W1hnaCaaYo6JfbIakUBejy8hnA.BhoMQ5IAA4M04KB-2Gp1y4Mi2geoA_qPdJ-ehwQAN18'}
2.793 AuthorizationResponse {
"code": "Ij3tPFq6yFy4E-8c_W1hnaCaaYo6JfbIakUBejy8hnA.BhoMQ5IAA4M04KB-2Gp1y4Mi2geoA_qPdJ-ehwQAN18",
"scope": "openid address",
"state": "rz8Zr1KZkZGGEBx3"
}
2.793 phase <--<-- 4 --- AccessToken -->-->
2.793 --> request op_args: {'state': 'rz8Zr1KZkZGGEBx3'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.793 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'rz8Zr1KZkZGGEBx3', 'code': 'Ij3tPFq6yFy4E-8c_W1hnaCaaYo6JfbIakUBejy8hnA.BhoMQ5IAA4M04KB-2Gp1y4Mi2geoA_qPdJ-ehwQAN18', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'a5e1c85e-0347-4ca0-a459-5ad6355ae4e4'}, 'state': 'rz8Zr1KZkZGGEBx3'}
2.793 AccessTokenRequest {
"code": "Ij3tPFq6yFy4E-8c_W1hnaCaaYo6JfbIakUBejy8hnA.BhoMQ5IAA4M04KB-2Gp1y4Mi2geoA_qPdJ-ehwQAN18",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "rz8Zr1KZkZGGEBx3"
}
2.794 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.794 request_http_args {'headers': {'Authorization': 'Basic YTVlMWM4NWUtMDM0Ny00Y2EwLWE0NTktNWFkNjM1NWFlNGU0OnBmODRWVlVVY3hWRg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.794 request code=Ij3tPFq6yFy4E-8c_W1hnaCaaYo6JfbIakUBejy8hnA.BhoMQ5IAA4M04KB-2Gp1y4Mi2geoA_qPdJ-ehwQAN18&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=rz8Zr1KZkZGGEBx3
3.003 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.004 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYTVlMWM4NWUtMDM0Ny00Y2EwLWE0NTktNWFkNjM1NWFlNGU0Il0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NDQwLCJpYXQiOjE1Mjk3NTA4NDAsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjU0MmNjYTgyLTE0NDItNDRlMi05ZDYzLTgwZWE3YWJhZjBlYSIsIm5vbmNlIjoiMVVZMUw2VmU3TmFiODlseCIsInJhdCI6MTUyOTc1MDgzOCwic3ViIjoiZm9vQGJhci5jb20ifQ.yuvvCsBU9OvCXSin-IInSgRXtrr1-WFCcgnC0p5y4zUZbF0QEHOpDpGnaHijtQlqKKG1MIAufU1rwwTi8RfrlECOJWDQveKEYMraUOVzVPS15H3S0AbC-zu_AF-Dp98vroSVrXCr2Uli35LL1pSCxMy7V3sDEUKlGRAw321My9sq5GvRGO62Hc_zSg4ZhMx0Z6MgthAwPnKM4n9ccN2Iu7yH7jQpJHvDz6oIGaZbUCw5Xk-XXrbVIt27uOrAjf5LS8U4g8fLGEPRPndMQ5IsURpTlInbaVZ3RXoBiBES6m9IJv_7lA2g-eL8NwSlkUooTWMr1FDFgY4S4V85BXQxgPDFblEvnJktY8Hx5v8sCklh4PSrSwPpFYQkrF_RVOWdcOWV9DyLkzeNl3nVqePaqww41FE0JbdoCPB_QfzNv6cyQ78vDbWBtkfTruXw5YIpKnFRiJt0QmAtJ6FDUIjzeenlLPzs1a4GX8vlSw7S6O2DhgJ8CaTOB-8n0Swu66z3nOTr1CKr9CKHGm-ohMftxxovCWudcTW2fwMulpSHMCRuWSHRICuBYWHqBiCdgzpa-IQogWPPcTDKShMmCAlB6cmgtE78DblUD-CGCfUQsYuuqX5knjg5c2bzreWLdOwYkOjQrwJnHrUGFX3R3NBcA2M2eHSgDwYVXzrzRvzhBbM', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'GqtG0m_X_K14O2N-Xp1yAhtNK-XnTQtWow5bKhM8Gnc.6zIuS-868pPOKIwOcBsom7iquex3Vev3sCG0mQv0EWw', 'scope': 'openid address'}
3.118 AccessTokenResponse {
"access_token": "GqtG0m_X_K14O2N-Xp1yAhtNK-XnTQtWow5bKhM8Gnc.6zIuS-868pPOKIwOcBsom7iquex3Vev3sCG0mQv0EWw",
"expires_in": 3599,
"id_token": {
"aud": [
"a5e1c85e-0347-4ca0-a459-5ad6355ae4e4"
],
"auth_time": 1529750749,
"exp": 1529754440,
"iat": 1529750840,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "542cca82-1442-44e2-9d63-80ea7abaf0ea",
"nonce": "1UY1L6Ve7Nab89lx",
"rat": 1529750838,
"sub": "foo@bar.com"
},
"scope": "openid address",
"token_type": "bearer"
}
3.118 phase <--<-- 5 --- UserInfo -->-->
3.118 do_user_info_request kwargs:{'state': 'rz8Zr1KZkZGGEBx3', 'method': 'GET', 'authn_method': 'bearer_header'}
3.118 request {'body': None}
3.118 request_url https://oidc-certification.ory.sh:8443/userinfo
3.118 request_http_args {'headers': {'Authorization': 'Bearer GqtG0m_X_K14O2N-Xp1yAhtNK-XnTQtWow5bKhM8Gnc.6zIuS-868pPOKIwOcBsom7iquex3Vev3sCG0mQv0EWw'}}
3.19 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
3.19 OpenIDSchema {
"sub": "foo@bar.com"
}
3.19 OpenIDSchema {
"sub": "foo@bar.com"
}
3.19 phase <--<-- 6 --- Done -->-->
3.19 end
3.191 assertion CheckHTTPResponse
3.191 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
3.191 assertion VerifyResponse
3.192 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.192 assertion VerifyScopes
3.192 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['address'] [Verifies that the claims corresponding to the requested scopes are returned]
3.192 condition Done: status=OK
============================================================
Conditions
Check support: status=WARNING, message=No support for: scopes_supported=['address']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['address'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
No support for: scopes_supported=['address']
The following claims were missing from the returned information: ['address']
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Req-NotUnderstood.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000014302�13313422526�015563� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-NotUnderstood
Test description: Request with extra query component
Timestamp: 2018-06-23T10:47:50Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.079 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.081 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.081 phase <--<-- 2 --- Registration -->-->
0.081 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.081 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#rgycwmXRYanMXQEV"
],
"response_types": [
"code"
]
}
0.239 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.24 RegistrationResponse {
"client_id": "6abf2b84-3a08-482a-b56c-502d5a034123",
"client_secret": "aqC3ZxjtrQsK",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "6abf2b84-3a08-482a-b56c-502d5a034123",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#rgycwmXRYanMXQEV"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.24 phase <--<-- 3 --- AsyncAuthn -->-->
0.24 AuthorizationRequest {
"client_id": "6abf2b84-3a08-482a-b56c-502d5a034123",
"extra": "foobar",
"nonce": "73aJQL913hIWRYHa",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "3Cj6EOpWacd6emyu"
}
0.24 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?extra=foobar&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6abf2b84-3a08-482a-b56c-502d5a034123&state=3Cj6EOpWacd6emyu&response_type=code&nonce=73aJQL913hIWRYHa
0.24 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?extra=foobar&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6abf2b84-3a08-482a-b56c-502d5a034123&state=3Cj6EOpWacd6emyu&response_type=code&nonce=73aJQL913hIWRYHa
2.808 response Response URL with query part
2.808 response {'state': '3Cj6EOpWacd6emyu', 'scope': 'openid', 'code': '3U0lyrGU5OUHC2hYPVk1Wbk70FGHMbZy2UTjOJXSvgw.DVyQ3TRCXgTqHd2sDJnCRmi8sBYP-l3lsS6BlzLwyIU'}
2.808 response {'state': '3Cj6EOpWacd6emyu', 'scope': 'openid', 'code': '3U0lyrGU5OUHC2hYPVk1Wbk70FGHMbZy2UTjOJXSvgw.DVyQ3TRCXgTqHd2sDJnCRmi8sBYP-l3lsS6BlzLwyIU'}
2.809 AuthorizationResponse {
"code": "3U0lyrGU5OUHC2hYPVk1Wbk70FGHMbZy2UTjOJXSvgw.DVyQ3TRCXgTqHd2sDJnCRmi8sBYP-l3lsS6BlzLwyIU",
"scope": "openid",
"state": "3Cj6EOpWacd6emyu"
}
2.809 phase <--<-- 4 --- Done -->-->
2.809 end
2.809 assertion VerifyAuthnResponse
2.809 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
2.809 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-scope-email.txt��������������������������������������������������������������������������������0000644�0000000�0000000�00000026203�13313422475�014433� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-email
Test description: Scope requesting email claims
Timestamp: 2018-06-23T10:47:25Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.143 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.145 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.145 phase <--<-- 2 --- Registration -->-->
0.145 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.145 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Es1oZIZdTq4xDU37"
],
"response_types": [
"code"
]
}
0.304 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.305 RegistrationResponse {
"client_id": "98d9428f-90d1-4f51-9416-cf90350de5cf",
"client_secret": "dXUURXiqSHe9",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "98d9428f-90d1-4f51-9416-cf90350de5cf",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Es1oZIZdTq4xDU37"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.305 phase <--<-- 3 --- AsyncAuthn -->-->
0.305 condition Check support: status=WARNING, message=No support for: scopes_supported=['email']
0.305 AuthorizationRequest {
"client_id": "98d9428f-90d1-4f51-9416-cf90350de5cf",
"nonce": "B4Vw5MT8LfIePRLm",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid email",
"state": "PDfu4AACDB7uCRJ9"
}
0.305 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+email&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=98d9428f-90d1-4f51-9416-cf90350de5cf&state=PDfu4AACDB7uCRJ9&response_type=code&nonce=B4Vw5MT8LfIePRLm
0.305 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+email&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=98d9428f-90d1-4f51-9416-cf90350de5cf&state=PDfu4AACDB7uCRJ9&response_type=code&nonce=B4Vw5MT8LfIePRLm
2.819 response Response URL with query part
2.82 response {'state': 'PDfu4AACDB7uCRJ9', 'scope': 'openid email', 'code': 'LkbzMOZfkDtJox_WMOUD8ZCvTuxMOKTE_vXDajBt8Iw.eh31vU7si87W3ktCSauU-z13AcMurOWCID83Zr1TsIk'}
2.82 response {'state': 'PDfu4AACDB7uCRJ9', 'scope': 'openid email', 'code': 'LkbzMOZfkDtJox_WMOUD8ZCvTuxMOKTE_vXDajBt8Iw.eh31vU7si87W3ktCSauU-z13AcMurOWCID83Zr1TsIk'}
2.82 AuthorizationResponse {
"code": "LkbzMOZfkDtJox_WMOUD8ZCvTuxMOKTE_vXDajBt8Iw.eh31vU7si87W3ktCSauU-z13AcMurOWCID83Zr1TsIk",
"scope": "openid email",
"state": "PDfu4AACDB7uCRJ9"
}
2.821 phase <--<-- 4 --- AccessToken -->-->
2.821 --> request op_args: {'state': 'PDfu4AACDB7uCRJ9'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.821 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'PDfu4AACDB7uCRJ9', 'code': 'LkbzMOZfkDtJox_WMOUD8ZCvTuxMOKTE_vXDajBt8Iw.eh31vU7si87W3ktCSauU-z13AcMurOWCID83Zr1TsIk', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '98d9428f-90d1-4f51-9416-cf90350de5cf'}, 'state': 'PDfu4AACDB7uCRJ9'}
2.821 AccessTokenRequest {
"code": "LkbzMOZfkDtJox_WMOUD8ZCvTuxMOKTE_vXDajBt8Iw.eh31vU7si87W3ktCSauU-z13AcMurOWCID83Zr1TsIk",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "PDfu4AACDB7uCRJ9"
}
2.821 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.821 request_http_args {'headers': {'Authorization': 'Basic OThkOTQyOGYtOTBkMS00ZjUxLTk0MTYtY2Y5MDM1MGRlNWNmOmRYVVVSWGlxU0hlOQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.821 request code=LkbzMOZfkDtJox_WMOUD8ZCvTuxMOKTE_vXDajBt8Iw.eh31vU7si87W3ktCSauU-z13AcMurOWCID83Zr1TsIk&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=PDfu4AACDB7uCRJ9
3.07 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.071 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOThkOTQyOGYtOTBkMS00ZjUxLTk0MTYtY2Y5MDM1MGRlNWNmIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NDQ0LCJpYXQiOjE1Mjk3NTA4NDQsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjA4Yjg1MDVlLWQ5YTAtNGYzOS05ZTNhLWVlZjQzMGU2MDhmYiIsIm5vbmNlIjoiQjRWdzVNVDhMZkllUFJMbSIsInJhdCI6MTUyOTc1MDg0Miwic3ViIjoiZm9vQGJhci5jb20ifQ.MnIBJWQ-wRnXoxROKFoyycY7qvaX6quGlPj0nW2nKUkYmRrEYtQUuX2A_OXxKb_ULdjdvov3r0hoj99eYxra7qvJRWGt8g9KMcUR7QPeCYWrWvMxVWf1ul1qARuo3_FqyqfhOKP1fC8gOLENEpDcuoVRt-TcUbDAVK0Cr1hAs7w8U5lvyk-bCwKABkcfGK2aIKiZGQxW7mtDK721PjhZfFGWd-BAqwc9sR5T8CUhg7tF0f5XAO5r0TMzr67N8SUaBR9wTNtYuHMvxJry2AKAhm721VsaZ0HKZ3bN1WaVZrZEW1clwcDJws4Y56gnBvbEb-OvjtC88F02uwgzwnhnCl5XahwXRkAfcx5sHtd9LJbwBzsgbWxU4QJvUKkxchL635r8l7PqKauiGO-MV3luKXvnAXS7l832I5ESRopgI9Uk6gfJEtRXVOs-rSVQ1lMXDxI3WRfvqd4iDp-gp0IYbfAFGj4tAGcoyYW9QpgBHMx1TKX3c0_jFfYQokJUcdPZV9zMQH0xHo2JPo0X9rn7AwaVUhTstFPBVKsuXDj9RqwkUKwK96m5m70WlXmPlafpuP3p8LuYff08lQGXtqBtN522QYLqLZBns06NOHApKPNGMgilR9-tOcYMEZduAG-FdTaV1usXc2nefgLHhaDtyARAGLQk8qeE91WCDMkXy2Q', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'UZcuuRYNbW5N1LyyryJE_noqKNW_uQpSvKHtyKi7YGY.5M9z39nlFo0SP862TLJuyFSJz0gtmcjkIqImBe6nkCk', 'scope': 'openid email'}
3.149 AccessTokenResponse {
"access_token": "UZcuuRYNbW5N1LyyryJE_noqKNW_uQpSvKHtyKi7YGY.5M9z39nlFo0SP862TLJuyFSJz0gtmcjkIqImBe6nkCk",
"expires_in": 3599,
"id_token": {
"aud": [
"98d9428f-90d1-4f51-9416-cf90350de5cf"
],
"auth_time": 1529750749,
"exp": 1529754444,
"iat": 1529750844,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "08b8505e-d9a0-4f39-9e3a-eef430e608fb",
"nonce": "B4Vw5MT8LfIePRLm",
"rat": 1529750842,
"sub": "foo@bar.com"
},
"scope": "openid email",
"token_type": "bearer"
}
3.149 phase <--<-- 5 --- UserInfo -->-->
3.149 do_user_info_request kwargs:{'state': 'PDfu4AACDB7uCRJ9', 'method': 'GET', 'authn_method': 'bearer_header'}
3.15 request {'body': None}
3.15 request_url https://oidc-certification.ory.sh:8443/userinfo
3.15 request_http_args {'headers': {'Authorization': 'Bearer UZcuuRYNbW5N1LyyryJE_noqKNW_uQpSvKHtyKi7YGY.5M9z39nlFo0SP862TLJuyFSJz0gtmcjkIqImBe6nkCk'}}
3.228 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
3.229 OpenIDSchema {
"sub": "foo@bar.com"
}
3.229 OpenIDSchema {
"sub": "foo@bar.com"
}
3.229 phase <--<-- 6 --- Done -->-->
3.229 end
3.23 assertion CheckHTTPResponse
3.23 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
3.23 assertion VerifyResponse
3.23 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.23 assertion VerifyScopes
3.231 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['email', 'email_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
3.231 condition Done: status=OK
============================================================
Conditions
Check support: status=WARNING, message=No support for: scopes_supported=['email']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['email', 'email_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
No support for: scopes_supported=['email']
The following claims were missing from the returned information: ['email', 'email_verified']
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-scope-phone.txt��������������������������������������������������������������������������������0000644�0000000�0000000�00000026257�13313422500�014453� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-phone
Test description: Scope requesting phone claims
Timestamp: 2018-06-23T10:47:28Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.074 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#EvRrkiKr0Rp2pyYz"
],
"response_types": [
"code"
]
}
0.231 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.232 RegistrationResponse {
"client_id": "5b5d3c35-af23-4a89-b141-457329dd3aac",
"client_secret": "55Zi~q7f8hGI",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "5b5d3c35-af23-4a89-b141-457329dd3aac",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#EvRrkiKr0Rp2pyYz"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.232 phase <--<-- 3 --- AsyncAuthn -->-->
0.233 condition Check support: status=WARNING, message=No support for: scopes_supported=['phone']
0.233 AuthorizationRequest {
"client_id": "5b5d3c35-af23-4a89-b141-457329dd3aac",
"nonce": "E2Ecg2HCQVBSeF19",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid phone",
"state": "oAU3PBlY9oLIkhDh"
}
0.233 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+phone&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=5b5d3c35-af23-4a89-b141-457329dd3aac&state=oAU3PBlY9oLIkhDh&response_type=code&nonce=E2Ecg2HCQVBSeF19
0.233 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+phone&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=5b5d3c35-af23-4a89-b141-457329dd3aac&state=oAU3PBlY9oLIkhDh&response_type=code&nonce=E2Ecg2HCQVBSeF19
2.209 response Response URL with query part
2.209 response {'state': 'oAU3PBlY9oLIkhDh', 'scope': 'openid phone', 'code': '1gPJ1YECwWpLZsn-GG-ZVuiiDiF65Ln73x1tMeUJKi8.d5svJQ1OwSNwugRNr8pdvsx4ERwjnE07asbTx9fpYOs'}
2.21 response {'state': 'oAU3PBlY9oLIkhDh', 'scope': 'openid phone', 'code': '1gPJ1YECwWpLZsn-GG-ZVuiiDiF65Ln73x1tMeUJKi8.d5svJQ1OwSNwugRNr8pdvsx4ERwjnE07asbTx9fpYOs'}
2.21 AuthorizationResponse {
"code": "1gPJ1YECwWpLZsn-GG-ZVuiiDiF65Ln73x1tMeUJKi8.d5svJQ1OwSNwugRNr8pdvsx4ERwjnE07asbTx9fpYOs",
"scope": "openid phone",
"state": "oAU3PBlY9oLIkhDh"
}
2.21 phase <--<-- 4 --- AccessToken -->-->
2.21 --> request op_args: {'state': 'oAU3PBlY9oLIkhDh'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.21 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'oAU3PBlY9oLIkhDh', 'code': '1gPJ1YECwWpLZsn-GG-ZVuiiDiF65Ln73x1tMeUJKi8.d5svJQ1OwSNwugRNr8pdvsx4ERwjnE07asbTx9fpYOs', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '5b5d3c35-af23-4a89-b141-457329dd3aac'}, 'state': 'oAU3PBlY9oLIkhDh'}
2.21 AccessTokenRequest {
"code": "1gPJ1YECwWpLZsn-GG-ZVuiiDiF65Ln73x1tMeUJKi8.d5svJQ1OwSNwugRNr8pdvsx4ERwjnE07asbTx9fpYOs",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "oAU3PBlY9oLIkhDh"
}
2.21 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.21 request_http_args {'headers': {'Authorization': 'Basic NWI1ZDNjMzUtYWYyMy00YTg5LWIxNDEtNDU3MzI5ZGQzYWFjOjU1WmklN0VxN2Y4aEdJ', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.21 request code=1gPJ1YECwWpLZsn-GG-ZVuiiDiF65Ln73x1tMeUJKi8.d5svJQ1OwSNwugRNr8pdvsx4ERwjnE07asbTx9fpYOs&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=oAU3PBlY9oLIkhDh
2.47 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.472 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNWI1ZDNjMzUtYWYyMy00YTg5LWIxNDEtNDU3MzI5ZGQzYWFjIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NDQ4LCJpYXQiOjE1Mjk3NTA4NDgsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjNmYTIzNWU2LTMwN2UtNDUwMi04ZDMxLWUzODFkZGY1OTZlYyIsIm5vbmNlIjoiRTJFY2cySENRVkJTZUYxOSIsInJhdCI6MTUyOTc1MDg0Niwic3ViIjoiZm9vQGJhci5jb20ifQ.jPZivxl27OgpOvC2fhAI3u-UVt9i4ErPP3hVZl1OckYNGi1CrSz4b34CjDS00RAvEj7BGNivbGn22D4L6oTfNmTjZiUGzDouQ-FbVWBJOcke4RltRV9Upl2ej-pVhluiLFrMTSyl8jyY3xJ_imD_w4eHNBR0RStLlLQ-vUfmQrc0GfJ7PCMfmYwix4_khQoXKJ8K3_ehvxCUt6gBw1pJ0mXpz5Gm5qo1VKyJhlunIWCDN_ls4ThzK8aLdaTA-09jz0c7GKHiTydzTr8gWVuqFt5n7tKY5JgB1hbdlN_z4uy7fSHdtXoMi5e93j1J_dMXuR_8Cv4F1p6mRQUbV1Xl7Yt-afauEir3pWrSm97kqFD5sYMvLKIku0pLkruy86AkqvvYRk16QwPZC_JhhBC__936HZfJJ-7QnsLI2IEk3TvyBRzhmJg9nos9x4deGv0wKi77wVwscYlcvpjNh9Nm55qZFNS25H5vVZMloHsAzizdIn3951fnPtAUhAAFI75ncfUgfCuQusnvKQF35LvNeDxyZKsczCNWnWoY979NcBTZzIpxtWgNtFDilZdhusxCi1noi0jqshhE-7kcKFJS6BEPuTYjKVuBZ70z-3H48JRq_In98rPE6bdFefzFE5Bs2QGKwyWq1cU2cRC0y0Lyz7c7PvghO1vJmOLF8vQhX2M', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'EdSgmItX8P1_5B1_15o-ugHdf4epjRykpsXXkUfvzyQ.GywTVnvUOlZzct6cWJOrIWpJbiLQ4Rb_TsnntA3OFBk', 'scope': 'openid phone'}
2.555 AccessTokenResponse {
"access_token": "EdSgmItX8P1_5B1_15o-ugHdf4epjRykpsXXkUfvzyQ.GywTVnvUOlZzct6cWJOrIWpJbiLQ4Rb_TsnntA3OFBk",
"expires_in": 3599,
"id_token": {
"aud": [
"5b5d3c35-af23-4a89-b141-457329dd3aac"
],
"auth_time": 1529750749,
"exp": 1529754448,
"iat": 1529750848,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "3fa235e6-307e-4502-8d31-e381ddf596ec",
"nonce": "E2Ecg2HCQVBSeF19",
"rat": 1529750846,
"sub": "foo@bar.com"
},
"scope": "openid phone",
"token_type": "bearer"
}
2.555 phase <--<-- 5 --- UserInfo -->-->
2.555 do_user_info_request kwargs:{'state': 'oAU3PBlY9oLIkhDh', 'method': 'GET', 'authn_method': 'bearer_header'}
2.555 request {'body': None}
2.555 request_url https://oidc-certification.ory.sh:8443/userinfo
2.555 request_http_args {'headers': {'Authorization': 'Bearer EdSgmItX8P1_5B1_15o-ugHdf4epjRykpsXXkUfvzyQ.GywTVnvUOlZzct6cWJOrIWpJbiLQ4Rb_TsnntA3OFBk'}}
2.625 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
2.626 OpenIDSchema {
"sub": "foo@bar.com"
}
2.626 OpenIDSchema {
"sub": "foo@bar.com"
}
2.626 phase <--<-- 6 --- Done -->-->
2.626 end
2.627 assertion CheckHTTPResponse
2.627 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
2.627 assertion VerifyResponse
2.627 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.628 assertion VerifyScopes
2.628 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['phone_number', 'phone_number_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
2.628 condition Done: status=OK
============================================================
Conditions
Check support: status=WARNING, message=No support for: scopes_supported=['phone']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['phone_number', 'phone_number_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
No support for: scopes_supported=['phone']
The following claims were missing from the returned information: ['phone_number', 'phone_number_verified']
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Discovery-jwks_uri.txt�������������������������������������������������������������������������0000644�0000000�0000000�00000014645�13313422115�016035� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Discovery-jwks_uri
Test description: Verify that jwks_uri is published
Timestamp: 2018-06-23T10:43:25Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.105 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.107 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.107 phase <--<-- 2 --- Done -->-->
0.107 end
0.107 assertion CheckHTTPResponse
0.108 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
0.108 assertion BareKeys
0.173 http response url:https://oidc-certification.ory.sh:8443/.well-known/jwks.json status_code:200
0.174 jwks {'keys': [{'use': 'sig', 'kty': 'RSA', 'e': 'AQAB', 'n': '0vvbIEitFVzY4o12elAZbZvpja5xTm5AOh9wi2UEiPEL6aKxAUn1ywpUaLyWKuEXdeuykHyybniLaThik7Gf-6xKk6S9IK9tjbbwfRqHVkn_Xkyul0ohFI3iTcjvFq5FPGr5vEhSB6eckdngUpzb-7S_Kt8yunkdhYTmkuAr2AXSbQcmCbOJXOsvkc5LOwpjmFIWrtBAHwILJ5cHjzIHtkK2QKMJRlknD8b4kmQ3x6vfxA7mtXREUXdQFn7ssnOVPzriPQp4kIi_TMczSmRLlX1PeeOeDGpTnYywQbsAfdBGZ20WdZlwP3lRUUJoKv1GpBU51GKm2xhHtyrzOkiRKE8pH_PD05gh1G9qXbFtBOoHMBWEaCxoxyJcW8_9iLXBPoC-Jhm47VO5T9hPlaISzDY6EUmgYktejS_mx_bR7emBcbtFUccYSVVqT3EZqAFuQlsPsvj8AT9NmEiVncB2Cy4z7ofLX_Wai_VFPCf7AEfmDZ8mzFZQfVGct74Q9KybwXm8YDq0TSszQGuqT0gtvU9In7CPSOytrVDbdk8Peyeg-Wn_ACMRh5T23wUbQ0jy0Wi9kBwIzN-dUpKu3uL6EZ3PmPSZItQHeAxpQbRZJ1vrrd2y-b6EGun3G9rlnOZ3L4_L4-NOKLt4VGPie7sphlND1pc4ZipaXBjZ9uC3bS8', 'alg': 'RS256', 'kid': 'public:490968e8-c6e5-441e-b42e-5053d6c67af2'}, {'use': 'sig', 'kty': 'RSA', 'e': 'AQAB', 'n': '0WN9e_V2wEp33JZoN7zQ9J4E4Iz0l-dlx6GqIKdepcMjON3PKZHWFML1e0ZKAkuG2ZJRKoX1LaSNZT0NI9N6_wVAT9aNv53sHBJVC4Bww1zKHEvQseGwJbG0lZZHjDXaxCBPte9yQnquIRRp9Ab-uBeziRoaFQ02OV3LBMBSZ79AzFvZ4yTqpUS_xp-Ylfcmh5wXEppd6hoxs9h1tttPTPbnMLte3S_zxCZI4TQi8d1yBi39OvfZxtABQQbgqYPxiYehNdYbfmZ2CAmVlsTxByS3X-ANBe2nmLsOLgXTyVFZfvEZkzY7OgEwwq5zog5pScXJ-TGlj0guZd8nClHEV-GHvXonjb2hZB63dFEiUVMNh5cOblZX034GnlOkzYfAH8UZ_cvOqONHbvplzONuaYSSRMPRaZwj-0fpElhFNHwr1v1pqbE1i9XOxU_c-eSMr4XAm1VsWG3zJKymjoJmaDcW3AEawi3btL1N2tE3p27cHtcdFjcv5birnxMtPI9Vu806U0_WiGtH_kaWxz64Xk3A_yB-lIBQwXe61JME-K81wLLcHE9qoqpF5iUK4mDqMmI_DVIazUlVUzxY0-1iFkV790V95dBxeYFgXKX02g8NyxfnyzUDC12qUKKejJFbG5LPHaMUXWJIQ2ntwBX_XzeF4pGh0u0vYmfxAmfHWN0', 'alg': 'RS256', 'kid': 'public:a09f73cf-d685-4c5c-9312-60a13e57646f'}, {'use': 'sig', 'kty': 'RSA', 'e': 'AQAB', 'n': 's_BEnyG0xHYDibtz9a4tE1IW8490BQ_z526Lg2d0PWRtHfcqKmPG0pd0DizPuLY2j1NAY4cCXLwNWMJ3Cp1TqddaMl08hElvNbilcTyQr96RQg9MnrWeR1EqpdXEzTjcx06DFDokvzs89YQVZTDzSh_-xY_m_0VkcFQ0RpDTBn1B0dkMh78dbTJVVSGXYSBgMpcKrGlrgDaPIRX7qp_SdvjNtkPStG_wCPkzd_IJAaTAHGrlyj27dyhOC6EqQjpZRhQvT-w7GalbObncCFox3hRiC8wbI9Toi5p7vEuJJ6yksaqtIwgbtPXXUChNTqwQgIc1RE8RVuhI8ExaT6FfStIVLq9Tow6Hd9mopdX_ydEHHbnbvSC0cCRPg8_G8zTk0ihFpiHE1yEDXBQSs6pZIQ8KZF2RG35j75Jh4ngsDyPbC7PmjE93SG25AkX0WZwoB3g8f6q2r4dZqNtemRX1lMDo0FUQyYcOU5mnOiW3E5oNs3g-VH5ISOiaSUSLX6AIxDfdk6Wj5t7FZUo4EcIwTnE3PI-0HxnLJaErwbYEX0hO1BuhfF7zYHxDjc085U7OyN0abZWbuVUMtIMRgq-4ASlM9fTECg3sMmOfTEJV9nrJZaSCxKvVWma9A01bvBPB6Qn92Gj1XNZ0E1RBLUp1V3iXLcS7MGJh7bAAk5kwKCM', 'alg': 'RS256', 'kid': 'public:8e8dab73-c9fe-42ef-9a7b-1e217abba9a9'}, {'use': 'sig', 'kty': 'RSA', 'e': 'AQAB', 'n': '3cQ2ihjoElfFVnnkleo6ioUvZrkDfddEKOMCaemXP7umEhr8TC9_L3BKYbJqtE15jvkJiqT1vlHgTOKD5wWCFhFSmEa9PAWlt9Hw6BWddFEsiijR113yvj4eT0qfjseMYyiKst0kBxiTRmQdIzllY2Y2UU1IYIkaAP009nZSR7a5IrPYFydZ6SRARk9kZI90fmgRnzUuQKcv7C9HbkUqs7qiApfA17ACpnuKQP5p5lGL41t5ZnU1-5FvmmO6NnwtRZif34HL6WYuksi2RleLAKoHGh_l6P6ygP5v3ucHH0TmdLVBAHMmlLW4BKdVnWa2HEQCKIBiXJztu8EpYCVpZ_ThCaZLagcUM6VCD4nqvsXzQB7pnsBjq75tbo2jlqrGQJE9ekfGVyw7XDN45IkJFLgfVJ2anpyK4NeIAbkB7ZCYSXbR96_EC6h0uZSMHtPYVNIvbRCK6ysCdlDuDsWiQ01tP-lp90eWj1d7ZYlaYNws12OauBfgLyn0NZvjIz5EYXbOO_Hi0P5U6znS1Um-lU0nB1Gsj685Io-KLzN0shOqkfDP8Xcjfx_3EEg0aEPJWqCjiP9K6veNI896ZrIrH6Sd0V_o4TIzpSJimZlMZrTWS6dUm2j6q1WQOE2Z5JlDMC90yTGUC8MNt2AdMB0Z78Mf71rdSrpXpWLMh7rz_7k', 'alg': 'RS256', 'kid': 'public:6a09d4a3-a298-47bc-8bbd-50b64f653f2d'}]}
0.174 condition bare-keys: status=OK [Dynamic OPs MUST publish their public keys as bare JWK keys]
0.174 assertion CheckHasJwksURI
0.174 condition providerinfo-has-jwks_uri: status=OK [Check that the jwks_uri discovery metadata value is in the provider_info]
0.174 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
bare-keys: status=OK [Dynamic OPs MUST publish their public keys as bare JWK keys]
providerinfo-has-jwks_uri: status=OK [Check that the jwks_uri discovery metadata value is in the provider_info]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������./OP-request_uri-Sig.txt����������������������������������������������������������������������������0000644�0000000�0000000�00000015433�13313422450�015320� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-request_uri-Sig
Test description: Support request_uri request parameter with signed request
Timestamp: 2018-06-23T10:47:04Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.124 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.125 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.125 phase <--<-- 2 --- Registration -->-->
0.125 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'request_object_signing_alg': 'RS256'}
0.126 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "RS256",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#P4zH7hvdIA0S4K0E"
],
"response_types": [
"code"
]
}
0.325 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.326 RegistrationResponse {
"client_id": "309fa3c3-b28d-44b1-96fc-b6804ff9459d",
"client_secret": "4AEImvMBBEy8",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "309fa3c3-b28d-44b1-96fc-b6804ff9459d",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "RS256",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#P4zH7hvdIA0S4K0E"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.326 phase <--<-- 3 --- AsyncAuthn -->-->
0.33 AuthorizationRequest {
"client_id": "309fa3c3-b28d-44b1-96fc-b6804ff9459d",
"nonce": "mzAWCEBxR6Xk9XVc",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"request_uri": "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#P4zH7hvdIA0S4K0E",
"response_type": "code",
"scope": "openid",
"state": "nQuuCm7XNeDEtfEj"
}
0.33 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?request_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Frequests%2Fe3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9%23P4zH7hvdIA0S4K0E&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=309fa3c3-b28d-44b1-96fc-b6804ff9459d&state=nQuuCm7XNeDEtfEj&response_type=code&nonce=mzAWCEBxR6Xk9XVc
0.33 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?request_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Frequests%2Fe3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9%23P4zH7hvdIA0S4K0E&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=309fa3c3-b28d-44b1-96fc-b6804ff9459d&state=nQuuCm7XNeDEtfEj&response_type=code&nonce=mzAWCEBxR6Xk9XVc
3.147 response Response URL with query part
3.147 response {'state': 'nQuuCm7XNeDEtfEj', 'scope': 'openid', 'code': 'TRBnO70zpOMrHwMMWgjLnJ0nl6eSjRXOpti0Tvlj2vs.6DXPm1IrsnYOp05XFrbt4ZAypymw6pQwGxEWQo1ShSQ'}
3.148 response {'state': 'nQuuCm7XNeDEtfEj', 'scope': 'openid', 'code': 'TRBnO70zpOMrHwMMWgjLnJ0nl6eSjRXOpti0Tvlj2vs.6DXPm1IrsnYOp05XFrbt4ZAypymw6pQwGxEWQo1ShSQ'}
3.148 AuthorizationResponse {
"code": "TRBnO70zpOMrHwMMWgjLnJ0nl6eSjRXOpti0Tvlj2vs.6DXPm1IrsnYOp05XFrbt4ZAypymw6pQwGxEWQo1ShSQ",
"scope": "openid",
"state": "nQuuCm7XNeDEtfEj"
}
3.148 phase <--<-- 4 --- Done -->-->
3.148 end
3.149 assertion VerifyAuthnOrErrorResponse
3.149 condition authn-response-or-error: status=OK [Checks that the last response was a JSON encoded authentication or error message]
3.149 condition Done: status=OK
============================================================
Conditions
authn-response-or-error: status=OK [Checks that the last response was a JSON encoded authentication or error message]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-OAuth-2nd-30s.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000030647�13313422771�014347� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd-30s
Test description: Trying to use authorization code twice with 30 seconds in between uses must result in an error
Timestamp: 2018-06-23T10:50:33Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.19 phase <--<-- 1 --- Webfinger -->-->
1.19 not expected to do WebFinger
1.19 phase <--<-- 2 --- Discovery -->-->
1.19 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.268 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.27 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.27 phase <--<-- 3 --- Registration -->-->
1.27 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.27 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#AD1unRAWJ9cGq4xD"
],
"response_types": [
"code"
]
}
1.421 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.422 RegistrationResponse {
"client_id": "d5eaf406-5e53-4d49-b6ce-468562086167",
"client_secret": "FcmxTs-Z1NFA",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "d5eaf406-5e53-4d49-b6ce-468562086167",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#AD1unRAWJ9cGq4xD"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.422 phase <--<-- 4 --- AsyncAuthn -->-->
1.423 AuthorizationRequest {
"client_id": "d5eaf406-5e53-4d49-b6ce-468562086167",
"nonce": "LAsOKR5TeGHbO7vv",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "1VX5yS0jZvPegC1I"
}
1.423 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=d5eaf406-5e53-4d49-b6ce-468562086167&state=1VX5yS0jZvPegC1I&response_type=code&nonce=LAsOKR5TeGHbO7vv
1.423 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=d5eaf406-5e53-4d49-b6ce-468562086167&state=1VX5yS0jZvPegC1I&response_type=code&nonce=LAsOKR5TeGHbO7vv
4.081 response Response URL with query part
4.082 response {'state': '1VX5yS0jZvPegC1I', 'scope': 'openid', 'code': 'Us1_zRX6pJeUZ34dsaXbnOI2lkybw_ygyVcY1-wXeNk._pUEhdkfAmmmgCqdjM_gMpmXEWVxDJhl8c075Dp_5eY'}
4.082 response {'state': '1VX5yS0jZvPegC1I', 'scope': 'openid', 'code': 'Us1_zRX6pJeUZ34dsaXbnOI2lkybw_ygyVcY1-wXeNk._pUEhdkfAmmmgCqdjM_gMpmXEWVxDJhl8c075Dp_5eY'}
4.082 AuthorizationResponse {
"code": "Us1_zRX6pJeUZ34dsaXbnOI2lkybw_ygyVcY1-wXeNk._pUEhdkfAmmmgCqdjM_gMpmXEWVxDJhl8c075Dp_5eY",
"scope": "openid",
"state": "1VX5yS0jZvPegC1I"
}
4.082 phase <--<-- 5 --- AccessToken -->-->
4.082 --> request op_args: {'state': '1VX5yS0jZvPegC1I'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.082 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '1VX5yS0jZvPegC1I', 'code': 'Us1_zRX6pJeUZ34dsaXbnOI2lkybw_ygyVcY1-wXeNk._pUEhdkfAmmmgCqdjM_gMpmXEWVxDJhl8c075Dp_5eY', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'd5eaf406-5e53-4d49-b6ce-468562086167'}, 'state': '1VX5yS0jZvPegC1I'}
4.083 AccessTokenRequest {
"code": "Us1_zRX6pJeUZ34dsaXbnOI2lkybw_ygyVcY1-wXeNk._pUEhdkfAmmmgCqdjM_gMpmXEWVxDJhl8c075Dp_5eY",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "1VX5yS0jZvPegC1I"
}
4.083 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.083 request_http_args {'headers': {'Authorization': 'Basic ZDVlYWY0MDYtNWU1My00ZDQ5LWI2Y2UtNDY4NTYyMDg2MTY3OkZjbXhUcy1aMU5GQQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.083 request code=Us1_zRX6pJeUZ34dsaXbnOI2lkybw_ygyVcY1-wXeNk._pUEhdkfAmmmgCqdjM_gMpmXEWVxDJhl8c075Dp_5eY&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=1VX5yS0jZvPegC1I
4.305 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.306 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZDVlYWY0MDYtNWU1My00ZDQ5LWI2Y2UtNDY4NTYyMDg2MTY3Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiZXhwIjoxNTI5NzU0NjAyLCJpYXQiOjE1Mjk3NTEwMDMsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6Ijk4YjE3ZGI0LWMzNTQtNGI1ZC1hNjA3LTBlNWE5M2EwMGQ1NSIsIm5vbmNlIjoiTEFzT0tSNVRlR0hiTzd2diIsInJhdCI6MTUyOTc1MTAwMCwic3ViIjoiZm9vQGJhci5jb20ifQ.DFB9uh6WHBpTS8egu2jY3P08VUxiJclmt9UYxJDrIwpqdet5dXdBhgOTzAXEb7dCltiaL11Ld5DhloZrAZA9KYrRgbbqubTJtCVxWl4OmsougleTdiF2lpuAISO4qPb2BP4bo_-4nKx70u5T_QIUKszPxPjRQNaKtWzD1F7PwmHVaQm82_WguZBm8bOY7AEqvyeVsv3g_yaOQ9iKw8soiAzzSA9kXK4en7hPQ4Kv58IuHgCPmrVk90W4nRIM80v8KjSs9IOp_bWnn-t01XCRoOEUqGfJloU8xiYETycZoOyPdaApIB5MFtB9LWJo9jo1mc_NMG3GuoceBMpmErodk6EVUgfV4rginU_hkTnRUzW_nHIUoHiiSH6SRrVvWLpiqq91sTKec5x3fApSg6LHfGqrnSGm_9ctp6ZjlOzhrSkE6AdD2dfTtQAe8IDF40zZgmRdo4epf5NMttYjbSlKIP9LkCWb-wN_mw_5V74B2wGneEo446Oo1xzPW0qClNUd1ySg7bmpsAD8eVEzzSLT6DkUK8CNewjNbIO0CIhwe3acvsumDsg96KTzsghaKM6x91BNoFG0NAt00KS_hfK_tP_Qz-swan3w3LJNS1Yl4Olsd7Vj9ge3nFDE7QFHAKYzQjcboLzJrHykNNW7zyHTe8mVywME9um7mnmnmZ6MrF0', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'TnwfeNNRZwM__UZhjILaV1mHXmEz4wtUINuOIQfZsMs.CGF1XpdUkLPKUUsTvsjM22Ye1FkNlKSFEuaM-a2hagg', 'scope': 'openid'}
4.386 AccessTokenResponse {
"access_token": "TnwfeNNRZwM__UZhjILaV1mHXmEz4wtUINuOIQfZsMs.CGF1XpdUkLPKUUsTvsjM22Ye1FkNlKSFEuaM-a2hagg",
"expires_in": 3599,
"id_token": {
"aud": [
"d5eaf406-5e53-4d49-b6ce-468562086167"
],
"auth_time": 1529750975,
"exp": 1529754602,
"iat": 1529751003,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "98b17db4-c354-4b5d-a607-0e5a93a00d55",
"nonce": "LAsOKR5TeGHbO7vv",
"rat": 1529751000,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
4.386 phase <--<-- 6 --- TimeDelay -->-->
34.414 phase <--<-- 7 --- AccessToken -->-->
34.414 --> request op_args: {'state': '1VX5yS0jZvPegC1I'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
34.414 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '1VX5yS0jZvPegC1I', 'code': 'Us1_zRX6pJeUZ34dsaXbnOI2lkybw_ygyVcY1-wXeNk._pUEhdkfAmmmgCqdjM_gMpmXEWVxDJhl8c075Dp_5eY', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'd5eaf406-5e53-4d49-b6ce-468562086167'}, 'state': '1VX5yS0jZvPegC1I'}
34.414 AccessTokenRequest {
"code": "Us1_zRX6pJeUZ34dsaXbnOI2lkybw_ygyVcY1-wXeNk._pUEhdkfAmmmgCqdjM_gMpmXEWVxDJhl8c075Dp_5eY",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "1VX5yS0jZvPegC1I"
}
34.414 request_url https://oidc-certification.ory.sh:8443/oauth2/token
34.414 request_http_args {'headers': {'Authorization': 'Basic ZDVlYWY0MDYtNWU1My00ZDQ5LWI2Y2UtNDY4NTYyMDg2MTY3OkZjbXhUcy1aMU5GQQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
34.414 request code=Us1_zRX6pJeUZ34dsaXbnOI2lkybw_ygyVcY1-wXeNk._pUEhdkfAmmmgCqdjM_gMpmXEWVxDJhl8c075Dp_5eY&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=1VX5yS0jZvPegC1I
34.717 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
34.718 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
34.718 event Got expected error
34.718 TokenErrorResponse {
"error": "invalid_grant",
"error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code": 400
}
34.719 phase <--<-- 8 --- Done -->-->
34.719 end
34.719 assertion VerifyResponse
34.719 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
34.719 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������./OP-Registration-policy_uri.txt��������������������������������������������������������������������0000644�0000000�0000000�00000014663�13313422176�017070� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-policy_uri
Test description: Registration with policy_uri
Timestamp: 2018-06-23T10:44:14Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.045 phase <--<-- 1 --- Webfinger -->-->
1.045 not expected to do WebFinger
1.045 phase <--<-- 2 --- Discovery -->-->
1.045 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.126 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.127 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.128 phase <--<-- 3 --- Registration -->-->
1.128 register kwargs:{'application_name': 'OIC test tool', 'policy_uri': 'https://op.certification.openid.net:61353/static/policy.html', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.128 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"policy_uri": "https://op.certification.openid.net:61353/static/policy.html",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#xVh8daa99dmlh3cG"
],
"response_types": [
"code"
]
}
1.287 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.287 RegistrationResponse {
"client_id": "bfd04899-4a3e-4904-ad5c-02a8d24e1245",
"client_secret": "VXXN-IucrFts",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "bfd04899-4a3e-4904-ad5c-02a8d24e1245",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"policy_uri": "https://op.certification.openid.net:61353/static/policy.html",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#xVh8daa99dmlh3cG"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.288 phase <--<-- 4 --- AsyncAuthn -->-->
1.288 AuthorizationRequest {
"client_id": "bfd04899-4a3e-4904-ad5c-02a8d24e1245",
"nonce": "5IIeW3of3OLrs5Xm",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "rMIVdEIadjLsSz6G"
}
1.288 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=bfd04899-4a3e-4904-ad5c-02a8d24e1245&state=rMIVdEIadjLsSz6G&response_type=code&nonce=5IIeW3of3OLrs5Xm
1.288 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=bfd04899-4a3e-4904-ad5c-02a8d24e1245&state=rMIVdEIadjLsSz6G&response_type=code&nonce=5IIeW3of3OLrs5Xm
3.172 response Response URL with query part
3.172 response {'state': 'rMIVdEIadjLsSz6G', 'scope': 'openid', 'code': 'ogKm-YFIGresiJFFJp6nR7wLAJTbHd32L2sPlVflEbI.0i1eVEzn055VTDj1iVarMEbvMadpOxafHt-1i_in59s'}
3.173 response {'state': 'rMIVdEIadjLsSz6G', 'scope': 'openid', 'code': 'ogKm-YFIGresiJFFJp6nR7wLAJTbHd32L2sPlVflEbI.0i1eVEzn055VTDj1iVarMEbvMadpOxafHt-1i_in59s'}
3.173 AuthorizationResponse {
"code": "ogKm-YFIGresiJFFJp6nR7wLAJTbHd32L2sPlVflEbI.0i1eVEzn055VTDj1iVarMEbvMadpOxafHt-1i_in59s",
"scope": "openid",
"state": "rMIVdEIadjLsSz6G"
}
3.173 phase <--<-- 5 --- Done -->-->
3.173 end
3.174 assertion VerifyAuthnResponse
3.174 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
3.174 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������./OP-claims-essential.txt���������������������������������������������������������������������������0000644�0000000�0000000�00000025422�13313422273�015470� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-claims-essential
Test description: Claims request with essential name claim
Timestamp: 2018-06-23T10:45:15Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.084 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.086 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.086 phase <--<-- 2 --- Registration -->-->
0.086 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.086 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#K2Y2RF6vhgRwjUL4"
],
"response_types": [
"code"
]
}
0.243 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.244 RegistrationResponse {
"client_id": "17be20bc-63a8-49d4-b6fd-69e2862a9e1d",
"client_secret": "YKu0gfhSPcwx",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "17be20bc-63a8-49d4-b6fd-69e2862a9e1d",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#K2Y2RF6vhgRwjUL4"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.244 phase <--<-- 3 --- AsyncAuthn -->-->
0.244 AuthorizationRequest {
"claims": {
"userinfo": {
"name": {
"essential": true
}
}
},
"client_id": "17be20bc-63a8-49d4-b6fd-69e2862a9e1d",
"nonce": "C84S0pdAWVTHCUgu",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "rNNO0wwmUg1UTDvi"
}
0.245 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=17be20bc-63a8-49d4-b6fd-69e2862a9e1d&claims=%7B%22userinfo%22%3A+%7B%22name%22%3A+%7B%22essential%22%3A+true%7D%7D%7D&state=rNNO0wwmUg1UTDvi&response_type=code&nonce=C84S0pdAWVTHCUgu
0.245 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=17be20bc-63a8-49d4-b6fd-69e2862a9e1d&claims=%7B%22userinfo%22%3A+%7B%22name%22%3A+%7B%22essential%22%3A+true%7D%7D%7D&state=rNNO0wwmUg1UTDvi&response_type=code&nonce=C84S0pdAWVTHCUgu
2.782 response Response URL with query part
2.782 response {'state': 'rNNO0wwmUg1UTDvi', 'scope': 'openid', 'code': 'Dkpqw55dihI2n2QeOSi_0oRrZvvhrSA-Emx8UV8u6iI.9NkC-cwAPvujPJloUTUS_sOsaLNhYzbCnj2BlJVYUpQ'}
2.782 response {'state': 'rNNO0wwmUg1UTDvi', 'scope': 'openid', 'code': 'Dkpqw55dihI2n2QeOSi_0oRrZvvhrSA-Emx8UV8u6iI.9NkC-cwAPvujPJloUTUS_sOsaLNhYzbCnj2BlJVYUpQ'}
2.783 AuthorizationResponse {
"code": "Dkpqw55dihI2n2QeOSi_0oRrZvvhrSA-Emx8UV8u6iI.9NkC-cwAPvujPJloUTUS_sOsaLNhYzbCnj2BlJVYUpQ",
"scope": "openid",
"state": "rNNO0wwmUg1UTDvi"
}
2.783 phase <--<-- 4 --- AccessToken -->-->
2.783 --> request op_args: {'state': 'rNNO0wwmUg1UTDvi'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.783 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'rNNO0wwmUg1UTDvi', 'code': 'Dkpqw55dihI2n2QeOSi_0oRrZvvhrSA-Emx8UV8u6iI.9NkC-cwAPvujPJloUTUS_sOsaLNhYzbCnj2BlJVYUpQ', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '17be20bc-63a8-49d4-b6fd-69e2862a9e1d'}, 'state': 'rNNO0wwmUg1UTDvi'}
2.783 AccessTokenRequest {
"code": "Dkpqw55dihI2n2QeOSi_0oRrZvvhrSA-Emx8UV8u6iI.9NkC-cwAPvujPJloUTUS_sOsaLNhYzbCnj2BlJVYUpQ",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "rNNO0wwmUg1UTDvi"
}
2.786 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.786 request_http_args {'headers': {'Authorization': 'Basic MTdiZTIwYmMtNjNhOC00OWQ0LWI2ZmQtNjllMjg2MmE5ZTFkOllLdTBnZmhTUGN3eA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.786 request code=Dkpqw55dihI2n2QeOSi_0oRrZvvhrSA-Emx8UV8u6iI.9NkC-cwAPvujPJloUTUS_sOsaLNhYzbCnj2BlJVYUpQ&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=rNNO0wwmUg1UTDvi
3.0 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.001 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTdiZTIwYmMtNjNhOC00OWQ0LWI2ZmQtNjllMjg2MmE5ZTFkIl0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MzE0LCJpYXQiOjE1Mjk3NTA3MTUsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjJkOGY1MzhmLWY4ZDctNDgyNC05NWFkLTI3Nzg2YjNhYjJmOCIsIm5vbmNlIjoiQzg0UzBwZEFXVlRIQ1VndSIsInJhdCI6MTUyOTc1MDcxMiwic3ViIjoiZm9vQGJhci5jb20ifQ.IebCwNPxC2AstcPyn2StHv5t-BOzIp0FzSgH9rW3MOHhJ9kX4o-SgdQPvnKBXfqbmo_H0ATq8bTLRmpUrzVzSHiHLxFD7yappkyRcUU5iY5mzY_ILAyKtYA7gXDS95WLrzX4rzLqnPhEqwK1f9I-ngAGxGHSYtiUd5oYJ2kgbVr56YCzRRdnJW6EYNb7SnEkhQZbDr2rFW3Ezkwg4kATL0d-6fp73USi_SHJtoyYoJ9V4U9PymJPVnuJXKgqYZBZRn_TQNbeRiXDEvpOs6-FafHZZQtpm0Qbw07akYssWUS-4QoM6HGPR4slGcIkr8rRIgBydvU0Qm2OqN1rwvzINXYAcPAvw7R6mafg4INjpOu146r0Ctk8dWl7rdVffn7uOpEm6FJ89gv1-kW66RpY7clKVVPbANNFBfil8xdG2H3S0j0-QL472-9oSsTkb6xgPefIEs3-dEBqsuZWqHW5NRriWz_8jEckLt_0c7M5a29UM0V9tFOfBLr_56cLpmkEz4j9ceJz7EeSFxTwqo6PUrYdV_zGJqyhGpLdx9u_iRNsighJajaOtGWt0keJpgnhOhnjfg9_3LcqLZcyN4IdkgtUM6ivFYJpKy4Y7pcWiNTK0Se8-uc9-unECVLlf-UXBnI8K4hmaFelbys_NgcirABn-sKm2uG1sh73qET_nHg', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'MAmqFWhZ7PEAUpep-jfPyEvASmx8w6ARpWc2nAcNeZQ.JzvgeZe3KrzNGbBbwyQoTmbPJIseCbkQUMhDNDBiY4Y', 'scope': 'openid'}
3.081 AccessTokenResponse {
"access_token": "MAmqFWhZ7PEAUpep-jfPyEvASmx8w6ARpWc2nAcNeZQ.JzvgeZe3KrzNGbBbwyQoTmbPJIseCbkQUMhDNDBiY4Y",
"expires_in": 3599,
"id_token": {
"aud": [
"17be20bc-63a8-49d4-b6fd-69e2862a9e1d"
],
"auth_time": 1529750592,
"exp": 1529754314,
"iat": 1529750715,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "2d8f538f-f8d7-4824-95ad-27786b3ab2f8",
"nonce": "C84S0pdAWVTHCUgu",
"rat": 1529750712,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.081 phase <--<-- 5 --- UserInfo -->-->
3.081 do_user_info_request kwargs:{'state': 'rNNO0wwmUg1UTDvi', 'method': 'GET', 'authn_method': 'bearer_header'}
3.081 request {'body': None}
3.081 request_url https://oidc-certification.ory.sh:8443/userinfo
3.081 request_http_args {'headers': {'Authorization': 'Bearer MAmqFWhZ7PEAUpep-jfPyEvASmx8w6ARpWc2nAcNeZQ.JzvgeZe3KrzNGbBbwyQoTmbPJIseCbkQUMhDNDBiY4Y'}}
3.152 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
3.153 OpenIDSchema {
"sub": "foo@bar.com"
}
3.153 OpenIDSchema {
"sub": "foo@bar.com"
}
3.153 phase <--<-- 6 --- Done -->-->
3.153 end
3.153 assertion VerifyClaims
3.154 condition verify-claims: status=WARNING, message=Missing required claim: name [Verifies that the claims returned as UserInfo or in the ID Token is consistent with what was asked for]
3.154 assertion CheckHTTPResponse
3.154 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
3.154 condition Done: status=OK
============================================================
Conditions
verify-claims: status=WARNING, message=Missing required claim: name [Verifies that the claims returned as UserInfo or in the ID Token is consistent with what was asked for]
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
Missing required claim: name
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-prompt-none-LoggedIn.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000034653�13313422342�016202� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-prompt-none-LoggedIn
Test description: Request with prompt=none when logged in [Basic, Implicit, Hybrid]
Timestamp: 2018-06-23T10:45:54Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.075 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.075 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#xl418IYHQ78NbkLH"
],
"response_types": [
"code"
]
}
0.242 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.243 RegistrationResponse {
"client_id": "06890cdd-4797-4c39-8b2f-a610890eed9a",
"client_secret": "yV4jXIT~KmTD",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "06890cdd-4797-4c39-8b2f-a610890eed9a",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#xl418IYHQ78NbkLH"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.243 phase <--<-- 3 --- AsyncAuthn -->-->
0.243 AuthorizationRequest {
"client_id": "06890cdd-4797-4c39-8b2f-a610890eed9a",
"nonce": "MFK7My6oTJYJPkWs",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "KlDUXbORnMBL0nSc"
}
0.243 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=06890cdd-4797-4c39-8b2f-a610890eed9a&state=KlDUXbORnMBL0nSc&response_type=code&nonce=MFK7My6oTJYJPkWs
0.243 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=06890cdd-4797-4c39-8b2f-a610890eed9a&state=KlDUXbORnMBL0nSc&response_type=code&nonce=MFK7My6oTJYJPkWs
5.286 response Response URL with query part
5.286 response {'state': 'KlDUXbORnMBL0nSc', 'scope': 'openid', 'code': 'BwbvzCKf1ioyYXdMyWwmivXOlpPD1QPjpjlxLvMJjNg.Bm9_LGXmfadHJc9zAoTk4sVfnzHLEbegz-N9VIb6ZiM'}
5.287 response {'state': 'KlDUXbORnMBL0nSc', 'scope': 'openid', 'code': 'BwbvzCKf1ioyYXdMyWwmivXOlpPD1QPjpjlxLvMJjNg.Bm9_LGXmfadHJc9zAoTk4sVfnzHLEbegz-N9VIb6ZiM'}
5.287 AuthorizationResponse {
"code": "BwbvzCKf1ioyYXdMyWwmivXOlpPD1QPjpjlxLvMJjNg.Bm9_LGXmfadHJc9zAoTk4sVfnzHLEbegz-N9VIb6ZiM",
"scope": "openid",
"state": "KlDUXbORnMBL0nSc"
}
5.287 phase <--<-- 4 --- AccessToken -->-->
5.287 --> request op_args: {'state': 'KlDUXbORnMBL0nSc'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
5.287 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'KlDUXbORnMBL0nSc', 'code': 'BwbvzCKf1ioyYXdMyWwmivXOlpPD1QPjpjlxLvMJjNg.Bm9_LGXmfadHJc9zAoTk4sVfnzHLEbegz-N9VIb6ZiM', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '06890cdd-4797-4c39-8b2f-a610890eed9a'}, 'state': 'KlDUXbORnMBL0nSc'}
5.287 AccessTokenRequest {
"code": "BwbvzCKf1ioyYXdMyWwmivXOlpPD1QPjpjlxLvMJjNg.Bm9_LGXmfadHJc9zAoTk4sVfnzHLEbegz-N9VIb6ZiM",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "KlDUXbORnMBL0nSc"
}
5.288 request_url https://oidc-certification.ory.sh:8443/oauth2/token
5.288 request_http_args {'headers': {'Authorization': 'Basic MDY4OTBjZGQtNDc5Ny00YzM5LThiMmYtYTYxMDg5MGVlZDlhOnlWNGpYSVQlN0VLbVRE', 'Content-Type': 'application/x-www-form-urlencoded'}}
5.288 request code=BwbvzCKf1ioyYXdMyWwmivXOlpPD1QPjpjlxLvMJjNg.Bm9_LGXmfadHJc9zAoTk4sVfnzHLEbegz-N9VIb6ZiM&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=KlDUXbORnMBL0nSc
5.512 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
5.513 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMDY4OTBjZGQtNDc5Ny00YzM5LThiMmYtYTYxMDg5MGVlZDlhIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0MzUyLCJpYXQiOjE1Mjk3NTA3NTIsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjUxNzdmZGEyLWYzODctNDhmZS1iZDVmLWQzNjg1YWJlY2FiZCIsIm5vbmNlIjoiTUZLN015Nm9USllKUGtXcyIsInJhdCI6MTUyOTc1MDc0Nywic3ViIjoiZm9vQGJhci5jb20ifQ.Im4_j_iaFL-HB9bSsI-VyxCryqC2gzWvimQynRU175xtAaxldzXnQJKNmsHth-3DSWj6W8lagfiA_1CgWERkU8RNlb9R0hi8yPtySnQUFtIrhJ1kjBMjglEKmY3rW9qvtdrjiZrX6HfZ1GiYTCnflACtZQXdExmAAyCx-AY8i-pH3nvv1qkDFDWRzlKoUrGsZJTq1gvMX1OgEZckz6lPaLhZW5LoaqNWyp3hlFizkDd7p13AEUNol8nzz7EugSp-1jTpO_sZ34nghtjqWUn4UXy81QrwqvN4YE_iE44gTajsB5I3-iPG9NPpB4Frdqm1NjCwF_gdLqhConVC6q41zxkRrd2OvlCakBzJe4uzIUeR8VbAExq9NfE_ssUX5XRGAhVNGab7WGaIOkHny2Gg_IROC_9xnPlCxQUYpK_Wb8QA4KQVrKRyeBkv2kTNQjcE1qGW-hpzwEJzFYsF05Rq9JsJeVyslkjk8rqj3vAKtjkDHaqYNDl7UAnk0BZmfvW-pVi7QNlu7IlowlXHmRNdDmwsuHCeVLaVXwZVdHRq-QcAKqN3TnElx7akTYFDbuGLM47CtNK9XUnEKk3puBTzPjh1Kx0ILsP6EK_NQJZqeJDHWWkvOj097oy1y9D3IEVFjI71xcz2KdckwnVTTVMuUZ3QytjPTtQug_dvKLeJygQ', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'mNcoso5YeldEVWuK9rb4Pdo6q4tvMamXQWds9d9gORw.dzdbHb0mfThlvTqX_CU29F_Fss5LlMbh5Ys-x2kFDLI', 'scope': 'openid'}
5.591 AccessTokenResponse {
"access_token": "mNcoso5YeldEVWuK9rb4Pdo6q4tvMamXQWds9d9gORw.dzdbHb0mfThlvTqX_CU29F_Fss5LlMbh5Ys-x2kFDLI",
"expires_in": 3599,
"id_token": {
"aud": [
"06890cdd-4797-4c39-8b2f-a610890eed9a"
],
"auth_time": 1529750749,
"exp": 1529754352,
"iat": 1529750752,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "5177fda2-f387-48fe-bd5f-d3685abecabd",
"nonce": "MFK7My6oTJYJPkWs",
"rat": 1529750747,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
5.591 phase <--<-- 5 --- AsyncAuthn -->-->
5.591 AuthorizationRequest {
"client_id": "06890cdd-4797-4c39-8b2f-a610890eed9a",
"nonce": "eZRl5hV8YYan8AfR",
"prompt": [
"none"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "e556UQeaBcQnykv8"
}
5.592 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=06890cdd-4797-4c39-8b2f-a610890eed9a&state=e556UQeaBcQnykv8&response_type=code&nonce=eZRl5hV8YYan8AfR
5.592 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=06890cdd-4797-4c39-8b2f-a610890eed9a&state=e556UQeaBcQnykv8&response_type=code&nonce=eZRl5hV8YYan8AfR
6.629 response Response URL with query part
6.629 response {'state': 'e556UQeaBcQnykv8', 'scope': 'openid', 'code': 'JxOxykzbTxO19kytfuBz_KN4LeLuBrzkJ8mwn4a3DL4.L67fMYxGlVT1Yaghted0hlE4ghihRo9VP9i1oORv0vI'}
6.63 response {'state': 'e556UQeaBcQnykv8', 'scope': 'openid', 'code': 'JxOxykzbTxO19kytfuBz_KN4LeLuBrzkJ8mwn4a3DL4.L67fMYxGlVT1Yaghted0hlE4ghihRo9VP9i1oORv0vI'}
6.63 AuthorizationResponse {
"code": "JxOxykzbTxO19kytfuBz_KN4LeLuBrzkJ8mwn4a3DL4.L67fMYxGlVT1Yaghted0hlE4ghihRo9VP9i1oORv0vI",
"scope": "openid",
"state": "e556UQeaBcQnykv8"
}
6.63 phase <--<-- 6 --- AccessToken -->-->
6.63 --> request op_args: {'state': 'e556UQeaBcQnykv8'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
6.63 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'e556UQeaBcQnykv8', 'code': 'JxOxykzbTxO19kytfuBz_KN4LeLuBrzkJ8mwn4a3DL4.L67fMYxGlVT1Yaghted0hlE4ghihRo9VP9i1oORv0vI', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '06890cdd-4797-4c39-8b2f-a610890eed9a'}, 'state': 'e556UQeaBcQnykv8'}
6.63 AccessTokenRequest {
"code": "JxOxykzbTxO19kytfuBz_KN4LeLuBrzkJ8mwn4a3DL4.L67fMYxGlVT1Yaghted0hlE4ghihRo9VP9i1oORv0vI",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "e556UQeaBcQnykv8"
}
6.63 request_url https://oidc-certification.ory.sh:8443/oauth2/token
6.63 request_http_args {'headers': {'Authorization': 'Basic MDY4OTBjZGQtNDc5Ny00YzM5LThiMmYtYTYxMDg5MGVlZDlhOnlWNGpYSVQlN0VLbVRE', 'Content-Type': 'application/x-www-form-urlencoded'}}
6.63 request code=JxOxykzbTxO19kytfuBz_KN4LeLuBrzkJ8mwn4a3DL4.L67fMYxGlVT1Yaghted0hlE4ghihRo9VP9i1oORv0vI&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=e556UQeaBcQnykv8
6.844 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
6.845 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMDY4OTBjZGQtNDc5Ny00YzM5LThiMmYtYTYxMDg5MGVlZDlhIl0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0MzUzLCJpYXQiOjE1Mjk3NTA3NTMsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImE2ZjAwZTlkLWM3ZWUtNDY5Zi05YTNlLTc0NWU4Y2UyZjkxNSIsIm5vbmNlIjoiZVpSbDVoVjhZWWFuOEFmUiIsInJhdCI6MTUyOTc1MDc1Miwic3ViIjoiZm9vQGJhci5jb20ifQ.hwSEEoGieIR79YNbHIHR2fiHcpTyxfg9EmuM-iJMLc2O0WkEqoIEM76E4LC6CzqrQjMNZOk-4n_9wNFg-XmgoXAH6N-hWjHzjLv2rVNjShkoxCeOy_HLP8udTFSq2rMYNTI0DWBj_SWinNZ4QStupq2VRaD2hhOJ7aUNEjMervUFhLOndVBgDTzBzoWd_Sx8Y2LkeTV2vh2gNTKeORt4qxhYh2lL_DNxxRoQADiy2MVcpanfJEuqgB0EHOkrYEdPR48ItDbkw0QpRbJU5THX07oHPt-9B6wRpwVDsIDGtlS8JIvsLNvu5wrpA54ewzObo622PTJD4yZUkWJL40lSecj5NN1JveGr55lVR3PS9GQaTZuDTw6OxkdIrygiqf7Audt5CLU_15Qxh97lTgC0eSQvkmYqKfj8Akd_rZaRoVFPup422zD1Emfk5vFs_yXADhXLtQ8E5zDFCMdx1jDStqayl8mM6pZIAGCYqauxhBXLP_pYKr72ryrs1DAFH3bg9yBI3pLzk-PYnGbipimr5YX69wFcDrznRIoYqlOdTCd25a9D7-Q7ErKDPOXa6PxGsqK04Z9ciHuqrUamJTo6otPqm8_NRlUJWLw8Ws42pui7SLISRlcvIUeyLBj0yyuuCJMlBk_Z_SIkqKhcUBnyipeifIEVC4p8B2TBGut6VNc', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'TB3cb7VQoRvyH5bdV5YUVahW0RmdaNYm-CIcodJjcMc.iw2nAwaXi-maWK53F2-CtZlD_AvNrDPOQ6GHfwuW_BU', 'scope': 'openid'}
6.849 AccessTokenResponse {
"access_token": "TB3cb7VQoRvyH5bdV5YUVahW0RmdaNYm-CIcodJjcMc.iw2nAwaXi-maWK53F2-CtZlD_AvNrDPOQ6GHfwuW_BU",
"expires_in": 3599,
"id_token": {
"aud": [
"06890cdd-4797-4c39-8b2f-a610890eed9a"
],
"auth_time": 1529750749,
"exp": 1529754353,
"iat": 1529750753,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "a6f00e9d-c7ee-469f-9a3e-745e8ce2f915",
"nonce": "eZRl5hV8YYan8AfR",
"rat": 1529750752,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
6.849 phase <--<-- 7 --- Done -->-->
6.849 end
6.849 assertion VerifyResponse
6.849 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
6.85 assertion SameAuthn
6.85 condition same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
6.85 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������./OP-Req-max_age=1.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000045600�13313422702�014534� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-max_age=1
Test description: Requesting ID Token with max_age=1 seconds restriction
Timestamp: 2018-06-23T10:49:38Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.074 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.075 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.075 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#5p0CJ2XQgHjSje1d"
],
"response_types": [
"code"
]
}
0.271 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.272 RegistrationResponse {
"client_id": "a942a48d-32e0-47a3-8894-e6c985d8fe06",
"client_secret": "frX3DqqBfdu2",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "a942a48d-32e0-47a3-8894-e6c985d8fe06",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#5p0CJ2XQgHjSje1d"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.272 phase <--<-- 3 --- AsyncAuthn -->-->
0.273 AuthorizationRequest {
"client_id": "a942a48d-32e0-47a3-8894-e6c985d8fe06",
"nonce": "e5FGaAkgppTjT3F5",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "12ub9oMq3s0bvvRk"
}
0.273 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=a942a48d-32e0-47a3-8894-e6c985d8fe06&state=12ub9oMq3s0bvvRk&response_type=code&nonce=e5FGaAkgppTjT3F5
0.273 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=a942a48d-32e0-47a3-8894-e6c985d8fe06&state=12ub9oMq3s0bvvRk&response_type=code&nonce=e5FGaAkgppTjT3F5
4.564 response Response URL with query part
4.565 response {'state': '12ub9oMq3s0bvvRk', 'scope': 'openid', 'code': 'jXWgT00mZ3E3EpzWOywxD4IxCFu4HRvNQSC3IpJAaLM.L1Nc0O6UNu-olrzB9IP5Aehqia4PBC6ogTFxt6W-85g'}
4.565 response {'state': '12ub9oMq3s0bvvRk', 'scope': 'openid', 'code': 'jXWgT00mZ3E3EpzWOywxD4IxCFu4HRvNQSC3IpJAaLM.L1Nc0O6UNu-olrzB9IP5Aehqia4PBC6ogTFxt6W-85g'}
4.565 AuthorizationResponse {
"code": "jXWgT00mZ3E3EpzWOywxD4IxCFu4HRvNQSC3IpJAaLM.L1Nc0O6UNu-olrzB9IP5Aehqia4PBC6ogTFxt6W-85g",
"scope": "openid",
"state": "12ub9oMq3s0bvvRk"
}
4.566 phase <--<-- 4 --- AccessToken -->-->
4.566 --> request op_args: {'state': '12ub9oMq3s0bvvRk'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.566 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '12ub9oMq3s0bvvRk', 'code': 'jXWgT00mZ3E3EpzWOywxD4IxCFu4HRvNQSC3IpJAaLM.L1Nc0O6UNu-olrzB9IP5Aehqia4PBC6ogTFxt6W-85g', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'a942a48d-32e0-47a3-8894-e6c985d8fe06'}, 'state': '12ub9oMq3s0bvvRk'}
4.566 AccessTokenRequest {
"code": "jXWgT00mZ3E3EpzWOywxD4IxCFu4HRvNQSC3IpJAaLM.L1Nc0O6UNu-olrzB9IP5Aehqia4PBC6ogTFxt6W-85g",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "12ub9oMq3s0bvvRk"
}
4.566 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.566 request_http_args {'headers': {'Authorization': 'Basic YTk0MmE0OGQtMzJlMC00N2EzLTg4OTQtZTZjOTg1ZDhmZTA2OmZyWDNEcXFCZmR1Mg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.566 request code=jXWgT00mZ3E3EpzWOywxD4IxCFu4HRvNQSC3IpJAaLM.L1Nc0O6UNu-olrzB9IP5Aehqia4PBC6ogTFxt6W-85g&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=12ub9oMq3s0bvvRk
4.78 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.781 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYTk0MmE0OGQtMzJlMC00N2EzLTg4OTQtZTZjOTg1ZDhmZTA2Il0sImF1dGhfdGltZSI6MTUyOTc1MDc0OSwiZXhwIjoxNTI5NzU0NTcwLCJpYXQiOjE1Mjk3NTA5NzAsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImQ3ZGM1ZTc2LThjNjMtNGNlMS05ZGQxLTUxZDNlZjBkNzg4NiIsIm5vbmNlIjoiZTVGR2FBa2dwcFRqVDNGNSIsInJhdCI6MTUyOTc1MDk2Niwic3ViIjoiZm9vQGJhci5jb20ifQ.hKV80K9doYK7tTefsUOkJP6f7gg99XV4jMrI_8h3YFxPz2nEFFBR-xNQlWS-pvHnoBsd3KUu5iW41oTh51uk3rK50TDNhST-A2TfBxiRS6zwVc9C0khw7Ven2thUsCTOg3uY9tB7L2WgfMx48aLc9eiSworfQapzclEKMgP0LbRilh2QepHl3ot5DvbxekVK0Wr01nrWs7f9s2w5LxPqxZmM-ZEYge0ZtFE0BKuJw0rCfgV2IbJ511cZ5vNVXVn1cwnUuqve-8PvzoW3qk1hdWkyDbfUdiyykZTUfx1-oJ2gFYFwXrF4lx2KGzEA74FvXLAny3HAtfJP870IGpgtxKBvLFjO0oWLEn2vGHXQznwQ_4zxb1WcAIvSsvzIpETRuEuOSVRQd3TRwTEtaS9Pss475rovVjT4OV0VeueaVttGJ-DNmGp7njD3mercaXmscZe4dQKMEYh0v-ZYOSuZ6SBDYgxqB-5e0pBeXCbgYAUitp4PwasoSHnGxAlvlnp-vg780bXKFzLpgr2AZkPIUh5hiWUtaTIvxXtbvJK9dm27euX8YHWHUS10FFRVOtrnEk66bjBbd4YfYODLLO0bju7_2MF32AJLiIVWOj6r7mb76Cn4jVxntDnS9tLwF_cwKzK_a1lSemPRCl_oXFX1OCaH64VD3-gGHTWafjdN1II', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'eIsiutoh_Sceq_OKu80E-Uw82v_vHSEuxvQv70tyI2g.l41YozrJdQfmyjdgr8aOEJQhidrHxXIQZvbJTiKEnz8', 'scope': 'openid'}
4.897 AccessTokenResponse {
"access_token": "eIsiutoh_Sceq_OKu80E-Uw82v_vHSEuxvQv70tyI2g.l41YozrJdQfmyjdgr8aOEJQhidrHxXIQZvbJTiKEnz8",
"expires_in": 3599,
"id_token": {
"aud": [
"a942a48d-32e0-47a3-8894-e6c985d8fe06"
],
"auth_time": 1529750749,
"exp": 1529754570,
"iat": 1529750970,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "d7dc5e76-8c63-4ce1-9dd1-51d3ef0d7886",
"nonce": "e5FGaAkgppTjT3F5",
"rat": 1529750966,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
4.897 phase <--<-- 5 --- Note -->-->
6.952 phase <--<-- 6 --- Webfinger -->-->
6.952 not expected to do WebFinger
6.952 phase <--<-- 7 --- Discovery -->-->
6.952 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
7.04 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
7.041 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
7.041 phase <--<-- 8 --- Registration -->-->
7.041 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
7.042 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#R6uysB49cR0gilVk"
],
"response_types": [
"code"
]
}
7.2 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
7.201 RegistrationResponse {
"client_id": "5e6298c0-5621-4d0e-bcbb-4ec21b2ba554",
"client_secret": "hWW-Grw39Qwe",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "5e6298c0-5621-4d0e-bcbb-4ec21b2ba554",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#R6uysB49cR0gilVk"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
7.201 phase <--<-- 9 --- AsyncAuthn -->-->
7.202 AuthorizationRequest {
"client_id": "5e6298c0-5621-4d0e-bcbb-4ec21b2ba554",
"max_age": 1,
"nonce": "Ld7AQn5QDAHvconQ",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "Qho0A3keI70Da9QM"
}
7.202 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?max_age=1&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=5e6298c0-5621-4d0e-bcbb-4ec21b2ba554&state=Qho0A3keI70Da9QM&response_type=code&nonce=Ld7AQn5QDAHvconQ
7.202 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?max_age=1&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=5e6298c0-5621-4d0e-bcbb-4ec21b2ba554&state=Qho0A3keI70Da9QM&response_type=code&nonce=Ld7AQn5QDAHvconQ
12.034 response Response URL with query part
12.035 response {'state': 'Qho0A3keI70Da9QM', 'scope': 'openid', 'code': 'Wgq7bfvH9KKez90eGhC2a4ruwq4WaWX0CAvGUgiJMIU.QeZU8jDQRKw530vQY8LQJV_2QDJxD7IQreHqBFsmo5g'}
12.036 response {'state': 'Qho0A3keI70Da9QM', 'scope': 'openid', 'code': 'Wgq7bfvH9KKez90eGhC2a4ruwq4WaWX0CAvGUgiJMIU.QeZU8jDQRKw530vQY8LQJV_2QDJxD7IQreHqBFsmo5g'}
12.036 AuthorizationResponse {
"code": "Wgq7bfvH9KKez90eGhC2a4ruwq4WaWX0CAvGUgiJMIU.QeZU8jDQRKw530vQY8LQJV_2QDJxD7IQreHqBFsmo5g",
"scope": "openid",
"state": "Qho0A3keI70Da9QM"
}
12.036 phase <--<-- 10 --- AccessToken -->-->
12.036 --> request op_args: {'state': 'Qho0A3keI70Da9QM'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
12.036 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'Qho0A3keI70Da9QM', 'code': 'Wgq7bfvH9KKez90eGhC2a4ruwq4WaWX0CAvGUgiJMIU.QeZU8jDQRKw530vQY8LQJV_2QDJxD7IQreHqBFsmo5g', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '5e6298c0-5621-4d0e-bcbb-4ec21b2ba554'}, 'state': 'Qho0A3keI70Da9QM'}
12.036 AccessTokenRequest {
"code": "Wgq7bfvH9KKez90eGhC2a4ruwq4WaWX0CAvGUgiJMIU.QeZU8jDQRKw530vQY8LQJV_2QDJxD7IQreHqBFsmo5g",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "Qho0A3keI70Da9QM"
}
12.036 request_url https://oidc-certification.ory.sh:8443/oauth2/token
12.036 request_http_args {'headers': {'Authorization': 'Basic NWU2Mjk4YzAtNTYyMS00ZDBlLWJjYmItNGVjMjFiMmJhNTU0OmhXVy1HcnczOVF3ZQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
12.036 request code=Wgq7bfvH9KKez90eGhC2a4ruwq4WaWX0CAvGUgiJMIU.QeZU8jDQRKw530vQY8LQJV_2QDJxD7IQreHqBFsmo5g&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=Qho0A3keI70Da9QM
12.247 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
12.248 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNWU2Mjk4YzAtNTYyMS00ZDBlLWJjYmItNGVjMjFiMmJhNTU0Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiZXhwIjoxNTI5NzU0NTc3LCJpYXQiOjE1Mjk3NTA5NzcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjM2NmIwYmNhLWU2ZDgtNGM5ZS04MjVlLTNiMWI5M2ZkMzcwNiIsIm5vbmNlIjoiTGQ3QVFuNVFEQUh2Y29uUSIsInJhdCI6MTUyOTc1MDk3Mywic3ViIjoiZm9vQGJhci5jb20ifQ.cBJzzWyO7BJRalw2Ibu1okWzxH3sIYaQ22CKjb500HFggIJLcRWyscIkPerV8ZMGCimD0vY1ul6hT5OEaSTejN3ZRLOewP8MwRvBw36fGh6JujP_tn6yW3EKGdt1X1JHGlLBsuvpHlzyVMA5AcCRIZb2t8dYGtu0wpAdP1VfLsac_omeEKUntlK47vi_KLLMwgjfP4S1U94kugm7J7cs7RYmUOECEYNc7irOGDLLqv5GMWKu2aHuqOLcuIAQeJ1Aukdx__8343caUvuhzOMv9jN4QIBkzdYgU6dZJ4Y4Ii3r7H6ZIwaqFkHhYrnwj3dLTslna4P2m6B0urUs0UUekZe6UHKVyszdBhV2AAmRL40SFOQ4KFOmbx4cATXA8SN8FFTU_Wr-w6MgoKWgCqVDUrPexEVJYTtWyT9r1HsgeiyBzlUm201XX3FVwYzg_4D-mZkRD0ZCOYMZTajYz4mYm0e8QYPTj3Ka824zR62XeN9zBO2FyJIRihSptxLPLd0Qr-__gULP_mXNCXL5g3WLcyrG1jVY3dRvWbNqUc4Pd-D8pQrrMbbXmNzSbP7TKHeq6MI1AaXQ5AWcnhKKNq0BRckoCYc4YVffqo9G9zRPcpIHcycUSr0oUy5_MP6uNLg6IIZlzWdtVJ8gyn1k0RO4cntFcp0FLGOQRqLHOHDchF8', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': '3RaT6JkREXBXGu7ksZPmH5iKngTggPPObWOib7OCs1I.44E8ZS_kXK43CB3ptK6j80VA75maDGW_5ifmBBrlvE0', 'scope': 'openid'}
12.252 AccessTokenResponse {
"access_token": "3RaT6JkREXBXGu7ksZPmH5iKngTggPPObWOib7OCs1I.44E8ZS_kXK43CB3ptK6j80VA75maDGW_5ifmBBrlvE0",
"expires_in": 3599,
"id_token": {
"aud": [
"5e6298c0-5621-4d0e-bcbb-4ec21b2ba554"
],
"auth_time": 1529750975,
"exp": 1529754577,
"iat": 1529750977,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "366b0bca-e6d8-4c9e-825e-3b1b93fd3706",
"nonce": "Ld7AQn5QDAHvconQ",
"rat": 1529750973,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
12.252 phase <--<-- 11 --- Done -->-->
12.252 end
12.252 assertion AuthTimeCheck
12.252 condition auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
12.253 assertion VerifyResponse
12.253 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
12.253 assertion ClaimsCheck
12.253 condition claims-check: status=OK [Checks if specific claims is present or not]
12.254 assertion MultipleSignOn
12.254 condition multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
12.254 condition Done: status=OK
============================================================
Conditions
auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
claims-check: status=OK [Checks if specific claims is present or not]
multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������./OP-UserInfo-Header.txt����������������������������������������������������������������������������0000644�0000000�0000000�00000024130�13313422262�015144� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-UserInfo-Header
Test description: UserInfo Endpoint access with POST and bearer header
Timestamp: 2018-06-23T10:45:06Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.074 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#FsZG8yaaKFEkQRyv"
],
"response_types": [
"code"
]
}
0.23 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.231 RegistrationResponse {
"client_id": "19524c99-63a9-4332-9635-e3b12a4bfebd",
"client_secret": "cEd5J.bIugIQ",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "19524c99-63a9-4332-9635-e3b12a4bfebd",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#FsZG8yaaKFEkQRyv"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.231 phase <--<-- 3 --- AsyncAuthn -->-->
0.232 AuthorizationRequest {
"client_id": "19524c99-63a9-4332-9635-e3b12a4bfebd",
"nonce": "3GSZWZW6lCoJ0r9M",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "iq5OQv3hTLHWY3Lp"
}
0.232 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=19524c99-63a9-4332-9635-e3b12a4bfebd&state=iq5OQv3hTLHWY3Lp&response_type=code&nonce=3GSZWZW6lCoJ0r9M
0.232 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=19524c99-63a9-4332-9635-e3b12a4bfebd&state=iq5OQv3hTLHWY3Lp&response_type=code&nonce=3GSZWZW6lCoJ0r9M
2.446 response Response URL with query part
2.446 response {'state': 'iq5OQv3hTLHWY3Lp', 'scope': 'openid', 'code': 'fZ1s3s9nV7SQtoiWcit46-3IXrP4B9m4drva5NEZvZA.VEAQygqS8n0amJODgmml8Uwrq83tI7CRxt_EIrqZBdg'}
2.447 response {'state': 'iq5OQv3hTLHWY3Lp', 'scope': 'openid', 'code': 'fZ1s3s9nV7SQtoiWcit46-3IXrP4B9m4drva5NEZvZA.VEAQygqS8n0amJODgmml8Uwrq83tI7CRxt_EIrqZBdg'}
2.447 AuthorizationResponse {
"code": "fZ1s3s9nV7SQtoiWcit46-3IXrP4B9m4drva5NEZvZA.VEAQygqS8n0amJODgmml8Uwrq83tI7CRxt_EIrqZBdg",
"scope": "openid",
"state": "iq5OQv3hTLHWY3Lp"
}
2.447 phase <--<-- 4 --- AccessToken -->-->
2.447 --> request op_args: {'state': 'iq5OQv3hTLHWY3Lp'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.447 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'iq5OQv3hTLHWY3Lp', 'code': 'fZ1s3s9nV7SQtoiWcit46-3IXrP4B9m4drva5NEZvZA.VEAQygqS8n0amJODgmml8Uwrq83tI7CRxt_EIrqZBdg', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '19524c99-63a9-4332-9635-e3b12a4bfebd'}, 'state': 'iq5OQv3hTLHWY3Lp'}
2.447 AccessTokenRequest {
"code": "fZ1s3s9nV7SQtoiWcit46-3IXrP4B9m4drva5NEZvZA.VEAQygqS8n0amJODgmml8Uwrq83tI7CRxt_EIrqZBdg",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "iq5OQv3hTLHWY3Lp"
}
2.447 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.447 request_http_args {'headers': {'Authorization': 'Basic MTk1MjRjOTktNjNhOS00MzMyLTk2MzUtZTNiMTJhNGJmZWJkOmNFZDVKLmJJdWdJUQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.447 request code=fZ1s3s9nV7SQtoiWcit46-3IXrP4B9m4drva5NEZvZA.VEAQygqS8n0amJODgmml8Uwrq83tI7CRxt_EIrqZBdg&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=iq5OQv3hTLHWY3Lp
2.66 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.661 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTk1MjRjOTktNjNhOS00MzMyLTk2MzUtZTNiMTJhNGJmZWJkIl0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MzA2LCJpYXQiOjE1Mjk3NTA3MDYsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImEwZGNkNmViLTU5ZmMtNDY0Zi1iZTc5LWVlYzM4YzFhZDI1YiIsIm5vbmNlIjoiM0dTWldaVzZsQ29KMHI5TSIsInJhdCI6MTUyOTc1MDcwNCwic3ViIjoiZm9vQGJhci5jb20ifQ.uDl6VRD5NaE7tJDvfvVcgeruKzGsXZXg6k_SzING_2vpFnCTaETzeA1XgsrP9LsMGLhscJFxj9w5SEm8QVMf1jxFyV7zL-p-UbBdoL7fIc0bZDYBcxu1tk2mg_hgedkKEArSXjL4hwYmhh6E8OzwA2hcg-adi7DevHtMo0xPdUNbh7algn1InBN5facazm05hSNuuGqJdypubelT6UBlTBfiuijbgjn-xt94S8pV3ZvQzfv0plEYvfzoqXLkDPgDM_In4I911asVxvrm1KivTYSElt-fOLEclIWIvf1PxuLrH-44UOfScspkWVOrEXuBf18cW7StjI2EO41QVz5Uq7QJ0j5souoHm45E5fxvAXvfjDYX2ILZ3Oyot-IjBDEQbFC9ZaRkDT5ZLZnkSAZ1-BAhSjvg8QicmcRO10NU99dorD2sX8G5YsU6QMe7SvBxGFQHzkRU2Tt0MVaHdw5CpOMgstAGVMHe1rgsC_m6MrHgl3UTc7DeH2Q51AT5qkPOlKWMUeX4K9xTguzSbhZlSqcyJ3bcA1T_No9n9goH4L-YCtcuBIfOyRWu4er8wExGTSaRWD82BpPihE4Hl4rZqEx5rqmRciyKiX-U-VYv08PIsaSHZruU6Tg0ASyDCE6joTlCFTVN07J_pPB4kWOoKlhpcg9Ileedivth0KDBy-U', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'lEAvI-LvpReCmRzQaelaDNrblmhspAFOciiFR-TsYBc.pVztzjiS37hGLBibb1fZch47UIX70zc9Gcupys6RMCE', 'scope': 'openid'}
2.739 AccessTokenResponse {
"access_token": "lEAvI-LvpReCmRzQaelaDNrblmhspAFOciiFR-TsYBc.pVztzjiS37hGLBibb1fZch47UIX70zc9Gcupys6RMCE",
"expires_in": 3599,
"id_token": {
"aud": [
"19524c99-63a9-4332-9635-e3b12a4bfebd"
],
"auth_time": 1529750592,
"exp": 1529754306,
"iat": 1529750706,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "a0dcd6eb-59fc-464f-be79-eec38c1ad25b",
"nonce": "3GSZWZW6lCoJ0r9M",
"rat": 1529750704,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.739 phase <--<-- 5 --- UserInfo -->-->
2.739 do_user_info_request kwargs:{'state': 'iq5OQv3hTLHWY3Lp', 'method': 'POST', 'behavior': 'use_authorization_header'}
2.74 request {'body': ''}
2.74 request_url https://oidc-certification.ory.sh:8443/userinfo
2.74 request_http_args {'headers': {'Authorization': 'Bearer lEAvI-LvpReCmRzQaelaDNrblmhspAFOciiFR-TsYBc.pVztzjiS37hGLBibb1fZch47UIX70zc9Gcupys6RMCE', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.812 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
2.813 OpenIDSchema {
"sub": "foo@bar.com"
}
2.813 OpenIDSchema {
"sub": "foo@bar.com"
}
2.813 phase <--<-- 6 --- Done -->-->
2.813 end
2.813 assertion VerifyResponse
2.813 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.813 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-nonce-code.txt���������������������������������������������������������������������������������0000644�0000000�0000000�00000023323�13313422316�014241� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-nonce-code
Test description: ID Token has nonce when requested for code flow
Timestamp: 2018-06-23T10:45:34Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.094 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.096 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.096 phase <--<-- 2 --- Registration -->-->
0.096 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.096 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#IJ9QgjAlHuEm72cL"
],
"response_types": [
"code"
]
}
0.267 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.268 RegistrationResponse {
"client_id": "0b4c1ae2-a82c-47eb-acf4-afc93ef92df5",
"client_secret": "2ju7LCfhOshL",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "0b4c1ae2-a82c-47eb-acf4-afc93ef92df5",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#IJ9QgjAlHuEm72cL"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.268 phase <--<-- 3 --- AsyncAuthn -->-->
0.269 AuthorizationRequest {
"client_id": "0b4c1ae2-a82c-47eb-acf4-afc93ef92df5",
"nonce": "godmorgon",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "lsd30TvVdAewHHQe"
}
0.269 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=0b4c1ae2-a82c-47eb-acf4-afc93ef92df5&state=lsd30TvVdAewHHQe&response_type=code&nonce=godmorgon
0.269 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=0b4c1ae2-a82c-47eb-acf4-afc93ef92df5&state=lsd30TvVdAewHHQe&response_type=code&nonce=godmorgon
2.331 response Response URL with query part
2.332 response {'state': 'lsd30TvVdAewHHQe', 'scope': 'openid', 'code': 'jran3uGUhC_W3e3X4KnvgxyTbuOo11M5M3-zbFT3y90.2oWqL8iax2O8IwQJ9aRPcL8Wp1gRV4dt8CZAquG-r_E'}
2.332 response {'state': 'lsd30TvVdAewHHQe', 'scope': 'openid', 'code': 'jran3uGUhC_W3e3X4KnvgxyTbuOo11M5M3-zbFT3y90.2oWqL8iax2O8IwQJ9aRPcL8Wp1gRV4dt8CZAquG-r_E'}
2.332 AuthorizationResponse {
"code": "jran3uGUhC_W3e3X4KnvgxyTbuOo11M5M3-zbFT3y90.2oWqL8iax2O8IwQJ9aRPcL8Wp1gRV4dt8CZAquG-r_E",
"scope": "openid",
"state": "lsd30TvVdAewHHQe"
}
2.332 phase <--<-- 4 --- AccessToken -->-->
2.333 --> request op_args: {'state': 'lsd30TvVdAewHHQe'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.333 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'lsd30TvVdAewHHQe', 'code': 'jran3uGUhC_W3e3X4KnvgxyTbuOo11M5M3-zbFT3y90.2oWqL8iax2O8IwQJ9aRPcL8Wp1gRV4dt8CZAquG-r_E', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '0b4c1ae2-a82c-47eb-acf4-afc93ef92df5'}, 'state': 'lsd30TvVdAewHHQe'}
2.333 AccessTokenRequest {
"code": "jran3uGUhC_W3e3X4KnvgxyTbuOo11M5M3-zbFT3y90.2oWqL8iax2O8IwQJ9aRPcL8Wp1gRV4dt8CZAquG-r_E",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "lsd30TvVdAewHHQe"
}
2.333 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.333 request_http_args {'headers': {'Authorization': 'Basic MGI0YzFhZTItYTgyYy00N2ViLWFjZjQtYWZjOTNlZjkyZGY1OjJqdTdMQ2ZoT3NoTA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.333 request code=jran3uGUhC_W3e3X4KnvgxyTbuOo11M5M3-zbFT3y90.2oWqL8iax2O8IwQJ9aRPcL8Wp1gRV4dt8CZAquG-r_E&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=lsd30TvVdAewHHQe
2.548 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.549 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMGI0YzFhZTItYTgyYy00N2ViLWFjZjQtYWZjOTNlZjkyZGY1Il0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MzM0LCJpYXQiOjE1Mjk3NTA3MzQsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjJhNTBmMWJhLWQwZTgtNDdkNS1hNzEyLWZjY2E0ODllZThmNCIsIm5vbmNlIjoiZ29kbW9yZ29uIiwicmF0IjoxNTI5NzUwNzMyLCJzdWIiOiJmb29AYmFyLmNvbSJ9.VodgNSYDvojKEuxELokWE81dHyQO72hOx1gZTHi2fNWEkundzAnRV8t123uecnfr7JrDsbl68_sOOVsEt43kuh_QHjlljUn_14NHtNcKPhMh3cHgZp0Pw_rkwIYo4R80vwKCSQEqoJqZMXysDMjKrrsbfkRQnieX96anZJ4dUx8OydnkuDxHY60H9QzK6geJqfQgEtEp5nCmpNaUWdXzsEc2rxv7rCA8T_5ArfORZoIj0B3652BWlmtscpl3vlA8tRcGHLIVxmo3ZPqvcoTrqEnMHupch_hhvGqH57Yn6alDMgzgAoemANVY2N_-T934E_nDyXh1o-Y64DxYK_yA4DWDJY_uPYPOJgqsAAnjZa9ySD6MGOMGUmfv_PYdVgcprtxYyeuFXMI9HpRfTSnWTTv6BcMlDjt4meXt-0tEez5ztYiPzsMuzFaDkoktUDPOC8YmFwp_cRgzkH1WkWdknp6ENJci3PuTKysoQ6LoqxN9cFibGAylvGIYGn_Oh2EfnnzXbgJe57FnCQhYmlE3_rlJLwxnC1bqdxswHZqiqAjViXYcLGsJOKoFE2C7MRIfgtEjPg5PVZS7iv_k9OmsgMmd5FSsB_Y0JafDBQ0qKRfitEYE8GdpvEGkBu-2y44Q7ObmUEIDy_UypvVdFDskS2Ncp_GIEpPb3Pm9zYcb3-E', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'Wz0J5Wf7vL8jPp2DyfFFdNvOYyaH-c7M2DEA7BdgB0g.nzMNBbh_zdFLlJtnTF2qxO9m58LN2xCASyZAE20ZsOk', 'scope': 'openid'}
2.626 AccessTokenResponse {
"access_token": "Wz0J5Wf7vL8jPp2DyfFFdNvOYyaH-c7M2DEA7BdgB0g.nzMNBbh_zdFLlJtnTF2qxO9m58LN2xCASyZAE20ZsOk",
"expires_in": 3599,
"id_token": {
"aud": [
"0b4c1ae2-a82c-47eb-acf4-afc93ef92df5"
],
"auth_time": 1529750592,
"exp": 1529754334,
"iat": 1529750734,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "2a50f1ba-d0e8-47d5-a712-fcca489ee8f4",
"nonce": "godmorgon",
"rat": 1529750732,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.626 phase <--<-- 5 --- Done -->-->
2.626 end
2.627 assertion VerifyResponse
2.627 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.627 assertion VerifyNonce
2.627 condition verify-nonce: status=OK [Verifies that the nonce received in the IDToken is the same as was given in the Authorization Request]
2.627 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-nonce: status=OK [Verifies that the nonce received in the IDToken is the same as was given in the Authorization Request]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-Dynamic.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000011475�13313422116�016266� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-Dynamic
Test description: Client registration request
Timestamp: 2018-06-23T10:43:26Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.11 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.111 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.112 phase <--<-- 2 --- Registration -->-->
0.112 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.112 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#wG5lPNdDnhbb3lBI"
],
"response_types": [
"code"
]
}
0.3 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.301 RegistrationResponse {
"client_id": "c52050fc-b532-4d95-b334-83bb56094891",
"client_secret": "Tb1prwm3dErm",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "c52050fc-b532-4d95-b334-83bb56094891",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#wG5lPNdDnhbb3lBI"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.301 phase <--<-- 3 --- Done -->-->
0.301 end
0.302 assertion CheckHTTPResponse
0.302 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
0.302 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-display-page.txt�������������������������������������������������������������������������������0000644�0000000�0000000�00000014347�13313422300�014605� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-display-page
Test description: Request with display=page
Timestamp: 2018-06-23T10:45:20Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.456 phase <--<-- 1 --- Webfinger -->-->
1.457 not expected to do WebFinger
1.457 phase <--<-- 2 --- Discovery -->-->
1.457 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.528 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.529 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.529 phase <--<-- 3 --- Registration -->-->
1.529 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.53 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#NhW5pddP0Mh7rE7e"
],
"response_types": [
"code"
]
}
1.686 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.687 RegistrationResponse {
"client_id": "040fd742-7fa2-427e-ab4a-6a8e3f980798",
"client_secret": "03igEnNuvrH0",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "040fd742-7fa2-427e-ab4a-6a8e3f980798",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#NhW5pddP0Mh7rE7e"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.687 phase <--<-- 4 --- AsyncAuthn -->-->
1.688 AuthorizationRequest {
"client_id": "040fd742-7fa2-427e-ab4a-6a8e3f980798",
"display": "page",
"nonce": "MgBPdF8IkUj0nXT7",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "upGoYKEtjGzwXaoO"
}
1.688 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=040fd742-7fa2-427e-ab4a-6a8e3f980798&state=upGoYKEtjGzwXaoO&response_type=code&nonce=MgBPdF8IkUj0nXT7&display=page
1.688 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=040fd742-7fa2-427e-ab4a-6a8e3f980798&state=upGoYKEtjGzwXaoO&response_type=code&nonce=MgBPdF8IkUj0nXT7&display=page
4.337 response Response URL with query part
4.338 response {'state': 'upGoYKEtjGzwXaoO', 'scope': 'openid', 'code': 'Tlu_o4Xu-inZWVNF4LUDx__ijfxcEYpkj0MfKiQ0orE.hmFF7awAJvJieYsCApfB9NBn3kGIIKFJ81v9LLF-skg'}
4.339 response {'state': 'upGoYKEtjGzwXaoO', 'scope': 'openid', 'code': 'Tlu_o4Xu-inZWVNF4LUDx__ijfxcEYpkj0MfKiQ0orE.hmFF7awAJvJieYsCApfB9NBn3kGIIKFJ81v9LLF-skg'}
4.339 AuthorizationResponse {
"code": "Tlu_o4Xu-inZWVNF4LUDx__ijfxcEYpkj0MfKiQ0orE.hmFF7awAJvJieYsCApfB9NBn3kGIIKFJ81v9LLF-skg",
"scope": "openid",
"state": "upGoYKEtjGzwXaoO"
}
4.339 phase <--<-- 5 --- Done -->-->
4.339 end
4.34 assertion VerifyResponse
4.34 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
4.34 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-Endpoint.txt����������������������������������������������������������������������0000644�0000000�0000000�00000005204�13313422120�016446� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-Endpoint
Test description: Verify that registration_endpoint is published
Timestamp: 2018-06-23T10:43:28Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.109 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.11 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.11 phase <--<-- 2 --- Done -->-->
0.11 end
0.111 assertion VerifyOPHasRegistrationEndpoint
0.111 condition verify-op-has-registration-endpoint: status=OK [Verify that the OP has a registration endpoint]
0.111 condition Done: status=OK
============================================================
Conditions
verify-op-has-registration-endpoint: status=OK [Verify that the OP has a registration endpoint]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-IDToken-C-Signature.txt������������������������������������������������������������������������0000644�0000000�0000000�00000023174�13313422203�015642� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-IDToken-C-Signature
Test description: Does the OP sign the ID Token and with what
Timestamp: 2018-06-23T10:44:19Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.091 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.093 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.093 phase <--<-- 2 --- Registration -->-->
0.093 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.093 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#yRexVseJ5WpRjoBI"
],
"response_types": [
"code"
]
}
0.292 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.292 RegistrationResponse {
"client_id": "6f1490e4-ed74-431c-b0a0-c5d4908c41b8",
"client_secret": "E_EZ9WeOhjsd",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "6f1490e4-ed74-431c-b0a0-c5d4908c41b8",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#yRexVseJ5WpRjoBI"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.293 phase <--<-- 3 --- AsyncAuthn -->-->
0.293 AuthorizationRequest {
"client_id": "6f1490e4-ed74-431c-b0a0-c5d4908c41b8",
"nonce": "WJevRTBFfLpx3kyn",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "DStKMWdQshxkfiQD"
}
0.293 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6f1490e4-ed74-431c-b0a0-c5d4908c41b8&state=DStKMWdQshxkfiQD&response_type=code&nonce=WJevRTBFfLpx3kyn
0.293 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6f1490e4-ed74-431c-b0a0-c5d4908c41b8&state=DStKMWdQshxkfiQD&response_type=code&nonce=WJevRTBFfLpx3kyn
2.979 response Response URL with query part
2.979 response {'state': 'DStKMWdQshxkfiQD', 'scope': 'openid', 'code': 'EHhv1enltKedw2R49Sw91bYFOAwpzkzxFF2NKVTpt0k.acsXVo87D0pcqC_6QOvy9ZhCp6e9KNFAVG43RnvaD68'}
2.98 response {'state': 'DStKMWdQshxkfiQD', 'scope': 'openid', 'code': 'EHhv1enltKedw2R49Sw91bYFOAwpzkzxFF2NKVTpt0k.acsXVo87D0pcqC_6QOvy9ZhCp6e9KNFAVG43RnvaD68'}
2.98 AuthorizationResponse {
"code": "EHhv1enltKedw2R49Sw91bYFOAwpzkzxFF2NKVTpt0k.acsXVo87D0pcqC_6QOvy9ZhCp6e9KNFAVG43RnvaD68",
"scope": "openid",
"state": "DStKMWdQshxkfiQD"
}
2.98 phase <--<-- 4 --- AccessToken -->-->
2.98 --> request op_args: {'state': 'DStKMWdQshxkfiQD'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.98 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'DStKMWdQshxkfiQD', 'code': 'EHhv1enltKedw2R49Sw91bYFOAwpzkzxFF2NKVTpt0k.acsXVo87D0pcqC_6QOvy9ZhCp6e9KNFAVG43RnvaD68', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '6f1490e4-ed74-431c-b0a0-c5d4908c41b8'}, 'state': 'DStKMWdQshxkfiQD'}
2.98 AccessTokenRequest {
"code": "EHhv1enltKedw2R49Sw91bYFOAwpzkzxFF2NKVTpt0k.acsXVo87D0pcqC_6QOvy9ZhCp6e9KNFAVG43RnvaD68",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "DStKMWdQshxkfiQD"
}
2.981 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.981 request_http_args {'headers': {'Authorization': 'Basic NmYxNDkwZTQtZWQ3NC00MzFjLWIwYTAtYzVkNDkwOGM0MWI4OkVfRVo5V2VPaGpzZA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.981 request code=EHhv1enltKedw2R49Sw91bYFOAwpzkzxFF2NKVTpt0k.acsXVo87D0pcqC_6QOvy9ZhCp6e9KNFAVG43RnvaD68&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=DStKMWdQshxkfiQD
3.196 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.197 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmYxNDkwZTQtZWQ3NC00MzFjLWIwYTAtYzVkNDkwOGM0MWI4Il0sImF1dGhfdGltZSI6MTUyOTc1MDU5MiwiZXhwIjoxNTI5NzU0MjU5LCJpYXQiOjE1Mjk3NTA2NTksImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjE1ZTY2Y2U4LWYyYzMtNDUzYy1iY2Y3LTg0Yzg3YTVmNDIxZiIsIm5vbmNlIjoiV0pldlJUQkZmTHB4M2t5biIsInJhdCI6MTUyOTc1MDY1Niwic3ViIjoiZm9vQGJhci5jb20ifQ.wDvxxgpwQUqDFR3CBXJ5IdcW5PMoTjMlT0FjSsgschKN3zCuqmIur4qomJBU7U5NmYrR29tS8g8TxU9WJQpH2OvqKwe1WZaELuFJeSUarwsM9oGdRHt0eY81eRuobESKD2eIByXFqC4mqSD3la6_bUyKBt6HK0gXM1NwDIaVelqHC3I6wS0Z_oVgDhcsevwM4y5m1bdxfsChYfP5lpjWJVbx13ReAuvJKcnnuWc9Jf5gl4aPYXxXGsMsafoEPnI20FmdZreH3OEIyiqiiWjh4TAVTVSKLnLmQYzNeOP1V3iz84-miTPkd4IyrEYkkdE_P-J_uEKhc-ny7VKyJUXOA_UyD2qwgAwIYPQsam-TVzuwrjXITE6zr3-g7fuz7Z10QJHnzpC0-t-Qzo4wotqcKRS4MiOShjvNET1dTXptw4aIiPWYdQyI6XGVM5wb2BDHBnDNSQnIWrQxO4kwMYa6LCrNRRwjfHmlw4072og9yR2vvMRgKd66-kxqXfakefIExyCg5anFo8nS4MaSFGbEEorfs6GBs2lC0D5Oj7PZsX7sspVsoFgRGLkqWx30CJy_dwlAleOMCmrC4jHyt-5Mj06PP3twZhJ6MNf9twJbF8gmWiG-itBw-4DQ2hKosV3zxA0ePGrc8W_ASKfzIrOj_ZRgBnK7TDoCf1MnuvcMWmM', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'mmzhHCal4LULBZbMeac1DUQfKfk7cfrq2c5OE7yT6Ns.Bcx1S4VqOnR4HLMld-9pqPOpcjVU6TyL2RzddWvlUlY', 'scope': 'openid'}
3.273 AccessTokenResponse {
"access_token": "mmzhHCal4LULBZbMeac1DUQfKfk7cfrq2c5OE7yT6Ns.Bcx1S4VqOnR4HLMld-9pqPOpcjVU6TyL2RzddWvlUlY",
"expires_in": 3599,
"id_token": {
"aud": [
"6f1490e4-ed74-431c-b0a0-c5d4908c41b8"
],
"auth_time": 1529750592,
"exp": 1529754259,
"iat": 1529750659,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "15e66ce8-f2c3-453c-bcf7-84c87a5f421f",
"nonce": "WJevRTBFfLpx3kyn",
"rat": 1529750656,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.273 phase <--<-- 5 --- Done -->-->
3.273 end
3.274 assertion VerifyResponse
3.274 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.274 assertion IsIDTokenSigned
3.274 condition is-idtoken-signed: status=OK [Checks if the id_token is signed]
3.274 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
is-idtoken-signed: status=OK [Checks if the id_token is signed]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������