internal/certification/C.F.T.T.s/OP-OAuth-2nd.txt
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd
Test description: Trying to use authorization code twice should result in an error
Timestamp: 2018-06-23T10:49:57Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.083 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.085 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.085 phase <--<-- 2 --- Registration -->-->
0.085 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.085 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#FL581Lz6aG6iwVOy"
],
"response_types": [
"code"
]
}
0.242 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.243 RegistrationResponse {
"client_id": "d082c01c-91c4-49df-aa46-33b71608ad1e",
"client_secret": "Ra1Zab_HDS8j",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "d082c01c-91c4-49df-aa46-33b71608ad1e",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#FL581Lz6aG6iwVOy"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.243 phase <--<-- 3 --- Note -->-->
1.421 phase <--<-- 4 --- AsyncAuthn -->-->
1.421 AuthorizationRequest {
"client_id": "d082c01c-91c4-49df-aa46-33b71608ad1e",
"nonce": "yEeKuZL8WoGk8s9H",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "fUctXcDznly6yE0o"
}
1.421 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=d082c01c-91c4-49df-aa46-33b71608ad1e&state=fUctXcDznly6yE0o&response_type=code&nonce=yEeKuZL8WoGk8s9H
1.421 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=d082c01c-91c4-49df-aa46-33b71608ad1e&state=fUctXcDznly6yE0o&response_type=code&nonce=yEeKuZL8WoGk8s9H
4.004 response Response URL with query part
4.005 response {'state': 'fUctXcDznly6yE0o', 'scope': 'openid', 'code': 'oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8'}
4.005 response {'state': 'fUctXcDznly6yE0o', 'scope': 'openid', 'code': 'oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8'}
4.005 AuthorizationResponse {
"code": "oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8",
"scope": "openid",
"state": "fUctXcDznly6yE0o"
}
4.005 phase <--<-- 5 --- AccessToken -->-->
4.006 --> request op_args: {'state': 'fUctXcDznly6yE0o'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.006 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'fUctXcDznly6yE0o', 'code': 'oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'd082c01c-91c4-49df-aa46-33b71608ad1e'}, 'state': 'fUctXcDznly6yE0o'}
4.006 AccessTokenRequest {
"code": "oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "fUctXcDznly6yE0o"
}
4.006 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.006 request_http_args {'headers': {'Authorization': 'Basic ZDA4MmMwMWMtOTFjNC00OWRmLWFhNDYtMzNiNzE2MDhhZDFlOlJhMVphYl9IRFM4ag==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.006 request code=oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=fUctXcDznly6yE0o
4.217 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.218 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0OTA5NjhlOC1jNmU1LTQ0MWUtYjQyZS01MDUzZDZjNjdhZjIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZDA4MmMwMWMtOTFjNC00OWRmLWFhNDYtMzNiNzE2MDhhZDFlIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiZXhwIjoxNTI5NzU0NTk2LCJpYXQiOjE1Mjk3NTA5OTcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjIyNTkxNDMyLThhZjQtNGQzMy05ZTc3LTA0ZTg5ZjIxZjg3OSIsIm5vbmNlIjoieUVlS3VaTDhXb0drOHM5SCIsInJhdCI6MTUyOTc1MDk5NCwic3ViIjoiZm9vQGJhci5jb20ifQ.zYM76KEEBI9ExJlVNFalJrXgliJ0JIhNSJhHENueOFx4sT4jL2xnKrUGh5XyMeDZLM9QdkSgLpg3KyzcB7UsNigw5A_76E80rHDSJLmE80nJJ96_ljLm0Jgf0Wh8uJusdBDQDipTEKAlO_Yq7Zi3IlPY6tZ2bJwM4L5HYZV7aEjTOnJgoXeUqxSmj4JKLkdpQb-n1TvHH3lj-epCLwlEwRjzvTo5o-Tnsr9_RYr2RCVjplRtFKCs2VTPY5yOsY4KdEn5r_N_aPpJQuTtShOjkNFXovxbQIq-hB3VtEWFA5kJ-Q0_SeF--uA_pLr4KmikbfNQwp_TE1_6ultiPZLiLAOOxvRQobM2Bybfkb2Uk7cQKPVfn6669BJJSLXhxP7KZfhD578TU2e0uZdxrMhwgStP1FvwWR63McFNxWFn1cKsRUplV6N8qZmGGiFtwTZUNmRsS04oSQxGSjbAXbg-Tcs5aBfBcgemBf5OjjP4tf9PKRRwwz5tLIkUuXUHENGfRskczsBF2UEGkI6J4-imHNu3KEyU83FarDidHQpom929bfq6vptrrvrulaR9zRkpzOsaZIWIlOU-p1Z3SYT7ZpDgHqIeVkrLwsoairipKHfXxLQkflVlK2OTUT3hyqmujm6QHkkbCAeenV5YSwtAcIVtRxoaxAVVn-IuwwKx0QY', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'jKnTPzMdvcxFXMJNUr2lsP_bAOO0F3RRIftv-RZetK8.JINGTI8dGGa1s2uAvA_a1rZxUXZmZYJJbvvqh6iFSIc', 'scope': 'openid'}
4.306 AccessTokenResponse {
"access_token": "jKnTPzMdvcxFXMJNUr2lsP_bAOO0F3RRIftv-RZetK8.JINGTI8dGGa1s2uAvA_a1rZxUXZmZYJJbvvqh6iFSIc",
"expires_in": 3599,
"id_token": {
"aud": [
"d082c01c-91c4-49df-aa46-33b71608ad1e"
],
"auth_time": 1529750975,
"exp": 1529754596,
"iat": 1529750997,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "22591432-8af4-4d33-9e77-04e89f21f879",
"nonce": "yEeKuZL8WoGk8s9H",
"rat": 1529750994,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
4.306 phase <--<-- 6 --- AccessToken -->-->
4.306 --> request op_args: {'state': 'fUctXcDznly6yE0o'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.306 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'fUctXcDznly6yE0o', 'code': 'oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'd082c01c-91c4-49df-aa46-33b71608ad1e'}, 'state': 'fUctXcDznly6yE0o'}
4.307 AccessTokenRequest {
"code": "oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "fUctXcDznly6yE0o"
}
4.307 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.307 request_http_args {'headers': {'Authorization': 'Basic ZDA4MmMwMWMtOTFjNC00OWRmLWFhNDYtMzNiNzE2MDhhZDFlOlJhMVphYl9IRFM4ag==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.307 request code=oen54vVB1bj-8vrWP3SR1k1hYRrWOr02M-3OtG4b6LQ.quyUhmTNeYRXtwZTLuTG8eZr3saYIjbKVM0HhCKH3f8&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=fUctXcDznly6yE0o
4.467 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
4.467 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
4.467 event Got expected error
4.468 TokenErrorResponse {
"error": "invalid_grant",
"error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code": 400
}
4.468 phase <--<-- 7 --- Done -->-->
4.468 end
4.468 assertion VerifyResponse
4.468 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
4.468 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED