internal/certification/C.F.T.T.s/OP-request_uri-Sig.txt
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-request_uri-Sig
Test description: Support request_uri request parameter with signed request
Timestamp: 2018-06-23T10:47:04Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.124 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.125 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.125 phase <--<-- 2 --- Registration -->-->
0.125 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'request_object_signing_alg': 'RS256'}
0.126 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "RS256",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#P4zH7hvdIA0S4K0E"
],
"response_types": [
"code"
]
}
0.325 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.326 RegistrationResponse {
"client_id": "309fa3c3-b28d-44b1-96fc-b6804ff9459d",
"client_secret": "4AEImvMBBEy8",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code"
],
"id": "309fa3c3-b28d-44b1-96fc-b6804ff9459d",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "RS256",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#P4zH7hvdIA0S4K0E"
],
"response_types": [
"code"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.326 phase <--<-- 3 --- AsyncAuthn -->-->
0.33 AuthorizationRequest {
"client_id": "309fa3c3-b28d-44b1-96fc-b6804ff9459d",
"nonce": "mzAWCEBxR6Xk9XVc",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"request_uri": "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#P4zH7hvdIA0S4K0E",
"response_type": "code",
"scope": "openid",
"state": "nQuuCm7XNeDEtfEj"
}
0.33 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?request_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Frequests%2Fe3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9%23P4zH7hvdIA0S4K0E&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=309fa3c3-b28d-44b1-96fc-b6804ff9459d&state=nQuuCm7XNeDEtfEj&response_type=code&nonce=mzAWCEBxR6Xk9XVc
0.33 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?request_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Frequests%2Fe3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9%23P4zH7hvdIA0S4K0E&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=309fa3c3-b28d-44b1-96fc-b6804ff9459d&state=nQuuCm7XNeDEtfEj&response_type=code&nonce=mzAWCEBxR6Xk9XVc
3.147 response Response URL with query part
3.147 response {'state': 'nQuuCm7XNeDEtfEj', 'scope': 'openid', 'code': 'TRBnO70zpOMrHwMMWgjLnJ0nl6eSjRXOpti0Tvlj2vs.6DXPm1IrsnYOp05XFrbt4ZAypymw6pQwGxEWQo1ShSQ'}
3.148 response {'state': 'nQuuCm7XNeDEtfEj', 'scope': 'openid', 'code': 'TRBnO70zpOMrHwMMWgjLnJ0nl6eSjRXOpti0Tvlj2vs.6DXPm1IrsnYOp05XFrbt4ZAypymw6pQwGxEWQo1ShSQ'}
3.148 AuthorizationResponse {
"code": "TRBnO70zpOMrHwMMWgjLnJ0nl6eSjRXOpti0Tvlj2vs.6DXPm1IrsnYOp05XFrbt4ZAypymw6pQwGxEWQo1ShSQ",
"scope": "openid",
"state": "nQuuCm7XNeDEtfEj"
}
3.148 phase <--<-- 4 --- Done -->-->
3.148 end
3.149 assertion VerifyAuthnOrErrorResponse
3.149 condition authn-response-or-error: status=OK [Checks that the last response was a JSON encoded authentication or error message]
3.149 condition Done: status=OK
============================================================
Conditions
authn-response-or-error: status=OK [Checks that the last response was a JSON encoded authentication or error message]
Done: status=OK
============================================================
RESULT: PASSED