internal/certification/CI.F.T.T.s.tar
./OP-Req-login_hint.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000022163�13313423547�015116� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-login_hint
Test description: Providing login_hint
Timestamp: 2018-06-23T10:56:39Z
============================================================
Trace output
0.0 phase <--<-- 0 --- VerifyConfiguration -->-->
0.0 phase <--<-- 1 --- Note -->-->
1.393 phase <--<-- 2 --- Webfinger -->-->
1.393 not expected to do WebFinger
1.393 phase <--<-- 3 --- Discovery -->-->
1.393 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.467 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.468 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.468 phase <--<-- 4 --- Registration -->-->
1.468 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.469 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#SnPpwNgsOvxWaVu1"
],
"response_types": [
"code id_token"
]
}
1.63 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.631 RegistrationResponse {
"client_id": "ee27adf5-f933-42a5-9e1a-bf6ca5cac3e5",
"client_secret": "YR.tG1MuYyIu",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "ee27adf5-f933-42a5-9e1a-bf6ca5cac3e5",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#SnPpwNgsOvxWaVu1"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.631 phase <--<-- 5 --- AsyncAuthn -->-->
1.632 AuthorizationRequest {
"client_id": "ee27adf5-f933-42a5-9e1a-bf6ca5cac3e5",
"login_hint": "foo@bar.com",
"nonce": "URflupe1MrGLwQrB",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "ijpFV6duPLbt4rlh"
}
1.632 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ee27adf5-f933-42a5-9e1a-bf6ca5cac3e5&state=ijpFV6duPLbt4rlh&response_type=code+id_token&nonce=URflupe1MrGLwQrB&login_hint=foo%40bar.com
1.632 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ee27adf5-f933-42a5-9e1a-bf6ca5cac3e5&state=ijpFV6duPLbt4rlh&response_type=code+id_token&nonce=URflupe1MrGLwQrB&login_hint=foo%40bar.com
6.997 http args {}
7.178 response URL with fragment
7.178 response code=FGCX4YA_aMB1hailcO6TshJirdnC31Zy0vx78yRATlw.KEzwP0BNQdX7AY8f0T2RRr04js7JsTes9nB9t0tWw8w&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZWUyN2FkZjUtZjkzMy00MmE1LTllMWEtYmY2Y2E1Y2FjM2U1Il0sImF1dGhfdGltZSI6MTUyOTc1MTM5NiwiY19oYXNoIjoiVm1kdXdPemR4VklvLW5PRXFBdTZDQSIsImV4cCI6MTUyOTc1NDk5OSwiaWF0IjoxNTI5NzUxMzk5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmNDNmNDI2OC04MzQ4LTRmMjItOTg5NS1iY2MzMzg5MmU5ODAiLCJub25jZSI6IlVSZmx1cGUxTXJHTHdRckIiLCJyYXQiOjE1Mjk3NTEzOTQsInN1YiI6ImZvb0BiYXIuY29tIn0.EgZtRlUJpmkV60GoIWve-a8kGtEbIeOKPOwcvsVuWq_t_66Ct6PoHONqRpnlOJuTIVBFK-F0mV-pXmKcOjkGkiwJLd9gs8sq96W3H5GSF3njf-zNTN5F4zh-yvXLDKnehihF7neygxknEmZYrxmChTv9OeUpT2Pkoh42tnFeIZWfEruZSk1zeiN_fHf7cecefXJveSzUyXSK9D0BG12ca16uAJVCIhtPNENZ26XzZzjCle31slCezkrniFMz2e33aP2wc5iH1deU0hTpGmywkElmAT_BRyzeiCnP-AM5TaF4IbtxgQEnLeTmq7KMC7CJTNBglk1sG1YYgtP8AxW62CJOV3sE5RRpJBFAMQ_aFqfstOFzdTfVCWUflR0AWfhCJSC4SazpLUUJIb0BBKx772SkCFaT6m7jNnO3Gz-G871zoiCRC6xJGxt5GIoz5y2Gebjxz5F7s1_N3TEteyjwRWGBkj7DW-q7nQ2UkT2h6nBJjUk0x2VBLxN1HBszgHzPr8jCEPKYC30snRm3_8vOkEswJ3DfOl1vrnXIekVl5nWZwGRx1cmnHxcr7LiQoncTlLO1W7z_4gvj6Wk_9D_G5fGU9eoANq6kUrvIqI1x_gxfgXn96CjoIoVov0Mxa10bd9Z1uvQcgBCtvbAfApbGWptuhvsy6SwjU5IFMJKZcHg&state=ijpFV6duPLbt4rlh
7.178 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZWUyN2FkZjUtZjkzMy00MmE1LTllMWEtYmY2Y2E1Y2FjM2U1Il0sImF1dGhfdGltZSI6MTUyOTc1MTM5NiwiY19oYXNoIjoiVm1kdXdPemR4VklvLW5PRXFBdTZDQSIsImV4cCI6MTUyOTc1NDk5OSwiaWF0IjoxNTI5NzUxMzk5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmNDNmNDI2OC04MzQ4LTRmMjItOTg5NS1iY2MzMzg5MmU5ODAiLCJub25jZSI6IlVSZmx1cGUxTXJHTHdRckIiLCJyYXQiOjE1Mjk3NTEzOTQsInN1YiI6ImZvb0BiYXIuY29tIn0.EgZtRlUJpmkV60GoIWve-a8kGtEbIeOKPOwcvsVuWq_t_66Ct6PoHONqRpnlOJuTIVBFK-F0mV-pXmKcOjkGkiwJLd9gs8sq96W3H5GSF3njf-zNTN5F4zh-yvXLDKnehihF7neygxknEmZYrxmChTv9OeUpT2Pkoh42tnFeIZWfEruZSk1zeiN_fHf7cecefXJveSzUyXSK9D0BG12ca16uAJVCIhtPNENZ26XzZzjCle31slCezkrniFMz2e33aP2wc5iH1deU0hTpGmywkElmAT_BRyzeiCnP-AM5TaF4IbtxgQEnLeTmq7KMC7CJTNBglk1sG1YYgtP8AxW62CJOV3sE5RRpJBFAMQ_aFqfstOFzdTfVCWUflR0AWfhCJSC4SazpLUUJIb0BBKx772SkCFaT6m7jNnO3Gz-G871zoiCRC6xJGxt5GIoz5y2Gebjxz5F7s1_N3TEteyjwRWGBkj7DW-q7nQ2UkT2h6nBJjUk0x2VBLxN1HBszgHzPr8jCEPKYC30snRm3_8vOkEswJ3DfOl1vrnXIekVl5nWZwGRx1cmnHxcr7LiQoncTlLO1W7z_4gvj6Wk_9D_G5fGU9eoANq6kUrvIqI1x_gxfgXn96CjoIoVov0Mxa10bd9Z1uvQcgBCtvbAfApbGWptuhvsy6SwjU5IFMJKZcHg', 'state': 'ijpFV6duPLbt4rlh', 'code': 'FGCX4YA_aMB1hailcO6TshJirdnC31Zy0vx78yRATlw.KEzwP0BNQdX7AY8f0T2RRr04js7JsTes9nB9t0tWw8w'}
7.274 AuthorizationResponse {
"code": "FGCX4YA_aMB1hailcO6TshJirdnC31Zy0vx78yRATlw.KEzwP0BNQdX7AY8f0T2RRr04js7JsTes9nB9t0tWw8w",
"id_token": {
"aud": [
"ee27adf5-f933-42a5-9e1a-bf6ca5cac3e5"
],
"auth_time": 1529751396,
"c_hash": "VmduwOzdxVIo-nOEqAu6CA",
"exp": 1529754999,
"iat": 1529751399,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "f43f4268-8348-4f22-9895-bcc33892e980",
"nonce": "URflupe1MrGLwQrB",
"rat": 1529751394,
"sub": "foo@bar.com"
},
"state": "ijpFV6duPLbt4rlh"
}
7.275 phase <--<-- 6 --- Done -->-->
7.275 end
7.275 assertion VerifyAuthnResponse
7.275 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
7.275 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-nonce-NoReq-noncode.txt������������������������������������������������������������������������0000644�0000000�0000000�00000017647�13313423253�016013� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-nonce-NoReq-noncode
Test description: Reject requests without nonce unless using the code flow
Timestamp: 2018-06-23T10:53:31Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.071 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.073 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.073 phase <--<-- 2 --- Note -->-->
1.198 phase <--<-- 3 --- Registration -->-->
1.198 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.199 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#a2ZSDM0zWQmk9hTt"
],
"response_types": [
"code id_token"
]
}
1.353 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.354 RegistrationResponse {
"client_id": "55ee9a6a-bdf5-464e-95dc-9bac3eb6a086",
"client_secret": "IxS6PXf2eaiH",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "55ee9a6a-bdf5-464e-95dc-9bac3eb6a086",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#a2ZSDM0zWQmk9hTt"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.355 phase <--<-- 4 --- AsyncAuthn -->-->
1.355 AuthorizationRequest {
"client_id": "55ee9a6a-bdf5-464e-95dc-9bac3eb6a086",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "7bxuILmubEg6GlzQ"
}
1.355 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?state=7bxuILmubEg6GlzQ&scope=openid&response_type=code+id_token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=55ee9a6a-bdf5-464e-95dc-9bac3eb6a086
1.355 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?state=7bxuILmubEg6GlzQ&scope=openid&response_type=code+id_token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=55ee9a6a-bdf5-464e-95dc-9bac3eb6a086
3.751 http args {}
3.918 response URL with fragment
3.919 response error=invalid_request&error_debug=Parameter+nonce+must+be+set+when+using+the+hybrid+flow&error_description=The+request+is+missing+a+required+parameter%252C+includes+an+invalid+parameter+value%252C+includes+a+parameter+more+than+once%252C+or+is+otherwise+malformed&error_hint=Make+sure+that+the+various+parameters+are+correct%252C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=7bxuILmubEg6GlzQ
3.919 response {'error_debug': 'Parameter nonce must be set when using the hybrid flow', 'error_description': 'The request is missing a required parameter%2C includes an invalid parameter value%2C includes a parameter more than once%2C or is otherwise malformed', 'state': '7bxuILmubEg6GlzQ', 'error': 'invalid_request', 'error_hint': 'Make sure that the various parameters are correct%2C be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.'}
3.919 AuthorizationErrorResponse {
"error": "invalid_request",
"error_debug": "Parameter nonce must be set when using the hybrid flow",
"error_description": "The request is missing a required parameter%2C includes an invalid parameter value%2C includes a parameter more than once%2C or is otherwise malformed",
"error_hint": "Make sure that the various parameters are correct%2C be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.",
"state": "7bxuILmubEg6GlzQ"
}
3.919 AuthorizationErrorResponse {
"error": "invalid_request",
"error_debug": "Parameter nonce must be set when using the hybrid flow",
"error_description": "The request is missing a required parameter%2C includes an invalid parameter value%2C includes a parameter more than once%2C or is otherwise malformed",
"error_hint": "Make sure that the various parameters are correct%2C be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.",
"state": "7bxuILmubEg6GlzQ"
}
3.919 phase <--<-- 5 --- Done -->-->
3.919 end
3.92 assertion VerifyResponse
3.92 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.92 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������./OP-IDToken-RS256.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000031177�13313423150�014306� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-IDToken-RS256
Test description: Asymmetric ID Token signature with RS256
Timestamp: 2018-06-23T10:52:24Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'id_token_signed_response_alg': 'RS256', 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.075 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id_token_signed_response_alg": "RS256",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#aUGzJ8XAkg0cV0qq"
],
"response_types": [
"code id_token"
]
}
0.232 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.233 RegistrationResponse {
"client_id": "abf7e8d0-332d-487c-a86f-5f4c8913e654",
"client_secret": "vxASIVLDIxXE",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "abf7e8d0-332d-487c-a86f-5f4c8913e654",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#aUGzJ8XAkg0cV0qq"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.233 phase <--<-- 3 --- AsyncAuthn -->-->
0.233 AuthorizationRequest {
"client_id": "abf7e8d0-332d-487c-a86f-5f4c8913e654",
"nonce": "ZXeRY7TYN2wYVBRB",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "dypl4hbc7xI1UKcg"
}
0.234 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=abf7e8d0-332d-487c-a86f-5f4c8913e654&state=dypl4hbc7xI1UKcg&response_type=code+id_token&nonce=ZXeRY7TYN2wYVBRB
0.234 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=abf7e8d0-332d-487c-a86f-5f4c8913e654&state=dypl4hbc7xI1UKcg&response_type=code+id_token&nonce=ZXeRY7TYN2wYVBRB
2.308 http args {}
2.521 response URL with fragment
2.522 response code=flrvnBo3Fa67vHmcNHbXnHAODrRhovCdRWklwAkcixk.8ki218hFxdV0Qu6SCSX2E03chkfmFEy-n1loCsSL0bo&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYWJmN2U4ZDAtMzMyZC00ODdjLWE4NmYtNWY0Yzg5MTNlNjU0Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoicWJwclUwQWpzOHZfbWJ0cllrRDJ1USIsImV4cCI6MTUyOTc1NDc0MywiaWF0IjoxNTI5NzUxMTQzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwZWE5NDRhYy05NmFlLTQwYmEtODhiZC0zZWEwMjdiODBmZjEiLCJub25jZSI6IlpYZVJZN1RZTjJ3WVZCUkIiLCJyYXQiOjE1Mjk3NTExNDEsInN1YiI6ImZvb0BiYXIuY29tIn0.XnUFZFlZ2Ur5nCRHNIffNTR1VSzU_qZuQ1wS6YFtExew4ar813HMypm78NbRS4FZx73jvOsBgLSwh7VjxJ42pik2Ew-JCB20hA-tORJNh7SpLzX5t3Pmre9Xr85hAbZ0KfeoRhipBJB0S8EHjmD-stX-XsC6-WesAi2E9ymGwJ9GY0SpN2pS3-Agy78wyoZeh9kLAw3XDHdudLWBgDCGAWu-DaOyeHJP4gEKEL0KzZmCR4S8jW9hKTRgUXQpD5aph4YbUHfN8IJjjvVUkhey41avyf_T1tO5L7PByykKVNK6zRB1k_bhwpZqeGDpJInDo1lftm6v0JD-al6MLhTCFe81kGqJOu7DLl0CBxpTwktQmJmkmDTkQrU9DkbiVpR5mrGS246939t_A4inw0ZvdG-3JPulkGPdK_FFkTygt1LNBwNGhWD_naeMf10nBK7rE1sVc1URBQbghXVnSNZ_a3mu_xgaNli7HpO67elxQL7d4dmapyTSs2uQ22TgtvsYVL9D7mP-8OgSJn98hX1nvmi9901sm8oMIZIm8hRyXdI3u7PWtKY2gzMh2MYzxfQTAy_sgdGd20pD1VkbRI58XRqcgQjqSAIKyjnr-Fvy47DE1eA0hqlCGev0vVqG7sjHLe1Yfhir3CfBRZzxFRJRHopIIQOImqZ5qfVEfFOnxaw&state=dypl4hbc7xI1UKcg
2.522 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYWJmN2U4ZDAtMzMyZC00ODdjLWE4NmYtNWY0Yzg5MTNlNjU0Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoicWJwclUwQWpzOHZfbWJ0cllrRDJ1USIsImV4cCI6MTUyOTc1NDc0MywiaWF0IjoxNTI5NzUxMTQzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwZWE5NDRhYy05NmFlLTQwYmEtODhiZC0zZWEwMjdiODBmZjEiLCJub25jZSI6IlpYZVJZN1RZTjJ3WVZCUkIiLCJyYXQiOjE1Mjk3NTExNDEsInN1YiI6ImZvb0BiYXIuY29tIn0.XnUFZFlZ2Ur5nCRHNIffNTR1VSzU_qZuQ1wS6YFtExew4ar813HMypm78NbRS4FZx73jvOsBgLSwh7VjxJ42pik2Ew-JCB20hA-tORJNh7SpLzX5t3Pmre9Xr85hAbZ0KfeoRhipBJB0S8EHjmD-stX-XsC6-WesAi2E9ymGwJ9GY0SpN2pS3-Agy78wyoZeh9kLAw3XDHdudLWBgDCGAWu-DaOyeHJP4gEKEL0KzZmCR4S8jW9hKTRgUXQpD5aph4YbUHfN8IJjjvVUkhey41avyf_T1tO5L7PByykKVNK6zRB1k_bhwpZqeGDpJInDo1lftm6v0JD-al6MLhTCFe81kGqJOu7DLl0CBxpTwktQmJmkmDTkQrU9DkbiVpR5mrGS246939t_A4inw0ZvdG-3JPulkGPdK_FFkTygt1LNBwNGhWD_naeMf10nBK7rE1sVc1URBQbghXVnSNZ_a3mu_xgaNli7HpO67elxQL7d4dmapyTSs2uQ22TgtvsYVL9D7mP-8OgSJn98hX1nvmi9901sm8oMIZIm8hRyXdI3u7PWtKY2gzMh2MYzxfQTAy_sgdGd20pD1VkbRI58XRqcgQjqSAIKyjnr-Fvy47DE1eA0hqlCGev0vVqG7sjHLe1Yfhir3CfBRZzxFRJRHopIIQOImqZ5qfVEfFOnxaw', 'state': 'dypl4hbc7xI1UKcg', 'code': 'flrvnBo3Fa67vHmcNHbXnHAODrRhovCdRWklwAkcixk.8ki218hFxdV0Qu6SCSX2E03chkfmFEy-n1loCsSL0bo'}
2.608 AuthorizationResponse {
"code": "flrvnBo3Fa67vHmcNHbXnHAODrRhovCdRWklwAkcixk.8ki218hFxdV0Qu6SCSX2E03chkfmFEy-n1loCsSL0bo",
"id_token": {
"aud": [
"abf7e8d0-332d-487c-a86f-5f4c8913e654"
],
"auth_time": 1529750975,
"c_hash": "qbprU0Ajs8v_mbtrYkD2uQ",
"exp": 1529754743,
"iat": 1529751143,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "0ea944ac-96ae-40ba-88bd-3ea027b80ff1",
"nonce": "ZXeRY7TYN2wYVBRB",
"rat": 1529751141,
"sub": "foo@bar.com"
},
"state": "dypl4hbc7xI1UKcg"
}
2.608 phase <--<-- 4 --- AccessToken -->-->
2.609 --> request op_args: {'state': 'dypl4hbc7xI1UKcg'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.609 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'dypl4hbc7xI1UKcg', 'code': 'flrvnBo3Fa67vHmcNHbXnHAODrRhovCdRWklwAkcixk.8ki218hFxdV0Qu6SCSX2E03chkfmFEy-n1loCsSL0bo', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'abf7e8d0-332d-487c-a86f-5f4c8913e654'}, 'state': 'dypl4hbc7xI1UKcg'}
2.609 AccessTokenRequest {
"code": "flrvnBo3Fa67vHmcNHbXnHAODrRhovCdRWklwAkcixk.8ki218hFxdV0Qu6SCSX2E03chkfmFEy-n1loCsSL0bo",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "dypl4hbc7xI1UKcg"
}
2.609 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.609 request_http_args {'headers': {'Authorization': 'Basic YWJmN2U4ZDAtMzMyZC00ODdjLWE4NmYtNWY0Yzg5MTNlNjU0OnZ4QVNJVkxESXhYRQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.609 request code=flrvnBo3Fa67vHmcNHbXnHAODrRhovCdRWklwAkcixk.8ki218hFxdV0Qu6SCSX2E03chkfmFEy-n1loCsSL0bo&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=dypl4hbc7xI1UKcg
2.856 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.857 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYWJmN2U4ZDAtMzMyZC00ODdjLWE4NmYtNWY0Yzg5MTNlNjU0Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoicWJwclUwQWpzOHZfbWJ0cllrRDJ1USIsImV4cCI6MTUyOTc1NDc0MywiaWF0IjoxNTI5NzUxMTQ0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIzYzc4NjUzMS0zYWY1LTQyZGMtOTcwNC1lZmRlOTFmMjM4NWYiLCJub25jZSI6IlpYZVJZN1RZTjJ3WVZCUkIiLCJyYXQiOjE1Mjk3NTExNDEsInN1YiI6ImZvb0BiYXIuY29tIn0.wBczhN6EaqNGKayHeJq6TNQLSeh9-ujI1PqKjXJFz9wo6_9f2ww60rTQZZgiPAq0yDBbDZwz--pk_msmf3MK-754tlN9wyHsHZ-FD3apmmUWf659AiDP4pv5WBkoTZvBX8PAmPt0tF4sbXlR5MaqRWy_IjG-SMp5EHBcfWoyqJrmWZ_3lU5qgOI0hDtDRuhi-x-c_00sgfWLflP_GerEexHEGZF3L7LoQhr_prdiLl8yXG-1AIJ4_vTIP7XU2QS6uNWkJq_mq7AhLgXZCsxq2WSp-WsQf1Qp5_id_kR-UCAnc6Lxkzyi_MH-_5OM8FYGGjoG08XN93YXhBZYPBci2iA0cFkUfJtIzFfimAnNWHVUML3IXrOUyVxJbfcgHEDSXpT_i8aPP5-cZoITuk-NnFrCAPE12staBNw26WBEp1BWjLayDjLy8odfD42a0lbBs-6O_vUh1jlBDfG38yFmXL7FAKCxk-m12KrnaK7hV7Mjeai4bCICNGzwlf65ixFNhBUuV9HlzVxKOwVBUHsKyHIjMw9cAFJjNYMK0h3QXIybpuLCzr-hzpkxPUyxS38J6yHTmmT1HgQ-KGjswRDHK-BenbuA2Pymh0bvetpU4Z4G6aZ5rINhTN4SE1qNbyqxYa0CfJbbV5tV9KOYsk9lTajBPInEyM0s6Qqzw9_11BQ', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': '9GFcVR6kyPO_j2gUs0z3DIxILhxWN1ckHtQIbkVEglc.2RjSDDM0XPWeYQLW1wBnpLy-K1sbUPPNWMBaQhpKhBc', 'scope': 'openid'}
2.861 AccessTokenResponse {
"access_token": "9GFcVR6kyPO_j2gUs0z3DIxILhxWN1ckHtQIbkVEglc.2RjSDDM0XPWeYQLW1wBnpLy-K1sbUPPNWMBaQhpKhBc",
"expires_in": 3599,
"id_token": {
"aud": [
"abf7e8d0-332d-487c-a86f-5f4c8913e654"
],
"auth_time": 1529750975,
"c_hash": "qbprU0Ajs8v_mbtrYkD2uQ",
"exp": 1529754743,
"iat": 1529751144,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "3c786531-3af5-42dc-9704-efde91f2385f",
"nonce": "ZXeRY7TYN2wYVBRB",
"rat": 1529751141,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.861 phase <--<-- 5 --- Done -->-->
2.861 end
2.861 assertion VerifyResponse
2.862 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.862 assertion VerifySignedIdToken
2.862 condition verify-idtoken-is-signed: status=OK [Verifies that an ID Token is signed]
2.862 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-idtoken-is-signed: status=OK [Verifies that an ID Token is signed]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-Sector-Bad.txt��������������������������������������������������������������������0000644�0000000�0000000�00000013242�13313423106�016617� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-Sector-Bad
Test description: Incorrect registration of sector_identifier_uri
Timestamp: 2018-06-23T10:51:50Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.071 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.073 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.073 phase <--<-- 2 --- Registration -->-->
0.073 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'sector_identifier_uri': 'https://op.certification.openid.net:61353/export/siu.json', 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.073 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#noTomffjxQAYmx3e"
],
"response_types": [
"code id_token"
],
"sector_identifier_uri": "https://op.certification.openid.net:61353/export/siu.json"
}
0.278 http response url:https://oidc-certification.ory.sh:8443/clients status_code:400 message:{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed","error_hint":"Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.","status_code":400,"error_debug":"Redirect URL \"https://op.certification.openid.net:61353/authz_cb\" does not match values from sector_identifier_uri."}
0.278 ErrorResponse {
"error": "invalid_request",
"error_debug": "Redirect URL \"https://op.certification.openid.net:61353/authz_cb\" does not match values from sector_identifier_uri.",
"error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed",
"error_hint": "Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.",
"status_code": 400
}
0.278 exception RegistrationError:{'error_debug': 'Redirect URL "https://op.certification.openid.net:61353/authz_cb" does not match values from sector_identifier_uri.', 'error_description': 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed', 'status_code': 400, 'error': 'invalid_request', 'error_hint': 'Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.'}
0.278 event got expected exception RegistrationError
0.278 phase <--<-- 3 --- Done -->-->
0.279 end
0.279 condition Done: status=OK
============================================================
Conditions
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-display-popup.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000022055�13313423245�015040� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-display-popup
Test description: Request with display=popup
Timestamp: 2018-06-23T10:53:25Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.123 phase <--<-- 1 --- Webfinger -->-->
1.123 not expected to do WebFinger
1.123 phase <--<-- 2 --- Discovery -->-->
1.123 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.198 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.199 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.199 phase <--<-- 3 --- Registration -->-->
1.199 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.2 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#oaXE4k1EDRFOSyId"
],
"response_types": [
"code id_token"
]
}
1.355 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.355 RegistrationResponse {
"client_id": "b6aec107-eff3-4f85-b6aa-96bde2f2723f",
"client_secret": "wJG6dYdG3922",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "b6aec107-eff3-4f85-b6aa-96bde2f2723f",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#oaXE4k1EDRFOSyId"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.356 phase <--<-- 4 --- AsyncAuthn -->-->
1.356 AuthorizationRequest {
"client_id": "b6aec107-eff3-4f85-b6aa-96bde2f2723f",
"display": "popup",
"nonce": "95hhIooRCcoC8eqR",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "ihNQyX2Q1XF04W3l"
}
1.356 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=b6aec107-eff3-4f85-b6aa-96bde2f2723f&state=ihNQyX2Q1XF04W3l&response_type=code+id_token&nonce=95hhIooRCcoC8eqR&display=popup
1.356 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=b6aec107-eff3-4f85-b6aa-96bde2f2723f&state=ihNQyX2Q1XF04W3l&response_type=code+id_token&nonce=95hhIooRCcoC8eqR&display=popup
4.041 http args {}
4.217 response URL with fragment
4.217 response code=DTXODptyXEJ5MjJpn0bq1MEtSBArr4f-bF4-uGU3_fE.ja7hkPgmu3NM2DDt3RfFJc9qWASRh9d2mHnSWaKzRj0&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYjZhZWMxMDctZWZmMy00Zjg1LWI2YWEtOTZiZGUyZjI3MjNmIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoidU51Yms1eFEyMVRDZFNrRXFnQmV6QSIsImV4cCI6MTUyOTc1NDgwNCwiaWF0IjoxNTI5NzUxMjA0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJiYjllMjkxYy1hMjk3LTQ2MGYtYjk5ZS1jZjI0YWM1ZTQxZTEiLCJub25jZSI6Ijk1aGhJb29SQ2NvQzhlcVIiLCJyYXQiOjE1Mjk3NTEyMDIsInN1YiI6ImZvb0BiYXIuY29tIn0.E4qszyZfX8fyn-FQ322LyHtZihXyLnQkUeddIvRz6yN_u202pbeFO2rqLFMSy5Buybiauhs2MmbYyhqTEAdfdd7bfUBH09oVQXyhnkbuAeanxSw4_KPJhy0VZceKRmvSfAKn2FcVhmmEnpx392m-O4Lbj8iyY5utTbcBMyHfhbUv1M5sL14IFBsbctVUL_8L853o8QsEK_d-ooCxyBxneo_6yL4DQ6D3kuT0gOEdisJBpOKgdZ3GHVEFTQzJLHBaic3SzcL8RSPEcYCvphJjw1RxJ_anyTjYkDtYmq73dMD8D4uNDLQHK3b6DkvfXvBbYL-XE4G4QK-HkawEDsrezD2XKASg5YHX-gK7EZ4DAzalYIx7zbjSZqLjbChoNE8V4SZHwGV0jO4SgHH-7Y9nu96j5wZuj4nBH3FFlFWdQngaAzkElHKYPdEN1hI3jXsXRZSu7FWp8I4weW3s29hzsmCl9nGuiIqst0h-G3y1jRdFh9mx6rQd9kpLHWmHrAHm9U6bQeymgFwKt9ioGPvTlGx6BxMuYyDJ-wj-jhKr10179M87XC_mUBC7bmHQLf7JKLpFIWsipWSMBypwyVNibbKA6Ox64Nd36zHvWHZe97Tgns5qNaGDwzCDMC6dKJWCerCMLaU-XrxrrbOhrn5G0g_PNUBmBVuiulj0YTGW8sM&state=ihNQyX2Q1XF04W3l
4.217 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYjZhZWMxMDctZWZmMy00Zjg1LWI2YWEtOTZiZGUyZjI3MjNmIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoidU51Yms1eFEyMVRDZFNrRXFnQmV6QSIsImV4cCI6MTUyOTc1NDgwNCwiaWF0IjoxNTI5NzUxMjA0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJiYjllMjkxYy1hMjk3LTQ2MGYtYjk5ZS1jZjI0YWM1ZTQxZTEiLCJub25jZSI6Ijk1aGhJb29SQ2NvQzhlcVIiLCJyYXQiOjE1Mjk3NTEyMDIsInN1YiI6ImZvb0BiYXIuY29tIn0.E4qszyZfX8fyn-FQ322LyHtZihXyLnQkUeddIvRz6yN_u202pbeFO2rqLFMSy5Buybiauhs2MmbYyhqTEAdfdd7bfUBH09oVQXyhnkbuAeanxSw4_KPJhy0VZceKRmvSfAKn2FcVhmmEnpx392m-O4Lbj8iyY5utTbcBMyHfhbUv1M5sL14IFBsbctVUL_8L853o8QsEK_d-ooCxyBxneo_6yL4DQ6D3kuT0gOEdisJBpOKgdZ3GHVEFTQzJLHBaic3SzcL8RSPEcYCvphJjw1RxJ_anyTjYkDtYmq73dMD8D4uNDLQHK3b6DkvfXvBbYL-XE4G4QK-HkawEDsrezD2XKASg5YHX-gK7EZ4DAzalYIx7zbjSZqLjbChoNE8V4SZHwGV0jO4SgHH-7Y9nu96j5wZuj4nBH3FFlFWdQngaAzkElHKYPdEN1hI3jXsXRZSu7FWp8I4weW3s29hzsmCl9nGuiIqst0h-G3y1jRdFh9mx6rQd9kpLHWmHrAHm9U6bQeymgFwKt9ioGPvTlGx6BxMuYyDJ-wj-jhKr10179M87XC_mUBC7bmHQLf7JKLpFIWsipWSMBypwyVNibbKA6Ox64Nd36zHvWHZe97Tgns5qNaGDwzCDMC6dKJWCerCMLaU-XrxrrbOhrn5G0g_PNUBmBVuiulj0YTGW8sM', 'state': 'ihNQyX2Q1XF04W3l', 'code': 'DTXODptyXEJ5MjJpn0bq1MEtSBArr4f-bF4-uGU3_fE.ja7hkPgmu3NM2DDt3RfFJc9qWASRh9d2mHnSWaKzRj0'}
4.293 AuthorizationResponse {
"code": "DTXODptyXEJ5MjJpn0bq1MEtSBArr4f-bF4-uGU3_fE.ja7hkPgmu3NM2DDt3RfFJc9qWASRh9d2mHnSWaKzRj0",
"id_token": {
"aud": [
"b6aec107-eff3-4f85-b6aa-96bde2f2723f"
],
"auth_time": 1529750975,
"c_hash": "uNubk5xQ21TCdSkEqgBezA",
"exp": 1529754804,
"iat": 1529751204,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "bb9e291c-a297-460f-b99e-cf24ac5e41e1",
"nonce": "95hhIooRCcoC8eqR",
"rat": 1529751202,
"sub": "foo@bar.com"
},
"state": "ihNQyX2Q1XF04W3l"
}
4.293 phase <--<-- 5 --- Done -->-->
4.293 end
4.294 assertion VerifyResponse
4.294 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
4.294 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-RegFrag.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000011611�13313423414�016217� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-RegFrag
Test description: Reject registration where a redirect_uri has a fragment
Timestamp: 2018-06-23T10:55:08Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.108 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.11 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.11 phase <--<-- 2 --- Registration -->-->
0.11 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb#foobar'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.11 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb#foobar"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#DB2cLIUlYEdNMUxn"
],
"response_types": [
"code id_token"
]
}
0.181 http response url:https://oidc-certification.ory.sh:8443/clients status_code:400 message:{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed","error_hint":"Redirect URIs must not contain fragments (#)","status_code":400}
0.182 ErrorResponse {
"error": "invalid_request",
"error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed",
"error_hint": "Redirect URIs must not contain fragments (#)",
"status_code": 400
}
0.182 exception RegistrationError:{'error_description': 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed', 'status_code': 400, 'error': 'invalid_request', 'error_hint': 'Redirect URIs must not contain fragments (#)'}
0.182 event got expected exception RegistrationError
0.182 phase <--<-- 3 --- Done -->-->
0.182 end
0.182 assertion VerifyErrorMessage
0.182 condition verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
0.182 condition Done: status=OK
============================================================
Conditions
verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������./OP-OAuth-2nd.txt����������������������������������������������������������������������������������0000644�0000000�0000000�00000036342�13313423623�013737� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd
Test description: Trying to use authorization code twice should result in an error
Timestamp: 2018-06-23T10:57:23Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.075 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#eYjqrW47xyOMOfSk"
],
"response_types": [
"code id_token"
]
}
0.231 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.232 RegistrationResponse {
"client_id": "56d5a7ed-90b1-4c66-9436-4d77fbbb650a",
"client_secret": "C7isK6zN8X7Y",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "56d5a7ed-90b1-4c66-9436-4d77fbbb650a",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#eYjqrW47xyOMOfSk"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.232 phase <--<-- 3 --- Note -->-->
2.737 phase <--<-- 4 --- AsyncAuthn -->-->
2.738 AuthorizationRequest {
"client_id": "56d5a7ed-90b1-4c66-9436-4d77fbbb650a",
"nonce": "W52p79cU7QV79PhK",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "XWmOmGw9T6nhwzkh"
}
2.738 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=56d5a7ed-90b1-4c66-9436-4d77fbbb650a&state=XWmOmGw9T6nhwzkh&response_type=code+id_token&nonce=W52p79cU7QV79PhK
2.738 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=56d5a7ed-90b1-4c66-9436-4d77fbbb650a&state=XWmOmGw9T6nhwzkh&response_type=code+id_token&nonce=W52p79cU7QV79PhK
6.398 http args {}
6.575 response URL with fragment
6.575 response code=9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNTZkNWE3ZWQtOTBiMS00YzY2LTk0MzYtNGQ3N2ZiYmI2NTBhIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiOFNyVTRjZURvTHFSTVhkU1lpbHJaUSIsImV4cCI6MTUyOTc1NTA0MiwiaWF0IjoxNTI5NzUxNDQyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJjNDYwOTJhNi04OGQzLTRmYjktOGI0My0yYjU2ZTE3NTcwOGUiLCJub25jZSI6Ilc1MnA3OWNVN1FWNzlQaEsiLCJyYXQiOjE1Mjk3NTE0MzksInN1YiI6ImZvb0BiYXIuY29tIn0.Y7VBgmfpKtUZ5kmVbaOcKz5hSWMzinEo8Bnmb_XLPneTyXE1vslcauGHZ0ti-BMXHutVHke0Qah-slzxmvRrSvpZwlf_hyXFUYKH4-hmEw0QYGeGE_JY-3-7WeyRj0fCfpLCIaRchEWs8HZjRFXd8wfy0YD-utIu-InZZFJbArhfH0lFK61LYCpuDZfH5Ud_n4Ts-JynQ1Y8pmLYQL352rjnXJzyfRx9AkK4MKED3mfq4Va-ViGjG1NI9kVnlN0_mlgBN2UfyfJna0cMQxTdA7m8aPmaljSgIZFYwitLO9r7ismkyNZ17OxOkbJH1-AZQj5h_IL04AclBl6nUxPSULEPRQI1KB0Yq_NZm9eKT5uM6oxQ1ZFrzi0VzzFKta0RUsn1Kyur69t2AppO8rayzCUGiQsd4ii4Hukza22ozuswi440-l0-xMonob5xo7xeOY2ksKpA0p_IJxdI2scHPWCzQIc5cHM0nHkEcUbrY0m6uMx8zAg4uKh7TjrVZmUTi3ktW5HZhFOSlzkVcoRgQYKIYOWZARBOZt40UAANHq8HEMgIo5k_2kr7EoQK198vSbIaQny47kNjrBud8qmtA0wOI6pvBUCdLTWgZJBcg1LIwvlcFOOQf7Hcxkv3qn0Jv-FzbTVb22h1AclhFnG4TeCAswdOa5j-HUzt0KInrPE&state=XWmOmGw9T6nhwzkh
6.575 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNTZkNWE3ZWQtOTBiMS00YzY2LTk0MzYtNGQ3N2ZiYmI2NTBhIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiOFNyVTRjZURvTHFSTVhkU1lpbHJaUSIsImV4cCI6MTUyOTc1NTA0MiwiaWF0IjoxNTI5NzUxNDQyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJjNDYwOTJhNi04OGQzLTRmYjktOGI0My0yYjU2ZTE3NTcwOGUiLCJub25jZSI6Ilc1MnA3OWNVN1FWNzlQaEsiLCJyYXQiOjE1Mjk3NTE0MzksInN1YiI6ImZvb0BiYXIuY29tIn0.Y7VBgmfpKtUZ5kmVbaOcKz5hSWMzinEo8Bnmb_XLPneTyXE1vslcauGHZ0ti-BMXHutVHke0Qah-slzxmvRrSvpZwlf_hyXFUYKH4-hmEw0QYGeGE_JY-3-7WeyRj0fCfpLCIaRchEWs8HZjRFXd8wfy0YD-utIu-InZZFJbArhfH0lFK61LYCpuDZfH5Ud_n4Ts-JynQ1Y8pmLYQL352rjnXJzyfRx9AkK4MKED3mfq4Va-ViGjG1NI9kVnlN0_mlgBN2UfyfJna0cMQxTdA7m8aPmaljSgIZFYwitLO9r7ismkyNZ17OxOkbJH1-AZQj5h_IL04AclBl6nUxPSULEPRQI1KB0Yq_NZm9eKT5uM6oxQ1ZFrzi0VzzFKta0RUsn1Kyur69t2AppO8rayzCUGiQsd4ii4Hukza22ozuswi440-l0-xMonob5xo7xeOY2ksKpA0p_IJxdI2scHPWCzQIc5cHM0nHkEcUbrY0m6uMx8zAg4uKh7TjrVZmUTi3ktW5HZhFOSlzkVcoRgQYKIYOWZARBOZt40UAANHq8HEMgIo5k_2kr7EoQK198vSbIaQny47kNjrBud8qmtA0wOI6pvBUCdLTWgZJBcg1LIwvlcFOOQf7Hcxkv3qn0Jv-FzbTVb22h1AclhFnG4TeCAswdOa5j-HUzt0KInrPE', 'state': 'XWmOmGw9T6nhwzkh', 'code': '9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o'}
6.654 AuthorizationResponse {
"code": "9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o",
"id_token": {
"aud": [
"56d5a7ed-90b1-4c66-9436-4d77fbbb650a"
],
"auth_time": 1529751409,
"c_hash": "8SrU4ceDoLqRMXdSYilrZQ",
"exp": 1529755042,
"iat": 1529751442,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "c46092a6-88d3-4fb9-8b43-2b56e175708e",
"nonce": "W52p79cU7QV79PhK",
"rat": 1529751439,
"sub": "foo@bar.com"
},
"state": "XWmOmGw9T6nhwzkh"
}
6.655 phase <--<-- 5 --- AccessToken -->-->
6.655 --> request op_args: {'state': 'XWmOmGw9T6nhwzkh'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
6.655 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'XWmOmGw9T6nhwzkh', 'code': '9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '56d5a7ed-90b1-4c66-9436-4d77fbbb650a'}, 'state': 'XWmOmGw9T6nhwzkh'}
6.655 AccessTokenRequest {
"code": "9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "XWmOmGw9T6nhwzkh"
}
6.655 request_url https://oidc-certification.ory.sh:8443/oauth2/token
6.655 request_http_args {'headers': {'Authorization': 'Basic NTZkNWE3ZWQtOTBiMS00YzY2LTk0MzYtNGQ3N2ZiYmI2NTBhOkM3aXNLNnpOOFg3WQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
6.655 request code=9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=XWmOmGw9T6nhwzkh
6.864 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
6.865 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNTZkNWE3ZWQtOTBiMS00YzY2LTk0MzYtNGQ3N2ZiYmI2NTBhIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiOFNyVTRjZURvTHFSTVhkU1lpbHJaUSIsImV4cCI6MTUyOTc1NTA0MiwiaWF0IjoxNTI5NzUxNDQzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJlY2RkZjBjZS05ODNlLTQyZTUtOGIzMS01MzJiMmMyMWQ4NWMiLCJub25jZSI6Ilc1MnA3OWNVN1FWNzlQaEsiLCJyYXQiOjE1Mjk3NTE0MzksInN1YiI6ImZvb0BiYXIuY29tIn0.DppI2FmrJ5gjI-alBAIcmHj_Gx9sDmB-QdzdSGPMr_cDxvSfPEeW1v-tDFQLgR4kHANemy84INZJbIWa5GSQdyFtlUizMw_vS-fErvocQX9y13Lbt2-bc-1Ezzvb9IcwaE0OrFbMe5jaeDPaqI_ucu6eSmQLS32r9zaUou6yEp_C6ftSAws-K97Nt-KhYUR8ReAwGHE5USe7G24oHxju8zPhIs_kcEDmOE5dgSGc4S4MX2WZcDZhUQyc32k9Vyr-E0zZHtljk9dJUwM0Ua4tj7aw1Mlm3LHnCTqoUugFkTqET4DRzNGQpdDbzrLaEkJZ4ve7PILfHED13jW_OpUgn1qcpEChUlkPQzCBQgXljfQNXvwxi_fyx0vAJtFNkezdy6TUzob5cV6BiGIZK_1bRmw0LlWzpbIvRDX_8KymUbzElZzHJlJ5DlT8UxyPw9XiTi7YSOGJGoGr5iYPfCKR0YJOU4E7sDwR0oG86KC4pcrJReV1eedXSKbE8pN9-BON6nuCyzlSWFjZMHORubpHRhXwFVSfpe9Lvxf6u7-4eiPZe35GzKY8pn8Pxs6qB5X8-ZIHfq1SHnKcNOn0_VXbHGfuZ4isdCbgtZMVUXysbxxnTI3vvp0hIzDEsKK9LShBmpGN2EXk70hmmlgWcc3ZFYABoz7QV6IYKckSyfftlfM', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'sQ0WB52e1yomAf1xx7WddYIzEz51xwrCd9OW9HcR3do.Jq-97mvh0Ol9-bhGAflozH5cBDLb6gIyfHGmMJxT3I8', 'scope': 'openid'}
6.869 AccessTokenResponse {
"access_token": "sQ0WB52e1yomAf1xx7WddYIzEz51xwrCd9OW9HcR3do.Jq-97mvh0Ol9-bhGAflozH5cBDLb6gIyfHGmMJxT3I8",
"expires_in": 3599,
"id_token": {
"aud": [
"56d5a7ed-90b1-4c66-9436-4d77fbbb650a"
],
"auth_time": 1529751409,
"c_hash": "8SrU4ceDoLqRMXdSYilrZQ",
"exp": 1529755042,
"iat": 1529751443,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "ecddf0ce-983e-42e5-8b31-532b2c21d85c",
"nonce": "W52p79cU7QV79PhK",
"rat": 1529751439,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
6.869 phase <--<-- 6 --- AccessToken -->-->
6.869 --> request op_args: {'state': 'XWmOmGw9T6nhwzkh'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
6.869 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'XWmOmGw9T6nhwzkh', 'code': '9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '56d5a7ed-90b1-4c66-9436-4d77fbbb650a'}, 'state': 'XWmOmGw9T6nhwzkh'}
6.869 AccessTokenRequest {
"code": "9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "XWmOmGw9T6nhwzkh"
}
6.869 request_url https://oidc-certification.ory.sh:8443/oauth2/token
6.869 request_http_args {'headers': {'Authorization': 'Basic NTZkNWE3ZWQtOTBiMS00YzY2LTk0MzYtNGQ3N2ZiYmI2NTBhOkM3aXNLNnpOOFg3WQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
6.869 request code=9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=XWmOmGw9T6nhwzkh
7.059 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
7.06 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
7.06 event Got expected error
7.06 TokenErrorResponse {
"error": "invalid_grant",
"error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code": 400
}
7.061 phase <--<-- 7 --- Done -->-->
7.061 end
7.061 assertion VerifyResponse
7.061 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
7.061 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Discovery-JWKs.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000006120�13313423100�014776� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Discovery-JWKs
Test description: Keys in OP JWKs well formed
Timestamp: 2018-06-23T10:51:44Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.072 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.073 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.073 phase <--<-- 2 --- Done -->-->
0.074 end
0.074 assertion CheckHTTPResponse
0.074 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
0.074 assertion VerifyBase64URL
0.136 http response url:https://oidc-certification.ory.sh:8443/.well-known/jwks.json status_code:200
0.137 condition verify-base64url: status=OK [Verifies that the base64 encoded parts of a JWK is in fact base64url encoded and not just base64 encoded]
0.137 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-base64url: status=OK [Verifies that the base64 encoded parts of a JWK is in fact base64url encoded and not just base64 encoded]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-scope-profile.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000034737�13313423465�015017� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-profile
Test description: Scope requesting profile claims
Timestamp: 2018-06-23T10:55:49Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.074 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#6nUSdpqXssoBZBES"
],
"response_types": [
"code id_token"
]
}
0.275 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.276 RegistrationResponse {
"client_id": "14a0879e-4dda-403f-b6cd-69ac7344fff9",
"client_secret": "qKYAXCLuB7gp",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "14a0879e-4dda-403f-b6cd-69ac7344fff9",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#6nUSdpqXssoBZBES"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.276 phase <--<-- 3 --- AsyncAuthn -->-->
0.277 condition Check support: status=WARNING, message=No support for: scopes_supported=['profile']
0.277 AuthorizationRequest {
"client_id": "14a0879e-4dda-403f-b6cd-69ac7344fff9",
"nonce": "vKFOHLuG6AUAA2y0",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid profile",
"state": "j2vAmZAqIrresRP5"
}
0.277 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+profile&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=14a0879e-4dda-403f-b6cd-69ac7344fff9&state=j2vAmZAqIrresRP5&response_type=code+id_token&nonce=vKFOHLuG6AUAA2y0
0.277 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+profile&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=14a0879e-4dda-403f-b6cd-69ac7344fff9&state=j2vAmZAqIrresRP5&response_type=code+id_token&nonce=vKFOHLuG6AUAA2y0
2.73 http args {}
2.899 response URL with fragment
2.899 response code=wj-nnLX0bwLRFWyCDkXK6Ho6moSWJzidaQ0vR6GCh2E.KQBu84b2NCA-rxpWlMrPM1i_OzKuWoslNXbRm-BFAIQ&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTRhMDg3OWUtNGRkYS00MDNmLWI2Y2QtNjlhYzczNDRmZmY5Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiV2NmYXR3RktEUXZSalZwTXFLNFlldyIsImV4cCI6MTUyOTc1NDk0OCwiaWF0IjoxNTI5NzUxMzQ4LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJiN2QyMDZhOC0yNWNjLTQ0YjgtOWU5Ni03MTRkYjIzNDdhMDAiLCJub25jZSI6InZLRk9ITHVHNkFVQUEyeTAiLCJyYXQiOjE1Mjk3NTEzNDYsInN1YiI6ImZvb0BiYXIuY29tIn0.Xaj2vK_QuaKdeZJq9pDK7l0BQmyRQmYHPH7Al3yXrhIDxyIQKpnQYtX1IF6QcALyI_DbDszeMfgtdccdolSUZRyrrBP3t6gF4VrLP05tF8gUykz93Ugf4OkKsjieCnPaivqKqd771l0ZcaZREr69F5uxl1UAM3X2-5QvSmG5r6WqXryJNXD7iOga7bxP3s2ftamRo-QUIubFZEiZC3_6czZlFp-MCHh4oULFCsl9nvtn6xq9yfnKqIJfQ2Xq5DYgyNd8BJ8I1kD2n61RCL2WRcIlYConnG1Zordt-yP-yUb1YEatTuaz10_79b12SixFIH_dv-3BCzwJuQgYTtmPjV__CgbqScr3gmjv9z-Kf09oNe0Vo5TTmM5dE3lNuiwbEZYPrE4Tthz9jYT9liMkp3zHplPoaVcUI8LkMns4eJ-VgxJDGMrOTYzO4_51Hbg5gEDikD7eKcLhU99z_bI4s7xutCc2HstBeATMNYKbTXviex2B-330X1m7s9LfNcef5r37xZfaIKysmOOk0jlnAsNE9n-lo4mGCzj-58wn3CJWLzxiUd6TGEE19voAEkNsopKk195T2FAAd_VCh0GWk2CNeNq4mzQPLk3061YCnu-1mf7XHdy-Bc2k3OyYRLVnXxrfLN9J-pBGzvYzzO3WOfvIpXzz2eoHWpzFLEKuKaM&state=j2vAmZAqIrresRP5
2.9 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTRhMDg3OWUtNGRkYS00MDNmLWI2Y2QtNjlhYzczNDRmZmY5Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiV2NmYXR3RktEUXZSalZwTXFLNFlldyIsImV4cCI6MTUyOTc1NDk0OCwiaWF0IjoxNTI5NzUxMzQ4LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJiN2QyMDZhOC0yNWNjLTQ0YjgtOWU5Ni03MTRkYjIzNDdhMDAiLCJub25jZSI6InZLRk9ITHVHNkFVQUEyeTAiLCJyYXQiOjE1Mjk3NTEzNDYsInN1YiI6ImZvb0BiYXIuY29tIn0.Xaj2vK_QuaKdeZJq9pDK7l0BQmyRQmYHPH7Al3yXrhIDxyIQKpnQYtX1IF6QcALyI_DbDszeMfgtdccdolSUZRyrrBP3t6gF4VrLP05tF8gUykz93Ugf4OkKsjieCnPaivqKqd771l0ZcaZREr69F5uxl1UAM3X2-5QvSmG5r6WqXryJNXD7iOga7bxP3s2ftamRo-QUIubFZEiZC3_6czZlFp-MCHh4oULFCsl9nvtn6xq9yfnKqIJfQ2Xq5DYgyNd8BJ8I1kD2n61RCL2WRcIlYConnG1Zordt-yP-yUb1YEatTuaz10_79b12SixFIH_dv-3BCzwJuQgYTtmPjV__CgbqScr3gmjv9z-Kf09oNe0Vo5TTmM5dE3lNuiwbEZYPrE4Tthz9jYT9liMkp3zHplPoaVcUI8LkMns4eJ-VgxJDGMrOTYzO4_51Hbg5gEDikD7eKcLhU99z_bI4s7xutCc2HstBeATMNYKbTXviex2B-330X1m7s9LfNcef5r37xZfaIKysmOOk0jlnAsNE9n-lo4mGCzj-58wn3CJWLzxiUd6TGEE19voAEkNsopKk195T2FAAd_VCh0GWk2CNeNq4mzQPLk3061YCnu-1mf7XHdy-Bc2k3OyYRLVnXxrfLN9J-pBGzvYzzO3WOfvIpXzz2eoHWpzFLEKuKaM', 'state': 'j2vAmZAqIrresRP5', 'code': 'wj-nnLX0bwLRFWyCDkXK6Ho6moSWJzidaQ0vR6GCh2E.KQBu84b2NCA-rxpWlMrPM1i_OzKuWoslNXbRm-BFAIQ'}
2.999 AuthorizationResponse {
"code": "wj-nnLX0bwLRFWyCDkXK6Ho6moSWJzidaQ0vR6GCh2E.KQBu84b2NCA-rxpWlMrPM1i_OzKuWoslNXbRm-BFAIQ",
"id_token": {
"aud": [
"14a0879e-4dda-403f-b6cd-69ac7344fff9"
],
"auth_time": 1529751224,
"c_hash": "WcfatwFKDQvRjVpMqK4Yew",
"exp": 1529754948,
"iat": 1529751348,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "b7d206a8-25cc-44b8-9e96-714db2347a00",
"nonce": "vKFOHLuG6AUAA2y0",
"rat": 1529751346,
"sub": "foo@bar.com"
},
"state": "j2vAmZAqIrresRP5"
}
2.999 phase <--<-- 4 --- AccessToken -->-->
3.0 --> request op_args: {'state': 'j2vAmZAqIrresRP5'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.0 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'j2vAmZAqIrresRP5', 'code': 'wj-nnLX0bwLRFWyCDkXK6Ho6moSWJzidaQ0vR6GCh2E.KQBu84b2NCA-rxpWlMrPM1i_OzKuWoslNXbRm-BFAIQ', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '14a0879e-4dda-403f-b6cd-69ac7344fff9'}, 'state': 'j2vAmZAqIrresRP5'}
3.0 AccessTokenRequest {
"code": "wj-nnLX0bwLRFWyCDkXK6Ho6moSWJzidaQ0vR6GCh2E.KQBu84b2NCA-rxpWlMrPM1i_OzKuWoslNXbRm-BFAIQ",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "j2vAmZAqIrresRP5"
}
3.0 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.0 request_http_args {'headers': {'Authorization': 'Basic MTRhMDg3OWUtNGRkYS00MDNmLWI2Y2QtNjlhYzczNDRmZmY5OnFLWUFYQ0x1QjdncA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
3.0 request code=wj-nnLX0bwLRFWyCDkXK6Ho6moSWJzidaQ0vR6GCh2E.KQBu84b2NCA-rxpWlMrPM1i_OzKuWoslNXbRm-BFAIQ&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=j2vAmZAqIrresRP5
3.212 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.213 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTRhMDg3OWUtNGRkYS00MDNmLWI2Y2QtNjlhYzczNDRmZmY5Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiV2NmYXR3RktEUXZSalZwTXFLNFlldyIsImV4cCI6MTUyOTc1NDk0OCwiaWF0IjoxNTI5NzUxMzQ5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhNzQ2ZGU3Zi1mYjgyLTRmMGYtOTJkMC01ZTg0ODE0YjVkMDMiLCJub25jZSI6InZLRk9ITHVHNkFVQUEyeTAiLCJyYXQiOjE1Mjk3NTEzNDYsInN1YiI6ImZvb0BiYXIuY29tIn0.K6iPMV2pdEUtWoP_x9w0dJaBotm5q11rFKtn9WMKaSEaLyTefvCb1AbAfNilmHdl_jKxqIk7vmwvxRZEn4RWJyWd-OaWS2vQB6vcweD0KqhyjJ0KhkTcJEmOlrEf_4YigIAO9dw6TxmQr5qJrA-dU0O6dlguP_4CK3CJRTUMUKE9XFqyOtSzA2vYzAsSdX_vl5i1e5LgFliVuQYN3tsiKXw9La2ARkzb0Am-9xPCa6mw4CMuN7CVUhJ1RhOLVWJ5PEIy1ErQVqWNCu7R0t90-rvxALXVZmkLc_s4Ua4ni74sXgJrjLhiBR-UfRt3mM8FtrnY1u3gDzkIJroKBye1Ji9cy7Ilman0v72wwkXRMssxZ9xM0JEZ49uI01oLNjM_I0Dzpda88aJ6_cyVtal_HrMbmUAG9GSvJW0gJmBni2EqaCHCgAGxHh9ioPd_tsudPLIuowBV3WzrDf6OdPRxXa0nzByp93aaUd1_gSqEvrms0rDWFjsOAlfWguDHVQ1oQZI9XjoD78sxKnlHuKi4-Cyi4CFK-oqY2XbZ7Aoeistore2UUWSaMjV-gvU1LEx6KwZvRvkTuQURnWp4uPqZZ3j80fEl-1IilRNoUcpsKn3j-cBzOD4XpxAvvMYJEJ8Zs5uEOscaJvjIXq7--3vTWwTR5IC-dQhVbnBMw4rON_c', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'j8itKsAqtcRypR_IASDjIp6iQdq6tNjR-KJVRaYsT90.gu0B8UUAfOUKBm3yk04vkSdmx6FJB5r5zt0q2v6pib8', 'scope': 'openid profile'}
3.216 AccessTokenResponse {
"access_token": "j8itKsAqtcRypR_IASDjIp6iQdq6tNjR-KJVRaYsT90.gu0B8UUAfOUKBm3yk04vkSdmx6FJB5r5zt0q2v6pib8",
"expires_in": 3599,
"id_token": {
"aud": [
"14a0879e-4dda-403f-b6cd-69ac7344fff9"
],
"auth_time": 1529751224,
"c_hash": "WcfatwFKDQvRjVpMqK4Yew",
"exp": 1529754948,
"iat": 1529751349,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "a746de7f-fb82-4f0f-92d0-5e84814b5d03",
"nonce": "vKFOHLuG6AUAA2y0",
"rat": 1529751346,
"sub": "foo@bar.com"
},
"scope": "openid profile",
"token_type": "bearer"
}
3.216 phase <--<-- 5 --- UserInfo -->-->
3.217 do_user_info_request kwargs:{'state': 'j2vAmZAqIrresRP5', 'method': 'GET', 'authn_method': 'bearer_header'}
3.217 request {'body': None}
3.217 request_url https://oidc-certification.ory.sh:8443/userinfo
3.217 request_http_args {'headers': {'Authorization': 'Bearer j8itKsAqtcRypR_IASDjIp6iQdq6tNjR-KJVRaYsT90.gu0B8UUAfOUKBm3yk04vkSdmx6FJB5r5zt0q2v6pib8'}}
3.322 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
3.323 OpenIDSchema {
"sub": "foo@bar.com"
}
3.323 OpenIDSchema {
"sub": "foo@bar.com"
}
3.323 phase <--<-- 6 --- Done -->-->
3.323 end
3.323 assertion CheckHTTPResponse
3.324 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
3.324 assertion VerifyResponse
3.324 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.324 assertion VerifyScopes
3.325 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username'] [Verifies that the claims corresponding to the requested scopes are returned]
3.325 condition Done: status=OK
============================================================
Conditions
Check support: status=WARNING, message=No support for: scopes_supported=['profile']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
No support for: scopes_supported=['profile']
The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username']
���������������������������������./OP-UserInfo-RS256.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000033035�13313423212�014535� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-UserInfo-RS256
Test description: RP registers userinfo_signed_response_alg to signal that it wants signed UserInfo returned
Timestamp: 2018-06-23T10:52:58Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.082 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.084 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.084 phase <--<-- 2 --- Registration -->-->
0.084 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'userinfo_signed_response_alg': 'RS256'}
0.084 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#gvWvlC0AbOv96KAl"
],
"response_types": [
"code id_token"
],
"userinfo_signed_response_alg": "RS256"
}
0.346 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.347 RegistrationResponse {
"client_id": "8e527325-0ba8-4587-a3c7-7c27522dd147",
"client_secret": "NrM3LPypRfIl",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "8e527325-0ba8-4587-a3c7-7c27522dd147",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#gvWvlC0AbOv96KAl"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "RS256"
}
0.347 phase <--<-- 3 --- AsyncAuthn -->-->
0.348 AuthorizationRequest {
"client_id": "8e527325-0ba8-4587-a3c7-7c27522dd147",
"nonce": "qyAm65CczJcER8OW",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "jfnUiIYbjjyS40Ky"
}
0.348 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=8e527325-0ba8-4587-a3c7-7c27522dd147&state=jfnUiIYbjjyS40Ky&response_type=code+id_token&nonce=qyAm65CczJcER8OW
0.348 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=8e527325-0ba8-4587-a3c7-7c27522dd147&state=jfnUiIYbjjyS40Ky&response_type=code+id_token&nonce=qyAm65CczJcER8OW
2.437 http args {}
2.631 response URL with fragment
2.631 response code=aJzdMI-xs6Hf2jvrReGld5k6lIL9ojaiR4-v6tAX0fo.BgcT3M9FfULG7_UTvSVPfttWIDIzs5J3BwaclLPOYYw&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOGU1MjczMjUtMGJhOC00NTg3LWEzYzctN2MyNzUyMmRkMTQ3Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiMDFwQk1GX25mR3FCc2UycVVwU0ZIQSIsImV4cCI6MTUyOTc1NDc3NywiaWF0IjoxNTI5NzUxMTc3LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJkOWU1Njc1Mi1hNTZiLTQxNTItYWRkMi1lMjc5NWQwZjdkOTkiLCJub25jZSI6InF5QW02NUNjekpjRVI4T1ciLCJyYXQiOjE1Mjk3NTExNzUsInN1YiI6ImZvb0BiYXIuY29tIn0.R28YLitZEfWhvhXjAQ0tIuoBjvM3XQyhUIiKDVEYujjlcjVLKe8x8cRbzL5h6TXrNWoIwn5_nAUrl_eZQ23t2ZwNhlTOZ8xwsavlZ891zOQMnjoixhsnf6VA18xjOkobHMRtf2grESv4aLHQPqq5cNmcznmQS94SkOF9ZG3crPugSwnEhViTfjidUh5xqRbO0Bx6k6kqa5AEoUTX_eeSPIoTTB31HExKdDCt8uAGmw-VW45HA1YL_wMLqa2rpcbGzoFb0pDQAe9F0Gycz0SBIoAcUJG4feXzyCuBcpCbFR0gn_yVJtaM7MNREd92bJC9AUIocMVKvQgkhJsX2SGhkCQy1kW_NX9g7hrPWu1Nb3i9JqrJYJgoW2wzHqoTPmDSVmXEI1T8hVz279DijjZSn3-L0uSxZIpxiZCjWOxS1fCcqQC8tyMjTWxmyjyM3KsjvX_5Clg7FC9jPsQi7jD06c8Hbnmqu0jxIfTD7ewARqZ2qHNDSc9vIz58ppdRCfTC7xNFWxdAy9vn74ng4LDJNLaAtVPq82tAm4NRfvO-wusYAf8eFduo_Qq1SU9h-VWOjNRqXEJEVR2il3Kiff3FMqKvcJH1T-YpyU4pzu4TcLqFvJ9t5qR7y3vN__DjgwnF-QRKWrnkeqk7WakYA_V00vaN1sKnZ8e2yGsb2aIygwQ&state=jfnUiIYbjjyS40Ky
2.631 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOGU1MjczMjUtMGJhOC00NTg3LWEzYzctN2MyNzUyMmRkMTQ3Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiMDFwQk1GX25mR3FCc2UycVVwU0ZIQSIsImV4cCI6MTUyOTc1NDc3NywiaWF0IjoxNTI5NzUxMTc3LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJkOWU1Njc1Mi1hNTZiLTQxNTItYWRkMi1lMjc5NWQwZjdkOTkiLCJub25jZSI6InF5QW02NUNjekpjRVI4T1ciLCJyYXQiOjE1Mjk3NTExNzUsInN1YiI6ImZvb0BiYXIuY29tIn0.R28YLitZEfWhvhXjAQ0tIuoBjvM3XQyhUIiKDVEYujjlcjVLKe8x8cRbzL5h6TXrNWoIwn5_nAUrl_eZQ23t2ZwNhlTOZ8xwsavlZ891zOQMnjoixhsnf6VA18xjOkobHMRtf2grESv4aLHQPqq5cNmcznmQS94SkOF9ZG3crPugSwnEhViTfjidUh5xqRbO0Bx6k6kqa5AEoUTX_eeSPIoTTB31HExKdDCt8uAGmw-VW45HA1YL_wMLqa2rpcbGzoFb0pDQAe9F0Gycz0SBIoAcUJG4feXzyCuBcpCbFR0gn_yVJtaM7MNREd92bJC9AUIocMVKvQgkhJsX2SGhkCQy1kW_NX9g7hrPWu1Nb3i9JqrJYJgoW2wzHqoTPmDSVmXEI1T8hVz279DijjZSn3-L0uSxZIpxiZCjWOxS1fCcqQC8tyMjTWxmyjyM3KsjvX_5Clg7FC9jPsQi7jD06c8Hbnmqu0jxIfTD7ewARqZ2qHNDSc9vIz58ppdRCfTC7xNFWxdAy9vn74ng4LDJNLaAtVPq82tAm4NRfvO-wusYAf8eFduo_Qq1SU9h-VWOjNRqXEJEVR2il3Kiff3FMqKvcJH1T-YpyU4pzu4TcLqFvJ9t5qR7y3vN__DjgwnF-QRKWrnkeqk7WakYA_V00vaN1sKnZ8e2yGsb2aIygwQ', 'state': 'jfnUiIYbjjyS40Ky', 'code': 'aJzdMI-xs6Hf2jvrReGld5k6lIL9ojaiR4-v6tAX0fo.BgcT3M9FfULG7_UTvSVPfttWIDIzs5J3BwaclLPOYYw'}
2.706 AuthorizationResponse {
"code": "aJzdMI-xs6Hf2jvrReGld5k6lIL9ojaiR4-v6tAX0fo.BgcT3M9FfULG7_UTvSVPfttWIDIzs5J3BwaclLPOYYw",
"id_token": {
"aud": [
"8e527325-0ba8-4587-a3c7-7c27522dd147"
],
"auth_time": 1529750975,
"c_hash": "01pBMF_nfGqBse2qUpSFHA",
"exp": 1529754777,
"iat": 1529751177,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "d9e56752-a56b-4152-add2-e2795d0f7d99",
"nonce": "qyAm65CczJcER8OW",
"rat": 1529751175,
"sub": "foo@bar.com"
},
"state": "jfnUiIYbjjyS40Ky"
}
2.706 phase <--<-- 4 --- AccessToken -->-->
2.707 --> request op_args: {'state': 'jfnUiIYbjjyS40Ky'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.707 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'jfnUiIYbjjyS40Ky', 'code': 'aJzdMI-xs6Hf2jvrReGld5k6lIL9ojaiR4-v6tAX0fo.BgcT3M9FfULG7_UTvSVPfttWIDIzs5J3BwaclLPOYYw', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '8e527325-0ba8-4587-a3c7-7c27522dd147'}, 'state': 'jfnUiIYbjjyS40Ky'}
2.707 AccessTokenRequest {
"code": "aJzdMI-xs6Hf2jvrReGld5k6lIL9ojaiR4-v6tAX0fo.BgcT3M9FfULG7_UTvSVPfttWIDIzs5J3BwaclLPOYYw",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "jfnUiIYbjjyS40Ky"
}
2.707 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.707 request_http_args {'headers': {'Authorization': 'Basic OGU1MjczMjUtMGJhOC00NTg3LWEzYzctN2MyNzUyMmRkMTQ3Ok5yTTNMUHlwUmZJbA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.707 request code=aJzdMI-xs6Hf2jvrReGld5k6lIL9ojaiR4-v6tAX0fo.BgcT3M9FfULG7_UTvSVPfttWIDIzs5J3BwaclLPOYYw&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=jfnUiIYbjjyS40Ky
2.92 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.921 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOGU1MjczMjUtMGJhOC00NTg3LWEzYzctN2MyNzUyMmRkMTQ3Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiMDFwQk1GX25mR3FCc2UycVVwU0ZIQSIsImV4cCI6MTUyOTc1NDc3NywiaWF0IjoxNTI5NzUxMTc4LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJkODYyMWY2Zi04ZWUwLTQ4MDItOGVhNS05MWVlMGZhOWE0YjAiLCJub25jZSI6InF5QW02NUNjekpjRVI4T1ciLCJyYXQiOjE1Mjk3NTExNzUsInN1YiI6ImZvb0BiYXIuY29tIn0.t4_g0X5MttNXqJNCRFJlrFDTSMwiYZ_Ef2wvbgR6N3vdJkeLQYanOBRbD5I3FlKfi8HXOojSHbbAQJaOi_X-l8Pj9JJLKLzlD-D0HJXPm1935S97Yo1VpOp2cliVBx_Tz5bCdGp5LjUWoCUsTw3eeIltP2C8WLMsv6j-5gKtW2YoA4PN23eYWZL_KQBnZrAQ6MEmCkT2_qMCeh3-sIODEfObN6CscFzleLe4T-urkxe1b8eHQ6AY-0Yk77HeFQG_tMAqXgz47JIjoW8DY9CNkeLFBtNWu48aQB3u8NUhKyOr5VHYPHitpyc1gf0i5i9zSt5rVVnHxPGW8TUi99fhmgfD_344RQGUh5_pAQnSUnmNXHfaxPv7BHtfCnQHg65G5ox2lHQPzjeSysx6WUP1lPv7ZisZP1-Xgnqy3Xf6JUeE3xxt1_tXgbkYZEeNNJ7DwnRMD3d4UraNtaLRXGvhaYTi7QKdm4oK6GTCtYTLHCNITrDTkT4zqQ8C3BQ-YhzvSsoQatNjj7bhCWm2_mFcYCu-fziP9KgJNcnLiu5ayabCYtIsB6NIQQMICHKLftmdFJyki6mVc20VcUTVrGWPJI55p2JBu9fEZHnnZThr98VMwBFwgDuZADzWSiXItqgk7oKURINskx9-PScQ6DYsNS7DV7jBM9FCj-kHh7eSrYg', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'cGyosWOGtlA27DRvCB7bQJvXPho8MC3Gz1fm-spDJfc.S_W7cUaE6MkbV-zNBPV0MisawAdZEkBWpAZkG_1tP3w', 'scope': 'openid'}
2.925 AccessTokenResponse {
"access_token": "cGyosWOGtlA27DRvCB7bQJvXPho8MC3Gz1fm-spDJfc.S_W7cUaE6MkbV-zNBPV0MisawAdZEkBWpAZkG_1tP3w",
"expires_in": 3599,
"id_token": {
"aud": [
"8e527325-0ba8-4587-a3c7-7c27522dd147"
],
"auth_time": 1529750975,
"c_hash": "01pBMF_nfGqBse2qUpSFHA",
"exp": 1529754777,
"iat": 1529751178,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "d8621f6f-8ee0-4802-8ea5-91ee0fa9a4b0",
"nonce": "qyAm65CczJcER8OW",
"rat": 1529751175,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.925 phase <--<-- 5 --- UserInfo -->-->
2.925 do_user_info_request kwargs:{'state': 'jfnUiIYbjjyS40Ky', 'method': 'GET', 'authn_method': 'bearer_header', 'ctype': 'jwt'}
2.925 request {'body': None}
2.925 request_url https://oidc-certification.ory.sh:8443/userinfo
2.925 request_http_args {'headers': {'Authorization': 'Bearer cGyosWOGtlA27DRvCB7bQJvXPho8MC3Gz1fm-spDJfc.S_W7cUaE6MkbV-zNBPV0MisawAdZEkBWpAZkG_1tP3w'}}
3.058 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
3.062 OpenIDSchema {
"aud": [
"8e527325-0ba8-4587-a3c7-7c27522dd147"
],
"iss": "https://oidc-certification.ory.sh:8443/",
"sub": "foo@bar.com"
}
3.062 OpenIDSchema {
"aud": [
"8e527325-0ba8-4587-a3c7-7c27522dd147"
],
"iss": "https://oidc-certification.ory.sh:8443/",
"sub": "foo@bar.com"
}
3.063 phase <--<-- 6 --- Done -->-->
3.063 end
3.063 assertion VerifyResponse
3.063 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.063 assertion CheckAsymSignedUserInfo
3.063 condition asym-signed-userinfo: status=OK [Verifies that the UserInfo was signed with a RSA key]
3.063 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
asym-signed-userinfo: status=OK [Verifies that the UserInfo was signed with a RSA key]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-UserInfo-Body.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000031723�13313423174�014662� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-UserInfo-Body
Test description: UserInfo Endpoint access with POST and bearer body
Timestamp: 2018-06-23T10:52:44Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.077 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.078 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.079 phase <--<-- 2 --- Registration -->-->
0.079 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.079 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#x4apJR5pv5KHKeCY"
],
"response_types": [
"code id_token"
]
}
0.238 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.239 RegistrationResponse {
"client_id": "070453ec-5c66-4086-8b6d-794b9b03c36a",
"client_secret": "B6MJ82RhngHR",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "070453ec-5c66-4086-8b6d-794b9b03c36a",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#x4apJR5pv5KHKeCY"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.239 phase <--<-- 3 --- AsyncAuthn -->-->
0.24 AuthorizationRequest {
"client_id": "070453ec-5c66-4086-8b6d-794b9b03c36a",
"nonce": "0fSpMVPMmKIY8bi6",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "7icERr6XVK18gB5I"
}
0.24 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=070453ec-5c66-4086-8b6d-794b9b03c36a&state=7icERr6XVK18gB5I&response_type=code+id_token&nonce=0fSpMVPMmKIY8bi6
0.24 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=070453ec-5c66-4086-8b6d-794b9b03c36a&state=7icERr6XVK18gB5I&response_type=code+id_token&nonce=0fSpMVPMmKIY8bi6
2.296 http args {}
2.5 response URL with fragment
2.5 response code=SrSwltTtZVuwey8vhEqQMH6eLKRT5YQ0SvSfYP282YU.02AhsDd_a84Z7jWwOvELcOOoSdoAZm_zhDeUdPL9jWs&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMDcwNDUzZWMtNWM2Ni00MDg2LThiNmQtNzk0YjliMDNjMzZhIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiTG1NdGhvQ2Z5TXNGcFRUWFE3RnNYdyIsImV4cCI6MTUyOTc1NDc2MywiaWF0IjoxNTI5NzUxMTYzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI3M2MzOGIyOS1lMjE1LTQ3YWItYTU5Mi05YWNkMTEyMDc3ZjgiLCJub25jZSI6IjBmU3BNVlBNbUtJWThiaTYiLCJyYXQiOjE1Mjk3NTExNjIsInN1YiI6ImZvb0BiYXIuY29tIn0.PHlivWpNHUYf6Po7PWQe9DMY877-XuZKLhEgPimmbjKxPzjSBGtPYM-RW_C9p6gpCqin3cfVArraEE2P9b-ziKxqvq75eQIjyCMtQp5kNJfQpOdIYAJZl1TTRdbWOfMPcCzvL-h-GV00_sz60eTtkYj77MfXVU3XFL7a8YcYkHbttmsvHW1EWy0EaAJhRJpqXWxm_EINKd9JMLT13cFHRKGxG8VZDHYx_WAzXtOuD_Mdt4QcVLUDVYYGv69hWLx955Kpamq8dQJ2EeZmYInZ92jaStSQ7dGpDlnLmD9eAxe4jqZDWqw5Q8YnaCoY5j1NcK76xYlqfedXnM5BdBmoWRkc7V2OMlqbkkXgfl2bUkFLF3j8zBuOktnncaMz6s4KfdDsaq03BZZjBeTc16QGitzHQzesBwoVajVUa9V-0vQ_5qMCB2VBNnb4-p_lb4QRSeP6O3fw8gt53kHdJ-Pyi0sLmKaKmceQgjOj96Rdp8hvIk4CxryOdTL_Pg5FCcmN3i4VSW7ciauPl8RGszXkgFPzz1GmTITCn2u1QGoUKaZ7Ov80lrJu9fvfIS6BXvmiFUMmLhrSuLqc_J-a9TPcshIpYj0ONFXtZrgcVrnAazSbMrT6A6kAglONILSwXzOYxD3yGttloCK_mwRj_PUDeMU7onw2-Yik_7BMCyzuxzY&state=7icERr6XVK18gB5I
2.501 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMDcwNDUzZWMtNWM2Ni00MDg2LThiNmQtNzk0YjliMDNjMzZhIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiTG1NdGhvQ2Z5TXNGcFRUWFE3RnNYdyIsImV4cCI6MTUyOTc1NDc2MywiaWF0IjoxNTI5NzUxMTYzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI3M2MzOGIyOS1lMjE1LTQ3YWItYTU5Mi05YWNkMTEyMDc3ZjgiLCJub25jZSI6IjBmU3BNVlBNbUtJWThiaTYiLCJyYXQiOjE1Mjk3NTExNjIsInN1YiI6ImZvb0BiYXIuY29tIn0.PHlivWpNHUYf6Po7PWQe9DMY877-XuZKLhEgPimmbjKxPzjSBGtPYM-RW_C9p6gpCqin3cfVArraEE2P9b-ziKxqvq75eQIjyCMtQp5kNJfQpOdIYAJZl1TTRdbWOfMPcCzvL-h-GV00_sz60eTtkYj77MfXVU3XFL7a8YcYkHbttmsvHW1EWy0EaAJhRJpqXWxm_EINKd9JMLT13cFHRKGxG8VZDHYx_WAzXtOuD_Mdt4QcVLUDVYYGv69hWLx955Kpamq8dQJ2EeZmYInZ92jaStSQ7dGpDlnLmD9eAxe4jqZDWqw5Q8YnaCoY5j1NcK76xYlqfedXnM5BdBmoWRkc7V2OMlqbkkXgfl2bUkFLF3j8zBuOktnncaMz6s4KfdDsaq03BZZjBeTc16QGitzHQzesBwoVajVUa9V-0vQ_5qMCB2VBNnb4-p_lb4QRSeP6O3fw8gt53kHdJ-Pyi0sLmKaKmceQgjOj96Rdp8hvIk4CxryOdTL_Pg5FCcmN3i4VSW7ciauPl8RGszXkgFPzz1GmTITCn2u1QGoUKaZ7Ov80lrJu9fvfIS6BXvmiFUMmLhrSuLqc_J-a9TPcshIpYj0ONFXtZrgcVrnAazSbMrT6A6kAglONILSwXzOYxD3yGttloCK_mwRj_PUDeMU7onw2-Yik_7BMCyzuxzY', 'state': '7icERr6XVK18gB5I', 'code': 'SrSwltTtZVuwey8vhEqQMH6eLKRT5YQ0SvSfYP282YU.02AhsDd_a84Z7jWwOvELcOOoSdoAZm_zhDeUdPL9jWs'}
2.58 AuthorizationResponse {
"code": "SrSwltTtZVuwey8vhEqQMH6eLKRT5YQ0SvSfYP282YU.02AhsDd_a84Z7jWwOvELcOOoSdoAZm_zhDeUdPL9jWs",
"id_token": {
"aud": [
"070453ec-5c66-4086-8b6d-794b9b03c36a"
],
"auth_time": 1529750975,
"c_hash": "LmMthoCfyMsFpTTXQ7FsXw",
"exp": 1529754763,
"iat": 1529751163,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "73c38b29-e215-47ab-a592-9acd112077f8",
"nonce": "0fSpMVPMmKIY8bi6",
"rat": 1529751162,
"sub": "foo@bar.com"
},
"state": "7icERr6XVK18gB5I"
}
2.58 phase <--<-- 4 --- AccessToken -->-->
2.58 --> request op_args: {'state': '7icERr6XVK18gB5I'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.58 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '7icERr6XVK18gB5I', 'code': 'SrSwltTtZVuwey8vhEqQMH6eLKRT5YQ0SvSfYP282YU.02AhsDd_a84Z7jWwOvELcOOoSdoAZm_zhDeUdPL9jWs', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '070453ec-5c66-4086-8b6d-794b9b03c36a'}, 'state': '7icERr6XVK18gB5I'}
2.58 AccessTokenRequest {
"code": "SrSwltTtZVuwey8vhEqQMH6eLKRT5YQ0SvSfYP282YU.02AhsDd_a84Z7jWwOvELcOOoSdoAZm_zhDeUdPL9jWs",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "7icERr6XVK18gB5I"
}
2.58 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.58 request_http_args {'headers': {'Authorization': 'Basic MDcwNDUzZWMtNWM2Ni00MDg2LThiNmQtNzk0YjliMDNjMzZhOkI2TUo4MlJobmdIUg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.58 request code=SrSwltTtZVuwey8vhEqQMH6eLKRT5YQ0SvSfYP282YU.02AhsDd_a84Z7jWwOvELcOOoSdoAZm_zhDeUdPL9jWs&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=7icERr6XVK18gB5I
2.792 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.794 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMDcwNDUzZWMtNWM2Ni00MDg2LThiNmQtNzk0YjliMDNjMzZhIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiTG1NdGhvQ2Z5TXNGcFRUWFE3RnNYdyIsImV4cCI6MTUyOTc1NDc2MywiaWF0IjoxNTI5NzUxMTY0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI1Y2QwNjdkMy0yMDdjLTQ0YTItYjEzYS0yMmZjNWY3MDQ2ZDAiLCJub25jZSI6IjBmU3BNVlBNbUtJWThiaTYiLCJyYXQiOjE1Mjk3NTExNjIsInN1YiI6ImZvb0BiYXIuY29tIn0.HCde4lgyEUn5H21TZwa_XIkfZ0OS4r-PymNH0J-XwztcfFap1dPV3aeNoyLCcshrznNHXzWOVMlmlakW2FYra9g5qZCGMRL39L5FqtksOg0HIkGyHWWpyNQ6ZfXqVlNJoaMt_6Y8vnJaRelwjPlS7TN7FmXIXll9mPWfk60FSlDdivK-Gpoazf2IqF1gEwkqQSgLxEf9HtbKQttWyyLZlvnYh8KrAbzZ8gvSRhMj6ODoSAuUkjNFI7c-6bpy9ZCj887Ii_HIe4InIDKluMhqhNe_Vj_BU1FtciQSj_gjhOGklkJfeIEKld-pi7Uymcuc9soicZAI9I5vhqa33ms0-1gM85cmlV6j40Hu5V12yaq2K4o7d4S4SzKDLZtpb9LhPPKvwQjPGimXaA-rfMNQVg5rNQQ3MPvlWvZXtLn8TD9kUoItfC1gcSL4DTyJhlDdLbTkDpkMpb6aBctHZJVCj8TLBN3sPcmoIB2CBWpK9XF4xzw94P7DGuTN2xbhUXsJi_ov_3El_vEnbQ4QiVu5HbWy8lTi7_hLQ-jhX8h06C4LMQ44B34GyUe_7Z9_xl-Ot8INLp2vVu_sJmGeFwJ92xnCCl7JJNJ_E0IOaDcZOj7Yewos_Hy68H4ktaSEOXBPuJ8s-0MHw2XPgu1jUIusePMDfLEy9GBIqXNIuZhe0Sc', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'BwzBsbxXk56m8FexDe3NdNviAhHlvQVU6eAgd_2v1H0.cGRLaKGAP0F1fSFvr0oqnkU_snmvn8A9pRKtI5_4oi8', 'scope': 'openid'}
2.797 AccessTokenResponse {
"access_token": "BwzBsbxXk56m8FexDe3NdNviAhHlvQVU6eAgd_2v1H0.cGRLaKGAP0F1fSFvr0oqnkU_snmvn8A9pRKtI5_4oi8",
"expires_in": 3599,
"id_token": {
"aud": [
"070453ec-5c66-4086-8b6d-794b9b03c36a"
],
"auth_time": 1529750975,
"c_hash": "LmMthoCfyMsFpTTXQ7FsXw",
"exp": 1529754763,
"iat": 1529751164,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "5cd067d3-207c-44a2-b13a-22fc5f7046d0",
"nonce": "0fSpMVPMmKIY8bi6",
"rat": 1529751162,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.797 phase <--<-- 5 --- UserInfo -->-->
2.797 do_user_info_request kwargs:{'state': '7icERr6XVK18gB5I', 'method': 'POST', 'authn_method': 'token_in_message_body'}
2.797 request {'body': 'access_token=BwzBsbxXk56m8FexDe3NdNviAhHlvQVU6eAgd_2v1H0.cGRLaKGAP0F1fSFvr0oqnkU_snmvn8A9pRKtI5_4oi8'}
2.797 request_url https://oidc-certification.ory.sh:8443/userinfo
2.797 request_http_args {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
2.87 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
2.871 OpenIDSchema {
"sub": "foo@bar.com"
}
2.871 OpenIDSchema {
"sub": "foo@bar.com"
}
2.871 phase <--<-- 6 --- Done -->-->
2.871 end
2.872 assertion VerifyResponse
2.872 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.872 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������./OP-redirect_uri-Query-Mismatch.txt����������������������������������������������������������������0000644�0000000�0000000�00000011240�13313423404�017547� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-Query-Mismatch
Test description: Rejects redirect_uri when query parameter does not match what is registed
Timestamp: 2018-06-23T10:55:00Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.08 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.081 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.081 phase <--<-- 2 --- Registration -->-->
0.082 register kwargs:{'application_name': 'OIC test tool', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'redirect_uri': ['https://op.certification.openid.net:61353/authz_cb?foo=bar']}
0.082 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#yKaAQzDIpvWxQiWS"
],
"response_types": [
"code id_token"
]
}
0.243 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.244 RegistrationResponse {
"client_id": "26460dc9-2966-41d1-ab3f-f25c7c38ad81",
"client_secret": "_zkTbI_RSVmN",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "26460dc9-2966-41d1-ab3f-f25c7c38ad81",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#yKaAQzDIpvWxQiWS"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.244 phase <--<-- 3 --- Note -->-->
============================================================
Conditions
============================================================
RESULT: PARTIAL RESULT
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-ClientAuth-SecretPost-Dynamic.txt��������������������������������������������������������������0000644�0000000�0000000�00000031204�13313423170�017736� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-ClientAuth-SecretPost-Dynamic
Test description: Access token request with client_secret_post authentication
Timestamp: 2018-06-23T10:52:40Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.074 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'token_endpoint_auth_method': 'client_secret_post', 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'response_types': ['code id_token'], 'url': 'https://oidc-certification.ory.sh:8443/clients', 'application_type': 'web'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#WLZrs5ZB0BWRMPro"
],
"response_types": [
"code id_token"
],
"token_endpoint_auth_method": "client_secret_post"
}
0.237 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.237 RegistrationResponse {
"client_id": "ffa257cc-7836-4f05-9d44-bb5540e3761a",
"client_secret": "5XyfzEIlj9R3",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "ffa257cc-7836-4f05-9d44-bb5540e3761a",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#WLZrs5ZB0BWRMPro"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_post",
"userinfo_signed_response_alg": "none"
}
0.238 phase <--<-- 3 --- AsyncAuthn -->-->
0.238 AuthorizationRequest {
"client_id": "ffa257cc-7836-4f05-9d44-bb5540e3761a",
"nonce": "TgbKjihOnmvcocC5",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "fVfcyMeK1JbGCdp3"
}
0.238 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ffa257cc-7836-4f05-9d44-bb5540e3761a&state=fVfcyMeK1JbGCdp3&response_type=code+id_token&nonce=TgbKjihOnmvcocC5
0.238 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ffa257cc-7836-4f05-9d44-bb5540e3761a&state=fVfcyMeK1JbGCdp3&response_type=code+id_token&nonce=TgbKjihOnmvcocC5
2.357 http args {}
2.527 response URL with fragment
2.528 response code=Uv1WRHKOToE2zPWigvY6QouliyvPSsGLSgezrhK3QmA.Cn5IctMDd6zsDp3bOdAgrT2CKuIZ8Z4U5T6RGeZpcRE&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZmZhMjU3Y2MtNzgzNi00ZjA1LTlkNDQtYmI1NTQwZTM3NjFhIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiTmU3X1JxOVV2ZWRjMFJLUkVPcW83dyIsImV4cCI6MTUyOTc1NDc1OSwiaWF0IjoxNTI5NzUxMTU5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJiY2QwNDNhNy1lMWY2LTQ3MjAtODFhMC03MTRmM2U1YTkwYzAiLCJub25jZSI6IlRnYktqaWhPbm12Y29jQzUiLCJyYXQiOjE1Mjk3NTExNTgsInN1YiI6ImZvb0BiYXIuY29tIn0.I2U6khGR1IegBEFtlA-TYYTrQmkB_IIb7iYIkJ5HFR-PAyk0h8ZtR1aaA7a166VsFyRzjtnkI0FZp4wrPCuqh0AxohAKBU3CMGJmKIpQqNVixqG2_PkK8mdKSSdte7Xf0GApBBGIdPr0oIPxKYT9pdoEOgJbKbqPygoqjPwCChaSz88tvu-diLC9BVMn81oG_J3YTytcHkkHqe4T_Rj-EF_1OqDf3SXYngJ2zgKLeSc6Bh1GQlLZrshbLXW_RfR9930fpkJ9JK3bbxUfBUSTfNB70zskQe52A988sKkQzptjpPIm1AXZpcnbgIzbQHeDhSRnGHbnjxq4eLIeO3EdMupBsI5DkrRktOHiAOgHhdGUxEwnWfEa0FLImofBGR-KLr9eIKxL-_JVXfOM-MIi1vXaBGFrcA07nm92MvTvnoFzB5JRKiwGzlNAdytvp0t-rXZyfTJZGGnA8WGNhUVHyqvTuk-9TW_S6yhUli3hQCGHR2RbT1g-DRB2KFtXj5UGN8EVnQSQEmiX4hcD8bK3t175gUpHL4nSV6l9vs3266FrV56ImcmzEdkRHCIsMjLygQT_uthqm9xD3nVsoWXkIiEXVwjCIT9scXNGQhuEdBDtHz-sBvmLXQ8tu4GLpubWNHujRifxypCWDCwU2XN5Rpb5Mn6V84hrlZhsTaGbBvw&state=fVfcyMeK1JbGCdp3
2.528 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZmZhMjU3Y2MtNzgzNi00ZjA1LTlkNDQtYmI1NTQwZTM3NjFhIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiTmU3X1JxOVV2ZWRjMFJLUkVPcW83dyIsImV4cCI6MTUyOTc1NDc1OSwiaWF0IjoxNTI5NzUxMTU5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJiY2QwNDNhNy1lMWY2LTQ3MjAtODFhMC03MTRmM2U1YTkwYzAiLCJub25jZSI6IlRnYktqaWhPbm12Y29jQzUiLCJyYXQiOjE1Mjk3NTExNTgsInN1YiI6ImZvb0BiYXIuY29tIn0.I2U6khGR1IegBEFtlA-TYYTrQmkB_IIb7iYIkJ5HFR-PAyk0h8ZtR1aaA7a166VsFyRzjtnkI0FZp4wrPCuqh0AxohAKBU3CMGJmKIpQqNVixqG2_PkK8mdKSSdte7Xf0GApBBGIdPr0oIPxKYT9pdoEOgJbKbqPygoqjPwCChaSz88tvu-diLC9BVMn81oG_J3YTytcHkkHqe4T_Rj-EF_1OqDf3SXYngJ2zgKLeSc6Bh1GQlLZrshbLXW_RfR9930fpkJ9JK3bbxUfBUSTfNB70zskQe52A988sKkQzptjpPIm1AXZpcnbgIzbQHeDhSRnGHbnjxq4eLIeO3EdMupBsI5DkrRktOHiAOgHhdGUxEwnWfEa0FLImofBGR-KLr9eIKxL-_JVXfOM-MIi1vXaBGFrcA07nm92MvTvnoFzB5JRKiwGzlNAdytvp0t-rXZyfTJZGGnA8WGNhUVHyqvTuk-9TW_S6yhUli3hQCGHR2RbT1g-DRB2KFtXj5UGN8EVnQSQEmiX4hcD8bK3t175gUpHL4nSV6l9vs3266FrV56ImcmzEdkRHCIsMjLygQT_uthqm9xD3nVsoWXkIiEXVwjCIT9scXNGQhuEdBDtHz-sBvmLXQ8tu4GLpubWNHujRifxypCWDCwU2XN5Rpb5Mn6V84hrlZhsTaGbBvw', 'state': 'fVfcyMeK1JbGCdp3', 'code': 'Uv1WRHKOToE2zPWigvY6QouliyvPSsGLSgezrhK3QmA.Cn5IctMDd6zsDp3bOdAgrT2CKuIZ8Z4U5T6RGeZpcRE'}
2.615 AuthorizationResponse {
"code": "Uv1WRHKOToE2zPWigvY6QouliyvPSsGLSgezrhK3QmA.Cn5IctMDd6zsDp3bOdAgrT2CKuIZ8Z4U5T6RGeZpcRE",
"id_token": {
"aud": [
"ffa257cc-7836-4f05-9d44-bb5540e3761a"
],
"auth_time": 1529750975,
"c_hash": "Ne7_Rq9Uvedc0RKREOqo7w",
"exp": 1529754759,
"iat": 1529751159,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "bcd043a7-e1f6-4720-81a0-714f3e5a90c0",
"nonce": "TgbKjihOnmvcocC5",
"rat": 1529751158,
"sub": "foo@bar.com"
},
"state": "fVfcyMeK1JbGCdp3"
}
2.615 phase <--<-- 4 --- AccessToken -->-->
2.615 --> request op_args: {'state': 'fVfcyMeK1JbGCdp3', 'authn_method': 'client_secret_post'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.615 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'fVfcyMeK1JbGCdp3', 'code': 'Uv1WRHKOToE2zPWigvY6QouliyvPSsGLSgezrhK3QmA.Cn5IctMDd6zsDp3bOdAgrT2CKuIZ8Z4U5T6RGeZpcRE', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'ffa257cc-7836-4f05-9d44-bb5540e3761a'}, 'state': 'fVfcyMeK1JbGCdp3', 'authn_method': 'client_secret_post'}
2.615 AccessTokenRequest {
"client_id": "ffa257cc-7836-4f05-9d44-bb5540e3761a",
"client_secret": "5XyfzEIlj9R3",
"code": "Uv1WRHKOToE2zPWigvY6QouliyvPSsGLSgezrhK3QmA.Cn5IctMDd6zsDp3bOdAgrT2CKuIZ8Z4U5T6RGeZpcRE",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "fVfcyMeK1JbGCdp3"
}
2.615 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.615 request_http_args {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
2.615 request code=Uv1WRHKOToE2zPWigvY6QouliyvPSsGLSgezrhK3QmA.Cn5IctMDd6zsDp3bOdAgrT2CKuIZ8Z4U5T6RGeZpcRE&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=ffa257cc-7836-4f05-9d44-bb5540e3761a&grant_type=authorization_code&state=fVfcyMeK1JbGCdp3&client_secret=5XyfzEIlj9R3
2.831 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.832 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZmZhMjU3Y2MtNzgzNi00ZjA1LTlkNDQtYmI1NTQwZTM3NjFhIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiTmU3X1JxOVV2ZWRjMFJLUkVPcW83dyIsImV4cCI6MTUyOTc1NDc1OSwiaWF0IjoxNTI5NzUxMTYwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJiODE4MzA1NS04YTU5LTRlNDUtOGU0Yy0xMjc5NTc1NDFhNGEiLCJub25jZSI6IlRnYktqaWhPbm12Y29jQzUiLCJyYXQiOjE1Mjk3NTExNTgsInN1YiI6ImZvb0BiYXIuY29tIn0.hBwP7XYgqDu7zn_QF-TbfAbuZ0gauwyj4p5vImEr_25IUSyGo3dEJsFSkhV2tyzLlaeCQBb5S689MM3VWAUXphKG4Ni_pTJ-Ykknkw2x7XSJS9BZ5RNgM3cfXkjerhVAFms7BHzg4vJPPAdnCucRqhTzDaX0-yFkJDpQyK0iU-2ODe1Z0gl9vOrrk6I70dXcYwBCdo2fhLmB5B-_PrCl-qlMuMwxXiKFSNYberN4b1hUg3zIjYepsqpS9uRvBdCiB1qg4l3Ud-CxxybGYLNiYQa2ha6Pk285wDmqEC9Bwtw4mJdU8HgAnpZdMR9q2B1mlNXPJQDWdbNVvw9R9knYh0QxKkrWwposqcv2WiVS_NCGAw4FStXsx0dYEtkVb2Zc8SbsLuWNOasgCe1dbMc_RyiHNUcVBLYtpyeKu-lAZ-iBydjiSyTXMXOikp54FCR3c-sc4DPB4ok8Tz8yOdT4c4KNvC-Uf7l2auIMseyLXQmxYu_FmXXM_Ts8dqSAJPWpjS-vgj6i6Iw1cHhbugbtgNkhSaIKsEc_XF99xi6eBCACGCrF3N7me2ssc8xG-rPgP4CUNJFwbX4Ohfv_Hp0CWSz6joqqHZv10amfY-VxWyq82d6UvFfUBKKoWRyRqq1GbgP7tnUH0SbtlRZdJz0HAKuMGdrG1n13VrpQ8QKM6F4', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'ncAMt5VsqxULb_vO5fIu1vYKPwT8NC2_1gkxHIDXz74.HX2Rs6YvzDa6Kcy_FsoTxyylhWCB9-7JC6elFHBz2Tw', 'scope': 'openid'}
2.835 AccessTokenResponse {
"access_token": "ncAMt5VsqxULb_vO5fIu1vYKPwT8NC2_1gkxHIDXz74.HX2Rs6YvzDa6Kcy_FsoTxyylhWCB9-7JC6elFHBz2Tw",
"expires_in": 3599,
"id_token": {
"aud": [
"ffa257cc-7836-4f05-9d44-bb5540e3761a"
],
"auth_time": 1529750975,
"c_hash": "Ne7_Rq9Uvedc0RKREOqo7w",
"exp": 1529754759,
"iat": 1529751160,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "b8183055-8a59-4e45-8e4c-127957541a4a",
"nonce": "TgbKjihOnmvcocC5",
"rat": 1529751158,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.835 phase <--<-- 5 --- Done -->-->
2.835 end
2.836 assertion VerifyResponse
2.836 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.836 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-nonce-noncode.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000031266�13313423257�014766� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-nonce-noncode
Test description: Request with nonce, verifies it was returned in ID Token [Implicit, Hybrid]
Timestamp: 2018-06-23T10:53:35Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.083 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.085 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.085 phase <--<-- 2 --- Registration -->-->
0.085 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.085 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#vzPzLHB6z9sH2t9P"
],
"response_types": [
"code id_token"
]
}
0.284 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.285 RegistrationResponse {
"client_id": "5c4259c1-4c26-4419-888d-b5d77faa9366",
"client_secret": "cBBvKtL9yA7D",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "5c4259c1-4c26-4419-888d-b5d77faa9366",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#vzPzLHB6z9sH2t9P"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.285 phase <--<-- 3 --- AsyncAuthn -->-->
0.285 AuthorizationRequest {
"client_id": "5c4259c1-4c26-4419-888d-b5d77faa9366",
"nonce": "DmrkBKhNbhmv1Wip",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "xoCIUh5vSWiABf3m"
}
0.285 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=5c4259c1-4c26-4419-888d-b5d77faa9366&state=xoCIUh5vSWiABf3m&response_type=code+id_token&nonce=DmrkBKhNbhmv1Wip
0.285 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=5c4259c1-4c26-4419-888d-b5d77faa9366&state=xoCIUh5vSWiABf3m&response_type=code+id_token&nonce=DmrkBKhNbhmv1Wip
2.536 http args {}
2.706 response URL with fragment
2.707 response code=JiFti5AYMRG6l5Sx5J6qmKbyKK57F3w94n_eut4qZHM.MmOqyknmcw-lmZxZ_AIuZRRc3TxPOSvEKpxTNz956-g&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNWM0MjU5YzEtNGMyNi00NDE5LTg4OGQtYjVkNzdmYWE5MzY2Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiajJUOGtaSFdMNkpjSWhIN1BRUThpZyIsImV4cCI6MTUyOTc1NDgxNSwiaWF0IjoxNTI5NzUxMjE1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI4Yjg3ZjE3Zi01OWNlLTQ2MTctOWJkNC1lNTYwYTVlYWYwOGMiLCJub25jZSI6IkRtcmtCS2hOYmhtdjFXaXAiLCJyYXQiOjE1Mjk3NTEyMTMsInN1YiI6ImZvb0BiYXIuY29tIn0.Qh1XXmuykLpQ-1QOd7VPpegg_zFaNI1EZAUPgx_wJ36b-FgiOuaBvc0NtslHmb6rXA-b7mXESQuKB9o3Ic7-2ruE6y1WOxue-8NpuLrJBPBF9o0UsVZyit_3J0VTNPJBy_WSIQHXo119zhKqJBRBa8IrLkpQk6b7LnV9OnIkVBAHGyekltWBZ8cDH0cPqNsPjzwAi_Ct-GmQvl4eACnLVftM6mdWvxnTfr7jEv1SmpDO37c5SHRUCVfgr9hoO77GEj4aIgQASxZm7wJpG_yWN5XrGpJPHaxfe3KBjYTmuEMGkPKIjXPCbBePRw3jcnLOtM6EfohEnBnzDsF1PLiffppru4WaDpyfOrbIRpAOi6U58lI8J_oPWqGcbkakGTnh5sRiDwCvJIMWZ-1RXjVjQIVVCpBdjPQV115FSigbsiHbvowYbsvxdXWXpy5z_KN0ziZtSx67QiQcB3H88QArw92Hga2pC4pk_6x2ICC6RKgL-gQxqN2ieqzhjufE26DFuJyjUVwRFtbhq2o8XhPjofjXn0E0_7-mSHcySjMhQOFm122SVJ2F0VaaXzwc-Vpa-LmRSHHSAYdD-ns9aksB5RZnJWf_queO5HNw40f5VIHpC5yCHvtFZn7YkzM43qbH8L7cDwmrNC72GMbyYfgMCa3sGrkU7QFhGMdQZoznVe0&state=xoCIUh5vSWiABf3m
2.707 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNWM0MjU5YzEtNGMyNi00NDE5LTg4OGQtYjVkNzdmYWE5MzY2Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiajJUOGtaSFdMNkpjSWhIN1BRUThpZyIsImV4cCI6MTUyOTc1NDgxNSwiaWF0IjoxNTI5NzUxMjE1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI4Yjg3ZjE3Zi01OWNlLTQ2MTctOWJkNC1lNTYwYTVlYWYwOGMiLCJub25jZSI6IkRtcmtCS2hOYmhtdjFXaXAiLCJyYXQiOjE1Mjk3NTEyMTMsInN1YiI6ImZvb0BiYXIuY29tIn0.Qh1XXmuykLpQ-1QOd7VPpegg_zFaNI1EZAUPgx_wJ36b-FgiOuaBvc0NtslHmb6rXA-b7mXESQuKB9o3Ic7-2ruE6y1WOxue-8NpuLrJBPBF9o0UsVZyit_3J0VTNPJBy_WSIQHXo119zhKqJBRBa8IrLkpQk6b7LnV9OnIkVBAHGyekltWBZ8cDH0cPqNsPjzwAi_Ct-GmQvl4eACnLVftM6mdWvxnTfr7jEv1SmpDO37c5SHRUCVfgr9hoO77GEj4aIgQASxZm7wJpG_yWN5XrGpJPHaxfe3KBjYTmuEMGkPKIjXPCbBePRw3jcnLOtM6EfohEnBnzDsF1PLiffppru4WaDpyfOrbIRpAOi6U58lI8J_oPWqGcbkakGTnh5sRiDwCvJIMWZ-1RXjVjQIVVCpBdjPQV115FSigbsiHbvowYbsvxdXWXpy5z_KN0ziZtSx67QiQcB3H88QArw92Hga2pC4pk_6x2ICC6RKgL-gQxqN2ieqzhjufE26DFuJyjUVwRFtbhq2o8XhPjofjXn0E0_7-mSHcySjMhQOFm122SVJ2F0VaaXzwc-Vpa-LmRSHHSAYdD-ns9aksB5RZnJWf_queO5HNw40f5VIHpC5yCHvtFZn7YkzM43qbH8L7cDwmrNC72GMbyYfgMCa3sGrkU7QFhGMdQZoznVe0', 'state': 'xoCIUh5vSWiABf3m', 'code': 'JiFti5AYMRG6l5Sx5J6qmKbyKK57F3w94n_eut4qZHM.MmOqyknmcw-lmZxZ_AIuZRRc3TxPOSvEKpxTNz956-g'}
2.791 AuthorizationResponse {
"code": "JiFti5AYMRG6l5Sx5J6qmKbyKK57F3w94n_eut4qZHM.MmOqyknmcw-lmZxZ_AIuZRRc3TxPOSvEKpxTNz956-g",
"id_token": {
"aud": [
"5c4259c1-4c26-4419-888d-b5d77faa9366"
],
"auth_time": 1529750975,
"c_hash": "j2T8kZHWL6JcIhH7PQQ8ig",
"exp": 1529754815,
"iat": 1529751215,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "8b87f17f-59ce-4617-9bd4-e560a5eaf08c",
"nonce": "DmrkBKhNbhmv1Wip",
"rat": 1529751213,
"sub": "foo@bar.com"
},
"state": "xoCIUh5vSWiABf3m"
}
2.792 phase <--<-- 4 --- AccessToken -->-->
2.792 --> request op_args: {'state': 'xoCIUh5vSWiABf3m'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.792 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'xoCIUh5vSWiABf3m', 'code': 'JiFti5AYMRG6l5Sx5J6qmKbyKK57F3w94n_eut4qZHM.MmOqyknmcw-lmZxZ_AIuZRRc3TxPOSvEKpxTNz956-g', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '5c4259c1-4c26-4419-888d-b5d77faa9366'}, 'state': 'xoCIUh5vSWiABf3m'}
2.792 AccessTokenRequest {
"code": "JiFti5AYMRG6l5Sx5J6qmKbyKK57F3w94n_eut4qZHM.MmOqyknmcw-lmZxZ_AIuZRRc3TxPOSvEKpxTNz956-g",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "xoCIUh5vSWiABf3m"
}
2.792 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.792 request_http_args {'headers': {'Authorization': 'Basic NWM0MjU5YzEtNGMyNi00NDE5LTg4OGQtYjVkNzdmYWE5MzY2OmNCQnZLdEw5eUE3RA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.792 request code=JiFti5AYMRG6l5Sx5J6qmKbyKK57F3w94n_eut4qZHM.MmOqyknmcw-lmZxZ_AIuZRRc3TxPOSvEKpxTNz956-g&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=xoCIUh5vSWiABf3m
3.004 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.005 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNWM0MjU5YzEtNGMyNi00NDE5LTg4OGQtYjVkNzdmYWE5MzY2Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiajJUOGtaSFdMNkpjSWhIN1BRUThpZyIsImV4cCI6MTUyOTc1NDgxNSwiaWF0IjoxNTI5NzUxMjE1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIzMTVmMmI2MS02ZTQ1LTQ2YTUtOWZiNi00ZTM0MWUyNDI0MzIiLCJub25jZSI6IkRtcmtCS2hOYmhtdjFXaXAiLCJyYXQiOjE1Mjk3NTEyMTMsInN1YiI6ImZvb0BiYXIuY29tIn0.VYbF3VoPLAmco6q7X8a6_ooX9Xelf5PPks_Q11THHhpCxxyIxman5xJep28Ld72YL1060r-jIm55g_jOiFNXW3l7E2ZHL2H5sLK8LCHOajWY2vpNZitFDfGosfuUN-wV37pEATlvT4XA56nmHq-6nXFI2ml7dBsCPcL7RO7sBeU8pTsxRCh8ELgYE6osCA0qFeSF2PQqAehips3tQl5ne8pDA9Gu3I97_ZGLNoN2coI3GIHOqnULNKlNHzL76lOSGlCDtkdIh77cfL9CkJALUSiyOoxKg0-vfQeWn9dZTW_xYRRAQBAErvybGzArJam7L-qiozec2MSwkOf2sFVtkyd5PBcR9q-8YeHvyAooySmtX726hzWGqQ-4JpEc4bAbCTKwVGvA32TbBQGdSsp2l-CagpV43-_fLCvH3LOma27b_5P_SOxOoLKzkkWkXF1k2KT9qIsM4o4GI4OHPQ6HoghITxFD4pel-Aw6aFlyiC-a_9VGlLgJj4oAgn2wiSm5XAJT_rGmyZqz8m3o1WuNlrlYGwbSllmFVRlWIz2Fq8bmIxX5bHQA9vtOS3nSU33P3zUoxqKFSR4EyLm1xfWySAbouacwAXQ282L-YxQpN5hkONL4zPen9Qd_MZKWm8qldPdSCdXYQBZ8WeU5OmjRBXexBts9VHWKbnqLkkbtKqc', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'Op17Wlqgi8U-SmNzHr_8DBuTdk6poKacKhU1aRX3ix8.zSi_kqAQZvNQxfxF4UzDLcfHw6pBwC6UVHex6cUc83E', 'scope': 'openid'}
3.008 AccessTokenResponse {
"access_token": "Op17Wlqgi8U-SmNzHr_8DBuTdk6poKacKhU1aRX3ix8.zSi_kqAQZvNQxfxF4UzDLcfHw6pBwC6UVHex6cUc83E",
"expires_in": 3599,
"id_token": {
"aud": [
"5c4259c1-4c26-4419-888d-b5d77faa9366"
],
"auth_time": 1529750975,
"c_hash": "j2T8kZHWL6JcIhH7PQQ8ig",
"exp": 1529754815,
"iat": 1529751215,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "315f2b61-6e45-46a5-9fb6-4e341e242432",
"nonce": "DmrkBKhNbhmv1Wip",
"rat": 1529751213,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.008 phase <--<-- 5 --- Done -->-->
3.008 end
3.009 assertion VerifyResponse
3.009 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.009 assertion CheckIdTokenNonce
3.009 condition check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
3.009 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-jwks.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000045264�13313423112�015660� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-jwks
Test description: Uses keys registered with jwks value
Timestamp: 2018-06-23T10:51:54Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.111 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.112 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.112 phase <--<-- 2 --- Registration -->-->
0.113 register kwargs:{'application_name': 'OIC test tool', 'jwks': {'keys': [{'use': 'enc', 'kty': 'RSA', 'n': 'pKXuY5tuT9ibmEcq4B6VRx3MafdSsajrOndAk5FjJFedlA6qSpdqDUr9wWUkNeO8h_efdLfg43CHXk3mH6Fp1t2gbHzBQ4-SzT3_X5tsdG2PPqvngem7f5NHO6Kefhq11Zk5q4-FyTL9FUQQW6ZANbrU7GifSAs82Ck20ciIvFdv7cPCphk_THMVv14aW5w0eKEXumgx4Bc7HrQFXQUHSze3dVAKg8hKHDIQOGUU0fkolEFmOC4Gb-G57RpBJryZxXqgdUdEG66xl1f37tqpYgaLViFDWDiI8S7BMVHEbGHN4-f_MD9f6gMduaxrL6a6SfyIW1So2VqtvlAyanesTw', 'e': 'AQAB', 'kid': 'gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww'}, {'use': 'sig', 'kty': 'RSA', 'n': '1Z8lhYNb0tHZsVrzIQs-JetNCLIBWeOHXblcirxQgFLt6z4Rr-9vxPbEsrmRmZbPuuoL8nGehqOK11LAgqa1QfCR4TKxr2srlbTv4A4Gyf-suhO_KKt0JWv2q9olREZcoIE4FCwK0vuWTqD5q4qL_uqt_kHltzhdkJ4LySdCRCbxG1kcEcXoPNIhZERttqbZTIQviJxJ2HqC7CbwocmZMnbMAzP52bVX86vLxosmI-pqkG1RG8jMTZMhvc2GmYe6CfleW7bRxS0078sWDM_iACSQVOqLk5rcW_C-a61EYzNNN7BMw-VxFSDtoGgNgb6XGM6FTf9fkdJjIRL2VZAt0Q', 'e': 'AQAB', 'kid': 'wt25OgyR_nzG3OoQ7daa2rL6-gMnFdfRzBjhUVPu8RQ'}, {'x': 'aruz0ufjUGuEQwg2Q3ewyy5DnEIWWmIEO5stN8MfUTA', 'use': 'sig', 'kty': 'EC', 'y': 'dZnZMUOQAvzOD6q1f11PEho4-aX7nWdmive8zdxUbrA', 'crv': 'P-256', 'kid': 'AZXCzT401BtqezIxAdHOEez1ApQUu3O5hjcfRFKxXtQ'}, {'x': 'AeI9gyN_hcFae8vO2HgaH7Fh-MVX1YXJdWg-T16g1kM', 'use': 'enc', 'kty': 'EC', 'y': '5ASt8rCvPWTKMAh6wvR8_-OEbl_9TTkkgAd7LXW8H48', 'crv': 'P-256', 'kid': 'CrXNdVSdrZ-lOToSPso6OlcZnP-Et4U9CzOIZOZPvLw'}]}, 'token_endpoint_auth_method': 'private_key_jwt', 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'grant_types': ['authorization_code', 'implicit'], 'response_types': ['code id_token'], 'url': 'https://oidc-certification.ory.sh:8443/clients', 'application_type': 'web'}
0.114 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks": {
"keys": [
{
"e": "AQAB",
"kid": "gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww",
"kty": "RSA",
"n": "pKXuY5tuT9ibmEcq4B6VRx3MafdSsajrOndAk5FjJFedlA6qSpdqDUr9wWUkNeO8h_efdLfg43CHXk3mH6Fp1t2gbHzBQ4-SzT3_X5tsdG2PPqvngem7f5NHO6Kefhq11Zk5q4-FyTL9FUQQW6ZANbrU7GifSAs82Ck20ciIvFdv7cPCphk_THMVv14aW5w0eKEXumgx4Bc7HrQFXQUHSze3dVAKg8hKHDIQOGUU0fkolEFmOC4Gb-G57RpBJryZxXqgdUdEG66xl1f37tqpYgaLViFDWDiI8S7BMVHEbGHN4-f_MD9f6gMduaxrL6a6SfyIW1So2VqtvlAyanesTw",
"use": "enc"
},
{
"e": "AQAB",
"kid": "wt25OgyR_nzG3OoQ7daa2rL6-gMnFdfRzBjhUVPu8RQ",
"kty": "RSA",
"n": "1Z8lhYNb0tHZsVrzIQs-JetNCLIBWeOHXblcirxQgFLt6z4Rr-9vxPbEsrmRmZbPuuoL8nGehqOK11LAgqa1QfCR4TKxr2srlbTv4A4Gyf-suhO_KKt0JWv2q9olREZcoIE4FCwK0vuWTqD5q4qL_uqt_kHltzhdkJ4LySdCRCbxG1kcEcXoPNIhZERttqbZTIQviJxJ2HqC7CbwocmZMnbMAzP52bVX86vLxosmI-pqkG1RG8jMTZMhvc2GmYe6CfleW7bRxS0078sWDM_iACSQVOqLk5rcW_C-a61EYzNNN7BMw-VxFSDtoGgNgb6XGM6FTf9fkdJjIRL2VZAt0Q",
"use": "sig"
},
{
"crv": "P-256",
"kid": "AZXCzT401BtqezIxAdHOEez1ApQUu3O5hjcfRFKxXtQ",
"kty": "EC",
"use": "sig",
"x": "aruz0ufjUGuEQwg2Q3ewyy5DnEIWWmIEO5stN8MfUTA",
"y": "dZnZMUOQAvzOD6q1f11PEho4-aX7nWdmive8zdxUbrA"
},
{
"crv": "P-256",
"kid": "CrXNdVSdrZ-lOToSPso6OlcZnP-Et4U9CzOIZOZPvLw",
"kty": "EC",
"use": "enc",
"x": "AeI9gyN_hcFae8vO2HgaH7Fh-MVX1YXJdWg-T16g1kM",
"y": "5ASt8rCvPWTKMAh6wvR8_-OEbl_9TTkkgAd7LXW8H48"
}
]
},
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Tzh286Wml5K27qZH"
],
"response_types": [
"code id_token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
0.307 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.308 RegistrationResponse {
"client_id": "7dee9676-da0d-4809-9064-eb419417ed42",
"client_secret": "45YFASTQezfu",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "7dee9676-da0d-4809-9064-eb419417ed42",
"jwks": {
"keys": [
{
"e": "AQAB",
"kid": "gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww",
"kty": "RSA",
"n": "pKXuY5tuT9ibmEcq4B6VRx3MafdSsajrOndAk5FjJFedlA6qSpdqDUr9wWUkNeO8h_efdLfg43CHXk3mH6Fp1t2gbHzBQ4-SzT3_X5tsdG2PPqvngem7f5NHO6Kefhq11Zk5q4-FyTL9FUQQW6ZANbrU7GifSAs82Ck20ciIvFdv7cPCphk_THMVv14aW5w0eKEXumgx4Bc7HrQFXQUHSze3dVAKg8hKHDIQOGUU0fkolEFmOC4Gb-G57RpBJryZxXqgdUdEG66xl1f37tqpYgaLViFDWDiI8S7BMVHEbGHN4-f_MD9f6gMduaxrL6a6SfyIW1So2VqtvlAyanesTw",
"use": "enc"
},
{
"e": "AQAB",
"kid": "wt25OgyR_nzG3OoQ7daa2rL6-gMnFdfRzBjhUVPu8RQ",
"kty": "RSA",
"n": "1Z8lhYNb0tHZsVrzIQs-JetNCLIBWeOHXblcirxQgFLt6z4Rr-9vxPbEsrmRmZbPuuoL8nGehqOK11LAgqa1QfCR4TKxr2srlbTv4A4Gyf-suhO_KKt0JWv2q9olREZcoIE4FCwK0vuWTqD5q4qL_uqt_kHltzhdkJ4LySdCRCbxG1kcEcXoPNIhZERttqbZTIQviJxJ2HqC7CbwocmZMnbMAzP52bVX86vLxosmI-pqkG1RG8jMTZMhvc2GmYe6CfleW7bRxS0078sWDM_iACSQVOqLk5rcW_C-a61EYzNNN7BMw-VxFSDtoGgNgb6XGM6FTf9fkdJjIRL2VZAt0Q",
"use": "sig"
},
{
"crv": "P-256",
"kid": "AZXCzT401BtqezIxAdHOEez1ApQUu3O5hjcfRFKxXtQ",
"kty": "EC",
"use": "sig",
"x": "aruz0ufjUGuEQwg2Q3ewyy5DnEIWWmIEO5stN8MfUTA",
"y": "dZnZMUOQAvzOD6q1f11PEho4-aX7nWdmive8zdxUbrA"
},
{
"crv": "P-256",
"kid": "CrXNdVSdrZ-lOToSPso6OlcZnP-Et4U9CzOIZOZPvLw",
"kty": "EC",
"use": "enc",
"x": "AeI9gyN_hcFae8vO2HgaH7Fh-MVX1YXJdWg-T16g1kM",
"y": "5ASt8rCvPWTKMAh6wvR8_-OEbl_9TTkkgAd7LXW8H48"
}
]
},
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Tzh286Wml5K27qZH"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "private_key_jwt",
"userinfo_signed_response_alg": "none"
}
0.308 phase <--<-- 3 --- AsyncAuthn -->-->
0.308 AuthorizationRequest {
"client_id": "7dee9676-da0d-4809-9064-eb419417ed42",
"nonce": "wImxpPwpNL4O4Jwg",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "iG2I1RwoIvp4IyqP"
}
0.308 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=7dee9676-da0d-4809-9064-eb419417ed42&state=iG2I1RwoIvp4IyqP&response_type=code+id_token&nonce=wImxpPwpNL4O4Jwg
0.308 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=7dee9676-da0d-4809-9064-eb419417ed42&state=iG2I1RwoIvp4IyqP&response_type=code+id_token&nonce=wImxpPwpNL4O4Jwg
2.716 http args {}
2.949 response URL with fragment
2.949 response code=o6H3qrdlC4nsw3HQUiG_oG2u-zhhrl57kSlx-0cUJCw.Zn4NlFwPWHd28eWgzYm9AOiqvJ710IkILd9bFUxWzck&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiN2RlZTk2NzYtZGEwZC00ODA5LTkwNjQtZWI0MTk0MTdlZDQyIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiM2pyT1RKeTh1OE1YRjJ6eFFLWkN4QSIsImV4cCI6MTUyOTc1NDcxMywiaWF0IjoxNTI5NzUxMTEzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI5YzFhM2FiZS01MmFhLTQxOTUtOGY5OS04NTVjOGJjMTE0ZjMiLCJub25jZSI6IndJbXhwUHdwTkw0TzRKd2ciLCJyYXQiOjE1Mjk3NTExMTEsInN1YiI6ImZvb0BiYXIuY29tIn0.Qt1poXWgklvggyQmE-Tqmpsu2dpAh0iqGXfDasTb_2YEdumklrF4RbdZ8EaG7c2hwnr_j63-qIdmC_R9DJxbw5gVUtH7lcOQiFIdZkEvA1_n1DIq7Mqr6SNLh89q_MwcLdGh5Jbfyh9fe7ukZpq8ANRkS3DJzWcnbBfEz5Wu_M2OJ8Quj1J60emDfDzOQh9yMab6xJ_S-tC8LKafVhzwmTc5MpMlkhTCZeTnO8fQwteP-4r7wN7KRAPOVOM0EZNRrmHqvD-vg91lL-XDf0tgr4Hu-Ja7QcJxs-I6-FE2vggGh7YNoKOxmZrxSOIIJekLcgaSo2teDo7Q7FQ8ZISWzHVlKWZzYQekDn1riya6JQ374F_ZIWsCmEXH5g5ghbfXcH_k3mo-wlSK04VcwaV85CMbFpSWFxsJNSK4DluZXJF4D5CFCPhJMsIUDaoih4S8ubSBIQhKQtGtJjuH6-3qnv9qU4Th1lOSYJAqmPoc9PqUuxXPMza3Vt-d1pPc5BvBYw-rZNibPBEoSmJJqGxUjLzLYLKocqdGCCIFtNL1lLFURCg0FNKa_v8WPYGucgWTZ_XBeaROKcghPbyNNaohsYBCnORrydRId1TQWEbaYIQyzc6A6SSycPSmxYdJ59cqdHFzJK-i0PqRdkC5risrh_yv_P0frUeqQQLQg_r5px0&state=iG2I1RwoIvp4IyqP
2.95 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiN2RlZTk2NzYtZGEwZC00ODA5LTkwNjQtZWI0MTk0MTdlZDQyIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiM2pyT1RKeTh1OE1YRjJ6eFFLWkN4QSIsImV4cCI6MTUyOTc1NDcxMywiaWF0IjoxNTI5NzUxMTEzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI5YzFhM2FiZS01MmFhLTQxOTUtOGY5OS04NTVjOGJjMTE0ZjMiLCJub25jZSI6IndJbXhwUHdwTkw0TzRKd2ciLCJyYXQiOjE1Mjk3NTExMTEsInN1YiI6ImZvb0BiYXIuY29tIn0.Qt1poXWgklvggyQmE-Tqmpsu2dpAh0iqGXfDasTb_2YEdumklrF4RbdZ8EaG7c2hwnr_j63-qIdmC_R9DJxbw5gVUtH7lcOQiFIdZkEvA1_n1DIq7Mqr6SNLh89q_MwcLdGh5Jbfyh9fe7ukZpq8ANRkS3DJzWcnbBfEz5Wu_M2OJ8Quj1J60emDfDzOQh9yMab6xJ_S-tC8LKafVhzwmTc5MpMlkhTCZeTnO8fQwteP-4r7wN7KRAPOVOM0EZNRrmHqvD-vg91lL-XDf0tgr4Hu-Ja7QcJxs-I6-FE2vggGh7YNoKOxmZrxSOIIJekLcgaSo2teDo7Q7FQ8ZISWzHVlKWZzYQekDn1riya6JQ374F_ZIWsCmEXH5g5ghbfXcH_k3mo-wlSK04VcwaV85CMbFpSWFxsJNSK4DluZXJF4D5CFCPhJMsIUDaoih4S8ubSBIQhKQtGtJjuH6-3qnv9qU4Th1lOSYJAqmPoc9PqUuxXPMza3Vt-d1pPc5BvBYw-rZNibPBEoSmJJqGxUjLzLYLKocqdGCCIFtNL1lLFURCg0FNKa_v8WPYGucgWTZ_XBeaROKcghPbyNNaohsYBCnORrydRId1TQWEbaYIQyzc6A6SSycPSmxYdJ59cqdHFzJK-i0PqRdkC5risrh_yv_P0frUeqQQLQg_r5px0', 'state': 'iG2I1RwoIvp4IyqP', 'code': 'o6H3qrdlC4nsw3HQUiG_oG2u-zhhrl57kSlx-0cUJCw.Zn4NlFwPWHd28eWgzYm9AOiqvJ710IkILd9bFUxWzck'}
3.036 AuthorizationResponse {
"code": "o6H3qrdlC4nsw3HQUiG_oG2u-zhhrl57kSlx-0cUJCw.Zn4NlFwPWHd28eWgzYm9AOiqvJ710IkILd9bFUxWzck",
"id_token": {
"aud": [
"7dee9676-da0d-4809-9064-eb419417ed42"
],
"auth_time": 1529750975,
"c_hash": "3jrOTJy8u8MXF2zxQKZCxA",
"exp": 1529754713,
"iat": 1529751113,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "9c1a3abe-52aa-4195-8f99-855c8bc114f3",
"nonce": "wImxpPwpNL4O4Jwg",
"rat": 1529751111,
"sub": "foo@bar.com"
},
"state": "iG2I1RwoIvp4IyqP"
}
3.036 phase <--<-- 4 --- AccessToken -->-->
3.036 --> request op_args: {'state': 'iG2I1RwoIvp4IyqP', 'authn_method': 'private_key_jwt'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.036 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'iG2I1RwoIvp4IyqP', 'code': 'o6H3qrdlC4nsw3HQUiG_oG2u-zhhrl57kSlx-0cUJCw.Zn4NlFwPWHd28eWgzYm9AOiqvJ710IkILd9bFUxWzck', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '7dee9676-da0d-4809-9064-eb419417ed42'}, 'state': 'iG2I1RwoIvp4IyqP', 'authn_method': 'private_key_jwt'}
3.036 AccessTokenRequest {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiN2RlZTk2NzYtZGEwZC00ODA5LTkwNjQtZWI0MTk0MTdlZDQyIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiN2RlZTk2NzYtZGEwZC00ODA5LTkwNjQtZWI0MTk0MTdlZDQyIiwgImlhdCI6IDE1Mjk3NTExMTQsICJqdGkiOiAiQzlCVTNtZGw2OFJUem12ZGRJUzlBQmIxR2wwdnBFWGkiLCAiZXhwIjogMTUyOTc1MTcxNH0.CM71wCmqp9i3fIb5dqBNj9PyyVVoWRCBTvkg8O8bpn1IVTBbDU3MTFG7vlZHh8zylobLyWWYt7f4DDSQM3Gc7kcwauq4QuEc_g-VwIKJIKzX00Yo_nldxJK44wI4Tj7PcL_cNsvGUh4vh4WTYKCLMS2q6unDdoh_Y8FrSvUdxgYD3KbTsKiuLENmf0x2owvIGPsv3uFB07C09Qvx_UY1S-62Q_1kwR4-FMRS5R6PU7o7YgWBOxT36QUbsn60KLjYPM4zSiIXI6n6JSId-0GygbS9i1AB1sN9VKrsYjbb8uP2rvaC1pVgvVPXW-_BBQD-xaLNcBam1wOSyfBa9rhmOg",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "o6H3qrdlC4nsw3HQUiG_oG2u-zhhrl57kSlx-0cUJCw.Zn4NlFwPWHd28eWgzYm9AOiqvJ710IkILd9bFUxWzck",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "iG2I1RwoIvp4IyqP"
}
3.039 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.039 request_http_args {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
3.039 request code=o6H3qrdlC4nsw3HQUiG_oG2u-zhhrl57kSlx-0cUJCw.Zn4NlFwPWHd28eWgzYm9AOiqvJ710IkILd9bFUxWzck&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=iG2I1RwoIvp4IyqP&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiN2RlZTk2NzYtZGEwZC00ODA5LTkwNjQtZWI0MTk0MTdlZDQyIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiN2RlZTk2NzYtZGEwZC00ODA5LTkwNjQtZWI0MTk0MTdlZDQyIiwgImlhdCI6IDE1Mjk3NTExMTQsICJqdGkiOiAiQzlCVTNtZGw2OFJUem12ZGRJUzlBQmIxR2wwdnBFWGkiLCAiZXhwIjogMTUyOTc1MTcxNH0.CM71wCmqp9i3fIb5dqBNj9PyyVVoWRCBTvkg8O8bpn1IVTBbDU3MTFG7vlZHh8zylobLyWWYt7f4DDSQM3Gc7kcwauq4QuEc_g-VwIKJIKzX00Yo_nldxJK44wI4Tj7PcL_cNsvGUh4vh4WTYKCLMS2q6unDdoh_Y8FrSvUdxgYD3KbTsKiuLENmf0x2owvIGPsv3uFB07C09Qvx_UY1S-62Q_1kwR4-FMRS5R6PU7o7YgWBOxT36QUbsn60KLjYPM4zSiIXI6n6JSId-0GygbS9i1AB1sN9VKrsYjbb8uP2rvaC1pVgvVPXW-_BBQD-xaLNcBam1wOSyfBa9rhmOg
3.21 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.211 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiN2RlZTk2NzYtZGEwZC00ODA5LTkwNjQtZWI0MTk0MTdlZDQyIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiM2pyT1RKeTh1OE1YRjJ6eFFLWkN4QSIsImV4cCI6MTUyOTc1NDcxMywiaWF0IjoxNTI5NzUxMTE0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0YjFkOTRjMC01ZmFlLTRlY2EtOGIwYS03OTUyY2U1MTE5MDEiLCJub25jZSI6IndJbXhwUHdwTkw0TzRKd2ciLCJyYXQiOjE1Mjk3NTExMTEsInN1YiI6ImZvb0BiYXIuY29tIn0.ju-bVJjC-QTqTFCObVWO1JYedANDGgs-oN_nRQXPIzakHGQWhtNIv03s6ttOeenyR9BYYa8CjNd7Eq7VCGSSaU2-U771Ci9p-RyGu8QYOxbEsqkXgeC3gWVMScrw8kbShY_THmbVRbWGLsBtTeUlj9TSDwdD9ABsCR5Di51wvCm0yZTa4xOHFtexwPA0Wtg1GiGhg0AOYA8c7SewdEKlvQ-r4v2_zB1fR-Ef2L2HwDGPJd0HffaWQ-xiBTWHTTaGvn-CI5JTbEbTQftHsLnusNX-QoHMp3v6zPD1ebKQnStmK2YcB4ELCpTLbPBjcqsDkG_iW9nNqaYbbk8LxobJf47TDm6lCsO9CYELK-bh8LgOhOsyAfiTgcZbBotTm8b8_WnldcYek3QQRU2F-KofROce9rex36DwQrZS_5YrkSGC3iQBudy0TUYG3W8CHpyvCSPSEPfflnBy9sROJvMSkpQQ0uVtl9jtnW5gwbjYvDSr8PxPivmdjjGF_rM_pg_P6lx3KWG5VDci-l7V8VzJgXHy8oITXKwvyBkmbLsnVkqnqlGYVWZHGHCjBNRE62TrnG7ZFy-znXC0_qc1FFkjhsjDSg15I4JmczgZ45WC4ONMjmWbgLBrMMmuhQyJ17wW5TQXr1qxRZeQeghFMgOo9fLJ3BX-270zUyUAN6blba4', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'g0TWISgJtWGuUD2BHhqFywSzfnH82uw3xrVzbOPA384.YlK0CO23-p72i90TgsOYV5Wz_igqflQmoz6lLvHGueo', 'scope': 'openid'}
3.215 AccessTokenResponse {
"access_token": "g0TWISgJtWGuUD2BHhqFywSzfnH82uw3xrVzbOPA384.YlK0CO23-p72i90TgsOYV5Wz_igqflQmoz6lLvHGueo",
"expires_in": 3599,
"id_token": {
"aud": [
"7dee9676-da0d-4809-9064-eb419417ed42"
],
"auth_time": 1529750975,
"c_hash": "3jrOTJy8u8MXF2zxQKZCxA",
"exp": 1529754713,
"iat": 1529751114,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "4b1d94c0-5fae-4eca-8b0a-7952ce511901",
"nonce": "wImxpPwpNL4O4Jwg",
"rat": 1529751111,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.215 phase <--<-- 5 --- Done -->-->
3.215 end
3.216 assertion VerifyResponse
3.216 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.216 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Rotation-OP-Sig.txt����������������������������������������������������������������������������0000644�0000000�0000000�00000011571�13313423726�015072� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Rotation-OP-Sig
Test description: Can rotate OP signing keys
Timestamp: 2018-06-23T10:58:30Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.072 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- FetchKeys -->-->
0.184 phase <--<-- 3 --- Note -->-->
13.383 phase <--<-- 4 --- Webfinger -->-->
13.383 not expected to do WebFinger
13.383 phase <--<-- 5 --- Discovery -->-->
13.383 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
13.46 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
13.461 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
13.461 phase <--<-- 6 --- FetchKeys -->-->
13.531 phase <--<-- 7 --- Done -->-->
13.531 end
13.531 assertion CheckHTTPResponse
13.531 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
13.532 assertion NewSigningKeys
13.532 condition new-signing-keys: status=OK [Verifies that two set of signing keys are not the same]
13.532 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
new-signing-keys: status=OK [Verifies that two set of signing keys are not the same]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-jwks_uri.txt����������������������������������������������������������������������0000644�0000000�0000000�00000034153�13313423116�016536� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-jwks_uri
Test description: Uses keys registered with jwks_uri value
Timestamp: 2018-06-23T10:51:58Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.079 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.08 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.08 phase <--<-- 2 --- Registration -->-->
0.08 register kwargs:{'application_name': 'OIC test tool', 'token_endpoint_auth_method': 'private_key_jwt', 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'response_types': ['code id_token'], 'url': 'https://oidc-certification.ory.sh:8443/clients', 'application_type': 'web'}
0.08 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#RALD2uCkwAnUzS21"
],
"response_types": [
"code id_token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
0.243 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.244 RegistrationResponse {
"client_id": "f0de2a5a-07eb-4178-87a2-bebb6c681090",
"client_secret": "pb~0RA8Yn96Y",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "f0de2a5a-07eb-4178-87a2-bebb6c681090",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#RALD2uCkwAnUzS21"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "private_key_jwt",
"userinfo_signed_response_alg": "none"
}
0.244 phase <--<-- 3 --- AsyncAuthn -->-->
0.244 AuthorizationRequest {
"client_id": "f0de2a5a-07eb-4178-87a2-bebb6c681090",
"nonce": "22mlu2OayiH4AoIC",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "bTMKwC5XpJ72r5kB"
}
0.245 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=f0de2a5a-07eb-4178-87a2-bebb6c681090&state=bTMKwC5XpJ72r5kB&response_type=code+id_token&nonce=22mlu2OayiH4AoIC
0.245 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=f0de2a5a-07eb-4178-87a2-bebb6c681090&state=bTMKwC5XpJ72r5kB&response_type=code+id_token&nonce=22mlu2OayiH4AoIC
2.63 http args {}
2.833 response URL with fragment
2.833 response code=Qk9LwkbMzDE29WqCQ9yjVQ8nEfkzM4EhuPD4w1u5Qg8.x6YBH5lxPi3wGnScs5gDdiwfAsrXrbvWI-kLroiu3Gw&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZjBkZTJhNWEtMDdlYi00MTc4LTg3YTItYmViYjZjNjgxMDkwIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoidTNGbkdsejJGZ0pDbWxBT25uOXhaQSIsImV4cCI6MTUyOTc1NDcxOCwiaWF0IjoxNTI5NzUxMTE4LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhYjNiMTNkMS02YmY3LTQ0ODAtODQyNC0yNGUyYWJjMWVlNGMiLCJub25jZSI6IjIybWx1Mk9heWlINEFvSUMiLCJyYXQiOjE1Mjk3NTExMTYsInN1YiI6ImZvb0BiYXIuY29tIn0.sqpIUzyx0QlGWJQyDOMwmYkZsCQkextidpfggJygUejHXnPdzGbjt49ET0pHNzYd6DX534A9X6cYsCu_RjZD-BFE8I-xrpsxr6jRMjtoPhT1wEysp3eF9OZP1tE6A1CJBpdvDJheU_1SS509kDwVziibVu6Rgbvo6c_t4VJWQ1IPwZ7dv1vsHilrRaXHJ7ZGZ_STR7LYcdD8Q7T5YiNnw_W1VK34xNrlKexKKyw3m_J1wn-9mfnrSbPQqIuk4dkDLXo8iI1Kai00TFZP9YfXHa55JnHxJ4S7YcXdigK6Hsz3j2PBrH-FWRc7qUqS8nolwOgG0MWdfwtpObrP_Kkg2EKTCCdy6X4kU6MopSqsQ6OS9t7N9hsMDvII1PgHCpODKxdrN_gS_dbrcU5to33r5CS3jX82TPT4ciDg8qvykqTVxJVmw5vXZ07joFUxtyrMwR6OBN8AkxVWxbQgOEuFq6fZRmIoB8pAq3aWYB8bjyYEwc-oJnqTX3QcGphXwnv57nNSpS4qf01x6M5RGw_81PsPs5TZhN07xHor0isW8j_QgFgifG6pcH-xricD3eGQI0U-pRYIYdGRJTc0Tud5JukqLDOhmykTN7Mrh9nf3wIxhtJQjJIoujMxnbnaBi13g8plaN8J6K4kYal9JF7jluRFo8rlLPAQ2KfSC1aQ5_s&state=bTMKwC5XpJ72r5kB
2.833 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZjBkZTJhNWEtMDdlYi00MTc4LTg3YTItYmViYjZjNjgxMDkwIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoidTNGbkdsejJGZ0pDbWxBT25uOXhaQSIsImV4cCI6MTUyOTc1NDcxOCwiaWF0IjoxNTI5NzUxMTE4LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhYjNiMTNkMS02YmY3LTQ0ODAtODQyNC0yNGUyYWJjMWVlNGMiLCJub25jZSI6IjIybWx1Mk9heWlINEFvSUMiLCJyYXQiOjE1Mjk3NTExMTYsInN1YiI6ImZvb0BiYXIuY29tIn0.sqpIUzyx0QlGWJQyDOMwmYkZsCQkextidpfggJygUejHXnPdzGbjt49ET0pHNzYd6DX534A9X6cYsCu_RjZD-BFE8I-xrpsxr6jRMjtoPhT1wEysp3eF9OZP1tE6A1CJBpdvDJheU_1SS509kDwVziibVu6Rgbvo6c_t4VJWQ1IPwZ7dv1vsHilrRaXHJ7ZGZ_STR7LYcdD8Q7T5YiNnw_W1VK34xNrlKexKKyw3m_J1wn-9mfnrSbPQqIuk4dkDLXo8iI1Kai00TFZP9YfXHa55JnHxJ4S7YcXdigK6Hsz3j2PBrH-FWRc7qUqS8nolwOgG0MWdfwtpObrP_Kkg2EKTCCdy6X4kU6MopSqsQ6OS9t7N9hsMDvII1PgHCpODKxdrN_gS_dbrcU5to33r5CS3jX82TPT4ciDg8qvykqTVxJVmw5vXZ07joFUxtyrMwR6OBN8AkxVWxbQgOEuFq6fZRmIoB8pAq3aWYB8bjyYEwc-oJnqTX3QcGphXwnv57nNSpS4qf01x6M5RGw_81PsPs5TZhN07xHor0isW8j_QgFgifG6pcH-xricD3eGQI0U-pRYIYdGRJTc0Tud5JukqLDOhmykTN7Mrh9nf3wIxhtJQjJIoujMxnbnaBi13g8plaN8J6K4kYal9JF7jluRFo8rlLPAQ2KfSC1aQ5_s', 'state': 'bTMKwC5XpJ72r5kB', 'code': 'Qk9LwkbMzDE29WqCQ9yjVQ8nEfkzM4EhuPD4w1u5Qg8.x6YBH5lxPi3wGnScs5gDdiwfAsrXrbvWI-kLroiu3Gw'}
2.918 AuthorizationResponse {
"code": "Qk9LwkbMzDE29WqCQ9yjVQ8nEfkzM4EhuPD4w1u5Qg8.x6YBH5lxPi3wGnScs5gDdiwfAsrXrbvWI-kLroiu3Gw",
"id_token": {
"aud": [
"f0de2a5a-07eb-4178-87a2-bebb6c681090"
],
"auth_time": 1529750975,
"c_hash": "u3FnGlz2FgJCmlAOnn9xZA",
"exp": 1529754718,
"iat": 1529751118,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "ab3b13d1-6bf7-4480-8424-24e2abc1ee4c",
"nonce": "22mlu2OayiH4AoIC",
"rat": 1529751116,
"sub": "foo@bar.com"
},
"state": "bTMKwC5XpJ72r5kB"
}
2.918 phase <--<-- 4 --- AccessToken -->-->
2.918 --> request op_args: {'state': 'bTMKwC5XpJ72r5kB', 'authn_method': 'private_key_jwt'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.918 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'bTMKwC5XpJ72r5kB', 'code': 'Qk9LwkbMzDE29WqCQ9yjVQ8nEfkzM4EhuPD4w1u5Qg8.x6YBH5lxPi3wGnScs5gDdiwfAsrXrbvWI-kLroiu3Gw', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'f0de2a5a-07eb-4178-87a2-bebb6c681090'}, 'state': 'bTMKwC5XpJ72r5kB', 'authn_method': 'private_key_jwt'}
2.918 AccessTokenRequest {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiZjBkZTJhNWEtMDdlYi00MTc4LTg3YTItYmViYjZjNjgxMDkwIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiZjBkZTJhNWEtMDdlYi00MTc4LTg3YTItYmViYjZjNjgxMDkwIiwgImlhdCI6IDE1Mjk3NTExMTgsICJqdGkiOiAiVGp6TmxrOGtBNEV6NmRnam52Q0hmZTc2TlZ3WkFpRnAiLCAiZXhwIjogMTUyOTc1MTcxOH0.FHCFx8f2zI913XM-q20w_xNsb0Mwct4ya5xnVEtM-DjATD6wAIDjJ01J1iVbyuH2L01wzUMFLbmFmzeKOFc65yWGhclwt0bQ3HdfUxcUjElCK0KhkTm2x3z_KBzrM4D3p6vOKOsQoAJLjItd7qfCriaobtZybjWI8q7hv2njpgFeZO78iCFYlLeeE-XYN0-94hOAKhyq2v9zVd8K07itv4uia4250sr4zY5g7H1Wyqmo5pSpTIAS_GZAx4LYCxHJPfKiw0oifDFCR_AHyqJ48kM87zbN_GMJkyWGs3Lx0Xn_2euxvbUpvOrLx6Q2-4W6OhIhq9mT7UMlh9-4slruzw",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "Qk9LwkbMzDE29WqCQ9yjVQ8nEfkzM4EhuPD4w1u5Qg8.x6YBH5lxPi3wGnScs5gDdiwfAsrXrbvWI-kLroiu3Gw",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "bTMKwC5XpJ72r5kB"
}
2.921 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.921 request_http_args {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
2.921 request code=Qk9LwkbMzDE29WqCQ9yjVQ8nEfkzM4EhuPD4w1u5Qg8.x6YBH5lxPi3wGnScs5gDdiwfAsrXrbvWI-kLroiu3Gw&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=bTMKwC5XpJ72r5kB&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiZjBkZTJhNWEtMDdlYi00MTc4LTg3YTItYmViYjZjNjgxMDkwIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiZjBkZTJhNWEtMDdlYi00MTc4LTg3YTItYmViYjZjNjgxMDkwIiwgImlhdCI6IDE1Mjk3NTExMTgsICJqdGkiOiAiVGp6TmxrOGtBNEV6NmRnam52Q0hmZTc2TlZ3WkFpRnAiLCAiZXhwIjogMTUyOTc1MTcxOH0.FHCFx8f2zI913XM-q20w_xNsb0Mwct4ya5xnVEtM-DjATD6wAIDjJ01J1iVbyuH2L01wzUMFLbmFmzeKOFc65yWGhclwt0bQ3HdfUxcUjElCK0KhkTm2x3z_KBzrM4D3p6vOKOsQoAJLjItd7qfCriaobtZybjWI8q7hv2njpgFeZO78iCFYlLeeE-XYN0-94hOAKhyq2v9zVd8K07itv4uia4250sr4zY5g7H1Wyqmo5pSpTIAS_GZAx4LYCxHJPfKiw0oifDFCR_AHyqJ48kM87zbN_GMJkyWGs3Lx0Xn_2euxvbUpvOrLx6Q2-4W6OhIhq9mT7UMlh9-4slruzw
3.092 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.093 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZjBkZTJhNWEtMDdlYi00MTc4LTg3YTItYmViYjZjNjgxMDkwIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoidTNGbkdsejJGZ0pDbWxBT25uOXhaQSIsImV4cCI6MTUyOTc1NDcxOCwiaWF0IjoxNTI5NzUxMTE4LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIxMjAxZDU0NS1jNjQ2LTQxNmQtYWIxZi1iZWQ1M2VlMWE4NDgiLCJub25jZSI6IjIybWx1Mk9heWlINEFvSUMiLCJyYXQiOjE1Mjk3NTExMTYsInN1YiI6ImZvb0BiYXIuY29tIn0.IZb6SSllyPpbF078PDTRgU76WM7cTOtUGPhIIsWk3eA2qSMIlYvFD_wOz1SYup4FughexOftDGs3bJztych9wJgPQpQ37m04DviVd-HOB_PHZmDcEryms2h0BsHfWa0rHL7gbMHLrgNp9Mw_j37jsTMAP98-ty84EunAOe2jggyGYNgihbuwjbjrkS6nIRHLQ7vzowykOGtHeZAiFypokJW3VkUNZMKNLA0fqBJ2tXieJJr04zWNI9LwXDNQAPM7gvHZ-sYvCkZuPcm52Hfv52rmgZvmvfSdg1nyMMB-GHvC06Szs_UMzKh80nYiF8NaXxUIBs10ImhKfDxwePxfLhGwG1EcSe1Yd2pby_NKJlMCmeEr7DLxPBdjHsPKkwVwo5IW7MyM8XsoR1pUQcw8z213ZjhJIAWpAvMpAxI5aRU8xzqDErnc9h4RTbXdZqReENTofz3I-FjrYMKLqWPenBlP8b1sSj176AXvCAHpC8JPUuHKYdC3lgqJu-40W42n8Wt_uQcbr7ziRQEBdCW3LG52eWWDAEDwPUC170HA-UfMB2TvxhQvERjX0fAcikr6bqwmT5kPi9NszjIimbprNnwx8KSlVDuYHO9BBnn7UZygFyhHRAoR8i0RxovlU8Dyj1F9qwFLxErfkpSV6VCpOrZID_r18keCWcfXfjlQUv4', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'krdL-Cur0qjuGj8nuz8UF3L_CFqrU1GPrn3oWLv6OnA.GFpAmY13s0s29B3w8XCdaiBHWbILiq6NARp9Ywj1Vq4', 'scope': 'openid'}
3.097 AccessTokenResponse {
"access_token": "krdL-Cur0qjuGj8nuz8UF3L_CFqrU1GPrn3oWLv6OnA.GFpAmY13s0s29B3w8XCdaiBHWbILiq6NARp9Ywj1Vq4",
"expires_in": 3599,
"id_token": {
"aud": [
"f0de2a5a-07eb-4178-87a2-bebb6c681090"
],
"auth_time": 1529750975,
"c_hash": "u3FnGlz2FgJCmlAOnn9xZA",
"exp": 1529754718,
"iat": 1529751118,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "1201d545-c646-416d-ab1f-bed53ee1a848",
"nonce": "22mlu2OayiH4AoIC",
"rat": 1529751116,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.097 phase <--<-- 5 --- Done -->-->
3.097 end
3.097 assertion VerifyResponse
3.097 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.097 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Req-max_age=10000.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000051054�13313423602�015034� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-max_age=10000
Test description: Requesting ID Token with max_age=10000 seconds restriction
Timestamp: 2018-06-23T10:57:06Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.08 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.081 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.081 phase <--<-- 2 --- Registration -->-->
0.082 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.082 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#fLPTgjGfeGRPPN9Y"
],
"response_types": [
"code id_token"
]
}
0.273 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.274 RegistrationResponse {
"client_id": "9047c519-077a-43ed-b2b7-346421140d21",
"client_secret": "r.5hfyKN~JNx",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "9047c519-077a-43ed-b2b7-346421140d21",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#fLPTgjGfeGRPPN9Y"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.274 phase <--<-- 3 --- AsyncAuthn -->-->
0.275 AuthorizationRequest {
"client_id": "9047c519-077a-43ed-b2b7-346421140d21",
"nonce": "EBUJLlZChozSmtSt",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "YeMFiDuQJfrAFM74"
}
0.275 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=9047c519-077a-43ed-b2b7-346421140d21&state=YeMFiDuQJfrAFM74&response_type=code+id_token&nonce=EBUJLlZChozSmtSt
0.275 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=9047c519-077a-43ed-b2b7-346421140d21&state=YeMFiDuQJfrAFM74&response_type=code+id_token&nonce=EBUJLlZChozSmtSt
3.962 http args {}
4.18 response URL with fragment
4.18 response code=vIOqsxsJbos_ZtWg3ecMBo1LjF28AtyiEvxfAo89PGg.1imFn9VStnjuYjZKlAM5DrY7nLcTn-m0u_jYFNdMdl0&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOTA0N2M1MTktMDc3YS00M2VkLWIyYjctMzQ2NDIxMTQwZDIxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoic1ZkaTBfN1NBamV6N05pa0NYdDlEUSIsImV4cCI6MTUyOTc1NTAyMywiaWF0IjoxNTI5NzUxNDIzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0ZjNjODhkOS0xMzQ5LTRiNzQtYjg3OS1iNTA5MjNmMTcwMzUiLCJub25jZSI6IkVCVUpMbFpDaG96U210U3QiLCJyYXQiOjE1Mjk3NTE0MjAsInN1YiI6ImZvb0BiYXIuY29tIn0.d8QN53nAlQg2_W_55XjonrrQdVuf7ieE5WB9M9ByTB_ZbFbqhzrlbOjvMtqdTc5nPcr5J4koqi4hnNrKxIwUrYbWMkm4VCpDHVPIvRW7Psm0YrbG6MKMiKx6i8JrJXNgU4E93bE1UYvyPTidOpxHYY2nYQR5Uy1GBvibvZxoY1fTnJV8ZsTO7yFf-LCczorTZQKKNvcAve4i5gM5vTEpMJLBjYrYYFPNyx7wo54deFcLudXfyOV01-bq7hZOCHvIqJsVyDZ45rQMpCpuiKlGkPh0ykqRsszVb1_9w2AxHTO40WJpdvkJ6ePfUMwVtk36gZZoBr9k3rqQi1tVpoKQDgtqT3g67HrnhSUPUk_ssyHK_3e9s8pNKu6w30yLK4TRmqgu3YWB46077JsizEp8tDRhvMHAyhjysJv5GLQTMw4lnh8C9cy02tp_PgTpID0G_RjcT1sEaZ9TREHxpihiZmViLJr44NcO9y17VpKxXIBRQM88lIRs4uIhJsBb9eqqQXV0dfhZC9JjqqxdhJeAbCFazSiDcfnBhkK5LEBie6_YS29ieRKF_F4oqv2ORVZ-LW__mzTx345y_5OnlW6MvpKDEtEVjpmdq9EokYVKALjVR_sp4idk7AR4eullkuI-pkpoOXK_02ElrYGcMli4Pg47C7FX-LNSU0enk6xDChw&state=YeMFiDuQJfrAFM74
4.18 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOTA0N2M1MTktMDc3YS00M2VkLWIyYjctMzQ2NDIxMTQwZDIxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoic1ZkaTBfN1NBamV6N05pa0NYdDlEUSIsImV4cCI6MTUyOTc1NTAyMywiaWF0IjoxNTI5NzUxNDIzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0ZjNjODhkOS0xMzQ5LTRiNzQtYjg3OS1iNTA5MjNmMTcwMzUiLCJub25jZSI6IkVCVUpMbFpDaG96U210U3QiLCJyYXQiOjE1Mjk3NTE0MjAsInN1YiI6ImZvb0BiYXIuY29tIn0.d8QN53nAlQg2_W_55XjonrrQdVuf7ieE5WB9M9ByTB_ZbFbqhzrlbOjvMtqdTc5nPcr5J4koqi4hnNrKxIwUrYbWMkm4VCpDHVPIvRW7Psm0YrbG6MKMiKx6i8JrJXNgU4E93bE1UYvyPTidOpxHYY2nYQR5Uy1GBvibvZxoY1fTnJV8ZsTO7yFf-LCczorTZQKKNvcAve4i5gM5vTEpMJLBjYrYYFPNyx7wo54deFcLudXfyOV01-bq7hZOCHvIqJsVyDZ45rQMpCpuiKlGkPh0ykqRsszVb1_9w2AxHTO40WJpdvkJ6ePfUMwVtk36gZZoBr9k3rqQi1tVpoKQDgtqT3g67HrnhSUPUk_ssyHK_3e9s8pNKu6w30yLK4TRmqgu3YWB46077JsizEp8tDRhvMHAyhjysJv5GLQTMw4lnh8C9cy02tp_PgTpID0G_RjcT1sEaZ9TREHxpihiZmViLJr44NcO9y17VpKxXIBRQM88lIRs4uIhJsBb9eqqQXV0dfhZC9JjqqxdhJeAbCFazSiDcfnBhkK5LEBie6_YS29ieRKF_F4oqv2ORVZ-LW__mzTx345y_5OnlW6MvpKDEtEVjpmdq9EokYVKALjVR_sp4idk7AR4eullkuI-pkpoOXK_02ElrYGcMli4Pg47C7FX-LNSU0enk6xDChw', 'state': 'YeMFiDuQJfrAFM74', 'code': 'vIOqsxsJbos_ZtWg3ecMBo1LjF28AtyiEvxfAo89PGg.1imFn9VStnjuYjZKlAM5DrY7nLcTn-m0u_jYFNdMdl0'}
4.268 AuthorizationResponse {
"code": "vIOqsxsJbos_ZtWg3ecMBo1LjF28AtyiEvxfAo89PGg.1imFn9VStnjuYjZKlAM5DrY7nLcTn-m0u_jYFNdMdl0",
"id_token": {
"aud": [
"9047c519-077a-43ed-b2b7-346421140d21"
],
"auth_time": 1529751409,
"c_hash": "sVdi0_7SAjez7NikCXt9DQ",
"exp": 1529755023,
"iat": 1529751423,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "4f3c88d9-1349-4b74-b879-b50923f17035",
"nonce": "EBUJLlZChozSmtSt",
"rat": 1529751420,
"sub": "foo@bar.com"
},
"state": "YeMFiDuQJfrAFM74"
}
4.268 phase <--<-- 4 --- AccessToken -->-->
4.268 --> request op_args: {'state': 'YeMFiDuQJfrAFM74'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.268 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'YeMFiDuQJfrAFM74', 'code': 'vIOqsxsJbos_ZtWg3ecMBo1LjF28AtyiEvxfAo89PGg.1imFn9VStnjuYjZKlAM5DrY7nLcTn-m0u_jYFNdMdl0', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '9047c519-077a-43ed-b2b7-346421140d21'}, 'state': 'YeMFiDuQJfrAFM74'}
4.268 AccessTokenRequest {
"code": "vIOqsxsJbos_ZtWg3ecMBo1LjF28AtyiEvxfAo89PGg.1imFn9VStnjuYjZKlAM5DrY7nLcTn-m0u_jYFNdMdl0",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "YeMFiDuQJfrAFM74"
}
4.268 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.268 request_http_args {'headers': {'Authorization': 'Basic OTA0N2M1MTktMDc3YS00M2VkLWIyYjctMzQ2NDIxMTQwZDIxOnIuNWhmeUtOJTdFSk54', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.268 request code=vIOqsxsJbos_ZtWg3ecMBo1LjF28AtyiEvxfAo89PGg.1imFn9VStnjuYjZKlAM5DrY7nLcTn-m0u_jYFNdMdl0&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=YeMFiDuQJfrAFM74
4.515 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.516 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOTA0N2M1MTktMDc3YS00M2VkLWIyYjctMzQ2NDIxMTQwZDIxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoic1ZkaTBfN1NBamV6N05pa0NYdDlEUSIsImV4cCI6MTUyOTc1NTAyMywiaWF0IjoxNTI5NzUxNDI0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhYWE3YmVhZC1jMGQ0LTRkMDYtODc0ZS01YjdhNjZhYjE5MTciLCJub25jZSI6IkVCVUpMbFpDaG96U210U3QiLCJyYXQiOjE1Mjk3NTE0MjAsInN1YiI6ImZvb0BiYXIuY29tIn0.m3pO6Ii26hb5neyzvcsWaXZRJnwfEKYaRKSp3GNtaLHmnz6guWZzZtTI9pCLDf-mhL0Av7IVCePmlIlUBUJY1yZ0IoIO4Trwy0eOrOalLizhWcMVMfSLcScVM_RXdagAGOEvgd7HDdOS3XvheTw23q1pmxpFOSaWV5yxh7XEQDUoVubIJLVeLR0E4UqBkK9T-TAisjYOt_cf4gn0pSxdhIxYNmuQn4Zdff6jKAKcBJpjJBExAiseZNCH3WkOp4sfUrxgCeNwDMfXRFbytxl0nyFrggUYOmc9ju8GrVKfX1o-mdab3BHJQF0RvxbtUVJ3AD15TUN1gIAvru8fHr4uIOlBcogYz1NUg1N-Wx8vU-mvTvsgrTr8-8d1atup1Vnzdf9XOpsZkG5Yj9ORub5D0VxaYcC5pB_CuKcOkGqFksWnVstkVnJE97VJD-RdG4xgOj-pEr_KaA6T89fc5yxxztlPxqhCbGUA4P11kI58PCy-uDkvaoAoy2bGwZI74iLKqpaxqrKCDqXwMkxAbVAz9xTbawZ_-0wywg6-CPMACUOX66pKVL8mMSXA4lu79S_6h6oS0YMaJfT-sUmrg3GXtxOa1uxjVHgYy1R1kZJR572sd5L31K7mu4pfW7cnkxNvV9XDswBerBYCSzw60gNqRgxjqFhi9Jzf05mZqVXaBmU', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'k6pHKnJ4L4DlAoHOchKMhzfO1jZdoXwwTKFuQtSaFms.zfii50iIYYA1jH93HSNfqZ-32Drhlw_nZEvxRt01bJA', 'scope': 'openid'}
4.519 AccessTokenResponse {
"access_token": "k6pHKnJ4L4DlAoHOchKMhzfO1jZdoXwwTKFuQtSaFms.zfii50iIYYA1jH93HSNfqZ-32Drhlw_nZEvxRt01bJA",
"expires_in": 3599,
"id_token": {
"aud": [
"9047c519-077a-43ed-b2b7-346421140d21"
],
"auth_time": 1529751409,
"c_hash": "sVdi0_7SAjez7NikCXt9DQ",
"exp": 1529755023,
"iat": 1529751424,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "aaa7bead-c0d4-4d06-874e-5b7a66ab1917",
"nonce": "EBUJLlZChozSmtSt",
"rat": 1529751420,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
4.519 phase <--<-- 5 --- AsyncAuthn -->-->
4.52 AuthorizationRequest {
"client_id": "9047c519-077a-43ed-b2b7-346421140d21",
"max_age": 10000,
"nonce": "2yXMCdNFzevgdtQC",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "IIY8wBHQgGQcY0zR"
}
4.52 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?max_age=10000&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=9047c519-077a-43ed-b2b7-346421140d21&state=IIY8wBHQgGQcY0zR&response_type=code+id_token&nonce=2yXMCdNFzevgdtQC
4.52 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?max_age=10000&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=9047c519-077a-43ed-b2b7-346421140d21&state=IIY8wBHQgGQcY0zR&response_type=code+id_token&nonce=2yXMCdNFzevgdtQC
5.619 http args {}
5.829 response URL with fragment
5.83 response code=T4Kh2Ydt2R2wuOmLwVVoIUCViqRtztgSgVB5i5UArHQ.bv2301VTGyeQwiHXx04SfNFSX4qQR3mvNDstgSozkAs&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOTA0N2M1MTktMDc3YS00M2VkLWIyYjctMzQ2NDIxMTQwZDIxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiUVJSTjhHTHJhaDlvbDYzNnZISTZ4dyIsImV4cCI6MTUyOTc1NTAyNSwiaWF0IjoxNTI5NzUxNDI1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI3MjE2NWI2Zi04ZTU0LTRhMzAtOWQ1Mi1iMzY4ZGM2OTRmN2IiLCJub25jZSI6IjJ5WE1DZE5GemV2Z2R0UUMiLCJyYXQiOjE1Mjk3NTE0MjQsInN1YiI6ImZvb0BiYXIuY29tIn0.KhocAO7KkKQb2FxqLvNZvC4NyODsuQlMGTCbCDLqyBCuinz0v4QEdU3Wl4UMzl7hWSO8-YUAq9Hemalb_TyRcseLUnYGI9PDkkgkoQOsUPv9k470yO2eJjruA8ZBxiUtGqupz13WJVupezVYDmwc1-6ztPzqJ2r6Gke3Sa_EVFr12_HivBEaOLUm92OCCdhkiXmeosfjXIU0-AHY8_GbFXcTP7kPVDbgCJN4eCT9V2K6RwWaeiZQn4lefI9I1fC-DI-FSE_VBu-YNm6qsTHSC4ZOevSsm_A_1s0-aewsKSEqcJViUkaqDfG35TDhESPTZErb4jPXUfH5Y8yvZ2pLFB4RHhko3RmTpZIhl1MQBGdTH_COOe-Yo8EGlRoginyGbdTCHVKAazlHUAqqjffdIu4Pjy3IchNNhLHwXGYhRy6k_A8-Tdr-6XfWWbwPKgp0nSN10gTriDNo5BI-ExIHCuBOfD6G-I9TyhIgzrOB5zH6CZPOZ04kN8odgd1CLoRJ7rstiCV7lMchfTVFPEVnhnSR3Xr2g_2Ar_XxoynfOtVExxmGazW3SJXdBysbfoXQqFhQEzpF0pbdxHP04UKi1aWbmpVLX7b42RF1_gOBesJ853_c6DH1AadlRKCzcCpADPpH3Up5PAz9m8-6fikmDdTGkuV_SgJpfIVUELRaRbw&state=IIY8wBHQgGQcY0zR
5.83 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOTA0N2M1MTktMDc3YS00M2VkLWIyYjctMzQ2NDIxMTQwZDIxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiUVJSTjhHTHJhaDlvbDYzNnZISTZ4dyIsImV4cCI6MTUyOTc1NTAyNSwiaWF0IjoxNTI5NzUxNDI1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI3MjE2NWI2Zi04ZTU0LTRhMzAtOWQ1Mi1iMzY4ZGM2OTRmN2IiLCJub25jZSI6IjJ5WE1DZE5GemV2Z2R0UUMiLCJyYXQiOjE1Mjk3NTE0MjQsInN1YiI6ImZvb0BiYXIuY29tIn0.KhocAO7KkKQb2FxqLvNZvC4NyODsuQlMGTCbCDLqyBCuinz0v4QEdU3Wl4UMzl7hWSO8-YUAq9Hemalb_TyRcseLUnYGI9PDkkgkoQOsUPv9k470yO2eJjruA8ZBxiUtGqupz13WJVupezVYDmwc1-6ztPzqJ2r6Gke3Sa_EVFr12_HivBEaOLUm92OCCdhkiXmeosfjXIU0-AHY8_GbFXcTP7kPVDbgCJN4eCT9V2K6RwWaeiZQn4lefI9I1fC-DI-FSE_VBu-YNm6qsTHSC4ZOevSsm_A_1s0-aewsKSEqcJViUkaqDfG35TDhESPTZErb4jPXUfH5Y8yvZ2pLFB4RHhko3RmTpZIhl1MQBGdTH_COOe-Yo8EGlRoginyGbdTCHVKAazlHUAqqjffdIu4Pjy3IchNNhLHwXGYhRy6k_A8-Tdr-6XfWWbwPKgp0nSN10gTriDNo5BI-ExIHCuBOfD6G-I9TyhIgzrOB5zH6CZPOZ04kN8odgd1CLoRJ7rstiCV7lMchfTVFPEVnhnSR3Xr2g_2Ar_XxoynfOtVExxmGazW3SJXdBysbfoXQqFhQEzpF0pbdxHP04UKi1aWbmpVLX7b42RF1_gOBesJ853_c6DH1AadlRKCzcCpADPpH3Up5PAz9m8-6fikmDdTGkuV_SgJpfIVUELRaRbw', 'state': 'IIY8wBHQgGQcY0zR', 'code': 'T4Kh2Ydt2R2wuOmLwVVoIUCViqRtztgSgVB5i5UArHQ.bv2301VTGyeQwiHXx04SfNFSX4qQR3mvNDstgSozkAs'}
5.834 AuthorizationResponse {
"code": "T4Kh2Ydt2R2wuOmLwVVoIUCViqRtztgSgVB5i5UArHQ.bv2301VTGyeQwiHXx04SfNFSX4qQR3mvNDstgSozkAs",
"id_token": {
"aud": [
"9047c519-077a-43ed-b2b7-346421140d21"
],
"auth_time": 1529751409,
"c_hash": "QRRN8GLrah9ol636vHI6xw",
"exp": 1529755025,
"iat": 1529751425,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "72165b6f-8e54-4a30-9d52-b368dc694f7b",
"nonce": "2yXMCdNFzevgdtQC",
"rat": 1529751424,
"sub": "foo@bar.com"
},
"state": "IIY8wBHQgGQcY0zR"
}
5.834 phase <--<-- 6 --- AccessToken -->-->
5.834 --> request op_args: {'state': 'IIY8wBHQgGQcY0zR'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
5.834 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'IIY8wBHQgGQcY0zR', 'code': 'T4Kh2Ydt2R2wuOmLwVVoIUCViqRtztgSgVB5i5UArHQ.bv2301VTGyeQwiHXx04SfNFSX4qQR3mvNDstgSozkAs', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '9047c519-077a-43ed-b2b7-346421140d21'}, 'state': 'IIY8wBHQgGQcY0zR'}
5.834 AccessTokenRequest {
"code": "T4Kh2Ydt2R2wuOmLwVVoIUCViqRtztgSgVB5i5UArHQ.bv2301VTGyeQwiHXx04SfNFSX4qQR3mvNDstgSozkAs",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "IIY8wBHQgGQcY0zR"
}
5.834 request_url https://oidc-certification.ory.sh:8443/oauth2/token
5.834 request_http_args {'headers': {'Authorization': 'Basic OTA0N2M1MTktMDc3YS00M2VkLWIyYjctMzQ2NDIxMTQwZDIxOnIuNWhmeUtOJTdFSk54', 'Content-Type': 'application/x-www-form-urlencoded'}}
5.834 request code=T4Kh2Ydt2R2wuOmLwVVoIUCViqRtztgSgVB5i5UArHQ.bv2301VTGyeQwiHXx04SfNFSX4qQR3mvNDstgSozkAs&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=IIY8wBHQgGQcY0zR
6.054 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
6.055 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOTA0N2M1MTktMDc3YS00M2VkLWIyYjctMzQ2NDIxMTQwZDIxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiUVJSTjhHTHJhaDlvbDYzNnZISTZ4dyIsImV4cCI6MTUyOTc1NTAyNSwiaWF0IjoxNTI5NzUxNDI1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJiNDY4ZDJkZC01YjUyLTRkMDUtYjkzMS1lMDkzMjg0Nzg1ZGUiLCJub25jZSI6IjJ5WE1DZE5GemV2Z2R0UUMiLCJyYXQiOjE1Mjk3NTE0MjQsInN1YiI6ImZvb0BiYXIuY29tIn0.lVwRW7gyLJSFFSiiwf3Rg0zrQMUGLjWcNRcmhdReoXsPh_hnbOw_eTq_z-SdDm5seb9HLHOJuo5CkL-COd1xDDIzCW9ecj-SW2Pmt9d6Xj-ggfGZ11DiDzIWjvvmx3KbxmQPPZ7UjH2-idDrIbk9FwuGiR-c-49zDCH6xd-E1XRDl4DyQ2by8hdpMo09rz2NwNF4mOuNLAFxwZem4eZgX6vwBNWtjQ_wC1TMIkgYFrV0iqZxvSh0tMGtFg_OwIDznmBodV3Gvfp9wrNJun6Me8Q_lw52hiNCtRbSO7TlZQahaBD103p1dtRTPnp9UKRvJCxoybirJy3G9NGADGrFckwAW7vOI18rwMw9g2GenqaJLCVGuNz52abbEL2iYuFItTUKqDXJ5JWuLcJzwqTN7ivE1zihI2Odjon63PIALnXw4xPSxkpl7lTMXJ9DcbJfsrRiwetId8GCJf0Jll7bahq40GVaE49QRCmNoR8nOwkp6GGqrm-udcFIUAUldkorY4zvAeenhNF_h234Y2JEb0f1qR1S1G4WfnJ1IkeQ-FNGn5lFSCsyMukks_t8g43P4fDmKfLReoAcUHckVy6DUqKJnHgA-cqUhrYGz-rHnsQQ_-HGYG2G0VI80FI6WhrYfIcc_LOyGmw8_gSJ3QcTn-oWgnVPLqbskMUy3zuwrUQ', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'PDPf__ShUgcUmIWMCfjEpDJZT0I5dT6wfKuzd24W_-Q.crumhzZiAhtk0XfWNALeOeIlgEt8hTSq1-9JqJM9VQs', 'scope': 'openid'}
6.058 AccessTokenResponse {
"access_token": "PDPf__ShUgcUmIWMCfjEpDJZT0I5dT6wfKuzd24W_-Q.crumhzZiAhtk0XfWNALeOeIlgEt8hTSq1-9JqJM9VQs",
"expires_in": 3599,
"id_token": {
"aud": [
"9047c519-077a-43ed-b2b7-346421140d21"
],
"auth_time": 1529751409,
"c_hash": "QRRN8GLrah9ol636vHI6xw",
"exp": 1529755025,
"iat": 1529751425,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "b468d2dd-5b52-4d05-b931-e093284785de",
"nonce": "2yXMCdNFzevgdtQC",
"rat": 1529751424,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
6.058 phase <--<-- 7 --- Done -->-->
6.058 end
6.059 assertion AuthTimeCheck
6.059 condition auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
6.059 assertion VerifyResponse
6.059 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
6.06 assertion SameAuthn
6.06 condition same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
6.06 assertion ClaimsCheck
6.06 condition claims-check: status=OK [Checks if specific claims is present or not]
6.06 condition Done: status=OK
============================================================
Conditions
auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
claims-check: status=OK [Checks if specific claims is present or not]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-request-Unsigned.txt���������������������������������������������������������������������������0000644�0000000�0000000�00000024214�13313423421�015467� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-request-Unsigned
Test description: Support request request parameter with unsigned request
Timestamp: 2018-06-23T10:55:13Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.074 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.075 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.075 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'request_object_signing_alg': 'none'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "none",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#7AtBK3UigObyK80H"
],
"response_types": [
"code id_token"
]
}
0.237 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.238 RegistrationResponse {
"client_id": "c8ef90b3-25ca-468c-9c0a-a8a34ea57b80",
"client_secret": "LKfjtdO4zCwY",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "c8ef90b3-25ca-468c-9c0a-a8a34ea57b80",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "none",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#7AtBK3UigObyK80H"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.238 phase <--<-- 3 --- AsyncAuthn -->-->
0.239 AuthorizationRequest {
"client_id": "c8ef90b3-25ca-468c-9c0a-a8a34ea57b80",
"nonce": "8hFjb8qgVYrKyWOq",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"request": "eyJhbGciOiJub25lIn0.eyJzY29wZSI6ICJvcGVuaWQiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjYxMzUzL2F1dGh6X2NiIiwgImNsaWVudF9pZCI6ICJjOGVmOTBiMy0yNWNhLTQ2OGMtOWMwYS1hOGEzNGVhNTdiODAiLCAic3RhdGUiOiAiS0JDZElHQzlKSUFkNUFPbiIsICJyZXNwb25zZV90eXBlIjogImNvZGUgaWRfdG9rZW4iLCAibm9uY2UiOiAiOGhGamI4cWdWWXJLeVdPcSJ9.",
"response_type": "code id_token",
"scope": "openid",
"state": "KBCdIGC9JIAd5AOn"
}
0.239 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=c8ef90b3-25ca-468c-9c0a-a8a34ea57b80&response_type=code+id_token&state=KBCdIGC9JIAd5AOn&request=eyJhbGciOiJub25lIn0.eyJzY29wZSI6ICJvcGVuaWQiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjYxMzUzL2F1dGh6X2NiIiwgImNsaWVudF9pZCI6ICJjOGVmOTBiMy0yNWNhLTQ2OGMtOWMwYS1hOGEzNGVhNTdiODAiLCAic3RhdGUiOiAiS0JDZElHQzlKSUFkNUFPbiIsICJyZXNwb25zZV90eXBlIjogImNvZGUgaWRfdG9rZW4iLCAibm9uY2UiOiAiOGhGamI4cWdWWXJLeVdPcSJ9.&nonce=8hFjb8qgVYrKyWOq
0.239 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=c8ef90b3-25ca-468c-9c0a-a8a34ea57b80&response_type=code+id_token&state=KBCdIGC9JIAd5AOn&request=eyJhbGciOiJub25lIn0.eyJzY29wZSI6ICJvcGVuaWQiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vb3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0OjYxMzUzL2F1dGh6X2NiIiwgImNsaWVudF9pZCI6ICJjOGVmOTBiMy0yNWNhLTQ2OGMtOWMwYS1hOGEzNGVhNTdiODAiLCAic3RhdGUiOiAiS0JDZElHQzlKSUFkNUFPbiIsICJyZXNwb25zZV90eXBlIjogImNvZGUgaWRfdG9rZW4iLCAibm9uY2UiOiAiOGhGamI4cWdWWXJLeVdPcSJ9.&nonce=8hFjb8qgVYrKyWOq
2.283 http args {}
2.452 response URL with fragment
2.453 response code=gmtuBfPVbWzmnx5G6zyJtCOJSENH27ikbaDPVYVVLEg.m8gB0gZMpB3XfOR75bsf9fPyj0gH08WY4q8eSqsi6ew&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYzhlZjkwYjMtMjVjYS00NjhjLTljMGEtYThhMzRlYTU3YjgwIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiYlNxUzdCOEFselVySl9RZFZTUU9YUSIsImV4cCI6MTUyOTc1NDkxMiwiaWF0IjoxNTI5NzUxMzEyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0Nzc1MWJjMC1mYzRlLTRlNjktOGM5MC01ZTY5MjFlY2M3NjgiLCJub25jZSI6IjhoRmpiOHFnVllyS3lXT3EiLCJyYXQiOjE1Mjk3NTEzMTAsInN1YiI6ImZvb0BiYXIuY29tIn0.L-9_vfCFWtQug2nN6N3_IQOzeagFadNEdcN8s3m75v476Wvqz_S1KxujN7PRhUReEpmSTUaXgnPk1P1_WlPMMxjTMJWE6ZAgSCYWFR1vyEsmqjyQKjel_Q14xZDTrZW0kwoGhoDVV5aWyyMmLYKlBml43IVg7W8GpiHXtzEbvG8vj2gr-TVSZ80GqkmGhsgrooMAnS4Qg0_HCf7V7ijbTSiZoNJ9NPMTIj4manXtEFxxy88r7xeoNY5c6p4fPXKmNgJC2RA9M5Pox5cDa4yJWJdYGMuX1yJ-pQ84_7c1wFsumh8OJIEC0oEg46ljNf7NMfvePUFwFbab7pZds7fgfz7K0ogU_M_KxwFMPzkQUDdGA_p1dkkk_x4tgahs07TC7CZvzPvvkwEpILsWsUsFjjS_pznKhlQAdqxCSbfpPfEqm47ZmnviTJtkGEht1CkAgd3fxo3gQ1fVjMIiY66s-_eqsJt32mVBxEB8AwtH-zDYiMH3HBQtaF74MPA_4sO6Wfz3yZC_YF-3icy1d7GxFwjsLWfU65ssUdcDWF1G1CxX6gulD1zgKo2BN_TNbYLWaSQkhiID7Udc0Kx8qLoadVfzufntDsBW87hN3qSzSQKAce05JvSvZfSszS2DcXPsfk9OyhO190myMUUQYNkeL5oNfpYZFhxsPmS1t07W5r8&state=KBCdIGC9JIAd5AOn
2.453 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYzhlZjkwYjMtMjVjYS00NjhjLTljMGEtYThhMzRlYTU3YjgwIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiYlNxUzdCOEFselVySl9RZFZTUU9YUSIsImV4cCI6MTUyOTc1NDkxMiwiaWF0IjoxNTI5NzUxMzEyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0Nzc1MWJjMC1mYzRlLTRlNjktOGM5MC01ZTY5MjFlY2M3NjgiLCJub25jZSI6IjhoRmpiOHFnVllyS3lXT3EiLCJyYXQiOjE1Mjk3NTEzMTAsInN1YiI6ImZvb0BiYXIuY29tIn0.L-9_vfCFWtQug2nN6N3_IQOzeagFadNEdcN8s3m75v476Wvqz_S1KxujN7PRhUReEpmSTUaXgnPk1P1_WlPMMxjTMJWE6ZAgSCYWFR1vyEsmqjyQKjel_Q14xZDTrZW0kwoGhoDVV5aWyyMmLYKlBml43IVg7W8GpiHXtzEbvG8vj2gr-TVSZ80GqkmGhsgrooMAnS4Qg0_HCf7V7ijbTSiZoNJ9NPMTIj4manXtEFxxy88r7xeoNY5c6p4fPXKmNgJC2RA9M5Pox5cDa4yJWJdYGMuX1yJ-pQ84_7c1wFsumh8OJIEC0oEg46ljNf7NMfvePUFwFbab7pZds7fgfz7K0ogU_M_KxwFMPzkQUDdGA_p1dkkk_x4tgahs07TC7CZvzPvvkwEpILsWsUsFjjS_pznKhlQAdqxCSbfpPfEqm47ZmnviTJtkGEht1CkAgd3fxo3gQ1fVjMIiY66s-_eqsJt32mVBxEB8AwtH-zDYiMH3HBQtaF74MPA_4sO6Wfz3yZC_YF-3icy1d7GxFwjsLWfU65ssUdcDWF1G1CxX6gulD1zgKo2BN_TNbYLWaSQkhiID7Udc0Kx8qLoadVfzufntDsBW87hN3qSzSQKAce05JvSvZfSszS2DcXPsfk9OyhO190myMUUQYNkeL5oNfpYZFhxsPmS1t07W5r8', 'state': 'KBCdIGC9JIAd5AOn', 'code': 'gmtuBfPVbWzmnx5G6zyJtCOJSENH27ikbaDPVYVVLEg.m8gB0gZMpB3XfOR75bsf9fPyj0gH08WY4q8eSqsi6ew'}
2.537 AuthorizationResponse {
"code": "gmtuBfPVbWzmnx5G6zyJtCOJSENH27ikbaDPVYVVLEg.m8gB0gZMpB3XfOR75bsf9fPyj0gH08WY4q8eSqsi6ew",
"id_token": {
"aud": [
"c8ef90b3-25ca-468c-9c0a-a8a34ea57b80"
],
"auth_time": 1529751224,
"c_hash": "bSqS7B8AlzUrJ_QdVSQOXQ",
"exp": 1529754912,
"iat": 1529751312,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "47751bc0-fc4e-4e69-8c90-5e6921ecc768",
"nonce": "8hFjb8qgVYrKyWOq",
"rat": 1529751310,
"sub": "foo@bar.com"
},
"state": "KBCdIGC9JIAd5AOn"
}
2.537 phase <--<-- 4 --- Done -->-->
2.537 end
2.538 assertion VerifyAuthnOrErrorResponse
2.538 condition authn-response-or-error: status=OK [Checks that the last response was a JSON encoded authentication or error message]
2.538 condition Done: status=OK
============================================================
Conditions
authn-response-or-error: status=OK [Checks that the last response was a JSON encoded authentication or error message]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-ClientAuth-Basic-Dynamic.txt�������������������������������������������������������������������0000644�0000000�0000000�00000031074�13313423164�016674� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-ClientAuth-Basic-Dynamic
Test description: Access token request with client_secret_basic authentication
Timestamp: 2018-06-23T10:52:36Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.075 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.077 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.077 phase <--<-- 2 --- Registration -->-->
0.077 register kwargs:{'application_name': 'OIC test tool', 'token_endpoint_auth_method': 'client_secret_basic', 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'response_types': ['code id_token'], 'url': 'https://oidc-certification.ory.sh:8443/clients', 'application_type': 'web'}
0.077 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#OiyJvR4yVkJM3nRf"
],
"response_types": [
"code id_token"
],
"token_endpoint_auth_method": "client_secret_basic"
}
0.237 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.238 RegistrationResponse {
"client_id": "d5eab431-2dfb-473d-8522-bf10654623b8",
"client_secret": "N_9W~UVpRECK",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "d5eab431-2dfb-473d-8522-bf10654623b8",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#OiyJvR4yVkJM3nRf"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.238 phase <--<-- 3 --- AsyncAuthn -->-->
0.239 AuthorizationRequest {
"client_id": "d5eab431-2dfb-473d-8522-bf10654623b8",
"nonce": "4rnKjtb151JJSYV4",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "xKfCNycWHarQegeT"
}
0.239 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=d5eab431-2dfb-473d-8522-bf10654623b8&state=xKfCNycWHarQegeT&response_type=code+id_token&nonce=4rnKjtb151JJSYV4
0.239 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=d5eab431-2dfb-473d-8522-bf10654623b8&state=xKfCNycWHarQegeT&response_type=code+id_token&nonce=4rnKjtb151JJSYV4
2.239 http args {}
2.411 response URL with fragment
2.411 response code=xN5s-M4iSkj2iZm04r6RtS0zoQSCNRn5zMGw5uHJn_E.AoEIUUSbnRtDi0EeZ6WeDzNz-MwsSKd9gnghdIBdVIY&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZDVlYWI0MzEtMmRmYi00NzNkLTg1MjItYmYxMDY1NDYyM2I4Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiT2FPRWtNZ3BmZDgxN2U5VVB4NGdFUSIsImV4cCI6MTUyOTc1NDc1NSwiaWF0IjoxNTI5NzUxMTU1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0Y2YzNzMxYy1lODQ5LTQyZTktOTFmNS0yMjU5NTgyZDA1OGEiLCJub25jZSI6IjRybktqdGIxNTFKSlNZVjQiLCJyYXQiOjE1Mjk3NTExNTQsInN1YiI6ImZvb0BiYXIuY29tIn0.o7PywR9XjTGrWslVA7XOaIf5cqQ-kVs7XktIi_vLl0Gr1wWzVsAQozf4wEvxdZHLIjRLyi7VRcMZZoGLPbycXgHw2bmjsnUc4-gEuwwzMYZtkRSdJdCrv_HeAr4Y4jiczXvVqNvVfxne4_FQGUrQjfq0Lcou0vQx5tXclFL6zK6ehR9mGOWit9QamvLEVDnMRmhUkgegLdMTXvZ5RcH0XmXcW--3rXfXbSoOBWIEVSsrpNBLzKc1gw9TtGdmzT4o8cPMxZZsfPrkT3NT9HU1k5wbHA3wW7J-xHOy529MaNOcaZUt4iwBe2J09TFTreqASiLGqqIfKbkl2R_guyFrdSXdWSm62Sdb2gYSk0iyx1iETJK7sG7jldxG09iLzyXOZSvnDsZxlpMrTZgLF9I_rDwy3Hcecugk1H-7NjlhleI8DxcNlmkKr03s0-R96NiCJ2qczzlv8wpTBzcu-gmJXybE5zF6tjwCfxgcNcUxqvgtRUgJ6cYgkjXD7s7upDVd8izxL-QyNb22rNH9H1SPQa8rCGRuNBlbHkSWveXjDmCXPwagT3BbCp3Q6Y1QopKeSYpD0yIqvUi8jeZS0A8L32An3gNl5fLXhWm0-x3ivlhF8OI-_vaC9gMFd6UM2Emo8FxGHqtafxEq9DzY7UUMl_WSruQzDLzy4eq88BEkOqo&state=xKfCNycWHarQegeT
2.412 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZDVlYWI0MzEtMmRmYi00NzNkLTg1MjItYmYxMDY1NDYyM2I4Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiT2FPRWtNZ3BmZDgxN2U5VVB4NGdFUSIsImV4cCI6MTUyOTc1NDc1NSwiaWF0IjoxNTI5NzUxMTU1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0Y2YzNzMxYy1lODQ5LTQyZTktOTFmNS0yMjU5NTgyZDA1OGEiLCJub25jZSI6IjRybktqdGIxNTFKSlNZVjQiLCJyYXQiOjE1Mjk3NTExNTQsInN1YiI6ImZvb0BiYXIuY29tIn0.o7PywR9XjTGrWslVA7XOaIf5cqQ-kVs7XktIi_vLl0Gr1wWzVsAQozf4wEvxdZHLIjRLyi7VRcMZZoGLPbycXgHw2bmjsnUc4-gEuwwzMYZtkRSdJdCrv_HeAr4Y4jiczXvVqNvVfxne4_FQGUrQjfq0Lcou0vQx5tXclFL6zK6ehR9mGOWit9QamvLEVDnMRmhUkgegLdMTXvZ5RcH0XmXcW--3rXfXbSoOBWIEVSsrpNBLzKc1gw9TtGdmzT4o8cPMxZZsfPrkT3NT9HU1k5wbHA3wW7J-xHOy529MaNOcaZUt4iwBe2J09TFTreqASiLGqqIfKbkl2R_guyFrdSXdWSm62Sdb2gYSk0iyx1iETJK7sG7jldxG09iLzyXOZSvnDsZxlpMrTZgLF9I_rDwy3Hcecugk1H-7NjlhleI8DxcNlmkKr03s0-R96NiCJ2qczzlv8wpTBzcu-gmJXybE5zF6tjwCfxgcNcUxqvgtRUgJ6cYgkjXD7s7upDVd8izxL-QyNb22rNH9H1SPQa8rCGRuNBlbHkSWveXjDmCXPwagT3BbCp3Q6Y1QopKeSYpD0yIqvUi8jeZS0A8L32An3gNl5fLXhWm0-x3ivlhF8OI-_vaC9gMFd6UM2Emo8FxGHqtafxEq9DzY7UUMl_WSruQzDLzy4eq88BEkOqo', 'state': 'xKfCNycWHarQegeT', 'code': 'xN5s-M4iSkj2iZm04r6RtS0zoQSCNRn5zMGw5uHJn_E.AoEIUUSbnRtDi0EeZ6WeDzNz-MwsSKd9gnghdIBdVIY'}
2.515 AuthorizationResponse {
"code": "xN5s-M4iSkj2iZm04r6RtS0zoQSCNRn5zMGw5uHJn_E.AoEIUUSbnRtDi0EeZ6WeDzNz-MwsSKd9gnghdIBdVIY",
"id_token": {
"aud": [
"d5eab431-2dfb-473d-8522-bf10654623b8"
],
"auth_time": 1529750975,
"c_hash": "OaOEkMgpfd817e9UPx4gEQ",
"exp": 1529754755,
"iat": 1529751155,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "4cf3731c-e849-42e9-91f5-2259582d058a",
"nonce": "4rnKjtb151JJSYV4",
"rat": 1529751154,
"sub": "foo@bar.com"
},
"state": "xKfCNycWHarQegeT"
}
2.515 phase <--<-- 4 --- AccessToken -->-->
2.515 --> request op_args: {'state': 'xKfCNycWHarQegeT', 'authn_method': 'client_secret_basic'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.515 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'xKfCNycWHarQegeT', 'code': 'xN5s-M4iSkj2iZm04r6RtS0zoQSCNRn5zMGw5uHJn_E.AoEIUUSbnRtDi0EeZ6WeDzNz-MwsSKd9gnghdIBdVIY', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'd5eab431-2dfb-473d-8522-bf10654623b8'}, 'state': 'xKfCNycWHarQegeT', 'authn_method': 'client_secret_basic'}
2.515 AccessTokenRequest {
"code": "xN5s-M4iSkj2iZm04r6RtS0zoQSCNRn5zMGw5uHJn_E.AoEIUUSbnRtDi0EeZ6WeDzNz-MwsSKd9gnghdIBdVIY",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "xKfCNycWHarQegeT"
}
2.515 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.515 request_http_args {'headers': {'Authorization': 'Basic ZDVlYWI0MzEtMmRmYi00NzNkLTg1MjItYmYxMDY1NDYyM2I4Ok5fOVclN0VVVnBSRUNL', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.515 request code=xN5s-M4iSkj2iZm04r6RtS0zoQSCNRn5zMGw5uHJn_E.AoEIUUSbnRtDi0EeZ6WeDzNz-MwsSKd9gnghdIBdVIY&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=xKfCNycWHarQegeT
2.733 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.734 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZDVlYWI0MzEtMmRmYi00NzNkLTg1MjItYmYxMDY1NDYyM2I4Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiT2FPRWtNZ3BmZDgxN2U5VVB4NGdFUSIsImV4cCI6MTUyOTc1NDc1NSwiaWF0IjoxNTI5NzUxMTU2LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI3OWRjMDk3Yy1lNzI0LTQ4YzMtOGU2OC02ZDU2YjY4NzhmMTkiLCJub25jZSI6IjRybktqdGIxNTFKSlNZVjQiLCJyYXQiOjE1Mjk3NTExNTQsInN1YiI6ImZvb0BiYXIuY29tIn0.WJjnUU6FKNqu15gIpDIdbNEBPghVJSB0hW--eMNullHHQVbpePLV2QQsk0d9t5vVym_VV1uZRL4RN1Ul4h_6Nd_HF-Fvae2zStucdv1dEBamzdmvgE3dsk7AcvULUMn57IndYMdq_vQ8IRmuIMUiCs8Hs7Q2CRHGZCKy5MvAjTtKIvbMSLpBADWOPPG2Y2PK1saC7zYefodnmcpotrKQQZynFZ1RCEfLk19RCfk-VkoqO3Q0HYIbo3kRg8RkN2ctPHigEMfMHffpNXq1awBSp90bUd3AC3lMRWB7ql4joAQY38w2LMX8GNzd_ykKpS3d-Y1GLT3GG5xaIiGEu6prDNf7zTUo-hg5ce3XJo9Qu-KeNB15thfXOKRsOvMMWeqsFFjTkZNyAqw_i-m5d7ZbepuDN_XiICVwv6K-E59rLF14TCwbBB9K5DlCpVlwxCBIoltzZcDpFTrceWaxhPmYwZ1-Gw6iSuLKM1drjAYDpeICw8483Iqc5W40UyykE0RFU3XPc33GJhHR7muOwj-wRItQddzEEnHBUhVO58QXClD6qTCWMoSmpB_dHDjgxDzCLmHtJhRKoh-JUcikF-L2XAeYDRjhZDp7qnCW7ov-keLmdle9ziAuvriPEl10S8S8BWXSt_WHUCg04FDZaaiElpWkXyv91V6zw3EyB018OaE', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'kjPClPaAO--qoAXOCH4RGJyoS0HNnghUhy2RCsuDl0Y.C2UvOofD2SUQY5oSFYw2KXATo-qovAiinrjcwwhBgZ8', 'scope': 'openid'}
2.738 AccessTokenResponse {
"access_token": "kjPClPaAO--qoAXOCH4RGJyoS0HNnghUhy2RCsuDl0Y.C2UvOofD2SUQY5oSFYw2KXATo-qovAiinrjcwwhBgZ8",
"expires_in": 3599,
"id_token": {
"aud": [
"d5eab431-2dfb-473d-8522-bf10654623b8"
],
"auth_time": 1529750975,
"c_hash": "OaOEkMgpfd817e9UPx4gEQ",
"exp": 1529754755,
"iat": 1529751156,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "79dc097c-e724-48c3-8e68-6d56b6878f19",
"nonce": "4rnKjtb151JJSYV4",
"rat": 1529751154,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.738 phase <--<-- 5 --- Done -->-->
2.738 end
2.738 assertion VerifyResponse
2.738 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.738 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Discovery-claims_supported.txt�����������������������������������������������������������������0000644�0000000�0000000�00000005772�13313423101�017552� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Discovery-claims_supported
Test description: Verify that claims_supported is published
Timestamp: 2018-06-23T10:51:45Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.078 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.079 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.079 phase <--<-- 2 --- Done -->-->
0.079 end
0.08 assertion CheckHTTPResponse
0.08 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
0.08 assertion CheckHasClaimsSupported
0.08 condition providerinfo-has-claims_supported: status=OK [Check that the claims_supported discovery metadata value is in the provider_info]
0.08 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
providerinfo-has-claims_supported: status=OK [Check that the claims_supported discovery metadata value is in the provider_info]
Done: status=OK
============================================================
RESULT: PASSED
������./OP-IDToken-c_hash.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000022026�13313423154�014747� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-IDToken-c_hash
Test description: ID Token has c_hash when ID Token and Authorization Code returned from Authorization Endpoint [Hybrid]
Timestamp: 2018-06-23T10:52:28Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.113 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.115 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.115 phase <--<-- 2 --- Registration -->-->
0.115 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.115 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#XOiFCmvEwUIU2s6A"
],
"response_types": [
"code id_token"
]
}
0.275 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.276 RegistrationResponse {
"client_id": "f60072bd-f323-4fcc-9eb4-f9bcee97a63f",
"client_secret": "rAj8oS8kkthI",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "f60072bd-f323-4fcc-9eb4-f9bcee97a63f",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#XOiFCmvEwUIU2s6A"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.276 phase <--<-- 3 --- AsyncAuthn -->-->
0.276 AuthorizationRequest {
"client_id": "f60072bd-f323-4fcc-9eb4-f9bcee97a63f",
"nonce": "6ItYBO4OpWPpMFI7",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "trmWXSn7ja9zN449"
}
0.277 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=f60072bd-f323-4fcc-9eb4-f9bcee97a63f&state=trmWXSn7ja9zN449&response_type=code+id_token&nonce=6ItYBO4OpWPpMFI7
0.277 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=f60072bd-f323-4fcc-9eb4-f9bcee97a63f&state=trmWXSn7ja9zN449&response_type=code+id_token&nonce=6ItYBO4OpWPpMFI7
3.036 http args {}
3.243 response URL with fragment
3.243 response code=2E9v9MxJOdXprH69OC274RfzoZSHexc4ic3JZzsskzY.WcRBwU1oMrGbgsIVYlOfIBRfEhkSPJwVQ7gOBUF1rN0&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZjYwMDcyYmQtZjMyMy00ZmNjLTllYjQtZjliY2VlOTdhNjNmIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiM2lhdzBYNTJHZ0tJMzhfYzVxS1RVZyIsImV4cCI6MTUyOTc1NDc0OCwiaWF0IjoxNTI5NzUxMTQ4LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwYTE4ODMxMi02YzhlLTQ0YWYtOGUwMy03OThiYTI0ZGM0MTMiLCJub25jZSI6IjZJdFlCTzRPcFdQcE1GSTciLCJyYXQiOjE1Mjk3NTExNDUsInN1YiI6ImZvb0BiYXIuY29tIn0.DbsiMHcgLhN6tou6-vA5G58YdGHMcTaTuVSjG96NlYg0zfuO2mnw1TTEhKoAfMaljAc6AOxcVtwL2YNNFuJQRJ-DkaDs8Tu6OhvN_4OppJbmlFcAiHMXPPy7FtG2xs40ocS3zLoFbGE5kW1LeyUF38UFp04mWvqRshJFo3u17cdNAcWDINcVgIxjzKOtQjpL53uYW_Eoxi_0I8ERXdamL9dFXvOrQy5dbQ20heJImYQeKJeIeLMduLSPAcmVS6N90V4PmCAtJYOXg_Mvr36YBTfKuaIKuZens1MCAWjId5AYEkzGOdf6xvAaSZJAge-Q4uzG7cCNTRvFfomvZKhFTgFJKd76u_xlw-GCe__QT4t_ir11-mYWX2Vi1df_Onl9YigIhZPSuz9T_TN7V7PWjQApJUt0oJrkNY63tKk-9dUgkE07twz3qXfd0qIV7D5z79HNIL_5FKWz2zChXrLLLPPwX3EaHyGdmzMYzLl5Gcv5msvVeWWpZNHNlRU18Y2iaV6OWfRKr_OFrpxFLEVrzxSagh-TpZYg-OgXipidmGFf-bCTzxesbF5BTTrgakDd8FeV8cNLzz3wsepXfmbxa7Zlsu5PlKhshCwfxLmKIIXXdU9hxnvnSCqHzaeVaEGnK_QD4FVcZIMAKOon841p9En1KsSbZ5iEp6Eu0a2PfaE&state=trmWXSn7ja9zN449
3.243 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZjYwMDcyYmQtZjMyMy00ZmNjLTllYjQtZjliY2VlOTdhNjNmIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiM2lhdzBYNTJHZ0tJMzhfYzVxS1RVZyIsImV4cCI6MTUyOTc1NDc0OCwiaWF0IjoxNTI5NzUxMTQ4LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwYTE4ODMxMi02YzhlLTQ0YWYtOGUwMy03OThiYTI0ZGM0MTMiLCJub25jZSI6IjZJdFlCTzRPcFdQcE1GSTciLCJyYXQiOjE1Mjk3NTExNDUsInN1YiI6ImZvb0BiYXIuY29tIn0.DbsiMHcgLhN6tou6-vA5G58YdGHMcTaTuVSjG96NlYg0zfuO2mnw1TTEhKoAfMaljAc6AOxcVtwL2YNNFuJQRJ-DkaDs8Tu6OhvN_4OppJbmlFcAiHMXPPy7FtG2xs40ocS3zLoFbGE5kW1LeyUF38UFp04mWvqRshJFo3u17cdNAcWDINcVgIxjzKOtQjpL53uYW_Eoxi_0I8ERXdamL9dFXvOrQy5dbQ20heJImYQeKJeIeLMduLSPAcmVS6N90V4PmCAtJYOXg_Mvr36YBTfKuaIKuZens1MCAWjId5AYEkzGOdf6xvAaSZJAge-Q4uzG7cCNTRvFfomvZKhFTgFJKd76u_xlw-GCe__QT4t_ir11-mYWX2Vi1df_Onl9YigIhZPSuz9T_TN7V7PWjQApJUt0oJrkNY63tKk-9dUgkE07twz3qXfd0qIV7D5z79HNIL_5FKWz2zChXrLLLPPwX3EaHyGdmzMYzLl5Gcv5msvVeWWpZNHNlRU18Y2iaV6OWfRKr_OFrpxFLEVrzxSagh-TpZYg-OgXipidmGFf-bCTzxesbF5BTTrgakDd8FeV8cNLzz3wsepXfmbxa7Zlsu5PlKhshCwfxLmKIIXXdU9hxnvnSCqHzaeVaEGnK_QD4FVcZIMAKOon841p9En1KsSbZ5iEp6Eu0a2PfaE', 'state': 'trmWXSn7ja9zN449', 'code': '2E9v9MxJOdXprH69OC274RfzoZSHexc4ic3JZzsskzY.WcRBwU1oMrGbgsIVYlOfIBRfEhkSPJwVQ7gOBUF1rN0'}
3.322 AuthorizationResponse {
"code": "2E9v9MxJOdXprH69OC274RfzoZSHexc4ic3JZzsskzY.WcRBwU1oMrGbgsIVYlOfIBRfEhkSPJwVQ7gOBUF1rN0",
"id_token": {
"aud": [
"f60072bd-f323-4fcc-9eb4-f9bcee97a63f"
],
"auth_time": 1529750975,
"c_hash": "3iaw0X52GgKI38_c5qKTUg",
"exp": 1529754748,
"iat": 1529751148,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "0a188312-6c8e-44af-8e03-798ba24dc413",
"nonce": "6ItYBO4OpWPpMFI7",
"rat": 1529751145,
"sub": "foo@bar.com"
},
"state": "trmWXSn7ja9zN449"
}
3.322 phase <--<-- 4 --- Done -->-->
3.322 end
3.323 assertion VerifyAuthnResponse
3.323 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
3.323 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-logo_uri.txt����������������������������������������������������������������������0000644�0000000�0000000�00000022337�13313423124�016520� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-logo_uri
Test description: Registration with logo_uri
Timestamp: 2018-06-23T10:52:04Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.079 phase <--<-- 1 --- Webfinger -->-->
1.079 not expected to do WebFinger
1.079 phase <--<-- 2 --- Discovery -->-->
1.079 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.154 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.155 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.156 phase <--<-- 3 --- Registration -->-->
1.156 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'logo_uri': 'https://op.certification.openid.net:61353/static/logo.png'}
1.156 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"logo_uri": "https://op.certification.openid.net:61353/static/logo.png",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#JKJlmwAhxBFGF86b"
],
"response_types": [
"code id_token"
]
}
1.317 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.318 RegistrationResponse {
"client_id": "10589b27-19a0-4c90-bc9b-ab9d9abb027d",
"client_secret": "f1x_A1Emojlr",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "10589b27-19a0-4c90-bc9b-ab9d9abb027d",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"logo_uri": "https://op.certification.openid.net:61353/static/logo.png",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#JKJlmwAhxBFGF86b"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.318 phase <--<-- 4 --- AsyncAuthn -->-->
1.319 AuthorizationRequest {
"client_id": "10589b27-19a0-4c90-bc9b-ab9d9abb027d",
"nonce": "5VUjjzrcR0064FJB",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "9OjOJUbZPXjduA4z"
}
1.319 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=10589b27-19a0-4c90-bc9b-ab9d9abb027d&state=9OjOJUbZPXjduA4z&response_type=code+id_token&nonce=5VUjjzrcR0064FJB
1.319 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=10589b27-19a0-4c90-bc9b-ab9d9abb027d&state=9OjOJUbZPXjduA4z&response_type=code+id_token&nonce=5VUjjzrcR0064FJB
4.242 http args {}
4.446 response URL with fragment
4.447 response code=zJ_ck-sv6zM8ZhyM1kpezhbTfxytHCDosM6Um_Kmqz0.wCeWK5wnsR_sl7waxeAFFc0Zl4dL8DgQyKBlwRpx-AQ&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTA1ODliMjctMTlhMC00YzkwLWJjOWItYWI5ZDlhYmIwMjdkIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiZmpja2RCY050OHFCd2ZNcnFTS2NXdyIsImV4cCI6MTUyOTc1NDcyNCwiaWF0IjoxNTI5NzUxMTI0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIxZGFmNGQ0MS1kMzIzLTRlNDUtODI5OS02ZjVjMDRlNTAxMzQiLCJub25jZSI6IjVWVWpqenJjUjAwNjRGSkIiLCJyYXQiOjE1Mjk3NTExMjEsInN1YiI6ImZvb0BiYXIuY29tIn0.x8mYbdGX7SAQ9WurEqLWoiBjZ3hVj-_7lngRt_HkRvGUSCpVJMZrT5bD3KSDttJzYui1MNFg86duJdzNSRvktXN8fVpJP8eVMmKIGdRWRadtfxaCrbFrRUYy4Z4teQdCylRaVZPirotqwFNtqkuo7Z21APZ6S56GQPT--jVvOIrW3EViXFFTCrnZQtQJRdEeBbzFODLk1mV32jXt_jiE8Bp9ZbtZGrteP7-PcW50L-U86uCkdX4M06WdfollB0c6AVoFKLCSONp3bCXQYtgaMhXczqURpzFR3skM51j8cZTISYu2OHoRfmOud7azAjsqePAKI-DhlS15AJeL685y_ipEViv404sYQ6vxOiN88HU9ezcWwD31zNjzN4m7UN6xjkq1Cj1Bwp5VsB0MVO86YzjIcVdOccYjpCWpm-Xodqj9TfieQhmolslLyCFjATi3Kz5xqBZ2BOpT_oestnZ0p89rhQN5X4_7g0t_t2xrF3-YzbxzCEfDf9aSIzn1ooPMsU3jn4VXjX27AhsBOexXgfxRNEK__ApTx1Rp6c5e6LPVyyS74HY9J0NlRPCy0pXG51gEPyNc2UlYN2vOXgUuBEeiFoqa7myqOFDDbt0mcG97RRiXm4C7SK__uioJMbZ6C8PS0jwGUTLamFZhO5IXgRAciL8mkxBzqZixmyfVkVk&state=9OjOJUbZPXjduA4z
4.447 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTA1ODliMjctMTlhMC00YzkwLWJjOWItYWI5ZDlhYmIwMjdkIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiZmpja2RCY050OHFCd2ZNcnFTS2NXdyIsImV4cCI6MTUyOTc1NDcyNCwiaWF0IjoxNTI5NzUxMTI0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIxZGFmNGQ0MS1kMzIzLTRlNDUtODI5OS02ZjVjMDRlNTAxMzQiLCJub25jZSI6IjVWVWpqenJjUjAwNjRGSkIiLCJyYXQiOjE1Mjk3NTExMjEsInN1YiI6ImZvb0BiYXIuY29tIn0.x8mYbdGX7SAQ9WurEqLWoiBjZ3hVj-_7lngRt_HkRvGUSCpVJMZrT5bD3KSDttJzYui1MNFg86duJdzNSRvktXN8fVpJP8eVMmKIGdRWRadtfxaCrbFrRUYy4Z4teQdCylRaVZPirotqwFNtqkuo7Z21APZ6S56GQPT--jVvOIrW3EViXFFTCrnZQtQJRdEeBbzFODLk1mV32jXt_jiE8Bp9ZbtZGrteP7-PcW50L-U86uCkdX4M06WdfollB0c6AVoFKLCSONp3bCXQYtgaMhXczqURpzFR3skM51j8cZTISYu2OHoRfmOud7azAjsqePAKI-DhlS15AJeL685y_ipEViv404sYQ6vxOiN88HU9ezcWwD31zNjzN4m7UN6xjkq1Cj1Bwp5VsB0MVO86YzjIcVdOccYjpCWpm-Xodqj9TfieQhmolslLyCFjATi3Kz5xqBZ2BOpT_oestnZ0p89rhQN5X4_7g0t_t2xrF3-YzbxzCEfDf9aSIzn1ooPMsU3jn4VXjX27AhsBOexXgfxRNEK__ApTx1Rp6c5e6LPVyyS74HY9J0NlRPCy0pXG51gEPyNc2UlYN2vOXgUuBEeiFoqa7myqOFDDbt0mcG97RRiXm4C7SK__uioJMbZ6C8PS0jwGUTLamFZhO5IXgRAciL8mkxBzqZixmyfVkVk', 'state': '9OjOJUbZPXjduA4z', 'code': 'zJ_ck-sv6zM8ZhyM1kpezhbTfxytHCDosM6Um_Kmqz0.wCeWK5wnsR_sl7waxeAFFc0Zl4dL8DgQyKBlwRpx-AQ'}
4.561 AuthorizationResponse {
"code": "zJ_ck-sv6zM8ZhyM1kpezhbTfxytHCDosM6Um_Kmqz0.wCeWK5wnsR_sl7waxeAFFc0Zl4dL8DgQyKBlwRpx-AQ",
"id_token": {
"aud": [
"10589b27-19a0-4c90-bc9b-ab9d9abb027d"
],
"auth_time": 1529750975,
"c_hash": "fjckdBcNt8qBwfMrqSKcWw",
"exp": 1529754724,
"iat": 1529751124,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "1daf4d41-d323-4e45-8299-6f5c04e50134",
"nonce": "5VUjjzrcR0064FJB",
"rat": 1529751121,
"sub": "foo@bar.com"
},
"state": "9OjOJUbZPXjduA4z"
}
4.561 phase <--<-- 5 --- Done -->-->
4.561 end
4.562 assertion VerifyAuthnResponse
4.562 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
4.562 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-Query-OK.txt����������������������������������������������������������������������0000644�0000000�0000000�00000022646�13313423412�016326� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-Query-OK
Test description: Request with a redirect_uri with a query component when a redirect_uri with the same query component is registered
Timestamp: 2018-06-23T10:55:06Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.076 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.077 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.077 phase <--<-- 2 --- Registration -->-->
0.077 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb?foo=bar'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.078 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb?foo=bar"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#VXD8W8WWf1ti8maQ"
],
"response_types": [
"code id_token"
]
}
0.234 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.235 RegistrationResponse {
"client_id": "45b913e8-3e87-466e-b464-2278d2a72190",
"client_secret": "wlGmnrSWeTlU",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "45b913e8-3e87-466e-b464-2278d2a72190",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb?foo=bar"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#VXD8W8WWf1ti8maQ"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.235 phase <--<-- 3 --- AsyncAuthn -->-->
0.235 AuthorizationRequest {
"client_id": "45b913e8-3e87-466e-b464-2278d2a72190",
"nonce": "Ng0mM8TN571Kk3Le",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb?foo=bar",
"response_type": "code id_token",
"scope": "openid",
"state": "3nCtpDevq22iGQEs"
}
0.236 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Ffoo%3Dbar&client_id=45b913e8-3e87-466e-b464-2278d2a72190&state=3nCtpDevq22iGQEs&response_type=code+id_token&nonce=Ng0mM8TN571Kk3Le
0.236 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb%3Ffoo%3Dbar&client_id=45b913e8-3e87-466e-b464-2278d2a72190&state=3nCtpDevq22iGQEs&response_type=code+id_token&nonce=Ng0mM8TN571Kk3Le
2.698 http args {'foo': 'bar'}
2.872 response URL with fragment
2.872 response code=gtAJKrrXqrlZruz5LXVaHztBXf2-s3y4HcVb-W6_4po.szFxKoVQgrv7yPM87KQ2PKlRs7V-WRtFUtoRj78OJms&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNDViOTEzZTgtM2U4Ny00NjZlLWI0NjQtMjI3OGQyYTcyMTkwIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiTGF1dWFoX0xjcHdyZXZIVnNGdDVFdyIsImV4cCI6MTUyOTc1NDkwNiwiaWF0IjoxNTI5NzUxMzA2LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhYmEwNDJjZS1kOTMxLTQ1OTQtOWQ4Mi01ZjljMjRhNDQyMzMiLCJub25jZSI6Ik5nMG1NOFRONTcxS2szTGUiLCJyYXQiOjE1Mjk3NTEzMDQsInN1YiI6ImZvb0BiYXIuY29tIn0.ngy0-UAs8ge1qrFjPQvWjgOw0PUr2tYXUYl1qk1MjeJdvyC_CPyRwPltoXlqW605KYfG1cvth4D0uBqz3qtGWCb0BIa3sNcRMkooEIvIF9AGhgrwg4RU0LWwzU6SoOkt23EjD1clTTqLJ-5hX1KEyNrPTDx6LFzamAb8HUdfMtV-hol4zKgeMMdvU-gXgsvnQjbYfJ3-nOTdtqGqPjJcJxx_nAPY6WOA3ofHd_DG-2Lj_8SXxw-VDGr-fny2KjpEPz5_aNo4bjdaDtfOQOtyoA7LH3UgEmxOYI2PO4oySjQXEjpU6l5hWhvmaa0SdAva6EEVN91-N-JojRKoK5lwhQDLNYRsjU2ETQHKNI_CPoX82UzNFtU6duefO7EnzP1FlJLlbFRLf802owM7YS06yxKL8jwk1194Vr7QNmEKkQn6A3wOc-RpMvE67jTmXMuGl1bXp9j22jcaeYJdnVDkk25vVYWaOm_tjyXZMlNb774XGhCyKMVrMyK8KHR8AQyWbIcyrVIu6PRgGTSk7PTxb8KZ23WIZMcCtGuOam2dSwOQFXkN5x1rlHSoMZsY_EBL1neusG8EV9I91ImP1a40ZS3eDhvTqRMLmdx79EFRhaGTesj7bpcr_5MwjGXGu1Y64nxge6Zqj7aSVBja6FmhSn5gmWUFv0-CJOnDub1eUcI&state=3nCtpDevq22iGQEs
2.873 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNDViOTEzZTgtM2U4Ny00NjZlLWI0NjQtMjI3OGQyYTcyMTkwIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiTGF1dWFoX0xjcHdyZXZIVnNGdDVFdyIsImV4cCI6MTUyOTc1NDkwNiwiaWF0IjoxNTI5NzUxMzA2LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhYmEwNDJjZS1kOTMxLTQ1OTQtOWQ4Mi01ZjljMjRhNDQyMzMiLCJub25jZSI6Ik5nMG1NOFRONTcxS2szTGUiLCJyYXQiOjE1Mjk3NTEzMDQsInN1YiI6ImZvb0BiYXIuY29tIn0.ngy0-UAs8ge1qrFjPQvWjgOw0PUr2tYXUYl1qk1MjeJdvyC_CPyRwPltoXlqW605KYfG1cvth4D0uBqz3qtGWCb0BIa3sNcRMkooEIvIF9AGhgrwg4RU0LWwzU6SoOkt23EjD1clTTqLJ-5hX1KEyNrPTDx6LFzamAb8HUdfMtV-hol4zKgeMMdvU-gXgsvnQjbYfJ3-nOTdtqGqPjJcJxx_nAPY6WOA3ofHd_DG-2Lj_8SXxw-VDGr-fny2KjpEPz5_aNo4bjdaDtfOQOtyoA7LH3UgEmxOYI2PO4oySjQXEjpU6l5hWhvmaa0SdAva6EEVN91-N-JojRKoK5lwhQDLNYRsjU2ETQHKNI_CPoX82UzNFtU6duefO7EnzP1FlJLlbFRLf802owM7YS06yxKL8jwk1194Vr7QNmEKkQn6A3wOc-RpMvE67jTmXMuGl1bXp9j22jcaeYJdnVDkk25vVYWaOm_tjyXZMlNb774XGhCyKMVrMyK8KHR8AQyWbIcyrVIu6PRgGTSk7PTxb8KZ23WIZMcCtGuOam2dSwOQFXkN5x1rlHSoMZsY_EBL1neusG8EV9I91ImP1a40ZS3eDhvTqRMLmdx79EFRhaGTesj7bpcr_5MwjGXGu1Y64nxge6Zqj7aSVBja6FmhSn5gmWUFv0-CJOnDub1eUcI', 'state': '3nCtpDevq22iGQEs', 'code': 'gtAJKrrXqrlZruz5LXVaHztBXf2-s3y4HcVb-W6_4po.szFxKoVQgrv7yPM87KQ2PKlRs7V-WRtFUtoRj78OJms'}
2.95 AuthorizationResponse {
"code": "gtAJKrrXqrlZruz5LXVaHztBXf2-s3y4HcVb-W6_4po.szFxKoVQgrv7yPM87KQ2PKlRs7V-WRtFUtoRj78OJms",
"id_token": {
"aud": [
"45b913e8-3e87-466e-b464-2278d2a72190"
],
"auth_time": 1529751224,
"c_hash": "Lauuah_LcpwrevHVsFt5Ew",
"exp": 1529754906,
"iat": 1529751306,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "aba042ce-d931-4594-9d82-5f9c24a44233",
"nonce": "Ng0mM8TN571Kk3Le",
"rat": 1529751304,
"sub": "foo@bar.com"
},
"state": "3nCtpDevq22iGQEs"
}
2.95 phase <--<-- 4 --- Done -->-->
2.95 end
2.951 assertion VerifyResponse
2.951 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.951 assertion CheckQueryPart
2.951 condition check-query-part: status=OK [Check that a query part send in the Authorization Request is returned in the Authorization response.]
2.951 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
check-query-part: status=OK [Check that a query part send in the Authorization Request is returned in the Authorization response.]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������./OP-IDToken-kid.txt��������������������������������������������������������������������������������0000644�0000000�0000000�00000031165�13313423160�014272� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-IDToken-kid
Test description: IDToken has kid [Basic, Implicit, Hybrid]
Timestamp: 2018-06-23T10:52:32Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.077 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.079 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.079 phase <--<-- 2 --- Registration -->-->
0.079 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.079 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#hwB23OFBIUT8n3Dx"
],
"response_types": [
"code id_token"
]
}
0.237 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.238 RegistrationResponse {
"client_id": "7d8e41f1-bb90-4c62-8d1c-ba2ef0fb97bc",
"client_secret": "qnaNIVuERuWW",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "7d8e41f1-bb90-4c62-8d1c-ba2ef0fb97bc",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#hwB23OFBIUT8n3Dx"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.238 phase <--<-- 3 --- AsyncAuthn -->-->
0.239 AuthorizationRequest {
"client_id": "7d8e41f1-bb90-4c62-8d1c-ba2ef0fb97bc",
"nonce": "UkvdiHPptM7fQIL0",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "xjK7jKSFSquPZHuQ"
}
0.239 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=7d8e41f1-bb90-4c62-8d1c-ba2ef0fb97bc&state=xjK7jKSFSquPZHuQ&response_type=code+id_token&nonce=UkvdiHPptM7fQIL0
0.239 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=7d8e41f1-bb90-4c62-8d1c-ba2ef0fb97bc&state=xjK7jKSFSquPZHuQ&response_type=code+id_token&nonce=UkvdiHPptM7fQIL0
2.325 http args {}
2.495 response URL with fragment
2.495 response code=v00EpU4rX4fMeTRiYTwd7vUCtNKEhPZ1ilY5ZSroRi4.EXbTpR8l6sZczidVUIkuoW1DORIbqtk7G4rpVbWAOa0&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiN2Q4ZTQxZjEtYmI5MC00YzYyLThkMWMtYmEyZWYwZmI5N2JjIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiSjh3RGR1MWpRbUwtTndaS0JqWjY4QSIsImV4cCI6MTUyOTc1NDc1MSwiaWF0IjoxNTI5NzUxMTUxLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI1Y2Q5YmU5YS04NGU0LTRkNzUtOGJlMC1mNDQ5MzU3ZjFkMGIiLCJub25jZSI6IlVrdmRpSFBwdE03ZlFJTDAiLCJyYXQiOjE1Mjk3NTExNTAsInN1YiI6ImZvb0BiYXIuY29tIn0.UWwkE4jqYovuY-Uuqj5yZ2qk5F3lDz4G4TmjoX3XSPYXnH5u5cRQR0VJP7DtlEe9wOeV06c7a2FGL8gqad9J_FjYxUXpvh97xU7pFgRZUg4DcJpleAU92WAcda3zokwhwgf8Bew_93HM03zxv_qINeJdpQWTrGtLuVNdy3PuaA6uwM_OUQ7SRKoumtjvfQpfT74ZbE-wwsJrj0UBlO8KC684l0pQY0q2OSXWuD4K80ZdCZ2GBlRuGvyOLHwTOuQm9eCDJMpt3yfewsUlL80f5PG_1u2KDRHt8OUh8wqF9cD9nySnzvumZ7c_KEfMRCbMXphrbK4OgZivXe_iUGVZCd0lobr4UEIT0ydTwX4s-D8_yWKSgxIcDGRZ7fEjdkSWtST6phsc61bQJizpp-Wxomk8AsUIoaoc36lchfJvzTc3g43xGmhepwCbsMQLzOpPOdhNkNKdTKk5ElV2qI-ispyoWKpB_6xPujKMWJ8lOZwwhcDaxSzVsCaak6NKzD4kJeWfJPyrGoy8CZZqLYg1Ydk7zgyYKiB0xgeiwbeu1FsfDwX_idfN0CbKKO27hv57vK6jmWQkn8OXfSqPn_oNX12e1yAvIsLtEpd4Xo05BkAucdsw2LNd4OeIUtLZ3Ie0os7ZjfRXTpR5d8IttxF5wUUxEdXB9gkEw4IZmMHfQps&state=xjK7jKSFSquPZHuQ
2.496 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiN2Q4ZTQxZjEtYmI5MC00YzYyLThkMWMtYmEyZWYwZmI5N2JjIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiSjh3RGR1MWpRbUwtTndaS0JqWjY4QSIsImV4cCI6MTUyOTc1NDc1MSwiaWF0IjoxNTI5NzUxMTUxLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI1Y2Q5YmU5YS04NGU0LTRkNzUtOGJlMC1mNDQ5MzU3ZjFkMGIiLCJub25jZSI6IlVrdmRpSFBwdE03ZlFJTDAiLCJyYXQiOjE1Mjk3NTExNTAsInN1YiI6ImZvb0BiYXIuY29tIn0.UWwkE4jqYovuY-Uuqj5yZ2qk5F3lDz4G4TmjoX3XSPYXnH5u5cRQR0VJP7DtlEe9wOeV06c7a2FGL8gqad9J_FjYxUXpvh97xU7pFgRZUg4DcJpleAU92WAcda3zokwhwgf8Bew_93HM03zxv_qINeJdpQWTrGtLuVNdy3PuaA6uwM_OUQ7SRKoumtjvfQpfT74ZbE-wwsJrj0UBlO8KC684l0pQY0q2OSXWuD4K80ZdCZ2GBlRuGvyOLHwTOuQm9eCDJMpt3yfewsUlL80f5PG_1u2KDRHt8OUh8wqF9cD9nySnzvumZ7c_KEfMRCbMXphrbK4OgZivXe_iUGVZCd0lobr4UEIT0ydTwX4s-D8_yWKSgxIcDGRZ7fEjdkSWtST6phsc61bQJizpp-Wxomk8AsUIoaoc36lchfJvzTc3g43xGmhepwCbsMQLzOpPOdhNkNKdTKk5ElV2qI-ispyoWKpB_6xPujKMWJ8lOZwwhcDaxSzVsCaak6NKzD4kJeWfJPyrGoy8CZZqLYg1Ydk7zgyYKiB0xgeiwbeu1FsfDwX_idfN0CbKKO27hv57vK6jmWQkn8OXfSqPn_oNX12e1yAvIsLtEpd4Xo05BkAucdsw2LNd4OeIUtLZ3Ie0os7ZjfRXTpR5d8IttxF5wUUxEdXB9gkEw4IZmMHfQps', 'state': 'xjK7jKSFSquPZHuQ', 'code': 'v00EpU4rX4fMeTRiYTwd7vUCtNKEhPZ1ilY5ZSroRi4.EXbTpR8l6sZczidVUIkuoW1DORIbqtk7G4rpVbWAOa0'}
2.575 AuthorizationResponse {
"code": "v00EpU4rX4fMeTRiYTwd7vUCtNKEhPZ1ilY5ZSroRi4.EXbTpR8l6sZczidVUIkuoW1DORIbqtk7G4rpVbWAOa0",
"id_token": {
"aud": [
"7d8e41f1-bb90-4c62-8d1c-ba2ef0fb97bc"
],
"auth_time": 1529750975,
"c_hash": "J8wDdu1jQmL-NwZKBjZ68A",
"exp": 1529754751,
"iat": 1529751151,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "5cd9be9a-84e4-4d75-8be0-f449357f1d0b",
"nonce": "UkvdiHPptM7fQIL0",
"rat": 1529751150,
"sub": "foo@bar.com"
},
"state": "xjK7jKSFSquPZHuQ"
}
2.575 phase <--<-- 4 --- AccessToken -->-->
2.575 --> request op_args: {'state': 'xjK7jKSFSquPZHuQ'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.575 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'xjK7jKSFSquPZHuQ', 'code': 'v00EpU4rX4fMeTRiYTwd7vUCtNKEhPZ1ilY5ZSroRi4.EXbTpR8l6sZczidVUIkuoW1DORIbqtk7G4rpVbWAOa0', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '7d8e41f1-bb90-4c62-8d1c-ba2ef0fb97bc'}, 'state': 'xjK7jKSFSquPZHuQ'}
2.575 AccessTokenRequest {
"code": "v00EpU4rX4fMeTRiYTwd7vUCtNKEhPZ1ilY5ZSroRi4.EXbTpR8l6sZczidVUIkuoW1DORIbqtk7G4rpVbWAOa0",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "xjK7jKSFSquPZHuQ"
}
2.575 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.575 request_http_args {'headers': {'Authorization': 'Basic N2Q4ZTQxZjEtYmI5MC00YzYyLThkMWMtYmEyZWYwZmI5N2JjOnFuYU5JVnVFUnVXVw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.575 request code=v00EpU4rX4fMeTRiYTwd7vUCtNKEhPZ1ilY5ZSroRi4.EXbTpR8l6sZczidVUIkuoW1DORIbqtk7G4rpVbWAOa0&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=xjK7jKSFSquPZHuQ
2.79 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.791 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiN2Q4ZTQxZjEtYmI5MC00YzYyLThkMWMtYmEyZWYwZmI5N2JjIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiSjh3RGR1MWpRbUwtTndaS0JqWjY4QSIsImV4cCI6MTUyOTc1NDc1MSwiaWF0IjoxNTI5NzUxMTUyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJjYzliNjAyMS05OTdjLTQ4NDItYmNlMi0yZTFmMjM3MWJjMzQiLCJub25jZSI6IlVrdmRpSFBwdE03ZlFJTDAiLCJyYXQiOjE1Mjk3NTExNTAsInN1YiI6ImZvb0BiYXIuY29tIn0.wg2a8jGDiyL1IucKT0KMK74hAJCEoY-lrizgey-5eql5-Lo1r2Dw9HuBbjBzOrGWkadCCFc7tzM60zKk2WIDTkaghcIqL7ZVsxBs9ASErqUlVHxh1IGXQw_NRm7lVuRJgfK1qURle_HD-yt57E7N3kyCMHpIovcHj5wNQbwBUfb-hg86ymz5VvHgeFs0F61PjYalEy1TpTff3OGeOvKKfpQxYIn_0n8-oqouRqcWV56U9BSVOuAxha5_85ktNFMhmhb4OfIwcyfA5BY88XNn1CQYeSBCC_sx5vT7ERF7cPPi7IHufccOPeOc3p37w7HlAo2Gb7_T9Xb05E8M__Q4P_50sENJkhdCsX9vwqJbwByExD7IpEqsz3cXcHy5DC1P6q025akELnB2_M0MDZN1IcCKA-zZbIKMG79kAevCtVxDpGH07_zts1dNlmcYSZ1SEDDDCLgImpobIaXw48jrlvdHK_k_AFme5W_pXjJfkSEc58-lS_BxKmzrMFFzrY8NXMbepizWyL3I8Wb33wp6xwOVtosFKq3sIUjz9LKMW4mW5qwI9ZMMP7iTeJzYcECGP9mV8I2Wc7mHHM7TevzCnmvH9kW4M7DcYq5WcwylvmfnfGI2fui2EQ1WR0OlNZCUwh95fndfS5nuik6ET2UsGBckIFaWFYXWDcUijmg0_Cs', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'R_qGhLUnDUo52fohC5Du1R0GqxhXH8j9u2OFFpRU3OQ.MCk90rUxisSOWEh5ryZj8KwqDQmyxsH4DPaByxUelgk', 'scope': 'openid'}
2.794 AccessTokenResponse {
"access_token": "R_qGhLUnDUo52fohC5Du1R0GqxhXH8j9u2OFFpRU3OQ.MCk90rUxisSOWEh5ryZj8KwqDQmyxsH4DPaByxUelgk",
"expires_in": 3599,
"id_token": {
"aud": [
"7d8e41f1-bb90-4c62-8d1c-ba2ef0fb97bc"
],
"auth_time": 1529750975,
"c_hash": "J8wDdu1jQmL-NwZKBjZ68A",
"exp": 1529754751,
"iat": 1529751152,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "cc9b6021-997c-4842-bce2-2e1f2371bc34",
"nonce": "UkvdiHPptM7fQIL0",
"rat": 1529751150,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.794 phase <--<-- 5 --- Done -->-->
2.794 end
2.795 assertion VerifySignedIdTokenHasKID
2.795 condition verify-signed-idtoken-has-kid: status=OK [Verifies that the header of a signed IDToken includes a kid claim.]
2.795 assertion VerifyResponse
2.795 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.795 condition Done: status=OK
============================================================
Conditions
verify-signed-idtoken-has-kid: status=OK [Verifies that the header of a signed IDToken includes a kid claim.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Req-claims_locales.txt�������������������������������������������������������������������������0000644�0000000�0000000�00000032151�13313423505�015726� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-claims_locales
Test description: Providing claims_locales
Timestamp: 2018-06-23T10:56:05Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
0.995 phase <--<-- 1 --- Webfinger -->-->
0.995 not expected to do WebFinger
0.996 phase <--<-- 2 --- Discovery -->-->
0.996 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.106 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.108 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.108 phase <--<-- 3 --- Registration -->-->
1.108 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.108 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#TkKrL99BnzPDscVc"
],
"response_types": [
"code id_token"
]
}
1.27 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.27 RegistrationResponse {
"client_id": "e69978c7-caff-4582-9e12-aab6fb43b829",
"client_secret": "dFy0y78jhbYH",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "e69978c7-caff-4582-9e12-aab6fb43b829",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#TkKrL99BnzPDscVc"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.271 phase <--<-- 4 --- AsyncAuthn -->-->
1.271 AuthorizationRequest {
"claims_locales": "se",
"client_id": "e69978c7-caff-4582-9e12-aab6fb43b829",
"nonce": "XtMGKaGnVvc2wgnV",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "fIlSaPFu0JjY8QXb"
}
1.271 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=e69978c7-caff-4582-9e12-aab6fb43b829&state=fIlSaPFu0JjY8QXb&response_type=code+id_token&nonce=XtMGKaGnVvc2wgnV&claims_locales=se
1.271 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=e69978c7-caff-4582-9e12-aab6fb43b829&state=fIlSaPFu0JjY8QXb&response_type=code+id_token&nonce=XtMGKaGnVvc2wgnV&claims_locales=se
4.208 http args {}
4.423 response URL with fragment
4.424 response code=wiISqZEYtfnWH61QKxHiAzwJsXtaNLWWx7Ah7HXCoqs.Xv9WTT5OKaw_Tr6D7pu5sviReuNOZ20yRZXTGNXEsaI&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZTY5OTc4YzctY2FmZi00NTgyLTllMTItYWFiNmZiNDNiODI5Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiVDZ0dWxJaEJEV1BSc2Z4NGdYdGVpUSIsImV4cCI6MTUyOTc1NDk2NCwiaWF0IjoxNTI5NzUxMzY0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhZjg4MDBhOC1mYzY3LTQxNGUtYTYzNi1lMmQ5YzkxZTA3NTAiLCJub25jZSI6Ilh0TUdLYUduVnZjMndnblYiLCJyYXQiOjE1Mjk3NTEzNjIsInN1YiI6ImZvb0BiYXIuY29tIn0.GPddCFsqeJZhuLcpyu659CRCJNT_E3s064Dw00tU_fMgOa0b_AlGKkbgdNPrY5BH9KzSv_BPPHT06SdLpxMm-HPeNLUHA5dakehjIfUTqfFCOwImLU8BUR2sPPO42gEux_wiAoQbuJPYbxklS2p8hnpwZ0U3rbn6qBlBY5rMeWaw5mB5-y2ip4eVDo8VhmJyHhl-5N9o1TXwUL70ZSsqOmevchS2khgPtGzuVoARWNqTqC3x5BL4yP0NYU0-3qzTAsZ7X4a6s1oyOaHzfM6fHO_SmHK0wxvT_CxOj73JyAEs6Jrce8Dm2H-VwO80kzP1THqQsxeIGb2zaDDXDC-kZ5ThLDMvcTCmYmpDuosZrmkiggNLC46hpJI_h8QeM-iFVCPNkSi_BEsEa2S1NnwI0mGKooJhLS-XBUFKT1_LwR-5j1hJ7qnjwSxwfjIPDBRDEhSPb6ZuMwEGU6rak_46K2llGDFpcHrm2mD_p779OMq7Ft68h8V5jj7kUwmCqfDFn5n5xmTeF2DuWiCMBbcqDMcndtjs1_1jKWKRA0S5r_5UhzxfeWkJ-tNdEzathhEKV6vH7qd3Nvu6Cgd3IKU13LsvU7KWGQPof7JcwuOCRagdJFfeVK_aBuIuI5E5siC82JcBAcYJDF5jjredjr5DYgEg2vVExNKAv8ygwOYpnSg&state=fIlSaPFu0JjY8QXb
4.424 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZTY5OTc4YzctY2FmZi00NTgyLTllMTItYWFiNmZiNDNiODI5Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiVDZ0dWxJaEJEV1BSc2Z4NGdYdGVpUSIsImV4cCI6MTUyOTc1NDk2NCwiaWF0IjoxNTI5NzUxMzY0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhZjg4MDBhOC1mYzY3LTQxNGUtYTYzNi1lMmQ5YzkxZTA3NTAiLCJub25jZSI6Ilh0TUdLYUduVnZjMndnblYiLCJyYXQiOjE1Mjk3NTEzNjIsInN1YiI6ImZvb0BiYXIuY29tIn0.GPddCFsqeJZhuLcpyu659CRCJNT_E3s064Dw00tU_fMgOa0b_AlGKkbgdNPrY5BH9KzSv_BPPHT06SdLpxMm-HPeNLUHA5dakehjIfUTqfFCOwImLU8BUR2sPPO42gEux_wiAoQbuJPYbxklS2p8hnpwZ0U3rbn6qBlBY5rMeWaw5mB5-y2ip4eVDo8VhmJyHhl-5N9o1TXwUL70ZSsqOmevchS2khgPtGzuVoARWNqTqC3x5BL4yP0NYU0-3qzTAsZ7X4a6s1oyOaHzfM6fHO_SmHK0wxvT_CxOj73JyAEs6Jrce8Dm2H-VwO80kzP1THqQsxeIGb2zaDDXDC-kZ5ThLDMvcTCmYmpDuosZrmkiggNLC46hpJI_h8QeM-iFVCPNkSi_BEsEa2S1NnwI0mGKooJhLS-XBUFKT1_LwR-5j1hJ7qnjwSxwfjIPDBRDEhSPb6ZuMwEGU6rak_46K2llGDFpcHrm2mD_p779OMq7Ft68h8V5jj7kUwmCqfDFn5n5xmTeF2DuWiCMBbcqDMcndtjs1_1jKWKRA0S5r_5UhzxfeWkJ-tNdEzathhEKV6vH7qd3Nvu6Cgd3IKU13LsvU7KWGQPof7JcwuOCRagdJFfeVK_aBuIuI5E5siC82JcBAcYJDF5jjredjr5DYgEg2vVExNKAv8ygwOYpnSg', 'state': 'fIlSaPFu0JjY8QXb', 'code': 'wiISqZEYtfnWH61QKxHiAzwJsXtaNLWWx7Ah7HXCoqs.Xv9WTT5OKaw_Tr6D7pu5sviReuNOZ20yRZXTGNXEsaI'}
4.505 AuthorizationResponse {
"code": "wiISqZEYtfnWH61QKxHiAzwJsXtaNLWWx7Ah7HXCoqs.Xv9WTT5OKaw_Tr6D7pu5sviReuNOZ20yRZXTGNXEsaI",
"id_token": {
"aud": [
"e69978c7-caff-4582-9e12-aab6fb43b829"
],
"auth_time": 1529751224,
"c_hash": "T6tulIhBDWPRsfx4gXteiQ",
"exp": 1529754964,
"iat": 1529751364,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "af8800a8-fc67-414e-a636-e2d9c91e0750",
"nonce": "XtMGKaGnVvc2wgnV",
"rat": 1529751362,
"sub": "foo@bar.com"
},
"state": "fIlSaPFu0JjY8QXb"
}
4.506 phase <--<-- 5 --- AccessToken -->-->
4.506 --> request op_args: {'state': 'fIlSaPFu0JjY8QXb'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.506 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'fIlSaPFu0JjY8QXb', 'code': 'wiISqZEYtfnWH61QKxHiAzwJsXtaNLWWx7Ah7HXCoqs.Xv9WTT5OKaw_Tr6D7pu5sviReuNOZ20yRZXTGNXEsaI', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'e69978c7-caff-4582-9e12-aab6fb43b829'}, 'state': 'fIlSaPFu0JjY8QXb'}
4.506 AccessTokenRequest {
"code": "wiISqZEYtfnWH61QKxHiAzwJsXtaNLWWx7Ah7HXCoqs.Xv9WTT5OKaw_Tr6D7pu5sviReuNOZ20yRZXTGNXEsaI",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "fIlSaPFu0JjY8QXb"
}
4.506 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.506 request_http_args {'headers': {'Authorization': 'Basic ZTY5OTc4YzctY2FmZi00NTgyLTllMTItYWFiNmZiNDNiODI5OmRGeTB5NzhqaGJZSA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.506 request code=wiISqZEYtfnWH61QKxHiAzwJsXtaNLWWx7Ah7HXCoqs.Xv9WTT5OKaw_Tr6D7pu5sviReuNOZ20yRZXTGNXEsaI&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=fIlSaPFu0JjY8QXb
4.724 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.725 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiZTY5OTc4YzctY2FmZi00NTgyLTllMTItYWFiNmZiNDNiODI5Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiVDZ0dWxJaEJEV1BSc2Z4NGdYdGVpUSIsImV4cCI6MTUyOTc1NDk2NCwiaWF0IjoxNTI5NzUxMzY1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI4YTczNzI5ZC1kM2YzLTRmN2EtODZjZi1iMTc3MTljZDFlOTkiLCJub25jZSI6Ilh0TUdLYUduVnZjMndnblYiLCJyYXQiOjE1Mjk3NTEzNjIsInN1YiI6ImZvb0BiYXIuY29tIn0.M93SUDYs2x34STv3TD9v_uD8P_kZ1gsuNY4ThSNqH_XO2iSbuDvV4oWLg1AZHZxwGEjDPTt69-2qg07Dl2sAw7yrGzA5kqbQpqsCy4SwoiypdlWL7t9oFwYt0pcc-9qz2jT-2MVRQj_u1KA7M-217pKipkua45OUMP3Yg_CbSKz_Wzwr3w178hxaZ9nco6zB1orQHR_9k_f71gXwh67fvx-Xr3uEiNxXGO707hUxDubT1O_KpHgOodpuEL_Ml-AgnJSBqG-WoMeZGihxZtyp_Tljs8Ob6foYvHRbBlHUDK4ETGuQ--LOpEsANrEJQ8p-aGMPNYztvR3kRftH2Qq1Wu1nbOLv_VoM3StvYiC4SQF2f8rrxqHkH6WWlJyJUp8BnF6dDC9MIpLx5Z3BG12JCrfubHARu-8dRox_sZ6XwcZsZxGWgC7QmHUfUG8Nr874Qlkhr5X61neyFBpp2ie1F5JXntxoS8tl0FZ3SmXQoT7YWJSPFE0y_MGtcp_5DGp2sFFGMwRerB6evUsj8IIlnHHj3MnbMLUmjwiDvks1k7ZFnx0DHKIX0CCB_N0yx4NoY6bqP-BSwvjm5cf3cYWZWlV8aOj15gGsPi_NZ4ehF14ap3ZS8pzPlSXSEqpYJstUfLvMygyVxPlp0-NpG-YkJfAJJt9ff0bG7nLjZMpRof8', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'lZN9ftMbsHpbFf_YH9CnWVpjEczFf1N3y7icKOeoIEQ.O9wH0NQNpH35rz8GulaEbHgODjwOWxaXqQ2D7ZEU2u0', 'scope': 'openid'}
4.729 AccessTokenResponse {
"access_token": "lZN9ftMbsHpbFf_YH9CnWVpjEczFf1N3y7icKOeoIEQ.O9wH0NQNpH35rz8GulaEbHgODjwOWxaXqQ2D7ZEU2u0",
"expires_in": 3599,
"id_token": {
"aud": [
"e69978c7-caff-4582-9e12-aab6fb43b829"
],
"auth_time": 1529751224,
"c_hash": "T6tulIhBDWPRsfx4gXteiQ",
"exp": 1529754964,
"iat": 1529751365,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "8a73729d-d3f3-4f7a-86cf-b17719cd1e99",
"nonce": "XtMGKaGnVvc2wgnV",
"rat": 1529751362,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
4.729 phase <--<-- 6 --- UserInfo -->-->
4.729 do_user_info_request kwargs:{'state': 'fIlSaPFu0JjY8QXb', 'method': 'GET', 'authn_method': 'bearer_header'}
4.729 request {'body': None}
4.729 request_url https://oidc-certification.ory.sh:8443/userinfo
4.729 request_http_args {'headers': {'Authorization': 'Bearer lZN9ftMbsHpbFf_YH9CnWVpjEczFf1N3y7icKOeoIEQ.O9wH0NQNpH35rz8GulaEbHgODjwOWxaXqQ2D7ZEU2u0'}}
4.817 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
4.818 OpenIDSchema {
"sub": "foo@bar.com"
}
4.818 OpenIDSchema {
"sub": "foo@bar.com"
}
4.818 phase <--<-- 7 --- DisplayUserInfo -->-->
4.819 phase <--<-- 8 --- Done -->-->
4.819 end
4.819 assertion CheckHTTPResponse
4.819 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
4.819 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Rotation-RP-Sig.txt����������������������������������������������������������������������������0000644�0000000�0000000�00000046565�13313423736�015111� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Rotation-RP-Sig
Test description: Request access token, change RSA signing key and request another access token
Timestamp: 2018-06-23T10:58:38Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.075 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'token_endpoint_auth_method': 'private_key_jwt', 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'refresh_token'], 'response_types': ['code id_token'], 'url': 'https://oidc-certification.ory.sh:8443/clients', 'application_type': 'web'}
0.077 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit",
"refresh_token"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#KJUDla8EKJUjluxD"
],
"response_types": [
"code id_token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
0.235 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.236 RegistrationResponse {
"client_id": "69b7886f-b72b-472e-b738-503b28b7d8c1",
"client_secret": "zRok50-t_0Sg",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit",
"refresh_token"
],
"id": "69b7886f-b72b-472e-b738-503b28b7d8c1",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#KJUDla8EKJUjluxD"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "private_key_jwt",
"userinfo_signed_response_alg": "none"
}
0.236 phase <--<-- 3 --- AsyncAuthn -->-->
0.237 AuthorizationRequest {
"client_id": "69b7886f-b72b-472e-b738-503b28b7d8c1",
"nonce": "159FHQa2R2FiyttH",
"prompt": [
"consent"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid offline_access",
"state": "GzeygYAJCs4OD767"
}
0.237 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=consent&scope=openid+offline_access&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=69b7886f-b72b-472e-b738-503b28b7d8c1&state=GzeygYAJCs4OD767&response_type=code+id_token&nonce=159FHQa2R2FiyttH
0.237 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=consent&scope=openid+offline_access&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=69b7886f-b72b-472e-b738-503b28b7d8c1&state=GzeygYAJCs4OD767&response_type=code+id_token&nonce=159FHQa2R2FiyttH
3.171 http args {}
3.346 response URL with fragment
3.346 response code=tTTOJH7RkaiPzyIjCfdH9EIF2YPttwpBdVDTs9QysFY.EFhjE_8t1qEDTvJp--s0Bm3YZEy5CxoWH5aC7b6JJ9w&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzplMjcyYTc1NS03YWUyLTQ5MGUtODJmNS02MmUwNjc4NjQxYjAiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoicjRiMl9kaTluTnN4M2hndkRoT2lHZyIsImV4cCI6MTUyOTc1NTExNywiaWF0IjoxNTI5NzUxNTE3LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJjOWRlMGI1ZS03N2E2LTRlM2EtOTRhMy1iYzg3NGYyZjQzOWMiLCJub25jZSI6IjE1OUZIUWEyUjJGaXl0dEgiLCJyYXQiOjE1Mjk3NTE1MTQsInN1YiI6ImZvb0BiYXIuY29tIn0.YO1T3DmieuEcVH66rjfTbcPDWFI3ZnLjHKA8VsI5z-1ueGUVwt5vsyiJhd4iJFhNY0CLiEb5A5b9h9AtYQy4wd00syGO5cBh3bZ8FJtpaVEYY4c2tm3evYK6nnq46gK6Q-3gFP9e5n-yAoRndxJ1il8C8zjrmhzUrKKw01tFROEm3sGUAmjblThHZ0RQvh-o5BDjVl3nHD4lSrnKdkkTgok93vYCPS_KCcNOS6YKmTzOJUpTZ-OkjvZrnQ0I3cVCunVPueqhtFFStymqm-UFV5UYLlSk0IpEm9Mi6QPCqgke5KJ8nhAPBLzkDODvqvml3aTGeFWfIcmv5HSQpcQjbNCzx47b0YHEOZNeqsEGvFJc2aY1hor_c9QaIJSgDvSbtocWzzE73We35oJPM5qimO01nBJlxF1M6kD9Gt_s13XE0Dp-sbLEXIuH1PgOu-2CUp_AcrhiqVoIOtNbgGK9BvMJxRZKycbzgpdFRtLkPOBy1A0Iqax3T-_6ojt0AOQ2WGDCR73JUOuGSpAK4o1A3IVkHLVfdr0Uw9rTqAeyQjtpcaBjUaqPA0ptGx2kQmV8ftrSE8rK5FTv6SKUbiDQbUynEHAQro0iyq_AKRs6ynPxM3sxe_mARInvU3z7U-rGn04YTdUGOlkxk527lkpZfCjUic-pU30ekAiHV_4pBGQ&state=GzeygYAJCs4OD767
3.346 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzplMjcyYTc1NS03YWUyLTQ5MGUtODJmNS02MmUwNjc4NjQxYjAiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoicjRiMl9kaTluTnN4M2hndkRoT2lHZyIsImV4cCI6MTUyOTc1NTExNywiaWF0IjoxNTI5NzUxNTE3LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJjOWRlMGI1ZS03N2E2LTRlM2EtOTRhMy1iYzg3NGYyZjQzOWMiLCJub25jZSI6IjE1OUZIUWEyUjJGaXl0dEgiLCJyYXQiOjE1Mjk3NTE1MTQsInN1YiI6ImZvb0BiYXIuY29tIn0.YO1T3DmieuEcVH66rjfTbcPDWFI3ZnLjHKA8VsI5z-1ueGUVwt5vsyiJhd4iJFhNY0CLiEb5A5b9h9AtYQy4wd00syGO5cBh3bZ8FJtpaVEYY4c2tm3evYK6nnq46gK6Q-3gFP9e5n-yAoRndxJ1il8C8zjrmhzUrKKw01tFROEm3sGUAmjblThHZ0RQvh-o5BDjVl3nHD4lSrnKdkkTgok93vYCPS_KCcNOS6YKmTzOJUpTZ-OkjvZrnQ0I3cVCunVPueqhtFFStymqm-UFV5UYLlSk0IpEm9Mi6QPCqgke5KJ8nhAPBLzkDODvqvml3aTGeFWfIcmv5HSQpcQjbNCzx47b0YHEOZNeqsEGvFJc2aY1hor_c9QaIJSgDvSbtocWzzE73We35oJPM5qimO01nBJlxF1M6kD9Gt_s13XE0Dp-sbLEXIuH1PgOu-2CUp_AcrhiqVoIOtNbgGK9BvMJxRZKycbzgpdFRtLkPOBy1A0Iqax3T-_6ojt0AOQ2WGDCR73JUOuGSpAK4o1A3IVkHLVfdr0Uw9rTqAeyQjtpcaBjUaqPA0ptGx2kQmV8ftrSE8rK5FTv6SKUbiDQbUynEHAQro0iyq_AKRs6ynPxM3sxe_mARInvU3z7U-rGn04YTdUGOlkxk527lkpZfCjUic-pU30ekAiHV_4pBGQ', 'state': 'GzeygYAJCs4OD767', 'code': 'tTTOJH7RkaiPzyIjCfdH9EIF2YPttwpBdVDTs9QysFY.EFhjE_8t1qEDTvJp--s0Bm3YZEy5CxoWH5aC7b6JJ9w'}
3.466 AuthorizationResponse {
"code": "tTTOJH7RkaiPzyIjCfdH9EIF2YPttwpBdVDTs9QysFY.EFhjE_8t1qEDTvJp--s0Bm3YZEy5CxoWH5aC7b6JJ9w",
"id_token": {
"aud": [
"69b7886f-b72b-472e-b738-503b28b7d8c1"
],
"auth_time": 1529751409,
"c_hash": "r4b2_di9nNsx3hgvDhOiGg",
"exp": 1529755117,
"iat": 1529751517,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "c9de0b5e-77a6-4e3a-94a3-bc874f2f439c",
"nonce": "159FHQa2R2FiyttH",
"rat": 1529751514,
"sub": "foo@bar.com"
},
"state": "GzeygYAJCs4OD767"
}
3.466 phase <--<-- 4 --- AccessToken -->-->
3.466 --> request op_args: {'state': 'GzeygYAJCs4OD767', 'authn_method': 'private_key_jwt'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.466 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'GzeygYAJCs4OD767', 'code': 'tTTOJH7RkaiPzyIjCfdH9EIF2YPttwpBdVDTs9QysFY.EFhjE_8t1qEDTvJp--s0Bm3YZEy5CxoWH5aC7b6JJ9w', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '69b7886f-b72b-472e-b738-503b28b7d8c1'}, 'state': 'GzeygYAJCs4OD767', 'authn_method': 'private_key_jwt'}
3.466 AccessTokenRequest {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIiwgImlhdCI6IDE1Mjk3NTE1MTcsICJqdGkiOiAiY3VycGttVENDY0hpWUtTYzdvZjZsRzBvZlpKc0dxTEEiLCAiZXhwIjogMTUyOTc1MjExN30.ktz8lfagDUJ8kzfdfKtYJWESJFVhT6ThAoxSvsN2W_UQQuKvG1hqWFf4eqvjxEjlqyKDo9y1argnn4BJqiyrrOFW8v_fFgnylNVW8hnO5yVMpb_sWRBY-ES8fKsa-7Yj5EtWUKQQ3iHRtjz2wvPo61uohxMcGRFQhNevj398RlmZwIpatXeUCGhz5SEwtLUbg_0fMNRbYX_4w0Qu2CIyTkx08tx_0Oqco-lFDf6nLQiTWLrLGqOOU1-YF6X0rstRPMsHMmWTR5y2U9CN7kBewgnmkkIp_95JJfa7SQPSnQtWc4vXXF7DgoVQ_EL9GZN1z3ZQyCmhmNWXSgFRfDsF-A",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "tTTOJH7RkaiPzyIjCfdH9EIF2YPttwpBdVDTs9QysFY.EFhjE_8t1qEDTvJp--s0Bm3YZEy5CxoWH5aC7b6JJ9w",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "GzeygYAJCs4OD767"
}
3.47 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.47 request_http_args {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}}
3.47 request code=tTTOJH7RkaiPzyIjCfdH9EIF2YPttwpBdVDTs9QysFY.EFhjE_8t1qEDTvJp--s0Bm3YZEy5CxoWH5aC7b6JJ9w&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=GzeygYAJCs4OD767&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIiwgImlhdCI6IDE1Mjk3NTE1MTcsICJqdGkiOiAiY3VycGttVENDY0hpWUtTYzdvZjZsRzBvZlpKc0dxTEEiLCAiZXhwIjogMTUyOTc1MjExN30.ktz8lfagDUJ8kzfdfKtYJWESJFVhT6ThAoxSvsN2W_UQQuKvG1hqWFf4eqvjxEjlqyKDo9y1argnn4BJqiyrrOFW8v_fFgnylNVW8hnO5yVMpb_sWRBY-ES8fKsa-7Yj5EtWUKQQ3iHRtjz2wvPo61uohxMcGRFQhNevj398RlmZwIpatXeUCGhz5SEwtLUbg_0fMNRbYX_4w0Qu2CIyTkx08tx_0Oqco-lFDf6nLQiTWLrLGqOOU1-YF6X0rstRPMsHMmWTR5y2U9CN7kBewgnmkkIp_95JJfa7SQPSnQtWc4vXXF7DgoVQ_EL9GZN1z3ZQyCmhmNWXSgFRfDsF-A
3.601 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.602 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzplMjcyYTc1NS03YWUyLTQ5MGUtODJmNS02MmUwNjc4NjQxYjAiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoicjRiMl9kaTluTnN4M2hndkRoT2lHZyIsImV4cCI6MTUyOTc1NTExNywiaWF0IjoxNTI5NzUxNTE3LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI5NjY5N2IxZS00NDQzLTQwMDQtYWM0OC0yNmM1MzU4NDZjOGIiLCJub25jZSI6IjE1OUZIUWEyUjJGaXl0dEgiLCJyYXQiOjE1Mjk3NTE1MTQsInN1YiI6ImZvb0BiYXIuY29tIn0.GRLXaM5AUN3ym1JQSGR21EoGHu40zJip1t7MU37pt2YSajCDtcSBu6w-uV-ZDiZTcNERwhNgwrgUd5Y-7PxR4Up8gZCINw8-VEA78zwQLFwSfm-DXpsySWE0wDpMpE42g9fhl1hS1R8sUNIGpnHSFvHxEN3K0mp0wOJqoUtCHKqRACzbu6hGpaOgaGzr-qsCXxMr5uioaGYyldJLvHM9yR2YcjICOy6g0F7qsauso7SNIU5eehb4D_czBNlFeRaIM-ApSndNHy8PAeIoLRmyCf9ISOWCyXNCffpXbdleI_JdeCBGZ8Jk6CB7tVeAb7jP2f1BvTPQbZ-Wuz0n3F673pOHkveA-YfDFk6gsKQ-tMdxAWxlT9MkyrR6K7pkbVatbgwnIBeWMzAUDyfMyQqNYVEW7oGaxA4SPml9o5qDTpb-m-gm7CoOuiyzGlDVvJJXvVXpkqnBhZp0SSy8D509BgelXr7hAvltmjEeab_ZsnqYaRoAS78Y9kF1QihtyGORti9xnCs4hMlRXWmbwSfJ2nAYJOtBV4b_HAchJidVXJRXpIGcFenVO7yKlX5qYsjRDW_CX4YizQ9TIXSKiDy9iv8gHaAy77Qino-rEjPfs-lnj9gOZOrWEnL3E9RyhO6cmRESBquSN0fOH1QDRYWloncEn8znIFNDnZh2u0SeEOk', 'scope': 'openid offline_access', 'access_token': '1XA8hfwj0NW2RiM08tCSlFVbwGkj_DALqxrNLyQBVS8.gYD7WlGB7S5k3Pmf1ImXJOg_c7uVI8fNdQO1lq2DlE4', 'refresh_token': '94WLBPwou3ADZTX3yDm4-RXDhW1byvlfcr5uX6VLVlI.DB3LHhJNXKt1ceB42NeNduS97vCcfi9KdE7jyPa2zQo', 'token_type': 'bearer', 'expires_in': 3599}
3.606 AccessTokenResponse {
"access_token": "1XA8hfwj0NW2RiM08tCSlFVbwGkj_DALqxrNLyQBVS8.gYD7WlGB7S5k3Pmf1ImXJOg_c7uVI8fNdQO1lq2DlE4",
"expires_in": 3599,
"id_token": {
"aud": [
"69b7886f-b72b-472e-b738-503b28b7d8c1"
],
"auth_time": 1529751409,
"c_hash": "r4b2_di9nNsx3hgvDhOiGg",
"exp": 1529755117,
"iat": 1529751517,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "96697b1e-4443-4004-ac48-26c535846c8b",
"nonce": "159FHQa2R2FiyttH",
"rat": 1529751514,
"sub": "foo@bar.com"
},
"refresh_token": "94WLBPwou3ADZTX3yDm4-RXDhW1byvlfcr5uX6VLVlI.DB3LHhJNXKt1ceB42NeNduS97vCcfi9KdE7jyPa2zQo",
"scope": "openid offline_access",
"token_type": "bearer"
}
3.606 phase <--<-- 5 --- RotateSigKeys -->-->
3.652 phase <--<-- 6 --- RefreshAccessToken -->-->
3.653 RefreshAccessTokenRequest {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkJlYTFmMHRNOWFhRmpkTU5YSmk4RXJhbDhFR0dWdjducF9NVjdUdlJ0UFEifQ.eyJpc3MiOiAiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIiwgImlhdCI6IDE1Mjk3NTE1MTcsICJqdGkiOiAiYzZvd1hhN0JyQXdHeTJIUGpXZWNHSUJSaGh2RUdMeDYiLCAiZXhwIjogMTUyOTc1MjExN30.WkM1gou3EKN6cPV03fSfuAqocQuud_9xf5ilRJdPpbq5lcbzkdD573Qvy4Jp43DmcB5p83KmiFsHPpF-bl90dhbFUbrO6j6aY4zWG-Ay1YPxXA0GhO5QgR0v-z4hCSkTZTzuziEW-CwgRQr5PHz1Fuy-vskB_WN1q6WLbS72WCPxaFFZZp3sOmx2fle85anB-7BGNbnYxC6yRw90gG3x1it8w_JhPdZgRJNDpnJIvYDRqbAsjYlP_cCNnzwcBWmk6yvALeaOMfykwxL8qtFdXHgf9EntpssGpE23DVMoUGcoypfdYRwbCrkdu4CE4FLyMiwNfxiZ_jn9OUdDCpY8Ag",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"grant_type": "refresh_token",
"refresh_token": "94WLBPwou3ADZTX3yDm4-RXDhW1byvlfcr5uX6VLVlI.DB3LHhJNXKt1ceB42NeNduS97vCcfi9KdE7jyPa2zQo",
"scope": "openid offline_access"
}
3.656 request {'client_assertion': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IkJlYTFmMHRNOWFhRmpkTU5YSmk4RXJhbDhFR0dWdjducF9NVjdUdlJ0UFEifQ.eyJpc3MiOiAiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIiwgImF1ZCI6IFsiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvb2F1dGgyL3Rva2VuIl0sICJzdWIiOiAiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIiwgImlhdCI6IDE1Mjk3NTE1MTcsICJqdGkiOiAiYzZvd1hhN0JyQXdHeTJIUGpXZWNHSUJSaGh2RUdMeDYiLCAiZXhwIjogMTUyOTc1MjExN30.WkM1gou3EKN6cPV03fSfuAqocQuud_9xf5ilRJdPpbq5lcbzkdD573Qvy4Jp43DmcB5p83KmiFsHPpF-bl90dhbFUbrO6j6aY4zWG-Ay1YPxXA0GhO5QgR0v-z4hCSkTZTzuziEW-CwgRQr5PHz1Fuy-vskB_WN1q6WLbS72WCPxaFFZZp3sOmx2fle85anB-7BGNbnYxC6yRw90gG3x1it8w_JhPdZgRJNDpnJIvYDRqbAsjYlP_cCNnzwcBWmk6yvALeaOMfykwxL8qtFdXHgf9EntpssGpE23DVMoUGcoypfdYRwbCrkdu4CE4FLyMiwNfxiZ_jn9OUdDCpY8Ag', 'scope': 'openid offline_access', 'grant_type': 'refresh_token', 'client_assertion_type': 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer', 'refresh_token': '94WLBPwou3ADZTX3yDm4-RXDhW1byvlfcr5uX6VLVlI.DB3LHhJNXKt1ceB42NeNduS97vCcfi9KdE7jyPa2zQo'}
3.783 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.783 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.783 handle_response kwargs:{'r': <Response [200]>, 'csi': <oic.oic.message.RefreshAccessTokenRequest object at 0x7f2440021c18>}
3.784 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzplMjcyYTc1NS03YWUyLTQ5MGUtODJmNS02MmUwNjc4NjQxYjAiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNjliNzg4NmYtYjcyYi00NzJlLWI3MzgtNTAzYjI4YjdkOGMxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoicjRiMl9kaTluTnN4M2hndkRoT2lHZyIsImV4cCI6MTUyOTc1NTExNywiaWF0IjoxNTI5NzUxNTE3LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJjNDEzM2M5OC00ZGZmLTQ0ODMtOGI2MS0yNDMyMzE1MDAzZmMiLCJub25jZSI6IiIsInJhdCI6MTUyOTc1MTUxNCwic3ViIjoiZm9vQGJhci5jb20ifQ.Iix_R_oew4M-xkbCCnVJBXLvGkPIqKl-SH84bhxmT2nHKFR9oUM4wo4IgTMo-TraifPANfo_-V3QprXmP3J4ALOjmszNdqutLyZQHPN1eopyC2_7ocNrwQ-YFthZT4vztBpQlxce5oG428IZeXBtbMUSyRs5l_7nARCB8nj4fGSE7bLK56JNxRNtp09mP3GNZWdGzjGWfFkH213zfFVK1al1IZ8YrQ9r1CQ_ob39XR2GMAZ97Vv_A6XNrbbIoVBOeNtLLV9rGPyqQHV4XCWumVo6TxBjlu5MzhvT0uw4p7jP9bYS-1uw5GofkKvNOoe0cegKHKuZ6WlHwgBZlkLK7ldgsOLv8dd80SJ9R8qxhhpmuMwMHOQLYZJ-LHuoTbOTDZNUhMyRDP1Tduv4_hB4RAYSsCUtpn0nfGH5pMzGgwglToh_bJvSYqFa22FuNMhJPD9Fi9mTACX7Bcqp6iXkv0rgmPeWuHAIsdMfoVZWuoKBuzIR8wHNDeSRy3dxBiOOLw1rOAfp4epC4-isr5P3wugGa7wzTQqlO-pf0RdsrmN3XA7BsJsUq_DXAFvBsQNafS9eP62IAgJZOaeygHh7ndEhhV74K8jXH_O3oEZG1SXy-_D1z5hRmdxQJUlmK7HyUWNt9nMbFvNzFVNdfNOymia7SHxuJYP3ZJA18qREs14', 'scope': 'openid offline_access', 'access_token': 'lbf07R2_dxYqwDJahSc5JemborFBuAHVGimLBEE0I6Q.Iw2Nsee_QTFPMEYCVlgUkyke6w9L_BYbEsl061B_rRs', 'refresh_token': 'd9u1gwit8ZLx01paTZ4slu1DCjA3PhjzwcnFjzUMiYc.HAWB8BoF9S6sb6FvT9YwEjIwQ1fbWBp7vGudeLZBcm0', 'token_type': 'bearer', 'expires_in': 3599}
3.787 jws header {'typ': 'JWT', 'alg': 'RS256', 'kid': 'public:e272a755-7ae2-490e-82f5-62e0678641b0'}
3.787 AccessTokenResponse {
"access_token": "lbf07R2_dxYqwDJahSc5JemborFBuAHVGimLBEE0I6Q.Iw2Nsee_QTFPMEYCVlgUkyke6w9L_BYbEsl061B_rRs",
"expires_in": 3599,
"id_token": {
"aud": [
"69b7886f-b72b-472e-b738-503b28b7d8c1"
],
"auth_time": 1529751409,
"c_hash": "r4b2_di9nNsx3hgvDhOiGg",
"exp": 1529755117,
"iat": 1529751517,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "c4133c98-4dff-4483-8b61-2432315003fc",
"rat": 1529751514,
"sub": "foo@bar.com"
},
"refresh_token": "d9u1gwit8ZLx01paTZ4slu1DCjA3PhjzwcnFjzUMiYc.HAWB8BoF9S6sb6FvT9YwEjIwQ1fbWBp7vGudeLZBcm0",
"scope": "openid offline_access",
"token_type": "bearer"
}
3.787 phase <--<-- 7 --- Done -->-->
3.788 end
3.788 assertion CheckHTTPResponse
3.788 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
3.788 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������./OP-OAuth-2nd-Revokes.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000041136�13313423703�015347� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd-Revokes
Test description: Trying to use authorization code twice should result in revoking previously issued access tokens
Timestamp: 2018-06-23T10:58:11Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.089 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.09 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.09 phase <--<-- 2 --- Registration -->-->
0.09 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.091 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#ci3IHpMdg9juPHoI"
],
"response_types": [
"code id_token"
]
}
0.251 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.252 RegistrationResponse {
"client_id": "401bb090-83e6-4049-b716-d9d346990e0a",
"client_secret": "ioLyDpU~kxu-",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "401bb090-83e6-4049-b716-d9d346990e0a",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#ci3IHpMdg9juPHoI"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.252 phase <--<-- 3 --- Note -->-->
2.274 phase <--<-- 4 --- AsyncAuthn -->-->
2.274 AuthorizationRequest {
"client_id": "401bb090-83e6-4049-b716-d9d346990e0a",
"nonce": "dT4epzvgloJmT2ai",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "hItVD6KV0VRWqeqd"
}
2.275 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=401bb090-83e6-4049-b716-d9d346990e0a&state=hItVD6KV0VRWqeqd&response_type=code+id_token&nonce=dT4epzvgloJmT2ai
2.275 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=401bb090-83e6-4049-b716-d9d346990e0a&state=hItVD6KV0VRWqeqd&response_type=code+id_token&nonce=dT4epzvgloJmT2ai
5.893 http args {}
6.067 response URL with fragment
6.068 response code=UUxBST5rFc5wge9VU1TfXE2X5EOAOhxBsbkP-i_UQkM.XtczFf68fL6gj68YslHcXEs_tJMtNb-HsbCFpODACJQ&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNDAxYmIwOTAtODNlNi00MDQ5LWI3MTYtZDlkMzQ2OTkwZTBhIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiRTJDMmE2a21oanM5WjB5aFQ3SVZadyIsImV4cCI6MTUyOTc1NTA5MCwiaWF0IjoxNTI5NzUxNDkwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhY2E3NzNkNi1iMGM3LTQ4ZGMtYTYwYy1lMTU0OTVhODBiODAiLCJub25jZSI6ImRUNGVwenZnbG9KbVQyYWkiLCJyYXQiOjE1Mjk3NTE0ODcsInN1YiI6ImZvb0BiYXIuY29tIn0.H67QuRm3vjhZ95uaGcacCFb09lov4mawS6Z0jKCMb-S1i9Vq2nXWXpWDVFPMJpk2B1X1UcUHvJTHVUSGDqaVT3wYPhOY4PhXrGj74v4eJwLyWGeG2XAvCcEx0FKTJYBJiB1Opv9ys-jvf7yMA0tURRxN4pXzx-Is6H30eltKujTiamaW0FWKeMjp_yBV7DErfYtKMIuyNC62aQ1uvtcLON182YnGZfucXQlFMbscQ6ZJH0dOh7xz5DJEJ05HN-1LCpYuzKBIFZlFm5zTqeJgsplHlQfgGp7UuoHet81HT_f_C41itvITiyGkns9qIansUr2y_pdBYMbFIFFY0S_ZP4zkb2C3_pMwEM2rGRk6s_Z0lZpJE-P2d4ZTTYfv-DsxTJNI9aRhY2-BXliFu-jsHW5evXsmcC4x13NqdZPZFHpMhoPWTf92l0uMO2muaPljwPAOtpYmqsejSSquiYoZ267IVSTv2mtkJQsF1nI3bCRac7R6RwC3JeP53NRRPm1Ive6QqzUjUMzD-8SWMVDe--TJxqXWHlZVGX2NTD8naXRtD_MfuRU9uOIjwBELMX9d8y62KALUnBjixbSfpyoVFWPiylq95Y1MZzG6KTMC4H9uayKjzoItFNfGBOZ9o7rKniLs0tiwaiqnlKmBZTa_00q2uRKYeH7foTJ8khqBAB8&state=hItVD6KV0VRWqeqd
6.068 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNDAxYmIwOTAtODNlNi00MDQ5LWI3MTYtZDlkMzQ2OTkwZTBhIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiRTJDMmE2a21oanM5WjB5aFQ3SVZadyIsImV4cCI6MTUyOTc1NTA5MCwiaWF0IjoxNTI5NzUxNDkwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhY2E3NzNkNi1iMGM3LTQ4ZGMtYTYwYy1lMTU0OTVhODBiODAiLCJub25jZSI6ImRUNGVwenZnbG9KbVQyYWkiLCJyYXQiOjE1Mjk3NTE0ODcsInN1YiI6ImZvb0BiYXIuY29tIn0.H67QuRm3vjhZ95uaGcacCFb09lov4mawS6Z0jKCMb-S1i9Vq2nXWXpWDVFPMJpk2B1X1UcUHvJTHVUSGDqaVT3wYPhOY4PhXrGj74v4eJwLyWGeG2XAvCcEx0FKTJYBJiB1Opv9ys-jvf7yMA0tURRxN4pXzx-Is6H30eltKujTiamaW0FWKeMjp_yBV7DErfYtKMIuyNC62aQ1uvtcLON182YnGZfucXQlFMbscQ6ZJH0dOh7xz5DJEJ05HN-1LCpYuzKBIFZlFm5zTqeJgsplHlQfgGp7UuoHet81HT_f_C41itvITiyGkns9qIansUr2y_pdBYMbFIFFY0S_ZP4zkb2C3_pMwEM2rGRk6s_Z0lZpJE-P2d4ZTTYfv-DsxTJNI9aRhY2-BXliFu-jsHW5evXsmcC4x13NqdZPZFHpMhoPWTf92l0uMO2muaPljwPAOtpYmqsejSSquiYoZ267IVSTv2mtkJQsF1nI3bCRac7R6RwC3JeP53NRRPm1Ive6QqzUjUMzD-8SWMVDe--TJxqXWHlZVGX2NTD8naXRtD_MfuRU9uOIjwBELMX9d8y62KALUnBjixbSfpyoVFWPiylq95Y1MZzG6KTMC4H9uayKjzoItFNfGBOZ9o7rKniLs0tiwaiqnlKmBZTa_00q2uRKYeH7foTJ8khqBAB8', 'state': 'hItVD6KV0VRWqeqd', 'code': 'UUxBST5rFc5wge9VU1TfXE2X5EOAOhxBsbkP-i_UQkM.XtczFf68fL6gj68YslHcXEs_tJMtNb-HsbCFpODACJQ'}
6.192 AuthorizationResponse {
"code": "UUxBST5rFc5wge9VU1TfXE2X5EOAOhxBsbkP-i_UQkM.XtczFf68fL6gj68YslHcXEs_tJMtNb-HsbCFpODACJQ",
"id_token": {
"aud": [
"401bb090-83e6-4049-b716-d9d346990e0a"
],
"auth_time": 1529751409,
"c_hash": "E2C2a6kmhjs9Z0yhT7IVZw",
"exp": 1529755090,
"iat": 1529751490,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "aca773d6-b0c7-48dc-a60c-e15495a80b80",
"nonce": "dT4epzvgloJmT2ai",
"rat": 1529751487,
"sub": "foo@bar.com"
},
"state": "hItVD6KV0VRWqeqd"
}
6.192 phase <--<-- 5 --- AccessToken -->-->
6.192 --> request op_args: {'state': 'hItVD6KV0VRWqeqd'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
6.192 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'hItVD6KV0VRWqeqd', 'code': 'UUxBST5rFc5wge9VU1TfXE2X5EOAOhxBsbkP-i_UQkM.XtczFf68fL6gj68YslHcXEs_tJMtNb-HsbCFpODACJQ', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '401bb090-83e6-4049-b716-d9d346990e0a'}, 'state': 'hItVD6KV0VRWqeqd'}
6.192 AccessTokenRequest {
"code": "UUxBST5rFc5wge9VU1TfXE2X5EOAOhxBsbkP-i_UQkM.XtczFf68fL6gj68YslHcXEs_tJMtNb-HsbCFpODACJQ",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "hItVD6KV0VRWqeqd"
}
6.193 request_url https://oidc-certification.ory.sh:8443/oauth2/token
6.193 request_http_args {'headers': {'Authorization': 'Basic NDAxYmIwOTAtODNlNi00MDQ5LWI3MTYtZDlkMzQ2OTkwZTBhOmlvTHlEcFUlN0VreHUt', 'Content-Type': 'application/x-www-form-urlencoded'}}
6.193 request code=UUxBST5rFc5wge9VU1TfXE2X5EOAOhxBsbkP-i_UQkM.XtczFf68fL6gj68YslHcXEs_tJMtNb-HsbCFpODACJQ&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=hItVD6KV0VRWqeqd
6.411 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
6.412 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNDAxYmIwOTAtODNlNi00MDQ5LWI3MTYtZDlkMzQ2OTkwZTBhIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiRTJDMmE2a21oanM5WjB5aFQ3SVZadyIsImV4cCI6MTUyOTc1NTA5MCwiaWF0IjoxNTI5NzUxNDkxLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwNmQ4Y2JjOC02NmZiLTQyNzEtODg1OC1mOWNlN2RmNjQ3NGIiLCJub25jZSI6ImRUNGVwenZnbG9KbVQyYWkiLCJyYXQiOjE1Mjk3NTE0ODcsInN1YiI6ImZvb0BiYXIuY29tIn0.s7okpoq0W2xRFWvXO70xq4bmSSnFOmkKidud6kWbvNS3K7fOlm1J2O7v5m8o4cSL5fjUtonMggUDz3edFPVf4-d7Y2SK2w1auEgigT6as3pDjR7VJ5XHlGmiEBNZibaJ2ycCFeSGcMPBhEo01cSYHR6AW9yiGsISYCbdYm1rmpcuKSO1aEMyTWKR9LClRDveAJGtVhhqBBQjx1gCQimQGoDw_DkEHHUI9kIHzLnGxkP7ikUh3ZbfwunmvzfJ6fZHXzHRhssuQVrGfiExlYqqmlCX3s844bKut93PTf8DadtpEA_OSzeLWpC-XPsYJIJQma-_it0n8bZUnzyRNyrB3uiOqtya-IpaoCLjpuvOPL7ZtUIrkQd1lTcXwyG_iVjOLeCHhPq2axZCNXk6IgVXqdp96rNtUCOo2BqvLdXbBdVOgzIOy7t5ioCj_-fcEFSL0G7CUOFiE5IgdjvJAO56aKZeMA3D3cYmk29Qb5O6iUduxJ1A6V-1UfsbuFTj20dWNUfYom2xqAb5cUgI7tsN1msWjUkHJV2581XxbmKFlLVFqe6JH_3hKpcY-DZqw2FZ23W8q7blUbfRrDuCdXowFpTMCnm5ACEtiSEg5t-XBaqtbYXDAEPAtd7Fd5vQyccTTjAFD_0B8Bxng9Q5Q5L707tTEdO7NNSwFsuyH6bDZrY', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'Y4TqIkozORs17kxBNpZBDnBmy1u_q9rxmi1PAbn1F1k.FhgSAI7I0QQQN9FwRe76ppwqRLszBitxxwyB7YBIFv0', 'scope': 'openid'}
6.415 AccessTokenResponse {
"access_token": "Y4TqIkozORs17kxBNpZBDnBmy1u_q9rxmi1PAbn1F1k.FhgSAI7I0QQQN9FwRe76ppwqRLszBitxxwyB7YBIFv0",
"expires_in": 3599,
"id_token": {
"aud": [
"401bb090-83e6-4049-b716-d9d346990e0a"
],
"auth_time": 1529751409,
"c_hash": "E2C2a6kmhjs9Z0yhT7IVZw",
"exp": 1529755090,
"iat": 1529751491,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "06d8cbc8-66fb-4271-8858-f9ce7df6474b",
"nonce": "dT4epzvgloJmT2ai",
"rat": 1529751487,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
6.415 phase <--<-- 6 --- AccessToken -->-->
6.415 --> request op_args: {'state': 'hItVD6KV0VRWqeqd'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
6.415 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'hItVD6KV0VRWqeqd', 'code': 'UUxBST5rFc5wge9VU1TfXE2X5EOAOhxBsbkP-i_UQkM.XtczFf68fL6gj68YslHcXEs_tJMtNb-HsbCFpODACJQ', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '401bb090-83e6-4049-b716-d9d346990e0a'}, 'state': 'hItVD6KV0VRWqeqd'}
6.415 AccessTokenRequest {
"code": "UUxBST5rFc5wge9VU1TfXE2X5EOAOhxBsbkP-i_UQkM.XtczFf68fL6gj68YslHcXEs_tJMtNb-HsbCFpODACJQ",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "hItVD6KV0VRWqeqd"
}
6.415 request_url https://oidc-certification.ory.sh:8443/oauth2/token
6.415 request_http_args {'headers': {'Authorization': 'Basic NDAxYmIwOTAtODNlNi00MDQ5LWI3MTYtZDlkMzQ2OTkwZTBhOmlvTHlEcFUlN0VreHUt', 'Content-Type': 'application/x-www-form-urlencoded'}}
6.415 request code=UUxBST5rFc5wge9VU1TfXE2X5EOAOhxBsbkP-i_UQkM.XtczFf68fL6gj68YslHcXEs_tJMtNb-HsbCFpODACJQ&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=hItVD6KV0VRWqeqd
6.61 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
6.61 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
6.61 event Got expected error
6.611 TokenErrorResponse {
"error": "invalid_grant",
"error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code": 400
}
6.611 phase <--<-- 7 --- UserInfo -->-->
6.611 do_user_info_request kwargs:{'state': 'hItVD6KV0VRWqeqd', 'method': 'GET', 'authn_method': 'bearer_header'}
6.611 request {'body': None}
6.611 request_url https://oidc-certification.ory.sh:8443/userinfo
6.611 request_http_args {'headers': {'Authorization': 'Bearer Y4TqIkozORs17kxBNpZBDnBmy1u_q9rxmi1PAbn1F1k.FhgSAI7I0QQQN9FwRe76ppwqRLszBitxxwyB7YBIFv0'}}
6.726 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:401 message:{"error":"request_unauthorized","error_description":"The request could not be authorized","error_hint":"Check that you provided valid credentials in the right format.","status_code":401,"error_debug":"A validator returned an error"}
6.726 event Expected error not received: got request_unauthorized
6.727 ErrorResponse {
"error": "request_unauthorized",
"error_debug": "A validator returned an error",
"error_description": "The request could not be authorized",
"error_hint": "Check that you provided valid credentials in the right format.",
"status_code": 401
}
6.727 ErrorResponse {
"error": "request_unauthorized",
"error_debug": "A validator returned an error",
"error_description": "The request could not be authorized",
"error_hint": "Check that you provided valid credentials in the right format.",
"status_code": 401
}
6.727 phase <--<-- 8 --- Done -->-->
6.727 end
6.727 assertion VerifyResponse
6.727 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
6.727 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Discovery-Config.txt���������������������������������������������������������������������������0000644�0000000�0000000�00000006700�13313423076�015405� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Discovery-Config
Test description: Publishes openid-configuration discovery information
Timestamp: 2018-06-23T10:51:42Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.075 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.077 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.077 phase <--<-- 2 --- Done -->-->
0.077 end
0.077 assertion CheckHTTPResponse
0.077 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
0.078 assertion VerifyIdTokenSigningAlgorithmIsSupported
0.078 condition verify-id_token_signing-algorithm-is-supported: status=OK [Verify that required algorithms in id_token_signing_alg_values_supported]
0.078 assertion VerifyHTTPSUsage
0.078 condition verify-https-usage: status=OK [Verify that specific endpoints uses https]
0.078 assertion VerifyOPEndpointsUseHTTPS
0.078 condition verify-op-endpoints-use-https: status=OK [Verify that all OP endpoints uses https]
0.078 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-id_token_signing-algorithm-is-supported: status=OK [Verify that required algorithms in id_token_signing_alg_values_supported]
verify-https-usage: status=OK [Verify that specific endpoints uses https]
verify-op-endpoints-use-https: status=OK [Verify that all OP endpoints uses https]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������./OP-scope-All.txt����������������������������������������������������������������������������������0000644�0000000�0000000�00000035610�13313423443�014052� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-All
Test description: Scope requesting all claims
Timestamp: 2018-06-23T10:55:31Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.228 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.23 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.23 phase <--<-- 2 --- Registration -->-->
0.23 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.23 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#IhZUmKd9cGgKKnGO"
],
"response_types": [
"code id_token"
]
}
0.419 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.42 RegistrationResponse {
"client_id": "1f588649-286c-4ad0-9362-0895b46c38cd",
"client_secret": "5bupAZxp2rPk",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "1f588649-286c-4ad0-9362-0895b46c38cd",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#IhZUmKd9cGgKKnGO"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.42 phase <--<-- 3 --- AsyncAuthn -->-->
0.421 condition Check support: status=WARNING, message=No support for: scopes_supported=['profile', 'email', 'address', 'phone']
0.421 AuthorizationRequest {
"client_id": "1f588649-286c-4ad0-9362-0895b46c38cd",
"nonce": "UsKOZSbwyncpUyC7",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid profile email address phone",
"state": "xl6K4Jwush3w9gc3"
}
0.421 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+profile+email+address+phone&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=1f588649-286c-4ad0-9362-0895b46c38cd&state=xl6K4Jwush3w9gc3&response_type=code+id_token&nonce=UsKOZSbwyncpUyC7
0.421 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+profile+email+address+phone&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=1f588649-286c-4ad0-9362-0895b46c38cd&state=xl6K4Jwush3w9gc3&response_type=code+id_token&nonce=UsKOZSbwyncpUyC7
4.295 http args {}
4.466 response URL with fragment
4.467 response code=YXI999pPNvmB-QZxSxVVdZpF6Cwj5M5RTNerWm5Q6Gc.HgisIHTGONKVAiKe5GA6tCISC0IBw4PtnLGhuRgLkP8&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMWY1ODg2NDktMjg2Yy00YWQwLTkzNjItMDg5NWI0NmMzOGNkIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiTmFYYWhEMlBWc1doQzc4VDBlV3JpUSIsImV4cCI6MTUyOTc1NDkzMCwiaWF0IjoxNTI5NzUxMzMwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmYTg3ODllZi1kOTkyLTRkZjAtOGMwOS1mOTkxYjVhN2Y2MTMiLCJub25jZSI6IlVzS09aU2J3eW5jcFV5QzciLCJyYXQiOjE1Mjk3NTEzMjcsInN1YiI6ImZvb0BiYXIuY29tIn0.qF6TYPAFTRAK87qtOqShG2zucvUc-y4YwzInXKLi53LTIhUqXBkGsDjkGZoIMVrNzywK3p1M82nf_Ksc1JGKvRmlHiA0gnrmnkTK2r9FOfNNRS0ToZz7a8VGee5wuUGg9pVniBZ_4OI0HPR7M9YSbFsiiCiADHG74qAUYXkxhV0INreEQaqKzOYpYbXJKRi_y81_qCsnX3K-ki66pv5PxUoyjn_aI1BKELYPcS4G8Y082PHZE4LhUF2OiWw_4zFPCiX0wb9Y8fFtDgHNwgyqCaBehKn3PFYTpVJVL5h5TS_KAwkJEwaI40gRvuAaA83fFqgBIn4tk7x717bvny8e-jdoMePAQC-oX1DI0-xLKayh9rb--ZAOjS9O7ZS8uX6rrsXtzqKOe25JukXg1-485RHmYfBdtMTd4HNoHNFoqHoBdPv1aYWTHbrLP5F6kCgKZgliy7-olR_A6jnq2JdAEzeT3EvppGX9Ih3OwQCM-4Fz_bLFWffRwnnrYvQroei6aBk6x0Sw_DZBCXo2aRqiftZ-jatCApQeH4eSzf6iU1Sg0KHl6gZFTadjD3nS0GWqvznrYjjCfQT_cb6a3SXjYhOgoSLvlNpfy69HJ1v2Pz29Fsk4B6CCu1ox_d_dO9q_V_ipvI935SpmPCS4OEj3dpM2aJisA1khbRs291uZyk4&state=xl6K4Jwush3w9gc3
4.467 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMWY1ODg2NDktMjg2Yy00YWQwLTkzNjItMDg5NWI0NmMzOGNkIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiTmFYYWhEMlBWc1doQzc4VDBlV3JpUSIsImV4cCI6MTUyOTc1NDkzMCwiaWF0IjoxNTI5NzUxMzMwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmYTg3ODllZi1kOTkyLTRkZjAtOGMwOS1mOTkxYjVhN2Y2MTMiLCJub25jZSI6IlVzS09aU2J3eW5jcFV5QzciLCJyYXQiOjE1Mjk3NTEzMjcsInN1YiI6ImZvb0BiYXIuY29tIn0.qF6TYPAFTRAK87qtOqShG2zucvUc-y4YwzInXKLi53LTIhUqXBkGsDjkGZoIMVrNzywK3p1M82nf_Ksc1JGKvRmlHiA0gnrmnkTK2r9FOfNNRS0ToZz7a8VGee5wuUGg9pVniBZ_4OI0HPR7M9YSbFsiiCiADHG74qAUYXkxhV0INreEQaqKzOYpYbXJKRi_y81_qCsnX3K-ki66pv5PxUoyjn_aI1BKELYPcS4G8Y082PHZE4LhUF2OiWw_4zFPCiX0wb9Y8fFtDgHNwgyqCaBehKn3PFYTpVJVL5h5TS_KAwkJEwaI40gRvuAaA83fFqgBIn4tk7x717bvny8e-jdoMePAQC-oX1DI0-xLKayh9rb--ZAOjS9O7ZS8uX6rrsXtzqKOe25JukXg1-485RHmYfBdtMTd4HNoHNFoqHoBdPv1aYWTHbrLP5F6kCgKZgliy7-olR_A6jnq2JdAEzeT3EvppGX9Ih3OwQCM-4Fz_bLFWffRwnnrYvQroei6aBk6x0Sw_DZBCXo2aRqiftZ-jatCApQeH4eSzf6iU1Sg0KHl6gZFTadjD3nS0GWqvznrYjjCfQT_cb6a3SXjYhOgoSLvlNpfy69HJ1v2Pz29Fsk4B6CCu1ox_d_dO9q_V_ipvI935SpmPCS4OEj3dpM2aJisA1khbRs291uZyk4', 'state': 'xl6K4Jwush3w9gc3', 'code': 'YXI999pPNvmB-QZxSxVVdZpF6Cwj5M5RTNerWm5Q6Gc.HgisIHTGONKVAiKe5GA6tCISC0IBw4PtnLGhuRgLkP8'}
4.547 AuthorizationResponse {
"code": "YXI999pPNvmB-QZxSxVVdZpF6Cwj5M5RTNerWm5Q6Gc.HgisIHTGONKVAiKe5GA6tCISC0IBw4PtnLGhuRgLkP8",
"id_token": {
"aud": [
"1f588649-286c-4ad0-9362-0895b46c38cd"
],
"auth_time": 1529751224,
"c_hash": "NaXahD2PVsWhC78T0eWriQ",
"exp": 1529754930,
"iat": 1529751330,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "fa8789ef-d992-4df0-8c09-f991b5a7f613",
"nonce": "UsKOZSbwyncpUyC7",
"rat": 1529751327,
"sub": "foo@bar.com"
},
"state": "xl6K4Jwush3w9gc3"
}
4.547 phase <--<-- 4 --- AccessToken -->-->
4.548 --> request op_args: {'state': 'xl6K4Jwush3w9gc3'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.548 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'xl6K4Jwush3w9gc3', 'code': 'YXI999pPNvmB-QZxSxVVdZpF6Cwj5M5RTNerWm5Q6Gc.HgisIHTGONKVAiKe5GA6tCISC0IBw4PtnLGhuRgLkP8', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '1f588649-286c-4ad0-9362-0895b46c38cd'}, 'state': 'xl6K4Jwush3w9gc3'}
4.548 AccessTokenRequest {
"code": "YXI999pPNvmB-QZxSxVVdZpF6Cwj5M5RTNerWm5Q6Gc.HgisIHTGONKVAiKe5GA6tCISC0IBw4PtnLGhuRgLkP8",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "xl6K4Jwush3w9gc3"
}
4.548 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.548 request_http_args {'headers': {'Authorization': 'Basic MWY1ODg2NDktMjg2Yy00YWQwLTkzNjItMDg5NWI0NmMzOGNkOjVidXBBWnhwMnJQaw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.548 request code=YXI999pPNvmB-QZxSxVVdZpF6Cwj5M5RTNerWm5Q6Gc.HgisIHTGONKVAiKe5GA6tCISC0IBw4PtnLGhuRgLkP8&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=xl6K4Jwush3w9gc3
4.796 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.797 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMWY1ODg2NDktMjg2Yy00YWQwLTkzNjItMDg5NWI0NmMzOGNkIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiTmFYYWhEMlBWc1doQzc4VDBlV3JpUSIsImV4cCI6MTUyOTc1NDkzMCwiaWF0IjoxNTI5NzUxMzMxLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhZWUxYzc4My0xYTNhLTRhZTItODI1OC03MWQ3Njk1NmQyYzAiLCJub25jZSI6IlVzS09aU2J3eW5jcFV5QzciLCJyYXQiOjE1Mjk3NTEzMjcsInN1YiI6ImZvb0BiYXIuY29tIn0.CW_mZO67Jtoe8FZ1pEOce2ARDFDt-VkSh8zqbamV5rZZx8-aijB0fyYuZQm_ieaBPnBwQFd9M7YeY9j9iAAxwnIdRTe6sqvA73C6BG7c8tfjdflfnCzhi-1Gk4aX9Ty1VflKOOQXgLCDHHefEjWCnzBPAsz4UE79UaiN-Fjq9Qrrjlgc4WdU0BtII_4eJvAKpmnzvmwwYY9bY0KT0BdbXD210ccsjWzO_2jiYNXrqBJiiiSszvUEUxbQxlTcw5yamxFIOD0LSxASR_8B9hKn_cGKmwReB6OnBNGZk5KDBdR4MeCqpOgwig2Ig5Y0QfNHU8GTJV5oMM7gpwx0p4vYZqKaK_vTwxGXlzcd8NqpLa-GZaaL8zUlkEFw5cTVE1CWjETFs2WI-vrtuQ0WQyr95s4fEVSIdKHbv0BP4KInHm0V0Ttepu_iP5hETT7eg6vqmSwKVfBNeLtCZsms-a1C5xCaVNJ6u4gknH6wems8urT5zKFGz5FZrsC_qg6wzjGVOkwMWw1KhPPhXMq7VjUhq5d37NIMidTmiUIc14Q3gEGiLjhhJ-hOlNo_m1BROIl6NhG3_BmKFH7z0SgP2IvJgm4QPjXaVI0_7xFITeV6wW5WAoQF7ekNOnT27VUt3NjnY_saQKlGP7gVuabXSnn7f9mB6AiCJa_EKlV5ed0TFHY', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'dxd32Yqn8FK6ifKno_1-qKD_SzeQiOzvBPptEQE-XTk.qzopoEdEdccef--hq_7gGwFzTT84nrFyJG7VfGVoaUI', 'scope': 'openid profile email address phone'}
4.801 AccessTokenResponse {
"access_token": "dxd32Yqn8FK6ifKno_1-qKD_SzeQiOzvBPptEQE-XTk.qzopoEdEdccef--hq_7gGwFzTT84nrFyJG7VfGVoaUI",
"expires_in": 3599,
"id_token": {
"aud": [
"1f588649-286c-4ad0-9362-0895b46c38cd"
],
"auth_time": 1529751224,
"c_hash": "NaXahD2PVsWhC78T0eWriQ",
"exp": 1529754930,
"iat": 1529751331,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "aee1c783-1a3a-4ae2-8258-71d76956d2c0",
"nonce": "UsKOZSbwyncpUyC7",
"rat": 1529751327,
"sub": "foo@bar.com"
},
"scope": "openid profile email address phone",
"token_type": "bearer"
}
4.801 phase <--<-- 5 --- UserInfo -->-->
4.801 do_user_info_request kwargs:{'state': 'xl6K4Jwush3w9gc3', 'method': 'GET', 'authn_method': 'bearer_header'}
4.801 request {'body': None}
4.801 request_url https://oidc-certification.ory.sh:8443/userinfo
4.801 request_http_args {'headers': {'Authorization': 'Bearer dxd32Yqn8FK6ifKno_1-qKD_SzeQiOzvBPptEQE-XTk.qzopoEdEdccef--hq_7gGwFzTT84nrFyJG7VfGVoaUI'}}
4.874 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
4.874 OpenIDSchema {
"sub": "foo@bar.com"
}
4.874 OpenIDSchema {
"sub": "foo@bar.com"
}
4.874 phase <--<-- 6 --- Done -->-->
4.875 end
4.875 assertion CheckHTTPResponse
4.875 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
4.876 assertion VerifyResponse
4.876 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
4.876 assertion VerifyScopes
4.876 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username', 'email', 'email_verified', 'address', 'phone_number', 'phone_number_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
4.876 condition Done: status=OK
============================================================
Conditions
Check support: status=WARNING, message=No support for: scopes_supported=['profile', 'email', 'address', 'phone']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username', 'email', 'email_verified', 'address', 'phone_number', 'phone_number_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
No support for: scopes_supported=['profile', 'email', 'address', 'phone']
The following claims were missing from the returned information: ['name', 'given_name', 'family_name', 'middle_name', 'nickname', 'profile', 'picture', 'website', 'gender', 'birthdate', 'zoneinfo', 'locale', 'updated_at', 'preferred_username', 'email', 'email_verified', 'address', 'phone_number', 'phone_number_verified']
������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-Query-Added.txt�������������������������������������������������������������������0000644�0000000�0000000�00000011146�13313423400�017004� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-Query-Added
Test description: Request with redirect_uri with query component when registered redirect_uri has no query component
Timestamp: 2018-06-23T10:54:56Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.075 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#EreA8qOoeDCFMMnq"
],
"response_types": [
"code id_token"
]
}
0.23 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.231 RegistrationResponse {
"client_id": "a7f515d0-b891-4868-af96-87a43f811200",
"client_secret": "LpBeGTrIUkjI",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "a7f515d0-b891-4868-af96-87a43f811200",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#EreA8qOoeDCFMMnq"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.231 phase <--<-- 3 --- Note -->-->
============================================================
Conditions
============================================================
RESULT: PARTIAL RESULT
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-Missing.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000011335�13313423371�016320� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-Missing
Test description: Reject request without redirect_uri when multiple registered
Timestamp: 2018-06-23T10:54:49Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.091 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.093 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.093 phase <--<-- 2 --- Registration -->-->
0.093 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb', 'https://op.certification.openid.net:61353/cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.093 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb",
"https://op.certification.openid.net:61353/cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#mSrcg9IqMyVmjszT"
],
"response_types": [
"code id_token"
]
}
0.261 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.262 RegistrationResponse {
"client_id": "af05dfc3-fc92-477b-af7a-0470d3387b66",
"client_secret": "NbZdeYSb5kKP",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "af05dfc3-fc92-477b-af7a-0470d3387b66",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb",
"https://op.certification.openid.net:61353/cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#mSrcg9IqMyVmjszT"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.262 phase <--<-- 3 --- Note -->-->
============================================================
Conditions
============================================================
RESULT: PARTIAL RESULT
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-redirect_uri-NotReg.txt������������������������������������������������������������������������0000644�0000000�0000000�00000011072�13313423375�016107� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-redirect_uri-NotReg
Test description: Sent redirect_uri does not match a registered redirect_uri
Timestamp: 2018-06-23T10:54:53Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.072 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.073 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.073 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.074 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#iDfBT2T8TjBAoLll"
],
"response_types": [
"code id_token"
]
}
0.236 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.237 RegistrationResponse {
"client_id": "bada40d0-b289-4647-84ca-2b86dcd9de3c",
"client_secret": "ng0DP0RMt0VO",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "bada40d0-b289-4647-84ca-2b86dcd9de3c",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#iDfBT2T8TjBAoLll"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.237 phase <--<-- 3 --- Note -->-->
============================================================
Conditions
============================================================
RESULT: PARTIAL RESULT
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Req-ui_locales.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000022042�13313423612�015070� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-ui_locales
Test description: Providing ui_locales
Timestamp: 2018-06-23T10:57:14Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.299 phase <--<-- 1 --- Webfinger -->-->
1.299 not expected to do WebFinger
1.299 phase <--<-- 2 --- Discovery -->-->
1.299 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.373 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.374 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.375 phase <--<-- 3 --- Registration -->-->
1.375 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.375 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#cG4oPd59ENbnhAUm"
],
"response_types": [
"code id_token"
]
}
1.54 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.541 RegistrationResponse {
"client_id": "9e11185c-b9ca-479a-9ca6-728d5decd13e",
"client_secret": "byt2~wtohxIy",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "9e11185c-b9ca-479a-9ca6-728d5decd13e",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#cG4oPd59ENbnhAUm"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.541 phase <--<-- 4 --- AsyncAuthn -->-->
1.542 AuthorizationRequest {
"client_id": "9e11185c-b9ca-479a-9ca6-728d5decd13e",
"nonce": "iwA016FLxcjs6KzP",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "yuwR8ay1cvQqyZOO",
"ui_locales": "se"
}
1.542 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?ui_locales=se&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=9e11185c-b9ca-479a-9ca6-728d5decd13e&state=yuwR8ay1cvQqyZOO&response_type=code+id_token&nonce=iwA016FLxcjs6KzP
1.542 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?ui_locales=se&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=9e11185c-b9ca-479a-9ca6-728d5decd13e&state=yuwR8ay1cvQqyZOO&response_type=code+id_token&nonce=iwA016FLxcjs6KzP
5.016 http args {}
5.185 response URL with fragment
5.185 response code=O8b3shVJ_3Ix99qt0yi2Mwq4TKyVOyXHwerpLuu08YA.p4P959cEk-A-iOhL0q4OQ-4w4mOv23B7mNrUP7cyljM&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOWUxMTE4NWMtYjljYS00NzlhLTljYTYtNzI4ZDVkZWNkMTNlIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiVlpNaExBenh5aDZTbzdrYmo4LXhNUSIsImV4cCI6MTUyOTc1NTAzMywiaWF0IjoxNTI5NzUxNDMzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwMDljZmEwYi02YTFlLTQ4NDEtOTI5OC03NWUwNDZlMzQyNjEiLCJub25jZSI6Iml3QTAxNkZMeGNqczZLelAiLCJyYXQiOjE1Mjk3NTE0MzAsInN1YiI6ImZvb0BiYXIuY29tIn0.Dp_zXe7C0KQoaJ218oRJxOniyzAApXHQqtj3gxSfUPb9ZiK5YbIsMPS3qo5k-HNU8TTFsu8B5Rn9VAl6lzPJWdYz2D0rnkrYxZkT3WlqNPU4c5MWAxQNmxoWkKfTHZ1XL2E9ml1sfSoPpRmpQdHijHGmCpTGVQixsa6QkPmS4_vFIR8f13FrJNz16jFi-sWucjpW2nB3wJkGOrllepcUM2GXL3Ifdg7_D9FxN6Du5Nv6fNKaZm8NodQTpOYH-xSutKU9lz27QROiJ2ChRowboY8r4kythnTzALUGobP30eRpBpf8J7ZaLBKIrylHoG20S9mjNuROBuT4afGbD5MqxV9eHumZaYymfIEcW0ClQnJKb2bcCYFpPXfK4pRQeaqWiDkCtBLg6M_LpJ60JwzJNvSxXb7_fxmnqVgKUPBNsyWKXFfR2RSGev3gd7Iw4Y4l_9ughvJYLMJzTVEZslea4se6VxdNn4MO9r7IFBrJsF56kcywSMJBd3qsqNZTRPnyTPlVTT_Srj-unxO3BCZ-CO-6kmd3Wd7JSRHOCC8jmEnTLsLuLxk7gomdWCuX_QHD5sjDiInJG_44EJRMCyAF5VP_zf1kmsyTE-UkYO1Ly4SETanMgk3gxluJHkqbfd-hYcCwcdeH51NjIUMnNWhe1Ky4027-tKsLkx8961iYDic&state=yuwR8ay1cvQqyZOO
5.185 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOWUxMTE4NWMtYjljYS00NzlhLTljYTYtNzI4ZDVkZWNkMTNlIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiVlpNaExBenh5aDZTbzdrYmo4LXhNUSIsImV4cCI6MTUyOTc1NTAzMywiaWF0IjoxNTI5NzUxNDMzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwMDljZmEwYi02YTFlLTQ4NDEtOTI5OC03NWUwNDZlMzQyNjEiLCJub25jZSI6Iml3QTAxNkZMeGNqczZLelAiLCJyYXQiOjE1Mjk3NTE0MzAsInN1YiI6ImZvb0BiYXIuY29tIn0.Dp_zXe7C0KQoaJ218oRJxOniyzAApXHQqtj3gxSfUPb9ZiK5YbIsMPS3qo5k-HNU8TTFsu8B5Rn9VAl6lzPJWdYz2D0rnkrYxZkT3WlqNPU4c5MWAxQNmxoWkKfTHZ1XL2E9ml1sfSoPpRmpQdHijHGmCpTGVQixsa6QkPmS4_vFIR8f13FrJNz16jFi-sWucjpW2nB3wJkGOrllepcUM2GXL3Ifdg7_D9FxN6Du5Nv6fNKaZm8NodQTpOYH-xSutKU9lz27QROiJ2ChRowboY8r4kythnTzALUGobP30eRpBpf8J7ZaLBKIrylHoG20S9mjNuROBuT4afGbD5MqxV9eHumZaYymfIEcW0ClQnJKb2bcCYFpPXfK4pRQeaqWiDkCtBLg6M_LpJ60JwzJNvSxXb7_fxmnqVgKUPBNsyWKXFfR2RSGev3gd7Iw4Y4l_9ughvJYLMJzTVEZslea4se6VxdNn4MO9r7IFBrJsF56kcywSMJBd3qsqNZTRPnyTPlVTT_Srj-unxO3BCZ-CO-6kmd3Wd7JSRHOCC8jmEnTLsLuLxk7gomdWCuX_QHD5sjDiInJG_44EJRMCyAF5VP_zf1kmsyTE-UkYO1Ly4SETanMgk3gxluJHkqbfd-hYcCwcdeH51NjIUMnNWhe1Ky4027-tKsLkx8961iYDic', 'state': 'yuwR8ay1cvQqyZOO', 'code': 'O8b3shVJ_3Ix99qt0yi2Mwq4TKyVOyXHwerpLuu08YA.p4P959cEk-A-iOhL0q4OQ-4w4mOv23B7mNrUP7cyljM'}
5.265 AuthorizationResponse {
"code": "O8b3shVJ_3Ix99qt0yi2Mwq4TKyVOyXHwerpLuu08YA.p4P959cEk-A-iOhL0q4OQ-4w4mOv23B7mNrUP7cyljM",
"id_token": {
"aud": [
"9e11185c-b9ca-479a-9ca6-728d5decd13e"
],
"auth_time": 1529751409,
"c_hash": "VZMhLAzxyh6So7kbj8-xMQ",
"exp": 1529755033,
"iat": 1529751433,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "009cfa0b-6a1e-4841-9298-75e046e34261",
"nonce": "iwA016FLxcjs6KzP",
"rat": 1529751430,
"sub": "foo@bar.com"
},
"state": "yuwR8ay1cvQqyZOO"
}
5.265 phase <--<-- 5 --- Done -->-->
5.265 end
5.265 assertion VerifyAuthnResponse
5.265 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
5.265 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Response-code+id_token.txt���������������������������������������������������������������������0000644�0000000�0000000�00000022422�13313423075�016527� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Response-code+id_token
Test description: Request with response_type=code id_token
Timestamp: 2018-06-23T10:51:41Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.075 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.077 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#m4fBbGHxOJnITOwg"
],
"response_types": [
"code id_token"
]
}
0.238 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.238 RegistrationResponse {
"client_id": "3f310789-685b-4abf-92d0-8dbd31a6965d",
"client_secret": "XA4y7w6wGA3r",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "3f310789-685b-4abf-92d0-8dbd31a6965d",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#m4fBbGHxOJnITOwg"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.238 phase <--<-- 3 --- AsyncAuthn -->-->
0.239 AuthorizationRequest {
"client_id": "3f310789-685b-4abf-92d0-8dbd31a6965d",
"nonce": "fepW6L1aJgF74VbH",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "jfprgTRa66gxWeip"
}
0.239 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=3f310789-685b-4abf-92d0-8dbd31a6965d&state=jfprgTRa66gxWeip&response_type=code+id_token&nonce=fepW6L1aJgF74VbH
0.239 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=3f310789-685b-4abf-92d0-8dbd31a6965d&state=jfprgTRa66gxWeip&response_type=code+id_token&nonce=fepW6L1aJgF74VbH
3.269 http args {}
3.482 response URL with fragment
3.482 response code=1dXZYdJNMSaWnCJKfU1ioQehXwTE08RfKHDMsaOy-aw.Ut4Kl8btgUZXUlaF80gqpRnlQJXccbHgePEwcOv1vLM&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiM2YzMTA3ODktNjg1Yi00YWJmLTkyZDAtOGRiZDMxYTY5NjVkIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiOVJsdHVScUFqRk9NUE82dmRrOEdYZyIsImV4cCI6MTUyOTc1NDcwMCwiaWF0IjoxNTI5NzUxMTAwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwODBmNDA1OC0yYzA3LTQwOTgtYjljMy01ZDMwYTIwMzBjMmMiLCJub25jZSI6ImZlcFc2TDFhSmdGNzRWYkgiLCJyYXQiOjE1Mjk3NTEwOTgsInN1YiI6ImZvb0BiYXIuY29tIn0.1qqoGm2suSXevLfYpwfUr8kna4Hp-qD0U98JNUKpcYFn-CNrNV7CkVBD7QPUCwgLZhJ8KHVgRIsFqGXuSQXDqzq3QbQpnac6mJuVBRy6Y8bnrEP1XcqaSm-VKzV7KvHtCzefQ4cyubfmlH8E6yX99mb7bNkJKGk0m2SCgzdldxxIdx7reRTvuYotPqMsx_1x5EzNsJ_yvrFY5TgYiMOa4is8vBTB9bskcriFz9LZHUIIbEVbJhYs_WW2E76aBeQwEvbJTbkctdWmYkGY8yDE3fp1Xpq5fYIWSwVsQ8eFGEZMxyeBsh2WVKY8K1S1OFi1PcToT7iZuHcrEragvQ2A5qJRWg4K-akSLqjM-OJN69VlxlR1HZil4UeolWn6WkAwq1dq3NzmbdW0jEavIfMDhVlGE_TP-FM3H_Xu9RsW9q4QwP6Z5A0EthKhmPP2A_fCR2r_SeVZkX8a23L7_bSO6QYaTY5ojoP_-HgX9v5zAFU_hub8umlqy3t_jV5bX9nlnrrxPJfMufaH4qB93hndVa99r4ovVz8qJqnhXetWkd--db3zvYNGVv1FOoTHt327B5-YD7OPGg9e0M6dxrVPPjDaHeUfVOuGEdCkKQ7Z9oaxSl-VnIzIFkOvaiz_vLUieLi1WqjtbKZohWayvDzW9iCtYHlWGsUxGVt1UrcnpoI&state=jfprgTRa66gxWeip
3.483 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiM2YzMTA3ODktNjg1Yi00YWJmLTkyZDAtOGRiZDMxYTY5NjVkIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiOVJsdHVScUFqRk9NUE82dmRrOEdYZyIsImV4cCI6MTUyOTc1NDcwMCwiaWF0IjoxNTI5NzUxMTAwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwODBmNDA1OC0yYzA3LTQwOTgtYjljMy01ZDMwYTIwMzBjMmMiLCJub25jZSI6ImZlcFc2TDFhSmdGNzRWYkgiLCJyYXQiOjE1Mjk3NTEwOTgsInN1YiI6ImZvb0BiYXIuY29tIn0.1qqoGm2suSXevLfYpwfUr8kna4Hp-qD0U98JNUKpcYFn-CNrNV7CkVBD7QPUCwgLZhJ8KHVgRIsFqGXuSQXDqzq3QbQpnac6mJuVBRy6Y8bnrEP1XcqaSm-VKzV7KvHtCzefQ4cyubfmlH8E6yX99mb7bNkJKGk0m2SCgzdldxxIdx7reRTvuYotPqMsx_1x5EzNsJ_yvrFY5TgYiMOa4is8vBTB9bskcriFz9LZHUIIbEVbJhYs_WW2E76aBeQwEvbJTbkctdWmYkGY8yDE3fp1Xpq5fYIWSwVsQ8eFGEZMxyeBsh2WVKY8K1S1OFi1PcToT7iZuHcrEragvQ2A5qJRWg4K-akSLqjM-OJN69VlxlR1HZil4UeolWn6WkAwq1dq3NzmbdW0jEavIfMDhVlGE_TP-FM3H_Xu9RsW9q4QwP6Z5A0EthKhmPP2A_fCR2r_SeVZkX8a23L7_bSO6QYaTY5ojoP_-HgX9v5zAFU_hub8umlqy3t_jV5bX9nlnrrxPJfMufaH4qB93hndVa99r4ovVz8qJqnhXetWkd--db3zvYNGVv1FOoTHt327B5-YD7OPGg9e0M6dxrVPPjDaHeUfVOuGEdCkKQ7Z9oaxSl-VnIzIFkOvaiz_vLUieLi1WqjtbKZohWayvDzW9iCtYHlWGsUxGVt1UrcnpoI', 'state': 'jfprgTRa66gxWeip', 'code': '1dXZYdJNMSaWnCJKfU1ioQehXwTE08RfKHDMsaOy-aw.Ut4Kl8btgUZXUlaF80gqpRnlQJXccbHgePEwcOv1vLM'}
3.564 AuthorizationResponse {
"code": "1dXZYdJNMSaWnCJKfU1ioQehXwTE08RfKHDMsaOy-aw.Ut4Kl8btgUZXUlaF80gqpRnlQJXccbHgePEwcOv1vLM",
"id_token": {
"aud": [
"3f310789-685b-4abf-92d0-8dbd31a6965d"
],
"auth_time": 1529750975,
"c_hash": "9RltuRqAjFOMPO6vdk8GXg",
"exp": 1529754700,
"iat": 1529751100,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "080f4058-2c07-4098-b9c3-5d30a2030c2c",
"nonce": "fepW6L1aJgF74VbH",
"rat": 1529751098,
"sub": "foo@bar.com"
},
"state": "jfprgTRa66gxWeip"
}
3.564 phase <--<-- 4 --- Done -->-->
3.564 end
3.564 assertion VerifyAuthnResponse
3.564 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
3.565 assertion CheckIdTokenNonce
3.565 condition check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
3.565 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-prompt-login.txt�������������������������������������������������������������������������������0000644�0000000�0000000�00000050241�13313423273�014660� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-prompt-login
Test description: Request with prompt=login
Timestamp: 2018-06-23T10:53:47Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.095 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.096 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.096 phase <--<-- 2 --- Registration -->-->
0.097 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.097 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#xq2dFr12aAtLnmqv"
],
"response_types": [
"code id_token"
]
}
0.251 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.252 RegistrationResponse {
"client_id": "9ead53ac-7ec8-4752-a06c-bc25aad8d01f",
"client_secret": ".9zWaD6RDdkA",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "9ead53ac-7ec8-4752-a06c-bc25aad8d01f",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#xq2dFr12aAtLnmqv"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.252 phase <--<-- 3 --- AsyncAuthn -->-->
0.253 AuthorizationRequest {
"client_id": "9ead53ac-7ec8-4752-a06c-bc25aad8d01f",
"nonce": "PQY7HzmrcbQdsSrS",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "3z4cW7o0D48xujHP"
}
0.253 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=9ead53ac-7ec8-4752-a06c-bc25aad8d01f&state=3z4cW7o0D48xujHP&response_type=code+id_token&nonce=PQY7HzmrcbQdsSrS
0.253 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=9ead53ac-7ec8-4752-a06c-bc25aad8d01f&state=3z4cW7o0D48xujHP&response_type=code+id_token&nonce=PQY7HzmrcbQdsSrS
2.896 http args {}
3.11 response URL with fragment
3.11 response code=-2dAkh36cqkvdi1ueoGenMjRTM8J_xe6fkG-ycUDGtY.YnM0Wh69rf626Q9pOk2auo58i12sZvct3Q7VzzVIkig&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOWVhZDUzYWMtN2VjOC00NzUyLWEwNmMtYmMyNWFhZDhkMDFmIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiWU9Wd2FONm50MDJkQTJGVWx6UThWZyIsImV4cCI6MTUyOTc1NDgxOSwiaWF0IjoxNTI5NzUxMjE5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJkNjZjZTU2OC01MjM4LTRlNmUtOWNhOC0xMDQ1NDA2MzQ4Y2EiLCJub25jZSI6IlBRWTdIem1yY2JRZHNTclMiLCJyYXQiOjE1Mjk3NTEyMTcsInN1YiI6ImZvb0BiYXIuY29tIn0.NvkZHlVF2YcKg481oQCyQaIpvWzGIdzWootpMD09KXUlG5FdQaZSShlykEM0n756crw0skwaHxA7c41QGXx0mEO2-svr8GRPoEu25iGgZ1iH7qyytTD1DhV4aSxkr-pyo7bs6bWUtO90jaQf0k9Kev8F4UfKBMpkxMBdvt41z_EY1dpGeUPB4bffTa6-1PWHr-ApXCw80s0Q7lJolBrj9XN-KsQiKhTbq0QgL90SltQy8uktk1C7FVSbRz1hcA57-YZ2NYaPeNAf0LDLEdnOD3mx7GkaeRpE8jC_z3RrYF97Z9i9gs4iBRYiJH4tIf1wk4My3LAqob7PsEpyY_J9y6wTcWnI-lwmJcQ51ksKPBbWaDPKEG9mvFRnfw7UH2p4YfcUiIdWG9FO6K40fUCByIv9wBBuoyCYOPY19mRtqB1LTErhnnxS-t6eKFpAET6dVgOI0AWT8M0-yDX3fnljoV-87YX1ttdWkaZcqgbEI4xlHWwJZxo0J211DIQXB9gRMTgPT3BQO3rMZM1vP2aqxx3uyUSG2wOL39OFmkT0E06Oqt_gUFnhLKelyHoCR6CUOv424PqqWBeBEPOOueG3KEa2D4XVC6LMGUC2KLon9JwXtyx_6uQDNlT9U_At2dlZ3McOIMHuoeDK5oe-pGoSZF5XUUXL15GOWOcmDz-LoXk&state=3z4cW7o0D48xujHP
3.111 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOWVhZDUzYWMtN2VjOC00NzUyLWEwNmMtYmMyNWFhZDhkMDFmIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiWU9Wd2FONm50MDJkQTJGVWx6UThWZyIsImV4cCI6MTUyOTc1NDgxOSwiaWF0IjoxNTI5NzUxMjE5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJkNjZjZTU2OC01MjM4LTRlNmUtOWNhOC0xMDQ1NDA2MzQ4Y2EiLCJub25jZSI6IlBRWTdIem1yY2JRZHNTclMiLCJyYXQiOjE1Mjk3NTEyMTcsInN1YiI6ImZvb0BiYXIuY29tIn0.NvkZHlVF2YcKg481oQCyQaIpvWzGIdzWootpMD09KXUlG5FdQaZSShlykEM0n756crw0skwaHxA7c41QGXx0mEO2-svr8GRPoEu25iGgZ1iH7qyytTD1DhV4aSxkr-pyo7bs6bWUtO90jaQf0k9Kev8F4UfKBMpkxMBdvt41z_EY1dpGeUPB4bffTa6-1PWHr-ApXCw80s0Q7lJolBrj9XN-KsQiKhTbq0QgL90SltQy8uktk1C7FVSbRz1hcA57-YZ2NYaPeNAf0LDLEdnOD3mx7GkaeRpE8jC_z3RrYF97Z9i9gs4iBRYiJH4tIf1wk4My3LAqob7PsEpyY_J9y6wTcWnI-lwmJcQ51ksKPBbWaDPKEG9mvFRnfw7UH2p4YfcUiIdWG9FO6K40fUCByIv9wBBuoyCYOPY19mRtqB1LTErhnnxS-t6eKFpAET6dVgOI0AWT8M0-yDX3fnljoV-87YX1ttdWkaZcqgbEI4xlHWwJZxo0J211DIQXB9gRMTgPT3BQO3rMZM1vP2aqxx3uyUSG2wOL39OFmkT0E06Oqt_gUFnhLKelyHoCR6CUOv424PqqWBeBEPOOueG3KEa2D4XVC6LMGUC2KLon9JwXtyx_6uQDNlT9U_At2dlZ3McOIMHuoeDK5oe-pGoSZF5XUUXL15GOWOcmDz-LoXk', 'state': '3z4cW7o0D48xujHP', 'code': '-2dAkh36cqkvdi1ueoGenMjRTM8J_xe6fkG-ycUDGtY.YnM0Wh69rf626Q9pOk2auo58i12sZvct3Q7VzzVIkig'}
3.196 AuthorizationResponse {
"code": "-2dAkh36cqkvdi1ueoGenMjRTM8J_xe6fkG-ycUDGtY.YnM0Wh69rf626Q9pOk2auo58i12sZvct3Q7VzzVIkig",
"id_token": {
"aud": [
"9ead53ac-7ec8-4752-a06c-bc25aad8d01f"
],
"auth_time": 1529750975,
"c_hash": "YOVwaN6nt02dA2FUlzQ8Vg",
"exp": 1529754819,
"iat": 1529751219,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "d66ce568-5238-4e6e-9ca8-1045406348ca",
"nonce": "PQY7HzmrcbQdsSrS",
"rat": 1529751217,
"sub": "foo@bar.com"
},
"state": "3z4cW7o0D48xujHP"
}
3.196 phase <--<-- 4 --- AccessToken -->-->
3.197 --> request op_args: {'state': '3z4cW7o0D48xujHP'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.197 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '3z4cW7o0D48xujHP', 'code': '-2dAkh36cqkvdi1ueoGenMjRTM8J_xe6fkG-ycUDGtY.YnM0Wh69rf626Q9pOk2auo58i12sZvct3Q7VzzVIkig', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '9ead53ac-7ec8-4752-a06c-bc25aad8d01f'}, 'state': '3z4cW7o0D48xujHP'}
3.197 AccessTokenRequest {
"code": "-2dAkh36cqkvdi1ueoGenMjRTM8J_xe6fkG-ycUDGtY.YnM0Wh69rf626Q9pOk2auo58i12sZvct3Q7VzzVIkig",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "3z4cW7o0D48xujHP"
}
3.197 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.197 request_http_args {'headers': {'Authorization': 'Basic OWVhZDUzYWMtN2VjOC00NzUyLWEwNmMtYmMyNWFhZDhkMDFmOi45eldhRDZSRGRrQQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
3.197 request code=-2dAkh36cqkvdi1ueoGenMjRTM8J_xe6fkG-ycUDGtY.YnM0Wh69rf626Q9pOk2auo58i12sZvct3Q7VzzVIkig&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=3z4cW7o0D48xujHP
3.413 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.414 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOWVhZDUzYWMtN2VjOC00NzUyLWEwNmMtYmMyNWFhZDhkMDFmIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiWU9Wd2FONm50MDJkQTJGVWx6UThWZyIsImV4cCI6MTUyOTc1NDgxOSwiaWF0IjoxNTI5NzUxMjIwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI2YmQ3ZGUxNi0zMTM4LTRiY2UtOGQ4Mi0xOTFmNGI1ZjQ2ZjMiLCJub25jZSI6IlBRWTdIem1yY2JRZHNTclMiLCJyYXQiOjE1Mjk3NTEyMTcsInN1YiI6ImZvb0BiYXIuY29tIn0.hIo3bym-VXpzjBUJi4zMGvCSbEjiwteeQTgwCIDyhMx1HUX-AR37Ezc-UzOZWo8OXcUMb660HrPV7kNu241SnDa3a0SsVyrrcVZEX64xJ2soBbn4UGu6a6TlwU_UoKSVDkWLpPNjVUY2vysj5eBTbOZb2l_QfHo4l9vFV4QpU0XWQBDECOHrUuHshohgJNHEs_BkUmsjEo2BI4z7cwU6f5Hju-332hy2ge4SGq8mmINy0AeupiiAPsQfEKf_JfQWHCfOeAyTl2UOlailjGMNDAYvTuEO1uPp78F2Vf8LuDZVahx48fkEZ7pZlyPBrcL7XMZpF-8vL8OtOjZqum6OUj_dFOUUexMj1xj452ZYislKG4EqLperkhPqiIOycfLo9YHIq8j32PUC9EB-xGX6DiAKuiFLYNWfrbo2ivp8Bqr-FJuwUsq1BDkZ5jFqqJK8iW4qvzwPQ_rO15psPlUJprSsh8a6jNPsy9u-3NSrX5nEIJrsSi6diuzkeKAbj1Go0noB0I4ye-6OFTE6esAwkH8BdLpcS7DKBGQgeFWK3V8TEb00UXH2qfb43v8WiNjBk03Z88CvTT0rdxH2Z1JdsY-58A6MeLP2SGk4FG-kAVuTm4QlqkoMaLALAk6XaH7nwbT6dhRv2s4K4lKPm0qNwh077K0A1luHFIgrW25uf6o', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'nBo8jO50qie7UJSGtfr5thfF4W_7ohTMTc3GA9FhQQI.mHA3jvhADHymOMMYmCc7mZVZEhmnnXkU1-jP9Q2X7J4', 'scope': 'openid'}
3.418 AccessTokenResponse {
"access_token": "nBo8jO50qie7UJSGtfr5thfF4W_7ohTMTc3GA9FhQQI.mHA3jvhADHymOMMYmCc7mZVZEhmnnXkU1-jP9Q2X7J4",
"expires_in": 3599,
"id_token": {
"aud": [
"9ead53ac-7ec8-4752-a06c-bc25aad8d01f"
],
"auth_time": 1529750975,
"c_hash": "YOVwaN6nt02dA2FUlzQ8Vg",
"exp": 1529754819,
"iat": 1529751220,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "6bd7de16-3138-4bce-8d82-191f4b5f46f3",
"nonce": "PQY7HzmrcbQdsSrS",
"rat": 1529751217,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.418 phase <--<-- 5 --- Note -->-->
5.244 phase <--<-- 6 --- AsyncAuthn -->-->
5.244 AuthorizationRequest {
"client_id": "9ead53ac-7ec8-4752-a06c-bc25aad8d01f",
"nonce": "WRrQdTa6gwJizPLy",
"prompt": [
"login"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "ECunuyq487DrPNlp"
}
5.245 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=login&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=9ead53ac-7ec8-4752-a06c-bc25aad8d01f&state=ECunuyq487DrPNlp&response_type=code+id_token&nonce=WRrQdTa6gwJizPLy
5.245 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=login&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=9ead53ac-7ec8-4752-a06c-bc25aad8d01f&state=ECunuyq487DrPNlp&response_type=code+id_token&nonce=WRrQdTa6gwJizPLy
10.4 http args {}
10.599 response URL with fragment
10.6 response code=6Nbc0mx1Ac3_k02xzoXya7GOhr0vuy9KLrHlqm18ZKo.1js3d9_naQLrrDiNPMuWZ9o69ufm8PsAj0jyAL3F_Rc&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOWVhZDUzYWMtN2VjOC00NzUyLWEwNmMtYmMyNWFhZDhkMDFmIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiXy1kM2NFeGtjNE4yOXRhZ3UxR1JDUSIsImV4cCI6MTUyOTc1NDgyNywiaWF0IjoxNTI5NzUxMjI3LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJlNTJlMTk4OS04Mjk1LTQ1OGEtOGE1ZC05M2U2MDE3OWQ0Y2UiLCJub25jZSI6IldSclFkVGE2Z3dKaXpQTHkiLCJyYXQiOjE1Mjk3NTEyMjIsInN1YiI6ImZvb0BiYXIuY29tIn0.UjZ0QKeg4nzlnGJdEXIbo0_uaNcdYnpTfr6i4_s72yugCOogZ9jheQeeTz6jsveqWFR_jHlDvhwloACY10lH5mDRXMT2TqRuRzBCTFyyabLUiLFmIjTsaseiPbxlqdi6uAqh-l2i7wRQOB61n0f8j4qfXc2LLgDI3WuAYONcxv7kagRGCcw07ikqLcataW7Km6jK5kbRPlvCeytdEjub_Zv8AZAuV-j3yKfbdxBNWqmm8CAIoYRw4bFdZ7oAWnCzSpLQpoYzoSHXSpoUX79H6pz4M6ky5JwhGhIOsLZ3U4Ckn0tnCfZcvE6YCyjLVQ6VP6SfYeWE4UkzvkwGJ3tVQKx-8ZAXLkSzS0mzHBwVAALhkEFqpiARPMnfF4YtFXARXQjbg9zaR7oIgtn4A5RfRXvbKSPzJ5__R71tfNpolfRAkup0egzdT1cU-6PBkC-t5t9Uf8vTfSYUJHQvGtj2pb8ub-LIfdOIUvfdnjCqFRcn9Bu54Z_NA1yVqYRBqxt1nmKPbe-Rib0znYoEr1DL26b6XwO6WBCx88-m6eVV0Vsm5eGJhYIvAaeeA9hHz72akUWzPkx9Ikuj4KRB6hL_xq6mw5XCEWAjjCyh7pDcSOgXRiTzMwnZxhk92ENf31ZvVhm1SiW5i-9DUA9ZTyTbKH5NqlodJxhR8LqWvwoD0d8&state=ECunuyq487DrPNlp
10.6 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOWVhZDUzYWMtN2VjOC00NzUyLWEwNmMtYmMyNWFhZDhkMDFmIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiXy1kM2NFeGtjNE4yOXRhZ3UxR1JDUSIsImV4cCI6MTUyOTc1NDgyNywiaWF0IjoxNTI5NzUxMjI3LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJlNTJlMTk4OS04Mjk1LTQ1OGEtOGE1ZC05M2U2MDE3OWQ0Y2UiLCJub25jZSI6IldSclFkVGE2Z3dKaXpQTHkiLCJyYXQiOjE1Mjk3NTEyMjIsInN1YiI6ImZvb0BiYXIuY29tIn0.UjZ0QKeg4nzlnGJdEXIbo0_uaNcdYnpTfr6i4_s72yugCOogZ9jheQeeTz6jsveqWFR_jHlDvhwloACY10lH5mDRXMT2TqRuRzBCTFyyabLUiLFmIjTsaseiPbxlqdi6uAqh-l2i7wRQOB61n0f8j4qfXc2LLgDI3WuAYONcxv7kagRGCcw07ikqLcataW7Km6jK5kbRPlvCeytdEjub_Zv8AZAuV-j3yKfbdxBNWqmm8CAIoYRw4bFdZ7oAWnCzSpLQpoYzoSHXSpoUX79H6pz4M6ky5JwhGhIOsLZ3U4Ckn0tnCfZcvE6YCyjLVQ6VP6SfYeWE4UkzvkwGJ3tVQKx-8ZAXLkSzS0mzHBwVAALhkEFqpiARPMnfF4YtFXARXQjbg9zaR7oIgtn4A5RfRXvbKSPzJ5__R71tfNpolfRAkup0egzdT1cU-6PBkC-t5t9Uf8vTfSYUJHQvGtj2pb8ub-LIfdOIUvfdnjCqFRcn9Bu54Z_NA1yVqYRBqxt1nmKPbe-Rib0znYoEr1DL26b6XwO6WBCx88-m6eVV0Vsm5eGJhYIvAaeeA9hHz72akUWzPkx9Ikuj4KRB6hL_xq6mw5XCEWAjjCyh7pDcSOgXRiTzMwnZxhk92ENf31ZvVhm1SiW5i-9DUA9ZTyTbKH5NqlodJxhR8LqWvwoD0d8', 'state': 'ECunuyq487DrPNlp', 'code': '6Nbc0mx1Ac3_k02xzoXya7GOhr0vuy9KLrHlqm18ZKo.1js3d9_naQLrrDiNPMuWZ9o69ufm8PsAj0jyAL3F_Rc'}
10.604 AuthorizationResponse {
"code": "6Nbc0mx1Ac3_k02xzoXya7GOhr0vuy9KLrHlqm18ZKo.1js3d9_naQLrrDiNPMuWZ9o69ufm8PsAj0jyAL3F_Rc",
"id_token": {
"aud": [
"9ead53ac-7ec8-4752-a06c-bc25aad8d01f"
],
"auth_time": 1529751224,
"c_hash": "_-d3cExkc4N29tagu1GRCQ",
"exp": 1529754827,
"iat": 1529751227,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "e52e1989-8295-458a-8a5d-93e60179d4ce",
"nonce": "WRrQdTa6gwJizPLy",
"rat": 1529751222,
"sub": "foo@bar.com"
},
"state": "ECunuyq487DrPNlp"
}
10.604 phase <--<-- 7 --- AccessToken -->-->
10.604 --> request op_args: {'state': 'ECunuyq487DrPNlp'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
10.604 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'ECunuyq487DrPNlp', 'code': '6Nbc0mx1Ac3_k02xzoXya7GOhr0vuy9KLrHlqm18ZKo.1js3d9_naQLrrDiNPMuWZ9o69ufm8PsAj0jyAL3F_Rc', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '9ead53ac-7ec8-4752-a06c-bc25aad8d01f'}, 'state': 'ECunuyq487DrPNlp'}
10.604 AccessTokenRequest {
"code": "6Nbc0mx1Ac3_k02xzoXya7GOhr0vuy9KLrHlqm18ZKo.1js3d9_naQLrrDiNPMuWZ9o69ufm8PsAj0jyAL3F_Rc",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "ECunuyq487DrPNlp"
}
10.604 request_url https://oidc-certification.ory.sh:8443/oauth2/token
10.604 request_http_args {'headers': {'Authorization': 'Basic OWVhZDUzYWMtN2VjOC00NzUyLWEwNmMtYmMyNWFhZDhkMDFmOi45eldhRDZSRGRrQQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
10.604 request code=6Nbc0mx1Ac3_k02xzoXya7GOhr0vuy9KLrHlqm18ZKo.1js3d9_naQLrrDiNPMuWZ9o69ufm8PsAj0jyAL3F_Rc&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=ECunuyq487DrPNlp
10.816 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
10.817 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOWVhZDUzYWMtN2VjOC00NzUyLWEwNmMtYmMyNWFhZDhkMDFmIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiXy1kM2NFeGtjNE4yOXRhZ3UxR1JDUSIsImV4cCI6MTUyOTc1NDgyNywiaWF0IjoxNTI5NzUxMjI3LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI5ZTIxMTdlZS1iNDY4LTRlYTYtOTA2ZC05MzAzMGE5YjllODIiLCJub25jZSI6IldSclFkVGE2Z3dKaXpQTHkiLCJyYXQiOjE1Mjk3NTEyMjIsInN1YiI6ImZvb0BiYXIuY29tIn0.WB33Pr1hoGdGmpkhhW1a79GGl_Ycl3ObTOqD_bmE2eElfwi51ihjdXHxz_yiCIhZEwmlVwYhPIGBB8odojkx-suTDRBCKXMZ_3aBQ_ik54c739u8c4dO0s-PTJlpMEaLy5NBYx0NQWLb1UcSrGN32HxCeq_dDYb65YcaNUx2N_KtnmHNkXAXjHvWr5ThSmkYq59ikR3xtafwjQ-wV4DuBEu9OpTKkI0hBE4L6SLVDAchSkJTbwSzLb4yzemWMWHQipz81sqzlPrUycHAB91S8IZQOhOhSWgXdEgUmUEfo07Nl_g18oH-EM0RC2sTZXSQGHL6jpMjGVpWUvs2HK5itPUm_2D-ko6XPQdpCnsk-3SeoFZejIW3Z7_ymJ0EV4g6JpSkkpzjBG831ABw2YhGHpT0obogOflPUWvGdnvGmq_Vwhdyp-pcS5OWSqCHKl8J_L44scsokzNVoRlrV6ocuJFDDzU5_kra3g5LqRWHq570QrqEnBskA3PEgDEvFGarcoktREfaiPBOJVy2XbwCE_T5_lY7WWT-GY7Uq6J6ZmwdeIt_01uAxyAMAHSMgs9yLqoZv3KgTsOrbckoGqL6Pvv9bDUoKzyNvX4fxTESt_VmwR9qOKH-t7lzgSH2Pq_UROHAGtY9hzL4if2oMfx29H6LOGm-bTV7usUlfvpEqkY', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'GVHVfcCTykmpCg6E_U3FpqBNdg_SADbyKiI7eMJqygI.5OuAYNrV_IXkbsuvYrcFUopAd9QntfE-HSyEOB-IEIA', 'scope': 'openid'}
10.82 AccessTokenResponse {
"access_token": "GVHVfcCTykmpCg6E_U3FpqBNdg_SADbyKiI7eMJqygI.5OuAYNrV_IXkbsuvYrcFUopAd9QntfE-HSyEOB-IEIA",
"expires_in": 3599,
"id_token": {
"aud": [
"9ead53ac-7ec8-4752-a06c-bc25aad8d01f"
],
"auth_time": 1529751224,
"c_hash": "_-d3cExkc4N29tagu1GRCQ",
"exp": 1529754827,
"iat": 1529751227,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "9e2117ee-b468-4ea6-906d-93030a9b9e82",
"nonce": "WRrQdTa6gwJizPLy",
"rat": 1529751222,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
10.82 phase <--<-- 8 --- Done -->-->
10.821 end
10.821 assertion VerifyResponse
10.821 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
10.821 assertion MultipleSignOn
10.821 condition multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
10.821 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Response-Missing.txt���������������������������������������������������������������������������0000644�0000000�0000000�00000015226�13313423070�015435� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Response-Missing
Test description: Authorization request missing the response_type parameter
Timestamp: 2018-06-23T10:51:36Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.096 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.097 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.097 phase <--<-- 2 --- Registration -->-->
0.097 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.098 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#JRX1p7YLROLCRtrD"
],
"response_types": [
"code id_token"
]
}
0.29 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.291 RegistrationResponse {
"client_id": "8898dd48-5166-4a3a-9497-7d7eb24cd1e9",
"client_secret": "uWzygpM29J1c",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "8898dd48-5166-4a3a-9497-7d7eb24cd1e9",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#JRX1p7YLROLCRtrD"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.291 phase <--<-- 3 --- Note -->-->
1.701 phase <--<-- 4 --- AsyncAuthn -->-->
1.702 AuthorizationRequest {
"client_id": "8898dd48-5166-4a3a-9497-7d7eb24cd1e9",
"nonce": "rhlRVwXUFBDYJcH2",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"scope": "openid",
"state": "21wdXtuE6WYtc0WJ"
}
1.702 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?state=21wdXtuE6WYtc0WJ&scope=openid&nonce=rhlRVwXUFBDYJcH2&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=8898dd48-5166-4a3a-9497-7d7eb24cd1e9
1.702 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?state=21wdXtuE6WYtc0WJ&scope=openid&nonce=rhlRVwXUFBDYJcH2&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=8898dd48-5166-4a3a-9497-7d7eb24cd1e9
2.314 response Response URL with query part
2.315 response {'error_debug': 'The request is missing the response_type parameter', 'error_description': 'The authorization server does not support obtaining a token using this method', 'state': '', 'error': 'unsupported_response_type'}
2.315 response {'error_debug': 'The request is missing the response_type parameter', 'error_description': 'The authorization server does not support obtaining a token using this method', 'error': 'unsupported_response_type'}
2.315 AuthorizationErrorResponse {
"error": "unsupported_response_type",
"error_debug": "The request is missing the response_type parameter",
"error_description": "The authorization server does not support obtaining a token using this method"
}
2.315 AuthorizationErrorResponse {
"error": "unsupported_response_type",
"error_debug": "The request is missing the response_type parameter",
"error_description": "The authorization server does not support obtaining a token using this method"
}
2.315 phase <--<-- 5 --- Done -->-->
2.316 end
2.316 assertion VerifyErrorMessage
2.316 condition verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
2.316 condition Done: status=OK
============================================================
Conditions
verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-UserInfo-Endpoint.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000031664�13313423201�015540� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-UserInfo-Endpoint
Test description: UserInfo Endpoint access with GET and bearer header
Timestamp: 2018-06-23T10:52:49Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.075 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#exjfersS8oAONTfg"
],
"response_types": [
"code id_token"
]
}
0.229 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.23 RegistrationResponse {
"client_id": "a5f5ee28-177e-4892-b908-5dc0f258c626",
"client_secret": "5hCrFnoJIfIK",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "a5f5ee28-177e-4892-b908-5dc0f258c626",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#exjfersS8oAONTfg"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.23 phase <--<-- 3 --- AsyncAuthn -->-->
0.231 AuthorizationRequest {
"client_id": "a5f5ee28-177e-4892-b908-5dc0f258c626",
"nonce": "DHAYKfNXZ7AYFwx7",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "cHplUcn5U2bqlgsd"
}
0.231 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=a5f5ee28-177e-4892-b908-5dc0f258c626&state=cHplUcn5U2bqlgsd&response_type=code+id_token&nonce=DHAYKfNXZ7AYFwx7
0.231 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=a5f5ee28-177e-4892-b908-5dc0f258c626&state=cHplUcn5U2bqlgsd&response_type=code+id_token&nonce=DHAYKfNXZ7AYFwx7
2.729 http args {}
2.898 response URL with fragment
2.898 response code=lWRqMGRjwbA__qQKD4LU2obJI5-PL5td76XqfQ9o0K4.RpH7yngXawDRTfXo6wH4GxJOov5SrxswshipOAoNfcM&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYTVmNWVlMjgtMTc3ZS00ODkyLWI5MDgtNWRjMGYyNThjNjI2Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiR1U1aVd2VHlraHVZUWtRSklqZktGdyIsImV4cCI6MTUyOTc1NDc2OSwiaWF0IjoxNTI5NzUxMTY5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmMTM0ODQ4Zi0wYWZiLTRhMTgtOTE3MC1jNjg5N2ViMTdmYzkiLCJub25jZSI6IkRIQVlLZk5YWjdBWUZ3eDciLCJyYXQiOjE1Mjk3NTExNjYsInN1YiI6ImZvb0BiYXIuY29tIn0.i1pNgZ_sn78hVXE14N41jpJEN4DPr45-fJtbFGq1rAhBF1bHr_GKP6YsISCLqIPfgwQnZkj3jyML-ug9Ia_vbsvgFosryjqQ-uAVnC3M-ngFemyq_GJuvvcK7e8BvmFHBtOfT3V5QCQffEtytk-Zwbhj1xtDdDA9csZUkjLdpXaFv6MJ6sz6ZTNsFfFfv-WkGGrQAmhkrBOQ9JWvgOWn0ao2KhLNFHVVCz5KOsX8pUFmYem0oJT-30rKqot5MJ6rgurXVRTow-9JPJHa-qIr_dfVJpuXdQBgbsT5jJI83aglw1D1-tmJK502N3vXAhj6ECbPXSFeqAhS2v-oLvIHb2vyEIkdjBVBUZVBYn11zaqsDisAa2UajGBVZQZGxnPbHigj7Q_KEOJ9ystemzkog1tkPDCW9g3ufjZSSAx0IHQS2vL_oIIX40IWpHQRHVpniULgxU8z6gyDEW9xJs7oL7jnkhCZFRASIIMabKeu82Iyq4tSw8WYWMhsyzzY-oC8FJhYnnOmcohjeOIHhOG-CYBPXYRVp9YG-4lu1TuUTmsfK9ROlrr1zLY-Ph77tsm_7FcuZSbLcB5bzN4J1jSAu3-MXQOWhL7WYuxBNc2a_yZlHmObtm3QaMq6QgtV92h-9xPgzT8RH-tXehxDOAJPL7ue-namsZtuD1RIz1S7qfE&state=cHplUcn5U2bqlgsd
2.899 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYTVmNWVlMjgtMTc3ZS00ODkyLWI5MDgtNWRjMGYyNThjNjI2Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiR1U1aVd2VHlraHVZUWtRSklqZktGdyIsImV4cCI6MTUyOTc1NDc2OSwiaWF0IjoxNTI5NzUxMTY5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmMTM0ODQ4Zi0wYWZiLTRhMTgtOTE3MC1jNjg5N2ViMTdmYzkiLCJub25jZSI6IkRIQVlLZk5YWjdBWUZ3eDciLCJyYXQiOjE1Mjk3NTExNjYsInN1YiI6ImZvb0BiYXIuY29tIn0.i1pNgZ_sn78hVXE14N41jpJEN4DPr45-fJtbFGq1rAhBF1bHr_GKP6YsISCLqIPfgwQnZkj3jyML-ug9Ia_vbsvgFosryjqQ-uAVnC3M-ngFemyq_GJuvvcK7e8BvmFHBtOfT3V5QCQffEtytk-Zwbhj1xtDdDA9csZUkjLdpXaFv6MJ6sz6ZTNsFfFfv-WkGGrQAmhkrBOQ9JWvgOWn0ao2KhLNFHVVCz5KOsX8pUFmYem0oJT-30rKqot5MJ6rgurXVRTow-9JPJHa-qIr_dfVJpuXdQBgbsT5jJI83aglw1D1-tmJK502N3vXAhj6ECbPXSFeqAhS2v-oLvIHb2vyEIkdjBVBUZVBYn11zaqsDisAa2UajGBVZQZGxnPbHigj7Q_KEOJ9ystemzkog1tkPDCW9g3ufjZSSAx0IHQS2vL_oIIX40IWpHQRHVpniULgxU8z6gyDEW9xJs7oL7jnkhCZFRASIIMabKeu82Iyq4tSw8WYWMhsyzzY-oC8FJhYnnOmcohjeOIHhOG-CYBPXYRVp9YG-4lu1TuUTmsfK9ROlrr1zLY-Ph77tsm_7FcuZSbLcB5bzN4J1jSAu3-MXQOWhL7WYuxBNc2a_yZlHmObtm3QaMq6QgtV92h-9xPgzT8RH-tXehxDOAJPL7ue-namsZtuD1RIz1S7qfE', 'state': 'cHplUcn5U2bqlgsd', 'code': 'lWRqMGRjwbA__qQKD4LU2obJI5-PL5td76XqfQ9o0K4.RpH7yngXawDRTfXo6wH4GxJOov5SrxswshipOAoNfcM'}
2.978 AuthorizationResponse {
"code": "lWRqMGRjwbA__qQKD4LU2obJI5-PL5td76XqfQ9o0K4.RpH7yngXawDRTfXo6wH4GxJOov5SrxswshipOAoNfcM",
"id_token": {
"aud": [
"a5f5ee28-177e-4892-b908-5dc0f258c626"
],
"auth_time": 1529750975,
"c_hash": "GU5iWvTykhuYQkQJIjfKFw",
"exp": 1529754769,
"iat": 1529751169,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "f134848f-0afb-4a18-9170-c6897eb17fc9",
"nonce": "DHAYKfNXZ7AYFwx7",
"rat": 1529751166,
"sub": "foo@bar.com"
},
"state": "cHplUcn5U2bqlgsd"
}
2.978 phase <--<-- 4 --- AccessToken -->-->
2.978 --> request op_args: {'state': 'cHplUcn5U2bqlgsd'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.978 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'cHplUcn5U2bqlgsd', 'code': 'lWRqMGRjwbA__qQKD4LU2obJI5-PL5td76XqfQ9o0K4.RpH7yngXawDRTfXo6wH4GxJOov5SrxswshipOAoNfcM', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'a5f5ee28-177e-4892-b908-5dc0f258c626'}, 'state': 'cHplUcn5U2bqlgsd'}
2.978 AccessTokenRequest {
"code": "lWRqMGRjwbA__qQKD4LU2obJI5-PL5td76XqfQ9o0K4.RpH7yngXawDRTfXo6wH4GxJOov5SrxswshipOAoNfcM",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "cHplUcn5U2bqlgsd"
}
2.979 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.979 request_http_args {'headers': {'Authorization': 'Basic YTVmNWVlMjgtMTc3ZS00ODkyLWI5MDgtNWRjMGYyNThjNjI2OjVoQ3JGbm9KSWZJSw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.979 request code=lWRqMGRjwbA__qQKD4LU2obJI5-PL5td76XqfQ9o0K4.RpH7yngXawDRTfXo6wH4GxJOov5SrxswshipOAoNfcM&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=cHplUcn5U2bqlgsd
3.189 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.19 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYTVmNWVlMjgtMTc3ZS00ODkyLWI5MDgtNWRjMGYyNThjNjI2Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiR1U1aVd2VHlraHVZUWtRSklqZktGdyIsImV4cCI6MTUyOTc1NDc2OSwiaWF0IjoxNTI5NzUxMTY5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI1M2IxMmU0Yi1kNWEwLTRkYzItOGExYi1mMjM1OTZiYjE3ZTUiLCJub25jZSI6IkRIQVlLZk5YWjdBWUZ3eDciLCJyYXQiOjE1Mjk3NTExNjYsInN1YiI6ImZvb0BiYXIuY29tIn0.Mw3wpO_qv1IPqoiCQdR0oFEoXc9puGvs3MTK-pLXMAYML0EXwFujYpZ6uvQxteS2YYb1lXdOV8fmX2a8mCCHhEKhs5JYKMC7lSG9rdQvr3xFv8Ir4xAX9liJHJlmbY3Tgue5CBv3cuMDDbG5lj-o9z7Gxw6oPskqd49FFtHhe31wWbqkBpXWl6-v8pgdKClBZPLZuMGc6HcE8ekZ2BX-3Ojv9PFDVzFZDdRQpIFtEmmkx_k1QtuP7f2MhW5AHfHLYDvjHP7lh2IeI4jPuAaDf9BV5nHWR6pdQAL4OmOrz8_6gHP_IVI9xc24PLTbs_FrNy8vW2tpkDk9b_gipCQ1xivEKB5oiD0-gpdvG-o8hYvVqO-cX9g6jFb7fCoexZvyE40fIVPuoEcnnEYZi4184w7ubB6tKcTy1HZlfu15DkW5ZSobTpmhtjZWDvW8CxbDlmIBvlBNyfz6Qij-ppcf203CUHoQ4cFCY2x-bCzHvxn3ufP_kPFghTdjHB3fwL6QFdQCI9GENXrP8m1Tl8Enps18NZ4g1dxyevHA7gQTgJPVHwB_dqp43M6vU5ldvb7uEHF7jZoo3WU5-0GQjfkFi205Gk0EA97QwzqI5g8SmmGhMeJMBn8u_pPDa9F5hbIHxd9M6ORHSJozInCmJsulSyId6l_bbMIRXfQXBhFxXOw', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'DQzQkdEQQpDvsiizrN1Zd0jFQL4EOSsaRhArfo3B0CY.tAm3G_xHLupgXFWlMjm9nHkkoLmYT-wLPoBW6-rs56U', 'scope': 'openid'}
3.193 AccessTokenResponse {
"access_token": "DQzQkdEQQpDvsiizrN1Zd0jFQL4EOSsaRhArfo3B0CY.tAm3G_xHLupgXFWlMjm9nHkkoLmYT-wLPoBW6-rs56U",
"expires_in": 3599,
"id_token": {
"aud": [
"a5f5ee28-177e-4892-b908-5dc0f258c626"
],
"auth_time": 1529750975,
"c_hash": "GU5iWvTykhuYQkQJIjfKFw",
"exp": 1529754769,
"iat": 1529751169,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "53b12e4b-d5a0-4dc2-8a1b-f23596bb17e5",
"nonce": "DHAYKfNXZ7AYFwx7",
"rat": 1529751166,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.193 phase <--<-- 5 --- UserInfo -->-->
3.194 do_user_info_request kwargs:{'state': 'cHplUcn5U2bqlgsd', 'method': 'GET', 'authn_method': 'bearer_header'}
3.194 request {'body': None}
3.194 request_url https://oidc-certification.ory.sh:8443/userinfo
3.194 request_http_args {'headers': {'Authorization': 'Bearer DQzQkdEQQpDvsiizrN1Zd0jFQL4EOSsaRhArfo3B0CY.tAm3G_xHLupgXFWlMjm9nHkkoLmYT-wLPoBW6-rs56U'}}
3.289 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
3.29 OpenIDSchema {
"sub": "foo@bar.com"
}
3.29 OpenIDSchema {
"sub": "foo@bar.com"
}
3.29 phase <--<-- 6 --- Done -->-->
3.29 end
3.291 assertion VerifyResponse
3.291 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.291 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������./OP-Req-id_token_hint.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000057245�13313423515�015606� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-id_token_hint
Test description: Using prompt=none with user hint through id_token_hint
Timestamp: 2018-06-23T10:56:13Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.075 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#yrnfli01GaFMJl6E"
],
"response_types": [
"code id_token"
]
}
0.242 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.243 RegistrationResponse {
"client_id": "15642923-27b2-4d31-a224-ab6b32f4b0ba",
"client_secret": "xWN.dHu6.1J8",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "15642923-27b2-4d31-a224-ab6b32f4b0ba",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#yrnfli01GaFMJl6E"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.243 phase <--<-- 3 --- AsyncAuthn -->-->
0.244 AuthorizationRequest {
"client_id": "15642923-27b2-4d31-a224-ab6b32f4b0ba",
"nonce": "LkPfAt7CxsvuaFKU",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "RnrMdXJhCMHv6zJL"
}
0.244 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=15642923-27b2-4d31-a224-ab6b32f4b0ba&state=RnrMdXJhCMHv6zJL&response_type=code+id_token&nonce=LkPfAt7CxsvuaFKU
0.244 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=15642923-27b2-4d31-a224-ab6b32f4b0ba&state=RnrMdXJhCMHv6zJL&response_type=code+id_token&nonce=LkPfAt7CxsvuaFKU
3.907 http args {}
4.116 response URL with fragment
4.116 response code=HHLJcnI6O_1WLnfeN-XGnGjtik5rNiJt4W5yBsbtg4Q.zit8mOXOLIrENCVGC8QOpb-RFwNfPbJanYBuqZxzXSI&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiMDU3Tl9XdkpNRFhmWGdvcVNUR2hxUSIsImV4cCI6MTUyOTc1NDk3MCwiaWF0IjoxNTI5NzUxMzcwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI4ZTMyODZlYi0wOWVhLTQ1ODQtYmJkNC1kYjQzZGFhZWNhZjQiLCJub25jZSI6IkxrUGZBdDdDeHN2dWFGS1UiLCJyYXQiOjE1Mjk3NTEzNjcsInN1YiI6ImZvb0BiYXIuY29tIn0.vsngnkTpDZ3iyCqlVb4wtlqZkpzq-hECStHpT-vy0r3XkL0HTCt23rR7o0iwJabaHb1Ibx8O3y4msLkTbLivhB0bHhZwfZshXuDicTZQzlyfYB6aVUkUgdRaI-xWRSXgbDvD0eU5MQtLPV_Do2E48jf7mWBrzeBIjShAkSMgG5gw_2cCa7TedLTOyvmEi1_1KGZ5O33U691RoOK93eB9TyLduMXqmKPD8-FZNDtYYxP3Br8l-weuiQNMDKylliS04buqBl8eOOm32NwElYal8F1s5VC-Rq0FG5pAEupmqnipESF0exYTlUybynbXPaHpQAMUNwR_wFfL34rnOvP9BNFwugqpj_Xefkm5YSjoHYgeDOoV9FQj52RsnngJwx4K_PBnij9L359syg9YO6P3PzvNOUZUgYbcublhwfzeCcrsO-zDJSH_M9N3FmW3EqmNE2BbWc0KgUtTpEgVh0lkH8bzUe_WNWFI6EPKh8HimHrcwamna8cCjJbMSfWKw2LHdfeyxvm71QKwz5MaeCYN8shhdlENSWdEJPEDIH24XMjMyHE9VybP0BesnkVpmccS8hKFUVWpS4r89GVcJ8mAkKzSpIxtpVEgamHQgkhMGV7JfmDUibGL8XULvVzmGMEtY5toKzvO2TieXLuTKwicQuISY1sf42JuQjgatUtRdQE&state=RnrMdXJhCMHv6zJL
4.117 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiMDU3Tl9XdkpNRFhmWGdvcVNUR2hxUSIsImV4cCI6MTUyOTc1NDk3MCwiaWF0IjoxNTI5NzUxMzcwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI4ZTMyODZlYi0wOWVhLTQ1ODQtYmJkNC1kYjQzZGFhZWNhZjQiLCJub25jZSI6IkxrUGZBdDdDeHN2dWFGS1UiLCJyYXQiOjE1Mjk3NTEzNjcsInN1YiI6ImZvb0BiYXIuY29tIn0.vsngnkTpDZ3iyCqlVb4wtlqZkpzq-hECStHpT-vy0r3XkL0HTCt23rR7o0iwJabaHb1Ibx8O3y4msLkTbLivhB0bHhZwfZshXuDicTZQzlyfYB6aVUkUgdRaI-xWRSXgbDvD0eU5MQtLPV_Do2E48jf7mWBrzeBIjShAkSMgG5gw_2cCa7TedLTOyvmEi1_1KGZ5O33U691RoOK93eB9TyLduMXqmKPD8-FZNDtYYxP3Br8l-weuiQNMDKylliS04buqBl8eOOm32NwElYal8F1s5VC-Rq0FG5pAEupmqnipESF0exYTlUybynbXPaHpQAMUNwR_wFfL34rnOvP9BNFwugqpj_Xefkm5YSjoHYgeDOoV9FQj52RsnngJwx4K_PBnij9L359syg9YO6P3PzvNOUZUgYbcublhwfzeCcrsO-zDJSH_M9N3FmW3EqmNE2BbWc0KgUtTpEgVh0lkH8bzUe_WNWFI6EPKh8HimHrcwamna8cCjJbMSfWKw2LHdfeyxvm71QKwz5MaeCYN8shhdlENSWdEJPEDIH24XMjMyHE9VybP0BesnkVpmccS8hKFUVWpS4r89GVcJ8mAkKzSpIxtpVEgamHQgkhMGV7JfmDUibGL8XULvVzmGMEtY5toKzvO2TieXLuTKwicQuISY1sf42JuQjgatUtRdQE', 'state': 'RnrMdXJhCMHv6zJL', 'code': 'HHLJcnI6O_1WLnfeN-XGnGjtik5rNiJt4W5yBsbtg4Q.zit8mOXOLIrENCVGC8QOpb-RFwNfPbJanYBuqZxzXSI'}
4.197 AuthorizationResponse {
"code": "HHLJcnI6O_1WLnfeN-XGnGjtik5rNiJt4W5yBsbtg4Q.zit8mOXOLIrENCVGC8QOpb-RFwNfPbJanYBuqZxzXSI",
"id_token": {
"aud": [
"15642923-27b2-4d31-a224-ab6b32f4b0ba"
],
"auth_time": 1529751224,
"c_hash": "057N_WvJMDXfXgoqSTGhqQ",
"exp": 1529754970,
"iat": 1529751370,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "8e3286eb-09ea-4584-bbd4-db43daaecaf4",
"nonce": "LkPfAt7CxsvuaFKU",
"rat": 1529751367,
"sub": "foo@bar.com"
},
"state": "RnrMdXJhCMHv6zJL"
}
4.197 phase <--<-- 4 --- AccessToken -->-->
4.197 --> request op_args: {'state': 'RnrMdXJhCMHv6zJL'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.197 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'RnrMdXJhCMHv6zJL', 'code': 'HHLJcnI6O_1WLnfeN-XGnGjtik5rNiJt4W5yBsbtg4Q.zit8mOXOLIrENCVGC8QOpb-RFwNfPbJanYBuqZxzXSI', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '15642923-27b2-4d31-a224-ab6b32f4b0ba'}, 'state': 'RnrMdXJhCMHv6zJL'}
4.197 AccessTokenRequest {
"code": "HHLJcnI6O_1WLnfeN-XGnGjtik5rNiJt4W5yBsbtg4Q.zit8mOXOLIrENCVGC8QOpb-RFwNfPbJanYBuqZxzXSI",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "RnrMdXJhCMHv6zJL"
}
4.197 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.197 request_http_args {'headers': {'Authorization': 'Basic MTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhOnhXTi5kSHU2LjFKOA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.197 request code=HHLJcnI6O_1WLnfeN-XGnGjtik5rNiJt4W5yBsbtg4Q.zit8mOXOLIrENCVGC8QOpb-RFwNfPbJanYBuqZxzXSI&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=RnrMdXJhCMHv6zJL
4.846 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.847 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiMDU3Tl9XdkpNRFhmWGdvcVNUR2hxUSIsImV4cCI6MTUyOTc1NDk3MCwiaWF0IjoxNTI5NzUxMzcxLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhNDg3YjMwMC1mMDFkLTQ0NDAtOGNhYS03ZDU4ZGIxZDRhZGIiLCJub25jZSI6IkxrUGZBdDdDeHN2dWFGS1UiLCJyYXQiOjE1Mjk3NTEzNjcsInN1YiI6ImZvb0BiYXIuY29tIn0.zlGpK6xyHtI6ez9M_xHlba9mrMr7BvKEkcjgyXh6K8eQKO5MrwF9KuH6L1fGwYEQOX0ebjij3GZyUVjWVL8a0oSDSXnd0go7PzAQIEf04Ec7Bm9BI9s4sOcE08tJkL0Bk1aXtLvcrjbP9lVRX_DHiZCeK25gMZ-1iIfJU-42E_8zzIKIBCDBnobRiYGUUPRkc78xwsIDi0_6s57g6RFZCPtuM0mcqWc51O8XmPgciDnAeiOfAY5BW1hamp0yWJjuvI0HgQ2sYlDQtB9lI0YbDlT1SqZYveco0rdhQUg0K8ZtqHN7Yn658Oz4Wk8ecKQCxiW23ij_qyYSFCWRAcf_zLtgcvWxFlfDhsdy3RAm2jQWHJDdvAnKKKUjUNBqNcDxsGMNyA75KgqNaPADzNkONE69tPYUs21ZAGI-FbBa-AOB5vFRa75Ie4mDF1xFePpD0qYp8Y8yw3utUuaMsylxylzlTufw1WmBvDwrrUXfm5Y_seWbovKJnutwK99_HkhRvATUKGcJ-bC4aVhoWMpC6Hgtm8PPFTb5pd5qMPhKBOvNuXnVW9yicuZavt84589zvLbpi6Thdth1mgDoOtg1bvE-OxrSaguk6MQ3DUl6g-QnEgIsT5J70axU-3v0KQwOaqrP2JeJGX7vKdfYb3m68l9sIEMm6CvG9Yl6LYxxG2c', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'J2FbFX_NmPdTQAv362pxm85O0Z351OfE9Yg1ol04oAs.qduNhhGzoEoQIdKzmozja6wQ2v3pIRopDs0E95HOjvo', 'scope': 'openid'}
4.85 AccessTokenResponse {
"access_token": "J2FbFX_NmPdTQAv362pxm85O0Z351OfE9Yg1ol04oAs.qduNhhGzoEoQIdKzmozja6wQ2v3pIRopDs0E95HOjvo",
"expires_in": 3599,
"id_token": {
"aud": [
"15642923-27b2-4d31-a224-ab6b32f4b0ba"
],
"auth_time": 1529751224,
"c_hash": "057N_WvJMDXfXgoqSTGhqQ",
"exp": 1529754970,
"iat": 1529751371,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "a487b300-f01d-4440-8caa-7d58db1d4adb",
"nonce": "LkPfAt7CxsvuaFKU",
"rat": 1529751367,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
4.85 phase <--<-- 5 --- AsyncAuthn -->-->
4.851 AuthorizationRequest {
"client_id": "15642923-27b2-4d31-a224-ab6b32f4b0ba",
"id_token_hint": "eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiMDU3Tl9XdkpNRFhmWGdvcVNUR2hxUSIsImV4cCI6MTUyOTc1NDk3MCwiaWF0IjoxNTI5NzUxMzcwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI4ZTMyODZlYi0wOWVhLTQ1ODQtYmJkNC1kYjQzZGFhZWNhZjQiLCJub25jZSI6IkxrUGZBdDdDeHN2dWFGS1UiLCJyYXQiOjE1Mjk3NTEzNjcsInN1YiI6ImZvb0BiYXIuY29tIn0.vsngnkTpDZ3iyCqlVb4wtlqZkpzq-hECStHpT-vy0r3XkL0HTCt23rR7o0iwJabaHb1Ibx8O3y4msLkTbLivhB0bHhZwfZshXuDicTZQzlyfYB6aVUkUgdRaI-xWRSXgbDvD0eU5MQtLPV_Do2E48jf7mWBrzeBIjShAkSMgG5gw_2cCa7TedLTOyvmEi1_1KGZ5O33U691RoOK93eB9TyLduMXqmKPD8-FZNDtYYxP3Br8l-weuiQNMDKylliS04buqBl8eOOm32NwElYal8F1s5VC-Rq0FG5pAEupmqnipESF0exYTlUybynbXPaHpQAMUNwR_wFfL34rnOvP9BNFwugqpj_Xefkm5YSjoHYgeDOoV9FQj52RsnngJwx4K_PBnij9L359syg9YO6P3PzvNOUZUgYbcublhwfzeCcrsO-zDJSH_M9N3FmW3EqmNE2BbWc0KgUtTpEgVh0lkH8bzUe_WNWFI6EPKh8HimHrcwamna8cCjJbMSfWKw2LHdfeyxvm71QKwz5MaeCYN8shhdlENSWdEJPEDIH24XMjMyHE9VybP0BesnkVpmccS8hKFUVWpS4r89GVcJ8mAkKzSpIxtpVEgamHQgkhMGV7JfmDUibGL8XULvVzmGMEtY5toKzvO2TieXLuTKwicQuISY1sf42JuQjgatUtRdQE",
"nonce": "mUrJ09Kb66oqlSbJ",
"prompt": [
"none"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "QvvHtGVIggdmK40U"
}
4.851 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=15642923-27b2-4d31-a224-ab6b32f4b0ba&state=QvvHtGVIggdmK40U&id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiMDU3Tl9XdkpNRFhmWGdvcVNUR2hxUSIsImV4cCI6MTUyOTc1NDk3MCwiaWF0IjoxNTI5NzUxMzcwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI4ZTMyODZlYi0wOWVhLTQ1ODQtYmJkNC1kYjQzZGFhZWNhZjQiLCJub25jZSI6IkxrUGZBdDdDeHN2dWFGS1UiLCJyYXQiOjE1Mjk3NTEzNjcsInN1YiI6ImZvb0BiYXIuY29tIn0.vsngnkTpDZ3iyCqlVb4wtlqZkpzq-hECStHpT-vy0r3XkL0HTCt23rR7o0iwJabaHb1Ibx8O3y4msLkTbLivhB0bHhZwfZshXuDicTZQzlyfYB6aVUkUgdRaI-xWRSXgbDvD0eU5MQtLPV_Do2E48jf7mWBrzeBIjShAkSMgG5gw_2cCa7TedLTOyvmEi1_1KGZ5O33U691RoOK93eB9TyLduMXqmKPD8-FZNDtYYxP3Br8l-weuiQNMDKylliS04buqBl8eOOm32NwElYal8F1s5VC-Rq0FG5pAEupmqnipESF0exYTlUybynbXPaHpQAMUNwR_wFfL34rnOvP9BNFwugqpj_Xefkm5YSjoHYgeDOoV9FQj52RsnngJwx4K_PBnij9L359syg9YO6P3PzvNOUZUgYbcublhwfzeCcrsO-zDJSH_M9N3FmW3EqmNE2BbWc0KgUtTpEgVh0lkH8bzUe_WNWFI6EPKh8HimHrcwamna8cCjJbMSfWKw2LHdfeyxvm71QKwz5MaeCYN8shhdlENSWdEJPEDIH24XMjMyHE9VybP0BesnkVpmccS8hKFUVWpS4r89GVcJ8mAkKzSpIxtpVEgamHQgkhMGV7JfmDUibGL8XULvVzmGMEtY5toKzvO2TieXLuTKwicQuISY1sf42JuQjgatUtRdQE&response_type=code+id_token&nonce=mUrJ09Kb66oqlSbJ
4.851 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=15642923-27b2-4d31-a224-ab6b32f4b0ba&state=QvvHtGVIggdmK40U&id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiMDU3Tl9XdkpNRFhmWGdvcVNUR2hxUSIsImV4cCI6MTUyOTc1NDk3MCwiaWF0IjoxNTI5NzUxMzcwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI4ZTMyODZlYi0wOWVhLTQ1ODQtYmJkNC1kYjQzZGFhZWNhZjQiLCJub25jZSI6IkxrUGZBdDdDeHN2dWFGS1UiLCJyYXQiOjE1Mjk3NTEzNjcsInN1YiI6ImZvb0BiYXIuY29tIn0.vsngnkTpDZ3iyCqlVb4wtlqZkpzq-hECStHpT-vy0r3XkL0HTCt23rR7o0iwJabaHb1Ibx8O3y4msLkTbLivhB0bHhZwfZshXuDicTZQzlyfYB6aVUkUgdRaI-xWRSXgbDvD0eU5MQtLPV_Do2E48jf7mWBrzeBIjShAkSMgG5gw_2cCa7TedLTOyvmEi1_1KGZ5O33U691RoOK93eB9TyLduMXqmKPD8-FZNDtYYxP3Br8l-weuiQNMDKylliS04buqBl8eOOm32NwElYal8F1s5VC-Rq0FG5pAEupmqnipESF0exYTlUybynbXPaHpQAMUNwR_wFfL34rnOvP9BNFwugqpj_Xefkm5YSjoHYgeDOoV9FQj52RsnngJwx4K_PBnij9L359syg9YO6P3PzvNOUZUgYbcublhwfzeCcrsO-zDJSH_M9N3FmW3EqmNE2BbWc0KgUtTpEgVh0lkH8bzUe_WNWFI6EPKh8HimHrcwamna8cCjJbMSfWKw2LHdfeyxvm71QKwz5MaeCYN8shhdlENSWdEJPEDIH24XMjMyHE9VybP0BesnkVpmccS8hKFUVWpS4r89GVcJ8mAkKzSpIxtpVEgamHQgkhMGV7JfmDUibGL8XULvVzmGMEtY5toKzvO2TieXLuTKwicQuISY1sf42JuQjgatUtRdQE&response_type=code+id_token&nonce=mUrJ09Kb66oqlSbJ
5.995 http args {}
6.184 response URL with fragment
6.185 response code=_tGpBnhdQ367pnOJGwQuAI0VnyBmxm3RFvLDJGXFQJU.dWs0pgdOFmgmRtmkdx_ml6NXbJ1O_GAuyjzTUESpY6c&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiTTlUcHc1UzhjR21hTkRXb0F6b05ZQSIsImV4cCI6MTUyOTc1NDk3MiwiaWF0IjoxNTI5NzUxMzcyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwMGJiNWRiNi1jODRhLTRiNWUtYjc3Yi00YmIyZmUxYzkyODMiLCJub25jZSI6Im1VckowOUtiNjZvcWxTYkoiLCJyYXQiOjE1Mjk3NTEzNzEsInN1YiI6ImZvb0BiYXIuY29tIn0.1gvKldXG3lM0-T8B4BXaq3cd_C-92nd_csMx7BuCJMkDxephP4nr8OXQxI7tt57DHqFN0YctuISJitWayw90c7Tx9YXMA6PjUeanp8u9DovekgjzLIsve1eGGKSe4l-9hnrpPW-xybi_V97ZfB-xec-qQQQz9H22LZ96afzLczANeZ86WZklSk3HB5sUolJcUlvntsn2TwvgAg47oTPI0GpfaRCPOzXZb25OMaqQvO7HC1CYOVv0bP_l74Wp79VrR7WBo3mIpntdRc-wZzB_dvPvGusk74tfse8a71xVUGqwUQglzUbVNTb6LXsQ-tlccVeP1lg_2bIiFzoWzsUnq38zvL18pjoUoChy4NJtMk4t055orNuCVeyJfRm0l5h24jDELxl1c20XvniSXckwL2qmiaCJTk1KlsPtUKdkV_NWsXhfUBpQdQOW5fZ7B4dLLQKs3S5d5y4ZpGvNr9ZrmmYLdo02-mfeKiqeWM1SuhhX9cTG6MAswz-SLLYlZnuLSYCCfz7vWk774YzPSM7qGGa13qWU6s9kMzoa2YETjRMViWl4xNCwnnHEyYIMoi7aNCRNgIQ5RHgSODXtAt7Gv5myMyHLHQSYoFSWVYCVNl-yWP1NvbIRrM0IAFE_leUBYmZkz8vY9JjTbT6MCuqnX8CSCqOj2vRsdonNDwlHPgU&state=QvvHtGVIggdmK40U
6.185 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiTTlUcHc1UzhjR21hTkRXb0F6b05ZQSIsImV4cCI6MTUyOTc1NDk3MiwiaWF0IjoxNTI5NzUxMzcyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwMGJiNWRiNi1jODRhLTRiNWUtYjc3Yi00YmIyZmUxYzkyODMiLCJub25jZSI6Im1VckowOUtiNjZvcWxTYkoiLCJyYXQiOjE1Mjk3NTEzNzEsInN1YiI6ImZvb0BiYXIuY29tIn0.1gvKldXG3lM0-T8B4BXaq3cd_C-92nd_csMx7BuCJMkDxephP4nr8OXQxI7tt57DHqFN0YctuISJitWayw90c7Tx9YXMA6PjUeanp8u9DovekgjzLIsve1eGGKSe4l-9hnrpPW-xybi_V97ZfB-xec-qQQQz9H22LZ96afzLczANeZ86WZklSk3HB5sUolJcUlvntsn2TwvgAg47oTPI0GpfaRCPOzXZb25OMaqQvO7HC1CYOVv0bP_l74Wp79VrR7WBo3mIpntdRc-wZzB_dvPvGusk74tfse8a71xVUGqwUQglzUbVNTb6LXsQ-tlccVeP1lg_2bIiFzoWzsUnq38zvL18pjoUoChy4NJtMk4t055orNuCVeyJfRm0l5h24jDELxl1c20XvniSXckwL2qmiaCJTk1KlsPtUKdkV_NWsXhfUBpQdQOW5fZ7B4dLLQKs3S5d5y4ZpGvNr9ZrmmYLdo02-mfeKiqeWM1SuhhX9cTG6MAswz-SLLYlZnuLSYCCfz7vWk774YzPSM7qGGa13qWU6s9kMzoa2YETjRMViWl4xNCwnnHEyYIMoi7aNCRNgIQ5RHgSODXtAt7Gv5myMyHLHQSYoFSWVYCVNl-yWP1NvbIRrM0IAFE_leUBYmZkz8vY9JjTbT6MCuqnX8CSCqOj2vRsdonNDwlHPgU', 'state': 'QvvHtGVIggdmK40U', 'code': '_tGpBnhdQ367pnOJGwQuAI0VnyBmxm3RFvLDJGXFQJU.dWs0pgdOFmgmRtmkdx_ml6NXbJ1O_GAuyjzTUESpY6c'}
6.189 AuthorizationResponse {
"code": "_tGpBnhdQ367pnOJGwQuAI0VnyBmxm3RFvLDJGXFQJU.dWs0pgdOFmgmRtmkdx_ml6NXbJ1O_GAuyjzTUESpY6c",
"id_token": {
"aud": [
"15642923-27b2-4d31-a224-ab6b32f4b0ba"
],
"auth_time": 1529751224,
"c_hash": "M9Tpw5S8cGmaNDWoAzoNYA",
"exp": 1529754972,
"iat": 1529751372,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "00bb5db6-c84a-4b5e-b77b-4bb2fe1c9283",
"nonce": "mUrJ09Kb66oqlSbJ",
"rat": 1529751371,
"sub": "foo@bar.com"
},
"state": "QvvHtGVIggdmK40U"
}
6.189 phase <--<-- 6 --- AccessToken -->-->
6.189 --> request op_args: {'state': 'QvvHtGVIggdmK40U'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
6.189 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'QvvHtGVIggdmK40U', 'code': '_tGpBnhdQ367pnOJGwQuAI0VnyBmxm3RFvLDJGXFQJU.dWs0pgdOFmgmRtmkdx_ml6NXbJ1O_GAuyjzTUESpY6c', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '15642923-27b2-4d31-a224-ab6b32f4b0ba'}, 'state': 'QvvHtGVIggdmK40U'}
6.189 AccessTokenRequest {
"code": "_tGpBnhdQ367pnOJGwQuAI0VnyBmxm3RFvLDJGXFQJU.dWs0pgdOFmgmRtmkdx_ml6NXbJ1O_GAuyjzTUESpY6c",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "QvvHtGVIggdmK40U"
}
6.189 request_url https://oidc-certification.ory.sh:8443/oauth2/token
6.189 request_http_args {'headers': {'Authorization': 'Basic MTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhOnhXTi5kSHU2LjFKOA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
6.189 request code=_tGpBnhdQ367pnOJGwQuAI0VnyBmxm3RFvLDJGXFQJU.dWs0pgdOFmgmRtmkdx_ml6NXbJ1O_GAuyjzTUESpY6c&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=QvvHtGVIggdmK40U
6.477 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
6.478 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU2NDI5MjMtMjdiMi00ZDMxLWEyMjQtYWI2YjMyZjRiMGJhIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiTTlUcHc1UzhjR21hTkRXb0F6b05ZQSIsImV4cCI6MTUyOTc1NDk3MiwiaWF0IjoxNTI5NzUxMzczLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIxNDdiZmJkYi0xNWE4LTQ4YTQtYmI0Ny02YTQyYWIxM2ZjN2UiLCJub25jZSI6Im1VckowOUtiNjZvcWxTYkoiLCJyYXQiOjE1Mjk3NTEzNzEsInN1YiI6ImZvb0BiYXIuY29tIn0.g6YdONzd9AlBEKUztNIxyaL0AvZF-GVC7xlBGecqqbaqWS4r_ZscK14JIxLK_8qKQm2BAi_PNNVo-aVjA5byndLGVTCUrL-bLPm-Rj_3jTGMaFBLGlBI0OVuAa6MYmhxSV9caPEZO1quHbC8HM0YujUG8PmAXG3mD4qnrknAKtTitBCQSdOzxn7zQ-TrO92rUHBhVCXNTGnHDrQ6ZT0uqkfdaarc9II4xLSk4zvIN_6UImIjolNa1HQ09QUoeVPVu8tqjwvkMPIoNAJBH0IcQhYJX3GWS3OK3HG990_xgFVw20U6oSCoRNRABtmzbSrY8b5pApq7UITdx1LPQdEammYNKF-U4TDlQBtzEEMKol8hWpZ0cwwY2-KM2J_hfeJ6_gHSP2TF022lPzGBXkzJxrEJ9fO_MiBF7H4Bduv-lzAH6tgiTDLwBCGHxaM8Rj4cFNMx4rtc4kgdPbJ9Yk7RvKznL_Yn-5hXQl5aJxadK1gWAECJdzG6PKTmGdmWR9HhHCFbfPyqi5dVAKoaL4bQPsytJVl_3QIRK9jElrWr9HaFS8zsn0sIYdMt5SI4f-1VNRXQ7N78JtrxXNig_gfSkPNz3VdY_1zddtdN8_Iad9cBLCnyOdXW7nc62qZmgu1Ys40Ti2xpHJ0jg4EqJTDmkQ3wOasjZC-NqYUllL4UpJ0', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'tUuF1kvIqKmy17FjWzgev5qCrZ6esg64x0Z6JhsykM8.rumBCnCEwZtshDZl6rFFBKR9rJpaJGg_vOfGfS3Y04k', 'scope': 'openid'}
6.481 AccessTokenResponse {
"access_token": "tUuF1kvIqKmy17FjWzgev5qCrZ6esg64x0Z6JhsykM8.rumBCnCEwZtshDZl6rFFBKR9rJpaJGg_vOfGfS3Y04k",
"expires_in": 3599,
"id_token": {
"aud": [
"15642923-27b2-4d31-a224-ab6b32f4b0ba"
],
"auth_time": 1529751224,
"c_hash": "M9Tpw5S8cGmaNDWoAzoNYA",
"exp": 1529754972,
"iat": 1529751373,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "147bfbdb-15a8-48a4-bb47-6a42ab13fc7e",
"nonce": "mUrJ09Kb66oqlSbJ",
"rat": 1529751371,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
6.481 phase <--<-- 7 --- Done -->-->
6.482 end
6.482 assertion VerifyResponse
6.482 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
6.482 assertion SameAuthn
6.482 condition same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
6.482 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-tos_uri.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000022330�13313423137�016362� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-tos_uri
Test description: Registration with tos_uri
Timestamp: 2018-06-23T10:52:15Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.352 phase <--<-- 1 --- Webfinger -->-->
1.352 not expected to do WebFinger
1.352 phase <--<-- 2 --- Discovery -->-->
1.352 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.424 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.426 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.426 phase <--<-- 3 --- Registration -->-->
1.426 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'tos_uri': 'https://op.certification.openid.net:61353/static/tos.html', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.426 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#aZtm9xtEV5apzxl1"
],
"response_types": [
"code id_token"
],
"tos_uri": "https://op.certification.openid.net:61353/static/tos.html"
}
1.584 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.585 RegistrationResponse {
"client_id": "88021b12-ac4e-47ff-9fc8-a6670c996ed1",
"client_secret": "zmfmYdwraFs_",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "88021b12-ac4e-47ff-9fc8-a6670c996ed1",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#aZtm9xtEV5apzxl1"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"tos_uri": "https://op.certification.openid.net:61353/static/tos.html",
"userinfo_signed_response_alg": "none"
}
1.585 phase <--<-- 4 --- AsyncAuthn -->-->
1.585 AuthorizationRequest {
"client_id": "88021b12-ac4e-47ff-9fc8-a6670c996ed1",
"nonce": "B0N2VczWBfDXvoJj",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "8eTcnI4kKE563a4A"
}
1.586 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=88021b12-ac4e-47ff-9fc8-a6670c996ed1&state=8eTcnI4kKE563a4A&response_type=code+id_token&nonce=B0N2VczWBfDXvoJj
1.586 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=88021b12-ac4e-47ff-9fc8-a6670c996ed1&state=8eTcnI4kKE563a4A&response_type=code+id_token&nonce=B0N2VczWBfDXvoJj
4.132 http args {}
4.3 response URL with fragment
4.301 response code=T2uY3i0uNaPym5I4_v3164RbsnVJJbtINn8U4OUMSHI.CoBFcWW4A8RDaf5Ia0ljBMRat-_lgao6A4I5i-RRlqI&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiODgwMjFiMTItYWM0ZS00N2ZmLTlmYzgtYTY2NzBjOTk2ZWQxIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoidjB4anR0MjFGM1c1bnVJeDlramEtdyIsImV4cCI6MTUyOTc1NDczNSwiaWF0IjoxNTI5NzUxMTM1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI2YzEwYTM2YS1jNGM5LTQwNWMtYTE4MC02NGViNTg0NjhiMjEiLCJub25jZSI6IkIwTjJWY3pXQmZEWHZvSmoiLCJyYXQiOjE1Mjk3NTExMzMsInN1YiI6ImZvb0BiYXIuY29tIn0.zDFBwvahkXZvXr85WJQPlvssn8rkHLu3A2mm5BtXNlLagDAVJuRhosn1BOvolK5CagwBd4FPkYCLm_Kwfrg1UUfJXxy9xOrooRV6BppWOKlPlM6GSFSKn-0DpBmiFx_8dg_v3-J2WNEm8idJtHhOmR9JnGCKhsfP70leGyXEz6xEOBqNOjBA8EAWLjjzqHCMHKG1FPMuuaV1am6Uwu61xD5-XhesNHEbm4KHbbwclQ29dS1_yPrikwQV2Hp_VyGh97rDq-Ze3mXwiEHRY8tEspS7zfrbw7YCjOuiA36k7VOZ4f9_QwzufuwFeETVuWqIwnmgS0Ffq5LWK8rJ__kensZ6hqymokeVmzXSM4EIV-PJxM_iJ_z2LD-2-IWALOrsU0wHH6mLibx5O3JBnZfT34IUK-NoSq2NQ2BGzf8R7XlFXSZL1RwIZ0PtjZgi7nf69sGkYx4yR2FPxleiqyie-PYr1tAfQS4NLa4DND0Jx0yN_osz2ylyM-yJHlKeU2JPGAs1hQjX-02VToImZNHm8HiqMipnJ7vXfX2DIDqO4KS9Mu4ztG_MEchKbAix7uEjwzZcOSA-TNSqxiXcTfrzbPBlbgM2uDQuReUeQBHAX21iWhdwuGD7HDy5KWNc0BDhomuiNIy5f7oWopTlMTPpm6cVSrP2SY8O_bYkpl2avCE&state=8eTcnI4kKE563a4A
4.301 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiODgwMjFiMTItYWM0ZS00N2ZmLTlmYzgtYTY2NzBjOTk2ZWQxIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoidjB4anR0MjFGM1c1bnVJeDlramEtdyIsImV4cCI6MTUyOTc1NDczNSwiaWF0IjoxNTI5NzUxMTM1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI2YzEwYTM2YS1jNGM5LTQwNWMtYTE4MC02NGViNTg0NjhiMjEiLCJub25jZSI6IkIwTjJWY3pXQmZEWHZvSmoiLCJyYXQiOjE1Mjk3NTExMzMsInN1YiI6ImZvb0BiYXIuY29tIn0.zDFBwvahkXZvXr85WJQPlvssn8rkHLu3A2mm5BtXNlLagDAVJuRhosn1BOvolK5CagwBd4FPkYCLm_Kwfrg1UUfJXxy9xOrooRV6BppWOKlPlM6GSFSKn-0DpBmiFx_8dg_v3-J2WNEm8idJtHhOmR9JnGCKhsfP70leGyXEz6xEOBqNOjBA8EAWLjjzqHCMHKG1FPMuuaV1am6Uwu61xD5-XhesNHEbm4KHbbwclQ29dS1_yPrikwQV2Hp_VyGh97rDq-Ze3mXwiEHRY8tEspS7zfrbw7YCjOuiA36k7VOZ4f9_QwzufuwFeETVuWqIwnmgS0Ffq5LWK8rJ__kensZ6hqymokeVmzXSM4EIV-PJxM_iJ_z2LD-2-IWALOrsU0wHH6mLibx5O3JBnZfT34IUK-NoSq2NQ2BGzf8R7XlFXSZL1RwIZ0PtjZgi7nf69sGkYx4yR2FPxleiqyie-PYr1tAfQS4NLa4DND0Jx0yN_osz2ylyM-yJHlKeU2JPGAs1hQjX-02VToImZNHm8HiqMipnJ7vXfX2DIDqO4KS9Mu4ztG_MEchKbAix7uEjwzZcOSA-TNSqxiXcTfrzbPBlbgM2uDQuReUeQBHAX21iWhdwuGD7HDy5KWNc0BDhomuiNIy5f7oWopTlMTPpm6cVSrP2SY8O_bYkpl2avCE', 'state': '8eTcnI4kKE563a4A', 'code': 'T2uY3i0uNaPym5I4_v3164RbsnVJJbtINn8U4OUMSHI.CoBFcWW4A8RDaf5Ia0ljBMRat-_lgao6A4I5i-RRlqI'}
4.415 AuthorizationResponse {
"code": "T2uY3i0uNaPym5I4_v3164RbsnVJJbtINn8U4OUMSHI.CoBFcWW4A8RDaf5Ia0ljBMRat-_lgao6A4I5i-RRlqI",
"id_token": {
"aud": [
"88021b12-ac4e-47ff-9fc8-a6670c996ed1"
],
"auth_time": 1529750975,
"c_hash": "v0xjtt21F3W5nuIx9kja-w",
"exp": 1529754735,
"iat": 1529751135,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "6c10a36a-c4c9-405c-a180-64eb58468b21",
"nonce": "B0N2VczWBfDXvoJj",
"rat": 1529751133,
"sub": "foo@bar.com"
},
"state": "8eTcnI4kKE563a4A"
}
4.415 phase <--<-- 5 --- Done -->-->
4.415 end
4.415 assertion VerifyAuthnResponse
4.416 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
4.416 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-prompt-none-NotLoggedIn.txt��������������������������������������������������������������������0000644�0000000�0000000�00000015566�13313423322�016664� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-prompt-none-NotLoggedIn
Test description: Request with prompt=none when not logged in
Timestamp: 2018-06-23T10:54:10Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.97 phase <--<-- 1 --- Webfinger -->-->
1.97 not expected to do WebFinger
1.97 phase <--<-- 2 --- Discovery -->-->
1.97 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
2.045 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
2.046 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
2.046 phase <--<-- 3 --- Registration -->-->
2.047 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
2.047 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#I645FSXsLzn4BkKq"
],
"response_types": [
"code id_token"
]
}
2.202 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
2.203 RegistrationResponse {
"client_id": "c252b53f-ac61-4480-9b1a-ae2ac187c073",
"client_secret": "oqp9EEgDOLcA",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "c252b53f-ac61-4480-9b1a-ae2ac187c073",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#I645FSXsLzn4BkKq"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
2.203 phase <--<-- 4 --- AsyncAuthn -->-->
2.204 AuthorizationRequest {
"client_id": "c252b53f-ac61-4480-9b1a-ae2ac187c073",
"nonce": "pTsTDn5GTmVEQFnb",
"prompt": [
"none"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "Pv8pr2aaYrlyoiuL"
}
2.204 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=c252b53f-ac61-4480-9b1a-ae2ac187c073&state=Pv8pr2aaYrlyoiuL&response_type=code+id_token&nonce=pTsTDn5GTmVEQFnb
2.204 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=c252b53f-ac61-4480-9b1a-ae2ac187c073&state=Pv8pr2aaYrlyoiuL&response_type=code+id_token&nonce=pTsTDn5GTmVEQFnb
2.659 http args {}
2.865 response URL with fragment
2.865 response error=login_required&error_debug=Prompt+%2522none%2522+was+requested%252C+but+no+existing+login+session+was+found&error_description=The+Authorization+Server+requires+End-User+authentication&state=Pv8pr2aaYrlyoiuL
2.865 response {'error_debug': 'Prompt %22none%22 was requested%2C but no existing login session was found', 'error_description': 'The Authorization Server requires End-User authentication', 'state': 'Pv8pr2aaYrlyoiuL', 'error': 'login_required'}
2.866 AuthorizationErrorResponse {
"error": "login_required",
"error_debug": "Prompt %22none%22 was requested%2C but no existing login session was found",
"error_description": "The Authorization Server requires End-User authentication",
"state": "Pv8pr2aaYrlyoiuL"
}
2.866 AuthorizationErrorResponse {
"error": "login_required",
"error_debug": "Prompt %22none%22 was requested%2C but no existing login session was found",
"error_description": "The Authorization Server requires End-User authentication",
"state": "Pv8pr2aaYrlyoiuL"
}
2.866 phase <--<-- 5 --- Done -->-->
2.866 end
2.866 assertion VerifyErrorMessage
2.866 condition verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
2.866 condition Done: status=OK
============================================================
Conditions
verify-error-response: status=OK [Checks that the last response was a JSON encoded error message]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������./OP-request_uri-Unsigned.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000023110�13313423434�016344� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-request_uri-Unsigned
Test description: Support request_uri request parameter with unsigned request
Timestamp: 2018-06-23T10:55:24Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.075 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'request_object_signing_alg': 'none'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "none",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#oWtpSthBZSPsjgkU"
],
"response_types": [
"code id_token"
]
}
0.244 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.245 RegistrationResponse {
"client_id": "82ff8c70-fe79-4e96-943e-f6790831e7f6",
"client_secret": "nKkXLwfmfAml",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "82ff8c70-fe79-4e96-943e-f6790831e7f6",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "none",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#oWtpSthBZSPsjgkU"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.245 phase <--<-- 3 --- AsyncAuthn -->-->
0.246 AuthorizationRequest {
"client_id": "82ff8c70-fe79-4e96-943e-f6790831e7f6",
"nonce": "VjHj18xEx7NbzOYG",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"request_uri": "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#oWtpSthBZSPsjgkU",
"response_type": "code id_token",
"scope": "openid",
"state": "zmu5TYsGIIe83Enu"
}
0.246 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?request_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Frequests%2Fe3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9%23oWtpSthBZSPsjgkU&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=82ff8c70-fe79-4e96-943e-f6790831e7f6&state=zmu5TYsGIIe83Enu&response_type=code+id_token&nonce=VjHj18xEx7NbzOYG
0.246 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?request_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Frequests%2Fe3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9%23oWtpSthBZSPsjgkU&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=82ff8c70-fe79-4e96-943e-f6790831e7f6&state=zmu5TYsGIIe83Enu&response_type=code+id_token&nonce=VjHj18xEx7NbzOYG
2.928 http args {}
3.131 response URL with fragment
3.131 response code=EiS-oOSHEfXZ7eign5pgHwt5Le3bfIHRNMjNBR-o-2Y.LtvDfbYPmn09ZjkpGzil5BBxyrOrs4LD2G5P9UvuyQA&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiODJmZjhjNzAtZmU3OS00ZTk2LTk0M2UtZjY3OTA4MzFlN2Y2Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiaVpHRERQVmJhVEhZdHBFZHliMmpkUSIsImV4cCI6MTUyOTc1NDkyMywiaWF0IjoxNTI5NzUxMzIzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhZDAyMGZiMi0yNzgxLTQwYjAtOGMyMi0xZDI4ZDM4NmVmOTciLCJub25jZSI6IlZqSGoxOHhFeDdOYnpPWUciLCJyYXQiOjE1Mjk3NTEzMjEsInN1YiI6ImZvb0BiYXIuY29tIn0.NeVen2eJF06qgS2i8EqzxHh_N3Pz1R34T8KAoUzsKNbVY9yVnOddd27pHFjDKKV9O0fyol1oII7wHQ2cOXze7VovTH6qpFmuquAcQSDTf_AqsN3HP7HzC88lukCnCUNO6Csr1DIaY9gVdb8dZGRN9oB9SlgMBEX71ca1SEbGZMd63Ivw8rlnYr27ANuH6D_IwGT8VXu04bZdvo1Zhn5m3QQZYW8CrMzllctXyG1T2F8b_k8BcaSR-bw1Pv8EZ8G4SsPQpu0aeNzg7RwRilrQnbUyI3JKgH1Zrm9iXfoEr-COyave4A9FVVZhN-ZO5TaEyfwiEksN6PV-w7zzMuebRMcIIJ1YUfgYe7bGOzn1lHUi24UXy91hkBsiAdUARULBcye6dO8Oh_ldzRxYMQJYYWi1bT4ysj4lUdQKtjDi4WEmBRFbAOD2gttNKMH8WIW3r8okUYOPsIEVfNNmkMTvgOrSk8HfxSrOEFC7Y6K1zX4oanpGpk-KAbV078c5qaM33zDibtpcrYS1ztase7S9Q_zxq9zVFRaa0zfWq-xl2j7opWeWBbXms5SuNOB3PNrJHZ0ehXCRkGHGrTcPjQqdogSfThCP_C2hNBTLNDBNMZ2MXlnf-8c9O6xmzk4LjBcHYdsMJN8EkR98SVP1PbR9FswCpH_DjT72HJ3ZiCf-tPo&state=zmu5TYsGIIe83Enu
3.131 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiODJmZjhjNzAtZmU3OS00ZTk2LTk0M2UtZjY3OTA4MzFlN2Y2Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiaVpHRERQVmJhVEhZdHBFZHliMmpkUSIsImV4cCI6MTUyOTc1NDkyMywiaWF0IjoxNTI5NzUxMzIzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhZDAyMGZiMi0yNzgxLTQwYjAtOGMyMi0xZDI4ZDM4NmVmOTciLCJub25jZSI6IlZqSGoxOHhFeDdOYnpPWUciLCJyYXQiOjE1Mjk3NTEzMjEsInN1YiI6ImZvb0BiYXIuY29tIn0.NeVen2eJF06qgS2i8EqzxHh_N3Pz1R34T8KAoUzsKNbVY9yVnOddd27pHFjDKKV9O0fyol1oII7wHQ2cOXze7VovTH6qpFmuquAcQSDTf_AqsN3HP7HzC88lukCnCUNO6Csr1DIaY9gVdb8dZGRN9oB9SlgMBEX71ca1SEbGZMd63Ivw8rlnYr27ANuH6D_IwGT8VXu04bZdvo1Zhn5m3QQZYW8CrMzllctXyG1T2F8b_k8BcaSR-bw1Pv8EZ8G4SsPQpu0aeNzg7RwRilrQnbUyI3JKgH1Zrm9iXfoEr-COyave4A9FVVZhN-ZO5TaEyfwiEksN6PV-w7zzMuebRMcIIJ1YUfgYe7bGOzn1lHUi24UXy91hkBsiAdUARULBcye6dO8Oh_ldzRxYMQJYYWi1bT4ysj4lUdQKtjDi4WEmBRFbAOD2gttNKMH8WIW3r8okUYOPsIEVfNNmkMTvgOrSk8HfxSrOEFC7Y6K1zX4oanpGpk-KAbV078c5qaM33zDibtpcrYS1ztase7S9Q_zxq9zVFRaa0zfWq-xl2j7opWeWBbXms5SuNOB3PNrJHZ0ehXCRkGHGrTcPjQqdogSfThCP_C2hNBTLNDBNMZ2MXlnf-8c9O6xmzk4LjBcHYdsMJN8EkR98SVP1PbR9FswCpH_DjT72HJ3ZiCf-tPo', 'state': 'zmu5TYsGIIe83Enu', 'code': 'EiS-oOSHEfXZ7eign5pgHwt5Le3bfIHRNMjNBR-o-2Y.LtvDfbYPmn09ZjkpGzil5BBxyrOrs4LD2G5P9UvuyQA'}
3.209 AuthorizationResponse {
"code": "EiS-oOSHEfXZ7eign5pgHwt5Le3bfIHRNMjNBR-o-2Y.LtvDfbYPmn09ZjkpGzil5BBxyrOrs4LD2G5P9UvuyQA",
"id_token": {
"aud": [
"82ff8c70-fe79-4e96-943e-f6790831e7f6"
],
"auth_time": 1529751224,
"c_hash": "iZGDDPVbaTHYtpEdyb2jdQ",
"exp": 1529754923,
"iat": 1529751323,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "ad020fb2-2781-40b0-8c22-1d28d386ef97",
"nonce": "VjHj18xEx7NbzOYG",
"rat": 1529751321,
"sub": "foo@bar.com"
},
"state": "zmu5TYsGIIe83Enu"
}
3.209 phase <--<-- 4 --- Done -->-->
3.209 end
3.21 assertion VerifyResponse
3.21 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.21 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Req-acr_values.txt�����������������������������������������������������������������������������0000644�0000000�0000000�00000031427�13313423477�015115� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-acr_values
Test description: Providing acr_values
Timestamp: 2018-06-23T10:55:59Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.074 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.075 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.075 phase <--<-- 2 --- Registration -->-->
0.075 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#ZAXVRhKLUXgI6lq9"
],
"response_types": [
"code id_token"
]
}
0.267 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.268 RegistrationResponse {
"client_id": "498b5241-dead-47e1-a3d2-83e375ffe1ac",
"client_secret": "E6Plpb585M52",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "498b5241-dead-47e1-a3d2-83e375ffe1ac",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#ZAXVRhKLUXgI6lq9"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.268 phase <--<-- 3 --- AsyncAuthn -->-->
0.268 AuthorizationRequest {
"acr_values": "1 2",
"client_id": "498b5241-dead-47e1-a3d2-83e375ffe1ac",
"nonce": "B8L2ZZLxLOYAZtSG",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "RkZYzBGQ3bdBRyNR"
}
0.269 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=498b5241-dead-47e1-a3d2-83e375ffe1ac&state=RkZYzBGQ3bdBRyNR&acr_values=1+2&response_type=code+id_token&nonce=B8L2ZZLxLOYAZtSG
0.269 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=498b5241-dead-47e1-a3d2-83e375ffe1ac&state=RkZYzBGQ3bdBRyNR&acr_values=1+2&response_type=code+id_token&nonce=B8L2ZZLxLOYAZtSG
2.564 http args {}
2.734 response URL with fragment
2.734 response code=Xg7gOkhw73dyA9yneMLy2bHOoaeS-7uejD-Qrq-0phc.VDUwKYn-daDwUxsAUBJUlCNUAj7chOfi_XHFsqfTLBk&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhY3IiOiIwIiwiYXVkIjpbIjQ5OGI1MjQxLWRlYWQtNDdlMS1hM2QyLTgzZTM3NWZmZTFhYyJdLCJhdXRoX3RpbWUiOjE1Mjk3NTEyMjQsImNfaGFzaCI6IjBYMlZlelRhUDB5RXRxR3I4UXpXcFEiLCJleHAiOjE1Mjk3NTQ5NTgsImlhdCI6MTUyOTc1MTM1OCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvIiwianRpIjoiY2ZhZDc3MjctM2QzMC00NTBlLWIyMWMtYjJjMGUyNmVkYTNhIiwibm9uY2UiOiJCOEwyWlpMeExPWUFadFNHIiwicmF0IjoxNTI5NzUxMzU2LCJzdWIiOiJmb29AYmFyLmNvbSJ9.eHnPFP9zOSLK7VmiBmaIyzEuCQeVY6IbgUxB8DlP8ub7iXQQWYR0pK4XlYMoYkNo8POz10tQa7-UqEoMn4i-vsdPOyccry_HyIgVToz-iB9igZPR7yIqXd9QdRq1i-7_XX67HIbnzqlZi57w9a3CnuHnL5ejB0WNfMP0ZbfLPzCAi6q7lygGXGQ9n0llzqbKIi63cVrJsv-zEzfZCk5dxyewSCFqjPtqL_u3wmvork8tSX9csrKWtxrf9j2CzbYclQmmNgejGMQD0t3f1jQhUhoRC5oXtd7DiWnajcjSa55EUb6DHCEIQJ_Vde1xVThawlXpcO9HH2JfMuU6ajkisNbmXRAS8H6KRqslzWlCcACInZbek8aDlIYOqMtbUmBQzQtOrKPrZmxrGDKUYkIVKuXOF_IvmE-Wt-eBAV0rerEChhxBREzNmD9hTP3N9GTtB0sn5dYSs88uZ221cGYqNwh4xTWwD17Y8QxW5AIBCl-Dfk-yBRgLDcFg7B3ou7mcuyJFPs_1CRD-pXZqlIDN3s05B-wpinJQRyzCZjxsf8SXnMmRBw7Hl5VUD28Gxf_mCI3xJ90M6PXHb5cvEvQyu4QDdOfKFf-7pDfBJkznBy0TS6sMdP3ZX8eJaTuiqwdwN5614OLGNqbiF3FXAznzTxyos--1ovt6AUAjEbbgULs&state=RkZYzBGQ3bdBRyNR
2.735 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhY3IiOiIwIiwiYXVkIjpbIjQ5OGI1MjQxLWRlYWQtNDdlMS1hM2QyLTgzZTM3NWZmZTFhYyJdLCJhdXRoX3RpbWUiOjE1Mjk3NTEyMjQsImNfaGFzaCI6IjBYMlZlelRhUDB5RXRxR3I4UXpXcFEiLCJleHAiOjE1Mjk3NTQ5NTgsImlhdCI6MTUyOTc1MTM1OCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvIiwianRpIjoiY2ZhZDc3MjctM2QzMC00NTBlLWIyMWMtYjJjMGUyNmVkYTNhIiwibm9uY2UiOiJCOEwyWlpMeExPWUFadFNHIiwicmF0IjoxNTI5NzUxMzU2LCJzdWIiOiJmb29AYmFyLmNvbSJ9.eHnPFP9zOSLK7VmiBmaIyzEuCQeVY6IbgUxB8DlP8ub7iXQQWYR0pK4XlYMoYkNo8POz10tQa7-UqEoMn4i-vsdPOyccry_HyIgVToz-iB9igZPR7yIqXd9QdRq1i-7_XX67HIbnzqlZi57w9a3CnuHnL5ejB0WNfMP0ZbfLPzCAi6q7lygGXGQ9n0llzqbKIi63cVrJsv-zEzfZCk5dxyewSCFqjPtqL_u3wmvork8tSX9csrKWtxrf9j2CzbYclQmmNgejGMQD0t3f1jQhUhoRC5oXtd7DiWnajcjSa55EUb6DHCEIQJ_Vde1xVThawlXpcO9HH2JfMuU6ajkisNbmXRAS8H6KRqslzWlCcACInZbek8aDlIYOqMtbUmBQzQtOrKPrZmxrGDKUYkIVKuXOF_IvmE-Wt-eBAV0rerEChhxBREzNmD9hTP3N9GTtB0sn5dYSs88uZ221cGYqNwh4xTWwD17Y8QxW5AIBCl-Dfk-yBRgLDcFg7B3ou7mcuyJFPs_1CRD-pXZqlIDN3s05B-wpinJQRyzCZjxsf8SXnMmRBw7Hl5VUD28Gxf_mCI3xJ90M6PXHb5cvEvQyu4QDdOfKFf-7pDfBJkznBy0TS6sMdP3ZX8eJaTuiqwdwN5614OLGNqbiF3FXAznzTxyos--1ovt6AUAjEbbgULs', 'state': 'RkZYzBGQ3bdBRyNR', 'code': 'Xg7gOkhw73dyA9yneMLy2bHOoaeS-7uejD-Qrq-0phc.VDUwKYn-daDwUxsAUBJUlCNUAj7chOfi_XHFsqfTLBk'}
2.818 AuthorizationResponse {
"code": "Xg7gOkhw73dyA9yneMLy2bHOoaeS-7uejD-Qrq-0phc.VDUwKYn-daDwUxsAUBJUlCNUAj7chOfi_XHFsqfTLBk",
"id_token": {
"acr": "0",
"aud": [
"498b5241-dead-47e1-a3d2-83e375ffe1ac"
],
"auth_time": 1529751224,
"c_hash": "0X2VezTaP0yEtqGr8QzWpQ",
"exp": 1529754958,
"iat": 1529751358,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "cfad7727-3d30-450e-b21c-b2c0e26eda3a",
"nonce": "B8L2ZZLxLOYAZtSG",
"rat": 1529751356,
"sub": "foo@bar.com"
},
"state": "RkZYzBGQ3bdBRyNR"
}
2.818 phase <--<-- 4 --- AccessToken -->-->
2.818 --> request op_args: {'state': 'RkZYzBGQ3bdBRyNR'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.818 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'RkZYzBGQ3bdBRyNR', 'code': 'Xg7gOkhw73dyA9yneMLy2bHOoaeS-7uejD-Qrq-0phc.VDUwKYn-daDwUxsAUBJUlCNUAj7chOfi_XHFsqfTLBk', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '498b5241-dead-47e1-a3d2-83e375ffe1ac'}, 'state': 'RkZYzBGQ3bdBRyNR'}
2.818 AccessTokenRequest {
"code": "Xg7gOkhw73dyA9yneMLy2bHOoaeS-7uejD-Qrq-0phc.VDUwKYn-daDwUxsAUBJUlCNUAj7chOfi_XHFsqfTLBk",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "RkZYzBGQ3bdBRyNR"
}
2.818 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.818 request_http_args {'headers': {'Authorization': 'Basic NDk4YjUyNDEtZGVhZC00N2UxLWEzZDItODNlMzc1ZmZlMWFjOkU2UGxwYjU4NU01Mg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.818 request code=Xg7gOkhw73dyA9yneMLy2bHOoaeS-7uejD-Qrq-0phc.VDUwKYn-daDwUxsAUBJUlCNUAj7chOfi_XHFsqfTLBk&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=RkZYzBGQ3bdBRyNR
3.031 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.032 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhY3IiOiIwIiwiYXVkIjpbIjQ5OGI1MjQxLWRlYWQtNDdlMS1hM2QyLTgzZTM3NWZmZTFhYyJdLCJhdXRoX3RpbWUiOjE1Mjk3NTEyMjQsImNfaGFzaCI6IjBYMlZlelRhUDB5RXRxR3I4UXpXcFEiLCJleHAiOjE1Mjk3NTQ5NTgsImlhdCI6MTUyOTc1MTM1OSwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvIiwianRpIjoiN2FhYWFkZTAtYzg1OC00N2Y0LThkYjktZTVmY2JkMWEzNGI5Iiwibm9uY2UiOiJCOEwyWlpMeExPWUFadFNHIiwicmF0IjoxNTI5NzUxMzU2LCJzdWIiOiJmb29AYmFyLmNvbSJ9.WV4ynsATrPEwy80xht7u6qX5_yfYTjjjKLaZkTWdDqsfGK1pKiUjtDxdaTIffBrYeIDxtvuWPzC_jB0HMhCiuLIxkzECt5-3uuav9zfjHVsTY7NoSsKHfb20beWFdS3TKbaViYE3p9TKz9v3-O6N2ZgHtwPnNTr1RAjfZfwkwZ44NRDVDM3iL-FmKjlkUSI2whTfmRFZiFqA7izpCy1zlB0kVmk0gTPM7ToF_VveIwjT4aTOn_AeZ4LlvKEIwsfXkyIiv7dlIOTcauq5tJJwZuFevS2ym3YLODqEKBGCdSu6CKlbvcWdcKSnR98wkGlxUCHU_sJ_VNEhcVP-W-zsQYr1bjLt_HEnKSg8TC5LOY7Jij6Xyz35r2--876w_xrY_kVJ98eC2QFl2yXrr7UAXCzC7aZmmJX1QYflkNir62G9BsJE-HHNxh1Lo4D1hsIqQiQUvs38ni-rU3cIcO9RMikO7q94mOjAs6HWOtGpP4XYW9sRRdFPK9S_nlER9nqy1a80aTaOO2wNLltCNJFCZaaTzTj5PFDof3sHbRgTg3ah6hXQU5EEugfWplTdxLsSyB2a7DyR9USmsJyFl0O2Th6GzSaT6fS5w7QUJ5GV5C2cjXhbBhDSw539rTF1j76QoFkB9Cc3Sldqu4T_RSnfYvFnchmJSe0BOXelVC9_mjg', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'lKYANrfyyynWmfNfZ27dEkYcVrCzotId5N6Xcw18_hA.xGKycO8XtbzxX110MQyvMUKjGKt4Ik86LMm2wKuGHLA', 'scope': 'openid'}
3.035 AccessTokenResponse {
"access_token": "lKYANrfyyynWmfNfZ27dEkYcVrCzotId5N6Xcw18_hA.xGKycO8XtbzxX110MQyvMUKjGKt4Ik86LMm2wKuGHLA",
"expires_in": 3599,
"id_token": {
"acr": "0",
"aud": [
"498b5241-dead-47e1-a3d2-83e375ffe1ac"
],
"auth_time": 1529751224,
"c_hash": "0X2VezTaP0yEtqGr8QzWpQ",
"exp": 1529754958,
"iat": 1529751359,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "7aaaade0-c858-47f4-8db9-e5fcbd1a34b9",
"nonce": "B8L2ZZLxLOYAZtSG",
"rat": 1529751356,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.036 phase <--<-- 5 --- Done -->-->
3.036 end
3.036 assertion VerifyResponse
3.036 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.036 assertion UsedAcrValue
3.037 condition used-acr-value: status=WARNING, message=Used acr value: 0, preferred: ['1', '2'] [The acr value in the ID Token]
3.037 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
used-acr-value: status=WARNING, message=Used acr value: 0, preferred: ['1', '2'] [The acr value in the ID Token]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
Used acr value: 0, preferred: ['1', '2']
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-scope-address.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000033761�13313423450�014772� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-address
Test description: Scope requesting address claims
Timestamp: 2018-06-23T10:55:36Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.071 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.073 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.073 phase <--<-- 2 --- Registration -->-->
0.073 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.073 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#AzR6xbcJSZVNVDf4"
],
"response_types": [
"code id_token"
]
}
0.228 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.229 RegistrationResponse {
"client_id": "a8c27fb3-8d5f-481e-aa1a-0e159e0083e5",
"client_secret": "_T03xK2yUYoC",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "a8c27fb3-8d5f-481e-aa1a-0e159e0083e5",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#AzR6xbcJSZVNVDf4"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.229 phase <--<-- 3 --- AsyncAuthn -->-->
0.229 condition Check support: status=WARNING, message=No support for: scopes_supported=['address']
0.229 AuthorizationRequest {
"client_id": "a8c27fb3-8d5f-481e-aa1a-0e159e0083e5",
"nonce": "pXyspqaEU0NLsuMm",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid address",
"state": "tjDW5056JKzVhg0C"
}
0.23 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+address&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=a8c27fb3-8d5f-481e-aa1a-0e159e0083e5&state=tjDW5056JKzVhg0C&response_type=code+id_token&nonce=pXyspqaEU0NLsuMm
0.23 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+address&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=a8c27fb3-8d5f-481e-aa1a-0e159e0083e5&state=tjDW5056JKzVhg0C&response_type=code+id_token&nonce=pXyspqaEU0NLsuMm
3.309 http args {}
3.48 response URL with fragment
3.48 response code=g3RXKqEZKe7PLVYVkG8HA3zSlHeaKgKCP5BMwsBCBa4.ulQHOVV5wpSfhlUv4-iTruU544jupGwT2jBhHEuRzfE&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYThjMjdmYjMtOGQ1Zi00ODFlLWFhMWEtMGUxNTllMDA4M2U1Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiWmg3RGx0R002cFFsV2thVkNrdlN3dyIsImV4cCI6MTUyOTc1NDkzNSwiaWF0IjoxNTI5NzUxMzM1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmZTZkNzkyZS04ZTA1LTRhMWItOWZmNi1iNzNiMzBiM2M5MjYiLCJub25jZSI6InBYeXNwcWFFVTBOTHN1TW0iLCJyYXQiOjE1Mjk3NTEzMzMsInN1YiI6ImZvb0BiYXIuY29tIn0.WMmDAxvE-WJ4GKT5imyjlz-0llY7OB5Qve6CjbSFNFhpCkR3XBWo2h2vD68TqDn6cs_e0gtVN74hmY0y0pHZ4NreksyvX8spDjG-vgkv-v38J1NjkTMFvo67tElU0Ey32YAjtnfZAnhwfu2OXT0GK1EiEvgi81WjTdD5uVVCwiGvZRnkA1JjY5ZHdOty4RKf_voObckP3xQrBkzCJRa8NeeDJHx2KvzbsPynvYnI9e3C-pOFWX_fD1r7CWhwVmhzBUmabkqWV6yB5KksH3CFULV4dYHgakpwza-yey8E-YTUVoMS6NNs8h9L8zurwdcyXAWYU19Sb0PH0XLS2f6pfBaoXEq-FZM6J73Bf_dg2-a36kBjYv1r-UmFQOQCLPHUaoqPg5z4lled2lURMBjbECUkh8rXaz_iFPLUtp8aypRCoHSP8g7Z6wDePBR-uV4n8lVXTJ0OGJ9sL1T8ET4y32L0YgCkbc86SejUto09eTZBifiUv6uch0v8byFXzEkhIQkwvZMRaRN1WJHYzbjtqI93xqRegfU_9Sx2ogg6gxHDP01sbELW8Bfukkh79Z169-2mrygwfqDoUjwdLgMgE8JmIYRllBFxolmQK865aE54ZOkji_AEgIdv92EIp6fJgB41YRLn97tryHoaFj5JylXwJXElByoZ1bSaTW1eer0&state=tjDW5056JKzVhg0C
3.48 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYThjMjdmYjMtOGQ1Zi00ODFlLWFhMWEtMGUxNTllMDA4M2U1Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiWmg3RGx0R002cFFsV2thVkNrdlN3dyIsImV4cCI6MTUyOTc1NDkzNSwiaWF0IjoxNTI5NzUxMzM1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmZTZkNzkyZS04ZTA1LTRhMWItOWZmNi1iNzNiMzBiM2M5MjYiLCJub25jZSI6InBYeXNwcWFFVTBOTHN1TW0iLCJyYXQiOjE1Mjk3NTEzMzMsInN1YiI6ImZvb0BiYXIuY29tIn0.WMmDAxvE-WJ4GKT5imyjlz-0llY7OB5Qve6CjbSFNFhpCkR3XBWo2h2vD68TqDn6cs_e0gtVN74hmY0y0pHZ4NreksyvX8spDjG-vgkv-v38J1NjkTMFvo67tElU0Ey32YAjtnfZAnhwfu2OXT0GK1EiEvgi81WjTdD5uVVCwiGvZRnkA1JjY5ZHdOty4RKf_voObckP3xQrBkzCJRa8NeeDJHx2KvzbsPynvYnI9e3C-pOFWX_fD1r7CWhwVmhzBUmabkqWV6yB5KksH3CFULV4dYHgakpwza-yey8E-YTUVoMS6NNs8h9L8zurwdcyXAWYU19Sb0PH0XLS2f6pfBaoXEq-FZM6J73Bf_dg2-a36kBjYv1r-UmFQOQCLPHUaoqPg5z4lled2lURMBjbECUkh8rXaz_iFPLUtp8aypRCoHSP8g7Z6wDePBR-uV4n8lVXTJ0OGJ9sL1T8ET4y32L0YgCkbc86SejUto09eTZBifiUv6uch0v8byFXzEkhIQkwvZMRaRN1WJHYzbjtqI93xqRegfU_9Sx2ogg6gxHDP01sbELW8Bfukkh79Z169-2mrygwfqDoUjwdLgMgE8JmIYRllBFxolmQK865aE54ZOkji_AEgIdv92EIp6fJgB41YRLn97tryHoaFj5JylXwJXElByoZ1bSaTW1eer0', 'state': 'tjDW5056JKzVhg0C', 'code': 'g3RXKqEZKe7PLVYVkG8HA3zSlHeaKgKCP5BMwsBCBa4.ulQHOVV5wpSfhlUv4-iTruU544jupGwT2jBhHEuRzfE'}
3.562 AuthorizationResponse {
"code": "g3RXKqEZKe7PLVYVkG8HA3zSlHeaKgKCP5BMwsBCBa4.ulQHOVV5wpSfhlUv4-iTruU544jupGwT2jBhHEuRzfE",
"id_token": {
"aud": [
"a8c27fb3-8d5f-481e-aa1a-0e159e0083e5"
],
"auth_time": 1529751224,
"c_hash": "Zh7DltGM6pQlWkaVCkvSww",
"exp": 1529754935,
"iat": 1529751335,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "fe6d792e-8e05-4a1b-9ff6-b73b30b3c926",
"nonce": "pXyspqaEU0NLsuMm",
"rat": 1529751333,
"sub": "foo@bar.com"
},
"state": "tjDW5056JKzVhg0C"
}
3.562 phase <--<-- 4 --- AccessToken -->-->
3.563 --> request op_args: {'state': 'tjDW5056JKzVhg0C'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.563 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'tjDW5056JKzVhg0C', 'code': 'g3RXKqEZKe7PLVYVkG8HA3zSlHeaKgKCP5BMwsBCBa4.ulQHOVV5wpSfhlUv4-iTruU544jupGwT2jBhHEuRzfE', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'a8c27fb3-8d5f-481e-aa1a-0e159e0083e5'}, 'state': 'tjDW5056JKzVhg0C'}
3.563 AccessTokenRequest {
"code": "g3RXKqEZKe7PLVYVkG8HA3zSlHeaKgKCP5BMwsBCBa4.ulQHOVV5wpSfhlUv4-iTruU544jupGwT2jBhHEuRzfE",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "tjDW5056JKzVhg0C"
}
3.563 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.563 request_http_args {'headers': {'Authorization': 'Basic YThjMjdmYjMtOGQ1Zi00ODFlLWFhMWEtMGUxNTllMDA4M2U1Ol9UMDN4SzJ5VVlvQw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
3.563 request code=g3RXKqEZKe7PLVYVkG8HA3zSlHeaKgKCP5BMwsBCBa4.ulQHOVV5wpSfhlUv4-iTruU544jupGwT2jBhHEuRzfE&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=tjDW5056JKzVhg0C
3.785 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.787 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYThjMjdmYjMtOGQ1Zi00ODFlLWFhMWEtMGUxNTllMDA4M2U1Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiWmg3RGx0R002cFFsV2thVkNrdlN3dyIsImV4cCI6MTUyOTc1NDkzNSwiaWF0IjoxNTI5NzUxMzM2LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIwYTk1MTYyNC00MTIxLTQ1NzEtYmE2Zi0xNjdiY2Y1Y2FlZWQiLCJub25jZSI6InBYeXNwcWFFVTBOTHN1TW0iLCJyYXQiOjE1Mjk3NTEzMzMsInN1YiI6ImZvb0BiYXIuY29tIn0.oE30qBSyPlqGezqvN9Ys_jQmj8LGxScHiQgNgHF5lwMKyFy21m9j0g4hwq8RXiSwmVNcMxUQ6dS4WbhqjheFULgzSqpbLHxCgnIgtOT432GnnGxHL7mR-UqPSf3RWFQVweVVbnO3VRjWZVPuhYzftIRkzClgcZtNEMcOABxjDniEe8PLdU1QWUsWYPPnZqlfSCi91Dwre4_SLuJ4b-eL1rXaeVH8uA8CYRWOCZS59_x_H3tzzUztelMQd_Wafv5dCuJ4QMgovoXF3fh6-Mrww8MJ6M9RSqsMzg8m7CZjAoUeRHi97G_zyIPBvcRjIF8QjxYzyCXcQBrfEvhGrIuWQcRTQP_c5KaGZoAfl43t-A7cxxzBbrCQr9JjMbOFR-s29rnMoEZtCQDYAUwZ6JO9j0z5AvrOZEaHeOG4DKoGQE5S5m4j6QXD7_XW_X9tdlip-cBFO9YdCV11lz7SuEsgYljcdDZ61H9Qm3aRD1yUJgBqGFvMCF7QZgq7R6rmOzDJdGcH1HMzBvEXt2irfqBtQA2drmnBziafs96sOMdVgyOSPOwgmZUugBrrwEGiBg3KPaXf-dgNgY2CB8iaNK2A_P2O8umCxW4zaVPmpGEevG3sc0v5C6pDsRtuMuBSJ3ShXz56bsF_wkbG_k8s70Z82i8vMm4umVykVcplrGjGkxQ', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'oMF4OUOQXfJw6Wr7ZjMKpcaehDLKA1WIcDDKJWJ3EKI.uZMV9jby7RZAEdd3hZwd0LWOx5JcNdwec82NiZFxJyE', 'scope': 'openid address'}
3.79 AccessTokenResponse {
"access_token": "oMF4OUOQXfJw6Wr7ZjMKpcaehDLKA1WIcDDKJWJ3EKI.uZMV9jby7RZAEdd3hZwd0LWOx5JcNdwec82NiZFxJyE",
"expires_in": 3599,
"id_token": {
"aud": [
"a8c27fb3-8d5f-481e-aa1a-0e159e0083e5"
],
"auth_time": 1529751224,
"c_hash": "Zh7DltGM6pQlWkaVCkvSww",
"exp": 1529754935,
"iat": 1529751336,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "0a951624-4121-4571-ba6f-167bcf5caeed",
"nonce": "pXyspqaEU0NLsuMm",
"rat": 1529751333,
"sub": "foo@bar.com"
},
"scope": "openid address",
"token_type": "bearer"
}
3.79 phase <--<-- 5 --- UserInfo -->-->
3.79 do_user_info_request kwargs:{'state': 'tjDW5056JKzVhg0C', 'method': 'GET', 'authn_method': 'bearer_header'}
3.791 request {'body': None}
3.791 request_url https://oidc-certification.ory.sh:8443/userinfo
3.791 request_http_args {'headers': {'Authorization': 'Bearer oMF4OUOQXfJw6Wr7ZjMKpcaehDLKA1WIcDDKJWJ3EKI.uZMV9jby7RZAEdd3hZwd0LWOx5JcNdwec82NiZFxJyE'}}
3.897 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
3.897 OpenIDSchema {
"sub": "foo@bar.com"
}
3.897 OpenIDSchema {
"sub": "foo@bar.com"
}
3.897 phase <--<-- 6 --- Done -->-->
3.898 end
3.898 assertion CheckHTTPResponse
3.898 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
3.899 assertion VerifyResponse
3.899 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.899 assertion VerifyScopes
3.899 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['address'] [Verifies that the claims corresponding to the requested scopes are returned]
3.899 condition Done: status=OK
============================================================
Conditions
Check support: status=WARNING, message=No support for: scopes_supported=['address']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['address'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
No support for: scopes_supported=['address']
The following claims were missing from the returned information: ['address']
���������������./OP-Req-NotUnderstood.txt��������������������������������������������������������������������������0000644�0000000�0000000�00000022006�13313423472�015564� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-NotUnderstood
Test description: Request with extra query component
Timestamp: 2018-06-23T10:55:54Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.083 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.084 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.084 phase <--<-- 2 --- Registration -->-->
0.084 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.085 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#VlJGewuu8WDS79Ye"
],
"response_types": [
"code id_token"
]
}
0.251 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.252 RegistrationResponse {
"client_id": "98bec677-0312-4943-b2b5-c6ccb324c28e",
"client_secret": "ATg8peXeAbpE",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "98bec677-0312-4943-b2b5-c6ccb324c28e",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#VlJGewuu8WDS79Ye"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.252 phase <--<-- 3 --- AsyncAuthn -->-->
0.253 AuthorizationRequest {
"client_id": "98bec677-0312-4943-b2b5-c6ccb324c28e",
"extra": "foobar",
"nonce": "lanFHeGUu61LgqlR",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "nWcqqLQbLqVPKwqF"
}
0.253 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?extra=foobar&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=98bec677-0312-4943-b2b5-c6ccb324c28e&state=nWcqqLQbLqVPKwqF&response_type=code+id_token&nonce=lanFHeGUu61LgqlR
0.253 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?extra=foobar&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=98bec677-0312-4943-b2b5-c6ccb324c28e&state=nWcqqLQbLqVPKwqF&response_type=code+id_token&nonce=lanFHeGUu61LgqlR
3.818 http args {}
4.009 response URL with fragment
4.009 response code=LRL8k09sid1KqPdXS95RMeeQ7KwrqGxh0jRLEH2dKSg.mFtFBTn1A5Dwmtfvo4PHp5J0iU_T1lzVpDl8RCxAKK0&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOThiZWM2NzctMDMxMi00OTQzLWIyYjUtYzZjY2IzMjRjMjhlIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiWXloazdDcHlSTEUxYlhfeHZyLVJVdyIsImV4cCI6MTUyOTc1NDk1NCwiaWF0IjoxNTI5NzUxMzU0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI4ZjQ4MDg2Yy0xNTMyLTRiMzktYjgyMS1jNTI2YjkyMGZiYjgiLCJub25jZSI6ImxhbkZIZUdVdTYxTGdxbFIiLCJyYXQiOjE1Mjk3NTEzNTEsInN1YiI6ImZvb0BiYXIuY29tIn0.VtrafQ9IUpYkvwwP3GAtcm6MVM32TGWJ7khLAv3n_KJoZInTyOxxfW22FPQDuCC0f_xx95N0Id7_4FBdfO5eotzxACINx6yeIdngRLtdJWlWtzAwhBct9SNwFDa1r2w3AOL-SpGXTXjWgH68P49M8_PTUAIq4Fab_SoW4O93ulITIDqGNq2RZc-datPBrSchCzrLj8S8hUB4dJOUlurIgMPA32i3nmFdDjgAGDwgjycVIeaHEvuz7rfx6MEzxxLSBvOuu6lkOOYMSHpIi5IJgHh_y_Gk5ynHkacX-4oNQDYsPe3-Tnb0rMHDnh-88MYCL9-nFMuwSfLJGTpOEqY9XNoTuS-8r0ux61ZGwG7kLVrsP8jM9HyzdF5m2Q8MWNY9zCypU4xPjts_bpL2oFDn6ev9xeyMlkG7-pENx7m9txm5T0DZEAV5o-jdBBVyZ6B9KsVHaJrH2LjWSEkGZHlAH2MzkK_7YKC9nSJiKpEevck8g3fuyXXkpNIsuCfy7NlZ8f8ctqxYIkEC0E8zSEZej7Wb6jyPCgZtvBsB9cTPx_biHeeozMlyBApjPXz_XN2CgBlnaMJQ06LrtuCGcy7KTTHTDPYpI9Xtq-GykoIylrbDt01y7DmKMkKQzOC0L56D2h5rIDWLu6jtkZeAMPrEe8zn-iwTFZUoVoF3UEB5guc&state=nWcqqLQbLqVPKwqF
4.012 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOThiZWM2NzctMDMxMi00OTQzLWIyYjUtYzZjY2IzMjRjMjhlIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiWXloazdDcHlSTEUxYlhfeHZyLVJVdyIsImV4cCI6MTUyOTc1NDk1NCwiaWF0IjoxNTI5NzUxMzU0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI4ZjQ4MDg2Yy0xNTMyLTRiMzktYjgyMS1jNTI2YjkyMGZiYjgiLCJub25jZSI6ImxhbkZIZUdVdTYxTGdxbFIiLCJyYXQiOjE1Mjk3NTEzNTEsInN1YiI6ImZvb0BiYXIuY29tIn0.VtrafQ9IUpYkvwwP3GAtcm6MVM32TGWJ7khLAv3n_KJoZInTyOxxfW22FPQDuCC0f_xx95N0Id7_4FBdfO5eotzxACINx6yeIdngRLtdJWlWtzAwhBct9SNwFDa1r2w3AOL-SpGXTXjWgH68P49M8_PTUAIq4Fab_SoW4O93ulITIDqGNq2RZc-datPBrSchCzrLj8S8hUB4dJOUlurIgMPA32i3nmFdDjgAGDwgjycVIeaHEvuz7rfx6MEzxxLSBvOuu6lkOOYMSHpIi5IJgHh_y_Gk5ynHkacX-4oNQDYsPe3-Tnb0rMHDnh-88MYCL9-nFMuwSfLJGTpOEqY9XNoTuS-8r0ux61ZGwG7kLVrsP8jM9HyzdF5m2Q8MWNY9zCypU4xPjts_bpL2oFDn6ev9xeyMlkG7-pENx7m9txm5T0DZEAV5o-jdBBVyZ6B9KsVHaJrH2LjWSEkGZHlAH2MzkK_7YKC9nSJiKpEevck8g3fuyXXkpNIsuCfy7NlZ8f8ctqxYIkEC0E8zSEZej7Wb6jyPCgZtvBsB9cTPx_biHeeozMlyBApjPXz_XN2CgBlnaMJQ06LrtuCGcy7KTTHTDPYpI9Xtq-GykoIylrbDt01y7DmKMkKQzOC0L56D2h5rIDWLu6jtkZeAMPrEe8zn-iwTFZUoVoF3UEB5guc', 'state': 'nWcqqLQbLqVPKwqF', 'code': 'LRL8k09sid1KqPdXS95RMeeQ7KwrqGxh0jRLEH2dKSg.mFtFBTn1A5Dwmtfvo4PHp5J0iU_T1lzVpDl8RCxAKK0'}
4.093 AuthorizationResponse {
"code": "LRL8k09sid1KqPdXS95RMeeQ7KwrqGxh0jRLEH2dKSg.mFtFBTn1A5Dwmtfvo4PHp5J0iU_T1lzVpDl8RCxAKK0",
"id_token": {
"aud": [
"98bec677-0312-4943-b2b5-c6ccb324c28e"
],
"auth_time": 1529751224,
"c_hash": "Yyhk7CpyRLE1bX_xvr-RUw",
"exp": 1529754954,
"iat": 1529751354,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "8f48086c-1532-4b39-b821-c526b920fbb8",
"nonce": "lanFHeGUu61LgqlR",
"rat": 1529751351,
"sub": "foo@bar.com"
},
"state": "nWcqqLQbLqVPKwqF"
}
4.093 phase <--<-- 4 --- Done -->-->
4.093 end
4.093 assertion VerifyAuthnResponse
4.093 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
4.093 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-scope-email.txt��������������������������������������������������������������������������������0000644�0000000�0000000�00000034024�13313423454�014431� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-email
Test description: Scope requesting email claims
Timestamp: 2018-06-23T10:55:40Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.077 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.078 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.078 phase <--<-- 2 --- Registration -->-->
0.078 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.079 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#o7wjQZoDf1jUd5Kh"
],
"response_types": [
"code id_token"
]
}
0.235 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.236 RegistrationResponse {
"client_id": "6f76d219-7a7a-4fa7-a31f-73a9376a8bf9",
"client_secret": "06X1ysr~LckR",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "6f76d219-7a7a-4fa7-a31f-73a9376a8bf9",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#o7wjQZoDf1jUd5Kh"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.236 phase <--<-- 3 --- AsyncAuthn -->-->
0.236 condition Check support: status=WARNING, message=No support for: scopes_supported=['email']
0.236 AuthorizationRequest {
"client_id": "6f76d219-7a7a-4fa7-a31f-73a9376a8bf9",
"nonce": "2B41GxUIXgiWBJDc",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid email",
"state": "WgaXpgxfjIrzIdIp"
}
0.236 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+email&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6f76d219-7a7a-4fa7-a31f-73a9376a8bf9&state=WgaXpgxfjIrzIdIp&response_type=code+id_token&nonce=2B41GxUIXgiWBJDc
0.236 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+email&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6f76d219-7a7a-4fa7-a31f-73a9376a8bf9&state=WgaXpgxfjIrzIdIp&response_type=code+id_token&nonce=2B41GxUIXgiWBJDc
2.534 http args {}
2.735 response URL with fragment
2.735 response code=NQ8oppEgPKwXkEMskHwEcrOXR63XqqF5q5rwrYK2kjA.bR3q1D56--Bzo3JX894lCVOa3FUt_eKAuZ17nf8OmcM&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmY3NmQyMTktN2E3YS00ZmE3LWEzMWYtNzNhOTM3NmE4YmY5Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiUVZQNmp3dnNMRGdLWUl3RkdKMlRXUSIsImV4cCI6MTUyOTc1NDk0MCwiaWF0IjoxNTI5NzUxMzQwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0NzcyNjFjMi04NTRhLTRhMjUtYTg4MC04YThmMmU3YWFhZDEiLCJub25jZSI6IjJCNDFHeFVJWGdpV0JKRGMiLCJyYXQiOjE1Mjk3NTEzMzgsInN1YiI6ImZvb0BiYXIuY29tIn0.iaHFG-SsQ-LQvK_iWetiU0Hn9M-_pJr9tn1lfMIW0YIGmafXVAtX-1biwXpbEwFVEGOmgRRzCCXAN5xuGcv0ssJCgk_I0L76tpuHCV_wfXkfj5MK8dS4tWADsjpTA6HKpD7Yc4W9huRu-3_fYiX9e-o8_CMkd6w1WhS-m_n3oDGz6NCb1apip9sv7MBPgrJjYYv9xSjQvrAXWKAhXQFRW2VvqQ0pe6hx-R0cGPC_25BIZNeSGyDy6IU8rZnwEgDQHwxpOwBQnefisHtlREyKaKa_N7F1HE9MAaaoGGljLgpdtb4B5eXv9uhMKAf6U5FTwhk6aTg0ySprr_52x12fBfzrqt_ttwdJD1OIB6gU35nJY23J95Z8ors3z0gmDfetOA1LZ-7RboM6AW_bYgF8q7SYECaYZzQ50LqhVsog12Gl3h7RAdwS34_0IXr7vGzPNy5JEBcGhMSQf3VDtIo1CKlWmcVaYmcrHRXIm88-Toy3M3EM-_v1mCYrdJ8FSJNTJMdNy9T030-Z-N0VcZDqOe9Pbr_LC0_Xr3TptNFM6ffWglaCRJuw-u-xl5twZ1EIRegl1krU-dYbeynTzAQSesSGqMz-5LfkntChyQ5A4ZOQHHAJ1zsRYUq7T5Ow4D9a-5U_EZm8O2iTwr7EQXn538YAbPZlkFeRDjB6hHbGLn0&state=WgaXpgxfjIrzIdIp
2.736 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmY3NmQyMTktN2E3YS00ZmE3LWEzMWYtNzNhOTM3NmE4YmY5Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiUVZQNmp3dnNMRGdLWUl3RkdKMlRXUSIsImV4cCI6MTUyOTc1NDk0MCwiaWF0IjoxNTI5NzUxMzQwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0NzcyNjFjMi04NTRhLTRhMjUtYTg4MC04YThmMmU3YWFhZDEiLCJub25jZSI6IjJCNDFHeFVJWGdpV0JKRGMiLCJyYXQiOjE1Mjk3NTEzMzgsInN1YiI6ImZvb0BiYXIuY29tIn0.iaHFG-SsQ-LQvK_iWetiU0Hn9M-_pJr9tn1lfMIW0YIGmafXVAtX-1biwXpbEwFVEGOmgRRzCCXAN5xuGcv0ssJCgk_I0L76tpuHCV_wfXkfj5MK8dS4tWADsjpTA6HKpD7Yc4W9huRu-3_fYiX9e-o8_CMkd6w1WhS-m_n3oDGz6NCb1apip9sv7MBPgrJjYYv9xSjQvrAXWKAhXQFRW2VvqQ0pe6hx-R0cGPC_25BIZNeSGyDy6IU8rZnwEgDQHwxpOwBQnefisHtlREyKaKa_N7F1HE9MAaaoGGljLgpdtb4B5eXv9uhMKAf6U5FTwhk6aTg0ySprr_52x12fBfzrqt_ttwdJD1OIB6gU35nJY23J95Z8ors3z0gmDfetOA1LZ-7RboM6AW_bYgF8q7SYECaYZzQ50LqhVsog12Gl3h7RAdwS34_0IXr7vGzPNy5JEBcGhMSQf3VDtIo1CKlWmcVaYmcrHRXIm88-Toy3M3EM-_v1mCYrdJ8FSJNTJMdNy9T030-Z-N0VcZDqOe9Pbr_LC0_Xr3TptNFM6ffWglaCRJuw-u-xl5twZ1EIRegl1krU-dYbeynTzAQSesSGqMz-5LfkntChyQ5A4ZOQHHAJ1zsRYUq7T5Ow4D9a-5U_EZm8O2iTwr7EQXn538YAbPZlkFeRDjB6hHbGLn0', 'state': 'WgaXpgxfjIrzIdIp', 'code': 'NQ8oppEgPKwXkEMskHwEcrOXR63XqqF5q5rwrYK2kjA.bR3q1D56--Bzo3JX894lCVOa3FUt_eKAuZ17nf8OmcM'}
2.817 AuthorizationResponse {
"code": "NQ8oppEgPKwXkEMskHwEcrOXR63XqqF5q5rwrYK2kjA.bR3q1D56--Bzo3JX894lCVOa3FUt_eKAuZ17nf8OmcM",
"id_token": {
"aud": [
"6f76d219-7a7a-4fa7-a31f-73a9376a8bf9"
],
"auth_time": 1529751224,
"c_hash": "QVP6jwvsLDgKYIwFGJ2TWQ",
"exp": 1529754940,
"iat": 1529751340,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "477261c2-854a-4a25-a880-8a8f2e7aaad1",
"nonce": "2B41GxUIXgiWBJDc",
"rat": 1529751338,
"sub": "foo@bar.com"
},
"state": "WgaXpgxfjIrzIdIp"
}
2.817 phase <--<-- 4 --- AccessToken -->-->
2.818 --> request op_args: {'state': 'WgaXpgxfjIrzIdIp'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.818 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'WgaXpgxfjIrzIdIp', 'code': 'NQ8oppEgPKwXkEMskHwEcrOXR63XqqF5q5rwrYK2kjA.bR3q1D56--Bzo3JX894lCVOa3FUt_eKAuZ17nf8OmcM', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '6f76d219-7a7a-4fa7-a31f-73a9376a8bf9'}, 'state': 'WgaXpgxfjIrzIdIp'}
2.818 AccessTokenRequest {
"code": "NQ8oppEgPKwXkEMskHwEcrOXR63XqqF5q5rwrYK2kjA.bR3q1D56--Bzo3JX894lCVOa3FUt_eKAuZ17nf8OmcM",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "WgaXpgxfjIrzIdIp"
}
2.818 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.818 request_http_args {'headers': {'Authorization': 'Basic NmY3NmQyMTktN2E3YS00ZmE3LWEzMWYtNzNhOTM3NmE4YmY5OjA2WDF5c3IlN0VMY2tS', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.818 request code=NQ8oppEgPKwXkEMskHwEcrOXR63XqqF5q5rwrYK2kjA.bR3q1D56--Bzo3JX894lCVOa3FUt_eKAuZ17nf8OmcM&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=WgaXpgxfjIrzIdIp
3.068 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.069 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmY3NmQyMTktN2E3YS00ZmE3LWEzMWYtNzNhOTM3NmE4YmY5Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiUVZQNmp3dnNMRGdLWUl3RkdKMlRXUSIsImV4cCI6MTUyOTc1NDk0MCwiaWF0IjoxNTI5NzUxMzQwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI2ZmZjYjVlMS1hNmQyLTQ1MGItYjcxZS1mODNlMGM4MzAwZGYiLCJub25jZSI6IjJCNDFHeFVJWGdpV0JKRGMiLCJyYXQiOjE1Mjk3NTEzMzgsInN1YiI6ImZvb0BiYXIuY29tIn0.ZRS_IM4JNQfN7FUTQWIS4KH--ujJgAkp3KEuOEQ9wnAVGUQ6x8tfExgCRIGmbh68Yp3o1343wEU1BOCViZWjwycOCVRbQ36SXLrwXYOm2m3MUAo_dWHM2nQvvbWy87zy0wWGWuBb6RcKB91jWzOKFDWoF29Am_j8cYIk2CEg4HBc4ktvX04bNXZ6oMlDxBDzXBCBjjahsyjHTl1g3lv8gvRXbs0RO0JnB3bTHzoVptW1Wkf44dwEKHODOPaB0gBhgW20FKUN6uT-N_VSIiPWSiZFbZqOl8CUxMBMLzeKxTwG1SmD1p7W7if9321t2FR3lgbYCinTrVGN0UHHAvLUTyc0wVTaUPM-UsHuU4uTh3rYlR9N4DW5oAVKhvAEYVG6sTIDitV8-v4Cgkc1lkbSxnqG2l2HxCTKM5-qBS-tsEwe-auETYCGNYbdTdbdSebLyIokhaXvjCi78qxaOfpOPK1LPv3tfondXSWN9m2up3iJcBRcr4-t33wu-9xTRvcDfheBgX6YCfEAxo1g6nHQizEspEV84e3l7p-MgMgmbQy0sH-Mi0vWQSZ9eZhh02fNEcdYF5QNAa36PMWUI12XIiTBqUaKebahseKLOnjOVaeQjVsLjXyUEEyHnqxVoYKLbKyfJV1NvZOLfwfOx9FDVcv-IC6c_sTPa2JDwFIl0TY', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'lCM8tMk_Y_6W7xXdZ7Gngk7FprNYIkMC1aDU6bnC8OM.FaSki0BnBWaoWt00Q4sinkWtdOL7PRYFk603uufDExg', 'scope': 'openid email'}
3.073 AccessTokenResponse {
"access_token": "lCM8tMk_Y_6W7xXdZ7Gngk7FprNYIkMC1aDU6bnC8OM.FaSki0BnBWaoWt00Q4sinkWtdOL7PRYFk603uufDExg",
"expires_in": 3599,
"id_token": {
"aud": [
"6f76d219-7a7a-4fa7-a31f-73a9376a8bf9"
],
"auth_time": 1529751224,
"c_hash": "QVP6jwvsLDgKYIwFGJ2TWQ",
"exp": 1529754940,
"iat": 1529751340,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "6ffcb5e1-a6d2-450b-b71e-f83e0c8300df",
"nonce": "2B41GxUIXgiWBJDc",
"rat": 1529751338,
"sub": "foo@bar.com"
},
"scope": "openid email",
"token_type": "bearer"
}
3.073 phase <--<-- 5 --- UserInfo -->-->
3.073 do_user_info_request kwargs:{'state': 'WgaXpgxfjIrzIdIp', 'method': 'GET', 'authn_method': 'bearer_header'}
3.073 request {'body': None}
3.073 request_url https://oidc-certification.ory.sh:8443/userinfo
3.073 request_http_args {'headers': {'Authorization': 'Bearer lCM8tMk_Y_6W7xXdZ7Gngk7FprNYIkMC1aDU6bnC8OM.FaSki0BnBWaoWt00Q4sinkWtdOL7PRYFk603uufDExg'}}
3.15 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
3.151 OpenIDSchema {
"sub": "foo@bar.com"
}
3.151 OpenIDSchema {
"sub": "foo@bar.com"
}
3.151 phase <--<-- 6 --- Done -->-->
3.151 end
3.151 assertion CheckHTTPResponse
3.151 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
3.152 assertion VerifyResponse
3.152 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.152 assertion VerifyScopes
3.152 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['email', 'email_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
3.152 condition Done: status=OK
============================================================
Conditions
Check support: status=WARNING, message=No support for: scopes_supported=['email']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['email', 'email_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
No support for: scopes_supported=['email']
The following claims were missing from the returned information: ['email', 'email_verified']
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-scope-phone.txt��������������������������������������������������������������������������������0000644�0000000�0000000�00000034071�13313423461�014453� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-phone
Test description: Scope requesting phone claims
Timestamp: 2018-06-23T10:55:45Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.082 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.083 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.083 phase <--<-- 2 --- Registration -->-->
0.083 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.084 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#ZZaCvnDBhzxp6cQz"
],
"response_types": [
"code id_token"
]
}
0.243 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.244 RegistrationResponse {
"client_id": "0df1a08b-de93-4eed-a17e-8904e1f4b3af",
"client_secret": "qaSmmK0soysv",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "0df1a08b-de93-4eed-a17e-8904e1f4b3af",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#ZZaCvnDBhzxp6cQz"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.244 phase <--<-- 3 --- AsyncAuthn -->-->
0.244 condition Check support: status=WARNING, message=No support for: scopes_supported=['phone']
0.244 AuthorizationRequest {
"client_id": "0df1a08b-de93-4eed-a17e-8904e1f4b3af",
"nonce": "2QrpfBWvy2O4biK6",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid phone",
"state": "s8E3ioQJsHni1nXJ"
}
0.245 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+phone&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=0df1a08b-de93-4eed-a17e-8904e1f4b3af&state=s8E3ioQJsHni1nXJ&response_type=code+id_token&nonce=2QrpfBWvy2O4biK6
0.245 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+phone&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=0df1a08b-de93-4eed-a17e-8904e1f4b3af&state=s8E3ioQJsHni1nXJ&response_type=code+id_token&nonce=2QrpfBWvy2O4biK6
2.331 http args {}
2.505 response URL with fragment
2.505 response code=qlGZTKSbHrnn9j9vGrSIGlqPWe_qK6SilwVFYA-wuME.j1KVFwWVlQkECfmv714RpiuTpAge05qG65JaEkfIYl4&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMGRmMWEwOGItZGU5My00ZWVkLWExN2UtODkwNGUxZjRiM2FmIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiM09pM09tV1I4YmlKZVBiVVAxVERTQSIsImV4cCI6MTUyOTc1NDk0NCwiaWF0IjoxNTI5NzUxMzQ0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI1ZGZkODE3Ny03NGYxLTQxN2ItODIwZC1mMDBjOGJmMTJjY2EiLCJub25jZSI6IjJRcnBmQld2eTJPNGJpSzYiLCJyYXQiOjE1Mjk3NTEzNDIsInN1YiI6ImZvb0BiYXIuY29tIn0.M6AkMl74SzI-A1yu9TX6uqdPc-kZb0hcNvXLx6bwWYJQ3SsTPafr_wDBmg73172tw6cSxrEu84hVK1vTUTWNKQQR4zYCyeclxQ_ZjfNgbAqYnQkjBEVAwzU4OtNxRI8mTV4t2IXPltjNxlsgfGj_i9JGgpltS-AeQo_2VeDOTWzSVLJ70VU5n_oJF1EmlQnu324X0LUJdl1UYilM8FdlsjYI9XJC28wTUlZh6CdzCzydn1aROGt-a23JveW5TqEUsWPYZwapZvYJRCwVlUZXtFgq1CKMtlovHxkETIRHhcfxL6YBPfZJbbaqRcUiJElUa21eMtqA-p_q4f42M8MnUh0JBKZ6LS5fcXRzunHQ9CyTvtLAbKSzaHNdi_7pgbLSmePcBwNemKuHsZdluiE5m0Bo1eLbVEUZED29m93ZNubjH-VbbsLTvp81cUeLMaM1iSH0IFCKtaJOqYh_sasqPTeKf7oPAew4f2wQc25d8wYPJ1B4XKp7aVpnv9hlYyzm5CERed2UI_HJvbzuLJnSkzyJgPXrQpbkLb0JV06d5JH_sFiRXNtRIbL1zvqRGnj1sIQ359h8bUNhBMauNy2OoLZ6EDtKNrV_9D2weLk1B6kp2pKePwW5mpcaPSdy2G3-2dxpCKfMjJj_-0eqx6HwtxHGsVtXvmu7nbDyVzbWD7k&state=s8E3ioQJsHni1nXJ
2.506 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMGRmMWEwOGItZGU5My00ZWVkLWExN2UtODkwNGUxZjRiM2FmIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiM09pM09tV1I4YmlKZVBiVVAxVERTQSIsImV4cCI6MTUyOTc1NDk0NCwiaWF0IjoxNTI5NzUxMzQ0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI1ZGZkODE3Ny03NGYxLTQxN2ItODIwZC1mMDBjOGJmMTJjY2EiLCJub25jZSI6IjJRcnBmQld2eTJPNGJpSzYiLCJyYXQiOjE1Mjk3NTEzNDIsInN1YiI6ImZvb0BiYXIuY29tIn0.M6AkMl74SzI-A1yu9TX6uqdPc-kZb0hcNvXLx6bwWYJQ3SsTPafr_wDBmg73172tw6cSxrEu84hVK1vTUTWNKQQR4zYCyeclxQ_ZjfNgbAqYnQkjBEVAwzU4OtNxRI8mTV4t2IXPltjNxlsgfGj_i9JGgpltS-AeQo_2VeDOTWzSVLJ70VU5n_oJF1EmlQnu324X0LUJdl1UYilM8FdlsjYI9XJC28wTUlZh6CdzCzydn1aROGt-a23JveW5TqEUsWPYZwapZvYJRCwVlUZXtFgq1CKMtlovHxkETIRHhcfxL6YBPfZJbbaqRcUiJElUa21eMtqA-p_q4f42M8MnUh0JBKZ6LS5fcXRzunHQ9CyTvtLAbKSzaHNdi_7pgbLSmePcBwNemKuHsZdluiE5m0Bo1eLbVEUZED29m93ZNubjH-VbbsLTvp81cUeLMaM1iSH0IFCKtaJOqYh_sasqPTeKf7oPAew4f2wQc25d8wYPJ1B4XKp7aVpnv9hlYyzm5CERed2UI_HJvbzuLJnSkzyJgPXrQpbkLb0JV06d5JH_sFiRXNtRIbL1zvqRGnj1sIQ359h8bUNhBMauNy2OoLZ6EDtKNrV_9D2weLk1B6kp2pKePwW5mpcaPSdy2G3-2dxpCKfMjJj_-0eqx6HwtxHGsVtXvmu7nbDyVzbWD7k', 'state': 's8E3ioQJsHni1nXJ', 'code': 'qlGZTKSbHrnn9j9vGrSIGlqPWe_qK6SilwVFYA-wuME.j1KVFwWVlQkECfmv714RpiuTpAge05qG65JaEkfIYl4'}
2.584 AuthorizationResponse {
"code": "qlGZTKSbHrnn9j9vGrSIGlqPWe_qK6SilwVFYA-wuME.j1KVFwWVlQkECfmv714RpiuTpAge05qG65JaEkfIYl4",
"id_token": {
"aud": [
"0df1a08b-de93-4eed-a17e-8904e1f4b3af"
],
"auth_time": 1529751224,
"c_hash": "3Oi3OmWR8biJePbUP1TDSA",
"exp": 1529754944,
"iat": 1529751344,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "5dfd8177-74f1-417b-820d-f00c8bf12cca",
"nonce": "2QrpfBWvy2O4biK6",
"rat": 1529751342,
"sub": "foo@bar.com"
},
"state": "s8E3ioQJsHni1nXJ"
}
2.584 phase <--<-- 4 --- AccessToken -->-->
2.584 --> request op_args: {'state': 's8E3ioQJsHni1nXJ'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.584 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 's8E3ioQJsHni1nXJ', 'code': 'qlGZTKSbHrnn9j9vGrSIGlqPWe_qK6SilwVFYA-wuME.j1KVFwWVlQkECfmv714RpiuTpAge05qG65JaEkfIYl4', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '0df1a08b-de93-4eed-a17e-8904e1f4b3af'}, 'state': 's8E3ioQJsHni1nXJ'}
2.584 AccessTokenRequest {
"code": "qlGZTKSbHrnn9j9vGrSIGlqPWe_qK6SilwVFYA-wuME.j1KVFwWVlQkECfmv714RpiuTpAge05qG65JaEkfIYl4",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "s8E3ioQJsHni1nXJ"
}
2.584 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.584 request_http_args {'headers': {'Authorization': 'Basic MGRmMWEwOGItZGU5My00ZWVkLWExN2UtODkwNGUxZjRiM2FmOnFhU21tSzBzb3lzdg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.584 request code=qlGZTKSbHrnn9j9vGrSIGlqPWe_qK6SilwVFYA-wuME.j1KVFwWVlQkECfmv714RpiuTpAge05qG65JaEkfIYl4&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=s8E3ioQJsHni1nXJ
2.802 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.803 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMGRmMWEwOGItZGU5My00ZWVkLWExN2UtODkwNGUxZjRiM2FmIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiM09pM09tV1I4YmlKZVBiVVAxVERTQSIsImV4cCI6MTUyOTc1NDk0NCwiaWF0IjoxNTI5NzUxMzQ0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIyMTA4MmFmYy1mZTkwLTQ0YmMtYjBmYi0zZjZmNzJhYzg1M2IiLCJub25jZSI6IjJRcnBmQld2eTJPNGJpSzYiLCJyYXQiOjE1Mjk3NTEzNDIsInN1YiI6ImZvb0BiYXIuY29tIn0.0-utS9aqe78vsDSBMuxWVljb5GIhCX0JW9KXNT44rDVOVcqc-pVKi--SJJIciCm6L9OfwA1-WMm2-XveDYiI0nb88U6cezMrDfOyV0HbGGrhp_r8RRvyOala_vgeLsN9LKI5Vq84tbMl6VpN9hlNu9osbRCmrKxAI2H4rIu0uFMR96mnkdIdtGLQ8wMzQeQ6En--9p7LJ9hSvHJDlTIrLimuZwDOm9024xT6pd_hC2VREvI5ldn6XkEmsCiLW3I_m3j8ww9OHmycrLqgclbog9FSSxVxWwUBUadRC0gX1jeSdOn0fGMiFf1jrUji2iXIuZ106Jy7-WnJUgGbyfuLPrK_ygdLuscsdAwlcO79KaaxyP-vhWoJUpSpJ9ydUaW31xwT2w8yYqIGElL5MLn35c4qYSrxES2Aj3414tmqn-84P3KjNT0z84wBVpb0ILbxkx5hgCVEDhCEtjndm_wPOIMSpO2Ig6iaBMl8apVrxigRDQ36376RKN_O4bteprmOpqNaPjjyHwSo8MGfWIMEHBdGkRzTuNGxusLoIfSjxndIiEoCXRXZXza2ZDonc_27g7QRfXTTlX725FzhjaLLivBEI7LuAzV5NmS3mlbH0WFOQrkjDHRS-mJpqBa8on4mijjGl-fxEl9J939rHulBxmVW4VhVPG-1d7wKkQB33x0', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'Kw5dglVy8XX-EBm9LkUbqfaPA-cBVTjaNeUcw6OuN3U.gTC3wTKlgvssesddwdtS10cXfjvrwp75CTmPZex8wC4', 'scope': 'openid phone'}
2.807 AccessTokenResponse {
"access_token": "Kw5dglVy8XX-EBm9LkUbqfaPA-cBVTjaNeUcw6OuN3U.gTC3wTKlgvssesddwdtS10cXfjvrwp75CTmPZex8wC4",
"expires_in": 3599,
"id_token": {
"aud": [
"0df1a08b-de93-4eed-a17e-8904e1f4b3af"
],
"auth_time": 1529751224,
"c_hash": "3Oi3OmWR8biJePbUP1TDSA",
"exp": 1529754944,
"iat": 1529751344,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "21082afc-fe90-44bc-b0fb-3f6f72ac853b",
"nonce": "2QrpfBWvy2O4biK6",
"rat": 1529751342,
"sub": "foo@bar.com"
},
"scope": "openid phone",
"token_type": "bearer"
}
2.807 phase <--<-- 5 --- UserInfo -->-->
2.807 do_user_info_request kwargs:{'state': 's8E3ioQJsHni1nXJ', 'method': 'GET', 'authn_method': 'bearer_header'}
2.807 request {'body': None}
2.807 request_url https://oidc-certification.ory.sh:8443/userinfo
2.807 request_http_args {'headers': {'Authorization': 'Bearer Kw5dglVy8XX-EBm9LkUbqfaPA-cBVTjaNeUcw6OuN3U.gTC3wTKlgvssesddwdtS10cXfjvrwp75CTmPZex8wC4'}}
2.879 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
2.88 OpenIDSchema {
"sub": "foo@bar.com"
}
2.88 OpenIDSchema {
"sub": "foo@bar.com"
}
2.88 phase <--<-- 6 --- Done -->-->
2.88 end
2.88 assertion CheckHTTPResponse
2.88 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
2.881 assertion VerifyResponse
2.881 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.881 assertion VerifyScopes
2.881 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['phone_number', 'phone_number_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
2.881 condition Done: status=OK
============================================================
Conditions
Check support: status=WARNING, message=No support for: scopes_supported=['phone']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['phone_number', 'phone_number_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
No support for: scopes_supported=['phone']
The following claims were missing from the returned information: ['phone_number', 'phone_number_verified']
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Discovery-jwks_uri.txt�������������������������������������������������������������������������0000644�0000000�0000000�00000016312�13313423101�016022� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Discovery-jwks_uri
Test description: Verify that jwks_uri is published
Timestamp: 2018-06-23T10:51:45Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.075 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.075 phase <--<-- 2 --- Done -->-->
0.075 end
0.075 assertion CheckHTTPResponse
0.075 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
0.076 assertion BareKeys
0.145 http response url:https://oidc-certification.ory.sh:8443/.well-known/jwks.json status_code:200
0.145 jwks {'keys': [{'use': 'sig', 'kty': 'RSA', 'e': 'AQAB', 'n': '16vFo3VXLypUERl1fqAWJEysIgKnJ15eEnc-5LOiFx7jK2L0zDKtj7q6ySr6rdwmgFjaV1vfG-VKmLHPMD_YuazQeb86blkDnUfNQvHfNID0g-U2G-xeLCqfdl54jzx5NAhMV6BVCUTOwsiUt3dgBaNWGJENo4gU0KGr0S2xEU38sJGUz3zROL6gOmUwqlSAk3YClnhyYYof0tj4j0dW7mXK7MaQ4CRAhq5rJq_VRrMCc4JiD7kAN104V5BmNU409uF4InE2Stugw8RSH4hXeBFp-dXtzQi6qmBLsnHd16_WEce76IxvthFnePqa3XMNg9G4-AJ36RVbH4IhMioQgvgHWGXR276pH1Vyga7V0dSakg8ohSD2vBD5OmlYquJ6krJ3uWUCez59YUeNEgOexn5XaBL0ZEnTQ-zNNHX39QZz9QaU2lftGhknRufg68bmshLWgXJexJS1ht1vFccFcmvpnYEnCTwKzo0kjlcY7IiBpWgJ1f4r1PTIKuh8CluNkitsbABcVx3-FOAhA4CMrQovAaNL_jfp6wKBA9Qy0W9LkESVsRQWFUSpQu_z4pJMOVfjbwJOsquxKwXphI2h1VczR-Hh8rTX7D2GL_4-GyG2nHfpF3jVq7raKnyGxJA8ZIK9kPh0JlQhR2FcBhFOWjvusFjoZ09Po6XtvWlP82E', 'alg': 'RS256', 'kid': 'public:0acf6c64-4d55-4888-abb9-b2a3f661ee7f'}, {'use': 'sig', 'kty': 'RSA', 'e': 'AQAB', 'n': '0vvbIEitFVzY4o12elAZbZvpja5xTm5AOh9wi2UEiPEL6aKxAUn1ywpUaLyWKuEXdeuykHyybniLaThik7Gf-6xKk6S9IK9tjbbwfRqHVkn_Xkyul0ohFI3iTcjvFq5FPGr5vEhSB6eckdngUpzb-7S_Kt8yunkdhYTmkuAr2AXSbQcmCbOJXOsvkc5LOwpjmFIWrtBAHwILJ5cHjzIHtkK2QKMJRlknD8b4kmQ3x6vfxA7mtXREUXdQFn7ssnOVPzriPQp4kIi_TMczSmRLlX1PeeOeDGpTnYywQbsAfdBGZ20WdZlwP3lRUUJoKv1GpBU51GKm2xhHtyrzOkiRKE8pH_PD05gh1G9qXbFtBOoHMBWEaCxoxyJcW8_9iLXBPoC-Jhm47VO5T9hPlaISzDY6EUmgYktejS_mx_bR7emBcbtFUccYSVVqT3EZqAFuQlsPsvj8AT9NmEiVncB2Cy4z7ofLX_Wai_VFPCf7AEfmDZ8mzFZQfVGct74Q9KybwXm8YDq0TSszQGuqT0gtvU9In7CPSOytrVDbdk8Peyeg-Wn_ACMRh5T23wUbQ0jy0Wi9kBwIzN-dUpKu3uL6EZ3PmPSZItQHeAxpQbRZJ1vrrd2y-b6EGun3G9rlnOZ3L4_L4-NOKLt4VGPie7sphlND1pc4ZipaXBjZ9uC3bS8', 'alg': 'RS256', 'kid': 'public:490968e8-c6e5-441e-b42e-5053d6c67af2'}, {'use': 'sig', 'kty': 'RSA', 'e': 'AQAB', 'n': '0WN9e_V2wEp33JZoN7zQ9J4E4Iz0l-dlx6GqIKdepcMjON3PKZHWFML1e0ZKAkuG2ZJRKoX1LaSNZT0NI9N6_wVAT9aNv53sHBJVC4Bww1zKHEvQseGwJbG0lZZHjDXaxCBPte9yQnquIRRp9Ab-uBeziRoaFQ02OV3LBMBSZ79AzFvZ4yTqpUS_xp-Ylfcmh5wXEppd6hoxs9h1tttPTPbnMLte3S_zxCZI4TQi8d1yBi39OvfZxtABQQbgqYPxiYehNdYbfmZ2CAmVlsTxByS3X-ANBe2nmLsOLgXTyVFZfvEZkzY7OgEwwq5zog5pScXJ-TGlj0guZd8nClHEV-GHvXonjb2hZB63dFEiUVMNh5cOblZX034GnlOkzYfAH8UZ_cvOqONHbvplzONuaYSSRMPRaZwj-0fpElhFNHwr1v1pqbE1i9XOxU_c-eSMr4XAm1VsWG3zJKymjoJmaDcW3AEawi3btL1N2tE3p27cHtcdFjcv5birnxMtPI9Vu806U0_WiGtH_kaWxz64Xk3A_yB-lIBQwXe61JME-K81wLLcHE9qoqpF5iUK4mDqMmI_DVIazUlVUzxY0-1iFkV790V95dBxeYFgXKX02g8NyxfnyzUDC12qUKKejJFbG5LPHaMUXWJIQ2ntwBX_XzeF4pGh0u0vYmfxAmfHWN0', 'alg': 'RS256', 'kid': 'public:a09f73cf-d685-4c5c-9312-60a13e57646f'}, {'use': 'sig', 'kty': 'RSA', 'e': 'AQAB', 'n': 's_BEnyG0xHYDibtz9a4tE1IW8490BQ_z526Lg2d0PWRtHfcqKmPG0pd0DizPuLY2j1NAY4cCXLwNWMJ3Cp1TqddaMl08hElvNbilcTyQr96RQg9MnrWeR1EqpdXEzTjcx06DFDokvzs89YQVZTDzSh_-xY_m_0VkcFQ0RpDTBn1B0dkMh78dbTJVVSGXYSBgMpcKrGlrgDaPIRX7qp_SdvjNtkPStG_wCPkzd_IJAaTAHGrlyj27dyhOC6EqQjpZRhQvT-w7GalbObncCFox3hRiC8wbI9Toi5p7vEuJJ6yksaqtIwgbtPXXUChNTqwQgIc1RE8RVuhI8ExaT6FfStIVLq9Tow6Hd9mopdX_ydEHHbnbvSC0cCRPg8_G8zTk0ihFpiHE1yEDXBQSs6pZIQ8KZF2RG35j75Jh4ngsDyPbC7PmjE93SG25AkX0WZwoB3g8f6q2r4dZqNtemRX1lMDo0FUQyYcOU5mnOiW3E5oNs3g-VH5ISOiaSUSLX6AIxDfdk6Wj5t7FZUo4EcIwTnE3PI-0HxnLJaErwbYEX0hO1BuhfF7zYHxDjc085U7OyN0abZWbuVUMtIMRgq-4ASlM9fTECg3sMmOfTEJV9nrJZaSCxKvVWma9A01bvBPB6Qn92Gj1XNZ0E1RBLUp1V3iXLcS7MGJh7bAAk5kwKCM', 'alg': 'RS256', 'kid': 'public:8e8dab73-c9fe-42ef-9a7b-1e217abba9a9'}, {'use': 'sig', 'kty': 'RSA', 'e': 'AQAB', 'n': '3cQ2ihjoElfFVnnkleo6ioUvZrkDfddEKOMCaemXP7umEhr8TC9_L3BKYbJqtE15jvkJiqT1vlHgTOKD5wWCFhFSmEa9PAWlt9Hw6BWddFEsiijR113yvj4eT0qfjseMYyiKst0kBxiTRmQdIzllY2Y2UU1IYIkaAP009nZSR7a5IrPYFydZ6SRARk9kZI90fmgRnzUuQKcv7C9HbkUqs7qiApfA17ACpnuKQP5p5lGL41t5ZnU1-5FvmmO6NnwtRZif34HL6WYuksi2RleLAKoHGh_l6P6ygP5v3ucHH0TmdLVBAHMmlLW4BKdVnWa2HEQCKIBiXJztu8EpYCVpZ_ThCaZLagcUM6VCD4nqvsXzQB7pnsBjq75tbo2jlqrGQJE9ekfGVyw7XDN45IkJFLgfVJ2anpyK4NeIAbkB7ZCYSXbR96_EC6h0uZSMHtPYVNIvbRCK6ysCdlDuDsWiQ01tP-lp90eWj1d7ZYlaYNws12OauBfgLyn0NZvjIz5EYXbOO_Hi0P5U6znS1Um-lU0nB1Gsj685Io-KLzN0shOqkfDP8Xcjfx_3EEg0aEPJWqCjiP9K6veNI896ZrIrH6Sd0V_o4TIzpSJimZlMZrTWS6dUm2j6q1WQOE2Z5JlDMC90yTGUC8MNt2AdMB0Z78Mf71rdSrpXpWLMh7rz_7k', 'alg': 'RS256', 'kid': 'public:6a09d4a3-a298-47bc-8bbd-50b64f653f2d'}]}
0.145 condition bare-keys: status=OK [Dynamic OPs MUST publish their public keys as bare JWK keys]
0.145 assertion CheckHasJwksURI
0.146 condition providerinfo-has-jwks_uri: status=OK [Check that the jwks_uri discovery metadata value is in the provider_info]
0.146 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
bare-keys: status=OK [Dynamic OPs MUST publish their public keys as bare JWK keys]
providerinfo-has-jwks_uri: status=OK [Check that the jwks_uri discovery metadata value is in the provider_info]
Done: status=OK
============================================================
RESULT: PASSED
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-request_uri-Sig.txt����������������������������������������������������������������������������0000644�0000000�0000000�00000023133�13313423425�015317� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-request_uri-Sig
Test description: Support request_uri request parameter with signed request
Timestamp: 2018-06-23T10:55:17Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.081 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.082 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.082 phase <--<-- 2 --- Registration -->-->
0.082 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients', 'request_object_signing_alg': 'RS256'}
0.083 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "RS256",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#nRHfRwX3q9MAcpLB"
],
"response_types": [
"code id_token"
]
}
0.239 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.24 RegistrationResponse {
"client_id": "1155fc8d-4348-4044-9e77-f8192eceb1ed",
"client_secret": "-sqx.8_Ew3~h",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "1155fc8d-4348-4044-9e77-f8192eceb1ed",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_object_signing_alg": "RS256",
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#nRHfRwX3q9MAcpLB"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.24 phase <--<-- 3 --- AsyncAuthn -->-->
0.244 AuthorizationRequest {
"client_id": "1155fc8d-4348-4044-9e77-f8192eceb1ed",
"nonce": "4nTrDRXJgY5lJuxN",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"request_uri": "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#nRHfRwX3q9MAcpLB",
"response_type": "code id_token",
"scope": "openid",
"state": "bcp3flDUeu1CIzUa"
}
0.244 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?request_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Frequests%2Fe3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9%23nRHfRwX3q9MAcpLB&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=1155fc8d-4348-4044-9e77-f8192eceb1ed&state=bcp3flDUeu1CIzUa&response_type=code+id_token&nonce=4nTrDRXJgY5lJuxN
0.244 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?request_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Frequests%2Fe3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9%23nRHfRwX3q9MAcpLB&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=1155fc8d-4348-4044-9e77-f8192eceb1ed&state=bcp3flDUeu1CIzUa&response_type=code+id_token&nonce=4nTrDRXJgY5lJuxN
2.658 http args {}
2.843 response URL with fragment
2.844 response code=vESnTEvB2RqnBy52joTACNu_OLB3JbyDwx5qYgvwwFo.jfFd-9HAOYPlrfRTIaeDSj2xXCG2uV4yudtZ7lDAC84&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTE1NWZjOGQtNDM0OC00MDQ0LTllNzctZjgxOTJlY2ViMWVkIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiVVhQUTNNSDV4ZkZHb1ZyZm5jYU5WdyIsImV4cCI6MTUyOTc1NDkxNiwiaWF0IjoxNTI5NzUxMzE2LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI1NDRkYWZjMy02OGI5LTQ4ODgtOTFlZS00YjhjNGU0MWFkMDQiLCJub25jZSI6IjRuVHJEUlhKZ1k1bEp1eE4iLCJyYXQiOjE1Mjk3NTEzMTQsInN1YiI6ImZvb0BiYXIuY29tIn0.p6WwJ-4MTEVnh7OAeiJKwE8sMQt1aAdJEDRLRg1JUxlBaw8rtSYGiXmrcUUTOTHqhKSK765bRIzU1sPgzrRsY7prxLmy7qlXLWiWb6neA5AmVV5NgI7qasptyZe8HkNWHkCgquiqNrr7K77bKY-1DOo5HoreoEhCMnmzf9x3yIhFT06bNGzXRtIjN2g_NKhbAazL33PPPfD4cl3yTAvyPf7COr4xWGrDFHhBzeOKHrvtVqtogxFjlnIf05ECkbtnA5GRXrCBWVyXXtPF0-eGNYNQMVX2V4G7-eYzqeSf6wGCVyiOsqJ7p6G1MhNlHtfx5DNsyS64rrI6oQwLV8JwQw612RwU6UwV6sQYEqFX0hSqsUx4wm-NY3wmAKd64SCnPRbnyPT0GAtISgYJiyfpybcBEkrHrpd1W6aUHpV9y4LuGEyWMRWktMuXsCfUk93fM7JbMu9V5kLlNdDdhrB2vJFjlWepMNOppnNwwuWte50CFY6-CbXV1xYLGEDhGEYWzp_kCb-yn85KxhNlToYpxsPWYsm1Vs4ZhwVoMw1NMv0ejGyOoYhMrNCqqJSnsv0iQHLBeGv7TYxBxwR7JcAfAFTO0oKWeifcIR24yZZ-KZe6UorRFrGvRq6zHrKdUMz-Ea0pukwsVhBJwoDvFWnxmpKllvWDlV9KjmVYr91My-M&state=bcp3flDUeu1CIzUa
2.844 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTE1NWZjOGQtNDM0OC00MDQ0LTllNzctZjgxOTJlY2ViMWVkIl0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiVVhQUTNNSDV4ZkZHb1ZyZm5jYU5WdyIsImV4cCI6MTUyOTc1NDkxNiwiaWF0IjoxNTI5NzUxMzE2LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI1NDRkYWZjMy02OGI5LTQ4ODgtOTFlZS00YjhjNGU0MWFkMDQiLCJub25jZSI6IjRuVHJEUlhKZ1k1bEp1eE4iLCJyYXQiOjE1Mjk3NTEzMTQsInN1YiI6ImZvb0BiYXIuY29tIn0.p6WwJ-4MTEVnh7OAeiJKwE8sMQt1aAdJEDRLRg1JUxlBaw8rtSYGiXmrcUUTOTHqhKSK765bRIzU1sPgzrRsY7prxLmy7qlXLWiWb6neA5AmVV5NgI7qasptyZe8HkNWHkCgquiqNrr7K77bKY-1DOo5HoreoEhCMnmzf9x3yIhFT06bNGzXRtIjN2g_NKhbAazL33PPPfD4cl3yTAvyPf7COr4xWGrDFHhBzeOKHrvtVqtogxFjlnIf05ECkbtnA5GRXrCBWVyXXtPF0-eGNYNQMVX2V4G7-eYzqeSf6wGCVyiOsqJ7p6G1MhNlHtfx5DNsyS64rrI6oQwLV8JwQw612RwU6UwV6sQYEqFX0hSqsUx4wm-NY3wmAKd64SCnPRbnyPT0GAtISgYJiyfpybcBEkrHrpd1W6aUHpV9y4LuGEyWMRWktMuXsCfUk93fM7JbMu9V5kLlNdDdhrB2vJFjlWepMNOppnNwwuWte50CFY6-CbXV1xYLGEDhGEYWzp_kCb-yn85KxhNlToYpxsPWYsm1Vs4ZhwVoMw1NMv0ejGyOoYhMrNCqqJSnsv0iQHLBeGv7TYxBxwR7JcAfAFTO0oKWeifcIR24yZZ-KZe6UorRFrGvRq6zHrKdUMz-Ea0pukwsVhBJwoDvFWnxmpKllvWDlV9KjmVYr91My-M', 'state': 'bcp3flDUeu1CIzUa', 'code': 'vESnTEvB2RqnBy52joTACNu_OLB3JbyDwx5qYgvwwFo.jfFd-9HAOYPlrfRTIaeDSj2xXCG2uV4yudtZ7lDAC84'}
2.921 AuthorizationResponse {
"code": "vESnTEvB2RqnBy52joTACNu_OLB3JbyDwx5qYgvwwFo.jfFd-9HAOYPlrfRTIaeDSj2xXCG2uV4yudtZ7lDAC84",
"id_token": {
"aud": [
"1155fc8d-4348-4044-9e77-f8192eceb1ed"
],
"auth_time": 1529751224,
"c_hash": "UXPQ3MH5xfFGoVrfncaNVw",
"exp": 1529754916,
"iat": 1529751316,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "544dafc3-68b9-4888-91ee-4b8c4e41ad04",
"nonce": "4nTrDRXJgY5lJuxN",
"rat": 1529751314,
"sub": "foo@bar.com"
},
"state": "bcp3flDUeu1CIzUa"
}
2.921 phase <--<-- 4 --- Done -->-->
2.921 end
2.922 assertion VerifyAuthnOrErrorResponse
2.922 condition authn-response-or-error: status=OK [Checks that the last response was a JSON encoded authentication or error message]
2.922 condition Done: status=OK
============================================================
Conditions
authn-response-or-error: status=OK [Checks that the last response was a JSON encoded authentication or error message]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-OAuth-2nd-30s.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000036507�13313423671�014350� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd-30s
Test description: Trying to use authorization code twice with 30 seconds in between uses must result in an error
Timestamp: 2018-06-23T10:58:01Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.612 phase <--<-- 1 --- Webfinger -->-->
1.612 not expected to do WebFinger
1.612 phase <--<-- 2 --- Discovery -->-->
1.612 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.686 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.687 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.687 phase <--<-- 3 --- Registration -->-->
1.687 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.688 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#WiniNJcSizOs2U5E"
],
"response_types": [
"code id_token"
]
}
1.842 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.843 RegistrationResponse {
"client_id": "adf05591-2b56-4a8a-8976-3fc1be0ecb21",
"client_secret": "CLE.9RwqRr_c",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "adf05591-2b56-4a8a-8976-3fc1be0ecb21",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#WiniNJcSizOs2U5E"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.843 phase <--<-- 4 --- AsyncAuthn -->-->
1.844 AuthorizationRequest {
"client_id": "adf05591-2b56-4a8a-8976-3fc1be0ecb21",
"nonce": "sy1RktaY5R0gMiI0",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "jPDgZXb8TbQXiSq2"
}
1.844 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=adf05591-2b56-4a8a-8976-3fc1be0ecb21&state=jPDgZXb8TbQXiSq2&response_type=code+id_token&nonce=sy1RktaY5R0gMiI0
1.844 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=adf05591-2b56-4a8a-8976-3fc1be0ecb21&state=jPDgZXb8TbQXiSq2&response_type=code+id_token&nonce=sy1RktaY5R0gMiI0
5.114 http args {}
5.281 response URL with fragment
5.282 response code=w03NmGVbjm0FjgcfJm4187EME21tpTSMMIC2OOZW_Pk.-i1OlNCMgHs5joAJxnjiln8CdnBg42ZljPag0hboEQs&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYWRmMDU1OTEtMmI1Ni00YThhLTg5NzYtM2ZjMWJlMGVjYjIxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiQWN0Q2E3Ui15SGNXTFA3TXI4bUtmQSIsImV4cCI6MTUyOTc1NTA1MCwiaWF0IjoxNTI5NzUxNDUwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIzYzAzNWVmMi04MmFjLTQ5N2EtYWE5NS0xZWY0NjVlMDU2MTciLCJub25jZSI6InN5MVJrdGFZNVIwZ01pSTAiLCJyYXQiOjE1Mjk3NTE0NDcsInN1YiI6ImZvb0BiYXIuY29tIn0.FHiQFXkWDyGLQWpkHbUitSYQVFikvyxA6YgHC7s6P-Wapn58IjuiCgeP1u4M4-it3u5ax6j0__w0UTEB_TeOmn2UUREPP0n-bVtr4RyoOmFoAlYxIbloFXvFaSoAJ_bJzLFTDfTcwP4ap2Ovwe5Py-Xp-QZLz3dR1PZyD77lXZXU1i46JB36simthctlNhrUmGLUeQOl3fbtDPFLhS1Y6tKSquhkxCJ4lqRgDQTHWQMBrFrFoJ01k6j2sBWMhYHI5A7OOsXe8HEftCxJtq5RqCXAl85GdUkRsEDhFax7o79taepnWbtjqNw3pAv92VFHsH8NfgnakgZz71dwCD2S_F9fSekzi4ska5Qp8EbCQMU69zDpi3kGLygekyGORSRm5i5huLw3IttVBz2aJT87Lj-uhHHxRtY8xXBDXzClv9Ee3Jv57LT11QnazZG19BUj2z-AetvdfFbc_shzkk_diJZnNFDWbYTmXapwd4t1WF-dXRb-5vFarFPclKweRBDEMvMuWn0K0IK5yMSUjBEsJBzTTGPWQyccddF9HqZoCqpa8_tZhjniCEq_cCHAc_5jmKR44-xhOiMZUoajGGfmZj1LXvbV0kKzFPR5SdvAsxOiYQPu044t6WBItE0eFS6PSwOU64fJuxhX6Ujd6nmO2Ur9Doq_ITR1mcNRzfEe_9E&state=jPDgZXb8TbQXiSq2
5.282 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYWRmMDU1OTEtMmI1Ni00YThhLTg5NzYtM2ZjMWJlMGVjYjIxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiQWN0Q2E3Ui15SGNXTFA3TXI4bUtmQSIsImV4cCI6MTUyOTc1NTA1MCwiaWF0IjoxNTI5NzUxNDUwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIzYzAzNWVmMi04MmFjLTQ5N2EtYWE5NS0xZWY0NjVlMDU2MTciLCJub25jZSI6InN5MVJrdGFZNVIwZ01pSTAiLCJyYXQiOjE1Mjk3NTE0NDcsInN1YiI6ImZvb0BiYXIuY29tIn0.FHiQFXkWDyGLQWpkHbUitSYQVFikvyxA6YgHC7s6P-Wapn58IjuiCgeP1u4M4-it3u5ax6j0__w0UTEB_TeOmn2UUREPP0n-bVtr4RyoOmFoAlYxIbloFXvFaSoAJ_bJzLFTDfTcwP4ap2Ovwe5Py-Xp-QZLz3dR1PZyD77lXZXU1i46JB36simthctlNhrUmGLUeQOl3fbtDPFLhS1Y6tKSquhkxCJ4lqRgDQTHWQMBrFrFoJ01k6j2sBWMhYHI5A7OOsXe8HEftCxJtq5RqCXAl85GdUkRsEDhFax7o79taepnWbtjqNw3pAv92VFHsH8NfgnakgZz71dwCD2S_F9fSekzi4ska5Qp8EbCQMU69zDpi3kGLygekyGORSRm5i5huLw3IttVBz2aJT87Lj-uhHHxRtY8xXBDXzClv9Ee3Jv57LT11QnazZG19BUj2z-AetvdfFbc_shzkk_diJZnNFDWbYTmXapwd4t1WF-dXRb-5vFarFPclKweRBDEMvMuWn0K0IK5yMSUjBEsJBzTTGPWQyccddF9HqZoCqpa8_tZhjniCEq_cCHAc_5jmKR44-xhOiMZUoajGGfmZj1LXvbV0kKzFPR5SdvAsxOiYQPu044t6WBItE0eFS6PSwOU64fJuxhX6Ujd6nmO2Ur9Doq_ITR1mcNRzfEe_9E', 'state': 'jPDgZXb8TbQXiSq2', 'code': 'w03NmGVbjm0FjgcfJm4187EME21tpTSMMIC2OOZW_Pk.-i1OlNCMgHs5joAJxnjiln8CdnBg42ZljPag0hboEQs'}
5.407 AuthorizationResponse {
"code": "w03NmGVbjm0FjgcfJm4187EME21tpTSMMIC2OOZW_Pk.-i1OlNCMgHs5joAJxnjiln8CdnBg42ZljPag0hboEQs",
"id_token": {
"aud": [
"adf05591-2b56-4a8a-8976-3fc1be0ecb21"
],
"auth_time": 1529751409,
"c_hash": "ActCa7R-yHcWLP7Mr8mKfA",
"exp": 1529755050,
"iat": 1529751450,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "3c035ef2-82ac-497a-aa95-1ef465e05617",
"nonce": "sy1RktaY5R0gMiI0",
"rat": 1529751447,
"sub": "foo@bar.com"
},
"state": "jPDgZXb8TbQXiSq2"
}
5.408 phase <--<-- 5 --- AccessToken -->-->
5.408 --> request op_args: {'state': 'jPDgZXb8TbQXiSq2'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
5.408 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'jPDgZXb8TbQXiSq2', 'code': 'w03NmGVbjm0FjgcfJm4187EME21tpTSMMIC2OOZW_Pk.-i1OlNCMgHs5joAJxnjiln8CdnBg42ZljPag0hboEQs', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'adf05591-2b56-4a8a-8976-3fc1be0ecb21'}, 'state': 'jPDgZXb8TbQXiSq2'}
5.408 AccessTokenRequest {
"code": "w03NmGVbjm0FjgcfJm4187EME21tpTSMMIC2OOZW_Pk.-i1OlNCMgHs5joAJxnjiln8CdnBg42ZljPag0hboEQs",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "jPDgZXb8TbQXiSq2"
}
5.408 request_url https://oidc-certification.ory.sh:8443/oauth2/token
5.408 request_http_args {'headers': {'Authorization': 'Basic YWRmMDU1OTEtMmI1Ni00YThhLTg5NzYtM2ZjMWJlMGVjYjIxOkNMRS45UndxUnJfYw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
5.408 request code=w03NmGVbjm0FjgcfJm4187EME21tpTSMMIC2OOZW_Pk.-i1OlNCMgHs5joAJxnjiln8CdnBg42ZljPag0hboEQs&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=jPDgZXb8TbQXiSq2
5.627 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
5.628 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYWRmMDU1OTEtMmI1Ni00YThhLTg5NzYtM2ZjMWJlMGVjYjIxIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiQWN0Q2E3Ui15SGNXTFA3TXI4bUtmQSIsImV4cCI6MTUyOTc1NTA1MCwiaWF0IjoxNTI5NzUxNDUxLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI3YzAxMjQ5Zi1iZDU3LTQ4NGEtOTQ5My1mYzgxZWJlZGNiYTYiLCJub25jZSI6InN5MVJrdGFZNVIwZ01pSTAiLCJyYXQiOjE1Mjk3NTE0NDcsInN1YiI6ImZvb0BiYXIuY29tIn0.kFLyzPL6WtWU_APV8Soqt-kmuAK7_aeBfYIA_vtcrtK3HBayYX1aRSgR--rqHaXxBWWgyIXzBp8iz7bhUC3Uqen3yYKk5UKCiH4xNmnI5Y-SmxEwWDEbaMm4yT1K67T-WFagHPw9lQib9YWzOtzy2w2GZKVXqmLbNWN4Udpo_Lsk2rgn9ZqFvNJDL9XplKD2-tVZKRNU7YawTWEDs5vCH51tC2BEiP79msapuD0-SgmTsSzLF1uMHgaT0Afi2vG7ANFhBlwWFSDMT8DsC-tJk1k6M0d_QOLT5O3BKGsHuDuJcWb7DmgDNihLBsJv2MsyyP6QUVEH_hreyrinGrIwA1BLImFK4uULzsuqhHN3I39yi5huYjIbjaxwqi4uzwlz7RVt0o2L9V1UjGNLBIudS82mu7HPRBbxU0E5yvQ0ir0ForlYYr7XOphqzaqTo9zDEkdH-80qRYWoJtGzacRXvGEw1kwSk5XZPlC36UK_UHhjw5YW8PjglQtRZU7jawsdjX0C9WhzEHdW0A9zFlQXPl9kPiN5BDd7d0mquTElvjdhlkOqYCRUZBR_5m5kcBswxDKOUDOhvwbWS9XS3lc9ivU3SRRKiW3ursGlmsDTHFGwTSGfGDT-pMlhLmT0MwJaj8dfdPD7iDCJiwNlS3GzY25EOdTburwv2VffROs-71Y', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': '6ktl-BPY_8OEA_Wt3weiczgOEzQaXWVsJfN8V8pBLbg.rXw1l6WXJvoZyUmcSSpAnEL5xkmrOLg72_DZb7GJzw0', 'scope': 'openid'}
5.631 AccessTokenResponse {
"access_token": "6ktl-BPY_8OEA_Wt3weiczgOEzQaXWVsJfN8V8pBLbg.rXw1l6WXJvoZyUmcSSpAnEL5xkmrOLg72_DZb7GJzw0",
"expires_in": 3599,
"id_token": {
"aud": [
"adf05591-2b56-4a8a-8976-3fc1be0ecb21"
],
"auth_time": 1529751409,
"c_hash": "ActCa7R-yHcWLP7Mr8mKfA",
"exp": 1529755050,
"iat": 1529751451,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "7c01249f-bd57-484a-9493-fc81ebedcba6",
"nonce": "sy1RktaY5R0gMiI0",
"rat": 1529751447,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
5.631 phase <--<-- 6 --- TimeDelay -->-->
35.632 phase <--<-- 7 --- AccessToken -->-->
35.632 --> request op_args: {'state': 'jPDgZXb8TbQXiSq2'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
35.632 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'jPDgZXb8TbQXiSq2', 'code': 'w03NmGVbjm0FjgcfJm4187EME21tpTSMMIC2OOZW_Pk.-i1OlNCMgHs5joAJxnjiln8CdnBg42ZljPag0hboEQs', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'adf05591-2b56-4a8a-8976-3fc1be0ecb21'}, 'state': 'jPDgZXb8TbQXiSq2'}
35.632 AccessTokenRequest {
"code": "w03NmGVbjm0FjgcfJm4187EME21tpTSMMIC2OOZW_Pk.-i1OlNCMgHs5joAJxnjiln8CdnBg42ZljPag0hboEQs",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "jPDgZXb8TbQXiSq2"
}
35.632 request_url https://oidc-certification.ory.sh:8443/oauth2/token
35.632 request_http_args {'headers': {'Authorization': 'Basic YWRmMDU1OTEtMmI1Ni00YThhLTg5NzYtM2ZjMWJlMGVjYjIxOkNMRS45UndxUnJfYw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
35.632 request code=w03NmGVbjm0FjgcfJm4187EME21tpTSMMIC2OOZW_Pk.-i1OlNCMgHs5joAJxnjiln8CdnBg42ZljPag0hboEQs&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=jPDgZXb8TbQXiSq2
35.826 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
35.827 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
35.827 event Got expected error
35.827 TokenErrorResponse {
"error": "invalid_grant",
"error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code": 400
}
35.827 phase <--<-- 8 --- Done -->-->
35.827 end
35.828 assertion VerifyResponse
35.828 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
35.828 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-policy_uri.txt��������������������������������������������������������������������0000644�0000000�0000000�00000022361�13313423131�017052� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-policy_uri
Test description: Registration with policy_uri
Timestamp: 2018-06-23T10:52:09Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
0.973 phase <--<-- 1 --- Webfinger -->-->
0.973 not expected to do WebFinger
0.973 phase <--<-- 2 --- Discovery -->-->
0.973 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.045 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.046 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.046 phase <--<-- 3 --- Registration -->-->
1.046 register kwargs:{'application_name': 'OIC test tool', 'policy_uri': 'https://op.certification.openid.net:61353/static/policy.html', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.046 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"policy_uri": "https://op.certification.openid.net:61353/static/policy.html",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#cQrGkepzGoGYcnGE"
],
"response_types": [
"code id_token"
]
}
1.203 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.204 RegistrationResponse {
"client_id": "6d71b7a0-3c08-419a-942a-78e51cdecfa7",
"client_secret": "u-ab2~MAcEcH",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "6d71b7a0-3c08-419a-942a-78e51cdecfa7",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"policy_uri": "https://op.certification.openid.net:61353/static/policy.html",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#cQrGkepzGoGYcnGE"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.204 phase <--<-- 4 --- AsyncAuthn -->-->
1.204 AuthorizationRequest {
"client_id": "6d71b7a0-3c08-419a-942a-78e51cdecfa7",
"nonce": "iD1IXQU1BJgcRM44",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "shfxg976csqrYGvq"
}
1.204 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6d71b7a0-3c08-419a-942a-78e51cdecfa7&state=shfxg976csqrYGvq&response_type=code+id_token&nonce=iD1IXQU1BJgcRM44
1.204 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6d71b7a0-3c08-419a-942a-78e51cdecfa7&state=shfxg976csqrYGvq&response_type=code+id_token&nonce=iD1IXQU1BJgcRM44
3.48 http args {}
3.697 response URL with fragment
3.697 response code=JRDNBAFsJUiwlkKo40dyhH8m7bDM5riLH40YpMHlXAU.KVrdJkHVSkYPgQdNXi-7SYI6DLvlez-BU3ABrnlfU9U&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmQ3MWI3YTAtM2MwOC00MTlhLTk0MmEtNzhlNTFjZGVjZmE3Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiQTZhVkJPWmhiT3drOGlXUnprZks5USIsImV4cCI6MTUyOTc1NDcyOSwiaWF0IjoxNTI5NzUxMTI5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0NmI4OGU3Mi1kNjJlLTQ3ZGMtYjYzYi02YmJmZjQ3YmQwZjAiLCJub25jZSI6ImlEMUlYUVUxQkpnY1JNNDQiLCJyYXQiOjE1Mjk3NTExMjcsInN1YiI6ImZvb0BiYXIuY29tIn0.K8dSdF7ru5Ivcet6NeqZOOoMLRqxaaq08iYfpkbk0n6Vr1mcpI3BfTx0hwHS56g9jKc63qlTkZ0o3dn30oV0eaKMfLoioYGj8hhQX09osx-E45TQMGnecHJOH_psYjTwBewpOiwKyWIQZ0TE4qJfPE3qIzBO8aQKayI0PJC_7jNCDvLF32lL82kuKKyaDNer_UU_hhOMf8Yh_IAvB4qa1iBUYSCm7FqhZ8KRDu1Cw4QChveXCC_dm4ex6Df--xiAmxeRz6WekwTSFGLCOUiy6dDg7k4ih_MvHyHWGDXe5SegPWuztR2IpSgj7b2eo2duTbXZR3x383mk07_fU5FwDNM_ZfHCI4aQcASUbbIwIX7tdG6SQzCPPZs7Mff4kbZOHZct_bI6HHstDM9z_V5_6R042HjMUZF50O7feWf5lgdkQyvTj9AkrYhdgpDvbryH0R8vMZ65LrPRELCSJ3feQsXtb6gLXBVVw4EpS2LMbBVXQ_7i8K4rBK_E-zDpfCiI9AyWy8y6BdQWxP4zkrn1OGzGzIOF26pxzlFE-TQXhsoJ_MAiUCXVvkOU0PFWWjxmraa_4fyVuh1x_x82k81wAbDZ7Kd8W4WcMyauQEXmJhv0whLYAx6WhX_tql4R_kPQ1vyMIcPvOpI2MbHpahLsOx-omElvvgDl8xciuY0fbyU&state=shfxg976csqrYGvq
3.698 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmQ3MWI3YTAtM2MwOC00MTlhLTk0MmEtNzhlNTFjZGVjZmE3Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiQTZhVkJPWmhiT3drOGlXUnprZks5USIsImV4cCI6MTUyOTc1NDcyOSwiaWF0IjoxNTI5NzUxMTI5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0NmI4OGU3Mi1kNjJlLTQ3ZGMtYjYzYi02YmJmZjQ3YmQwZjAiLCJub25jZSI6ImlEMUlYUVUxQkpnY1JNNDQiLCJyYXQiOjE1Mjk3NTExMjcsInN1YiI6ImZvb0BiYXIuY29tIn0.K8dSdF7ru5Ivcet6NeqZOOoMLRqxaaq08iYfpkbk0n6Vr1mcpI3BfTx0hwHS56g9jKc63qlTkZ0o3dn30oV0eaKMfLoioYGj8hhQX09osx-E45TQMGnecHJOH_psYjTwBewpOiwKyWIQZ0TE4qJfPE3qIzBO8aQKayI0PJC_7jNCDvLF32lL82kuKKyaDNer_UU_hhOMf8Yh_IAvB4qa1iBUYSCm7FqhZ8KRDu1Cw4QChveXCC_dm4ex6Df--xiAmxeRz6WekwTSFGLCOUiy6dDg7k4ih_MvHyHWGDXe5SegPWuztR2IpSgj7b2eo2duTbXZR3x383mk07_fU5FwDNM_ZfHCI4aQcASUbbIwIX7tdG6SQzCPPZs7Mff4kbZOHZct_bI6HHstDM9z_V5_6R042HjMUZF50O7feWf5lgdkQyvTj9AkrYhdgpDvbryH0R8vMZ65LrPRELCSJ3feQsXtb6gLXBVVw4EpS2LMbBVXQ_7i8K4rBK_E-zDpfCiI9AyWy8y6BdQWxP4zkrn1OGzGzIOF26pxzlFE-TQXhsoJ_MAiUCXVvkOU0PFWWjxmraa_4fyVuh1x_x82k81wAbDZ7Kd8W4WcMyauQEXmJhv0whLYAx6WhX_tql4R_kPQ1vyMIcPvOpI2MbHpahLsOx-omElvvgDl8xciuY0fbyU', 'state': 'shfxg976csqrYGvq', 'code': 'JRDNBAFsJUiwlkKo40dyhH8m7bDM5riLH40YpMHlXAU.KVrdJkHVSkYPgQdNXi-7SYI6DLvlez-BU3ABrnlfU9U'}
3.777 AuthorizationResponse {
"code": "JRDNBAFsJUiwlkKo40dyhH8m7bDM5riLH40YpMHlXAU.KVrdJkHVSkYPgQdNXi-7SYI6DLvlez-BU3ABrnlfU9U",
"id_token": {
"aud": [
"6d71b7a0-3c08-419a-942a-78e51cdecfa7"
],
"auth_time": 1529750975,
"c_hash": "A6aVBOZhbOwk8iWRzkfK9Q",
"exp": 1529754729,
"iat": 1529751129,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "46b88e72-d62e-47dc-b63b-6bbff47bd0f0",
"nonce": "iD1IXQU1BJgcRM44",
"rat": 1529751127,
"sub": "foo@bar.com"
},
"state": "shfxg976csqrYGvq"
}
3.777 phase <--<-- 5 --- Done -->-->
3.777 end
3.777 assertion VerifyAuthnResponse
3.778 condition verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
3.778 condition Done: status=OK
============================================================
Conditions
verify-authn-response: status=OK [Checks that the last response was a JSON encoded authentication message]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-claims-essential.txt���������������������������������������������������������������������������0000644�0000000�0000000�00000033253�13313423217�015470� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-claims-essential
Test description: Claims request with essential name claim
Timestamp: 2018-06-23T10:53:03Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.071 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.073 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.073 phase <--<-- 2 --- Registration -->-->
0.073 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.073 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#p1FlzphpgFkJTQ9L"
],
"response_types": [
"code id_token"
]
}
0.234 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.235 RegistrationResponse {
"client_id": "6b484614-5af7-49c6-ae42-a76478fbb424",
"client_secret": "rtu0jUVDvre~",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "6b484614-5af7-49c6-ae42-a76478fbb424",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#p1FlzphpgFkJTQ9L"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.235 phase <--<-- 3 --- AsyncAuthn -->-->
0.235 AuthorizationRequest {
"claims": {
"userinfo": {
"name": {
"essential": true
}
}
},
"client_id": "6b484614-5af7-49c6-ae42-a76478fbb424",
"nonce": "hGQrxOFXkpRg5qBW",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "aSft07CSxD12s7FU"
}
0.236 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6b484614-5af7-49c6-ae42-a76478fbb424&claims=%7B%22userinfo%22%3A+%7B%22name%22%3A+%7B%22essential%22%3A+true%7D%7D%7D&state=aSft07CSxD12s7FU&response_type=code+id_token&nonce=hGQrxOFXkpRg5qBW
0.236 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6b484614-5af7-49c6-ae42-a76478fbb424&claims=%7B%22userinfo%22%3A+%7B%22name%22%3A+%7B%22essential%22%3A+true%7D%7D%7D&state=aSft07CSxD12s7FU&response_type=code+id_token&nonce=hGQrxOFXkpRg5qBW
2.849 http args {}
3.054 response URL with fragment
3.054 response code=AeenAWqYKEvY7aoVbji4SZub_GBBiYQmZaNHkD0f93M.VBUUXzdY2ZY9IcivvERFcZHG-rGjJHEc4rzreg94h3Y&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmI0ODQ2MTQtNWFmNy00OWM2LWFlNDItYTc2NDc4ZmJiNDI0Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiMXVhV3RUcWNiUnVOTlVlaWVyUjdrUSIsImV4cCI6MTUyOTc1NDc4MiwiaWF0IjoxNTI5NzUxMTgyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhOWNlOTNkMi1mZWNhLTQxYjQtOTVlMS1jN2Q4ODkyZjk0YjQiLCJub25jZSI6ImhHUXJ4T0ZYa3BSZzVxQlciLCJyYXQiOjE1Mjk3NTExODAsInN1YiI6ImZvb0BiYXIuY29tIn0.Jm8LXjo7CWFylxo-Os7yKMThZuNPRpV0NEmDfk5bXuq3O7LFEEZgtoIPgprp0SlCynyqEMBXi1oNW5FhGcdBIaacpFGIMp7oEv8uXSA_yxMHZirBt4w8F534AddRYhxtHtDd-84V5jYnp03X5RMVOEJlieHTajLaJwBHCFOs1uRwifEnAxTMxSvmHQ8OOPApaWlAq4dh1RYk3j7zcU1UbR9rjmRik1I3trcjhYGRqTifvCeabbsOivmBHi8ZRYqFaPyKC0wt0Vljg-DBLwbya_4RQdQtvCimJzNCPSN7hxZe5g1F4FkmKKgw1baM4hcfPkElA-zWvfEM7ZY7R59TH4rDB-jXv5F9FB54v-_pTt86Szo6FdOpkqoaD6iJjYyD1tgIquMVT2r9sqv6ZvfSGxAf2AYvmBKATzShwcVXS_d1tsfDPzOPhZyWFJjqYM0864Q4zEw6CJPP8g-5-xXZNjzg2urCgcb6K230le8-LHRPENL_w0RQvBqodJ2IPhdpJkVTa6EVyY0EHuTnzxWdiJjyyVAbwcmUDLjvhBfGRUyMAKoBbx_5nO2NTwqVAeWknjrCKDy6rE2MGI-4zr42a9Iprd2UXrnd6rycoRymevkI5VbkLx_jXwKml6-cDcKWV3u1yFakdyKj18me3WCkuVXIuJWTQRJLhqfLZb1b_kg&state=aSft07CSxD12s7FU
3.054 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmI0ODQ2MTQtNWFmNy00OWM2LWFlNDItYTc2NDc4ZmJiNDI0Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiMXVhV3RUcWNiUnVOTlVlaWVyUjdrUSIsImV4cCI6MTUyOTc1NDc4MiwiaWF0IjoxNTI5NzUxMTgyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJhOWNlOTNkMi1mZWNhLTQxYjQtOTVlMS1jN2Q4ODkyZjk0YjQiLCJub25jZSI6ImhHUXJ4T0ZYa3BSZzVxQlciLCJyYXQiOjE1Mjk3NTExODAsInN1YiI6ImZvb0BiYXIuY29tIn0.Jm8LXjo7CWFylxo-Os7yKMThZuNPRpV0NEmDfk5bXuq3O7LFEEZgtoIPgprp0SlCynyqEMBXi1oNW5FhGcdBIaacpFGIMp7oEv8uXSA_yxMHZirBt4w8F534AddRYhxtHtDd-84V5jYnp03X5RMVOEJlieHTajLaJwBHCFOs1uRwifEnAxTMxSvmHQ8OOPApaWlAq4dh1RYk3j7zcU1UbR9rjmRik1I3trcjhYGRqTifvCeabbsOivmBHi8ZRYqFaPyKC0wt0Vljg-DBLwbya_4RQdQtvCimJzNCPSN7hxZe5g1F4FkmKKgw1baM4hcfPkElA-zWvfEM7ZY7R59TH4rDB-jXv5F9FB54v-_pTt86Szo6FdOpkqoaD6iJjYyD1tgIquMVT2r9sqv6ZvfSGxAf2AYvmBKATzShwcVXS_d1tsfDPzOPhZyWFJjqYM0864Q4zEw6CJPP8g-5-xXZNjzg2urCgcb6K230le8-LHRPENL_w0RQvBqodJ2IPhdpJkVTa6EVyY0EHuTnzxWdiJjyyVAbwcmUDLjvhBfGRUyMAKoBbx_5nO2NTwqVAeWknjrCKDy6rE2MGI-4zr42a9Iprd2UXrnd6rycoRymevkI5VbkLx_jXwKml6-cDcKWV3u1yFakdyKj18me3WCkuVXIuJWTQRJLhqfLZb1b_kg', 'state': 'aSft07CSxD12s7FU', 'code': 'AeenAWqYKEvY7aoVbji4SZub_GBBiYQmZaNHkD0f93M.VBUUXzdY2ZY9IcivvERFcZHG-rGjJHEc4rzreg94h3Y'}
3.148 AuthorizationResponse {
"code": "AeenAWqYKEvY7aoVbji4SZub_GBBiYQmZaNHkD0f93M.VBUUXzdY2ZY9IcivvERFcZHG-rGjJHEc4rzreg94h3Y",
"id_token": {
"aud": [
"6b484614-5af7-49c6-ae42-a76478fbb424"
],
"auth_time": 1529750975,
"c_hash": "1uaWtTqcbRuNNUeierR7kQ",
"exp": 1529754782,
"iat": 1529751182,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "a9ce93d2-feca-41b4-95e1-c7d8892f94b4",
"nonce": "hGQrxOFXkpRg5qBW",
"rat": 1529751180,
"sub": "foo@bar.com"
},
"state": "aSft07CSxD12s7FU"
}
3.148 phase <--<-- 4 --- AccessToken -->-->
3.148 --> request op_args: {'state': 'aSft07CSxD12s7FU'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.148 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'aSft07CSxD12s7FU', 'code': 'AeenAWqYKEvY7aoVbji4SZub_GBBiYQmZaNHkD0f93M.VBUUXzdY2ZY9IcivvERFcZHG-rGjJHEc4rzreg94h3Y', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '6b484614-5af7-49c6-ae42-a76478fbb424'}, 'state': 'aSft07CSxD12s7FU'}
3.148 AccessTokenRequest {
"code": "AeenAWqYKEvY7aoVbji4SZub_GBBiYQmZaNHkD0f93M.VBUUXzdY2ZY9IcivvERFcZHG-rGjJHEc4rzreg94h3Y",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "aSft07CSxD12s7FU"
}
3.149 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.149 request_http_args {'headers': {'Authorization': 'Basic NmI0ODQ2MTQtNWFmNy00OWM2LWFlNDItYTc2NDc4ZmJiNDI0OnJ0dTBqVVZEdnJlJTdF', 'Content-Type': 'application/x-www-form-urlencoded'}}
3.149 request code=AeenAWqYKEvY7aoVbji4SZub_GBBiYQmZaNHkD0f93M.VBUUXzdY2ZY9IcivvERFcZHG-rGjJHEc4rzreg94h3Y&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=aSft07CSxD12s7FU
3.362 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.363 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmI0ODQ2MTQtNWFmNy00OWM2LWFlNDItYTc2NDc4ZmJiNDI0Il0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiMXVhV3RUcWNiUnVOTlVlaWVyUjdrUSIsImV4cCI6MTUyOTc1NDc4MiwiaWF0IjoxNTI5NzUxMTgzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJkOGM5MWRhNS0xOWE2LTRiOWUtYTk5Zi04NDgwMWJjNWM1MTAiLCJub25jZSI6ImhHUXJ4T0ZYa3BSZzVxQlciLCJyYXQiOjE1Mjk3NTExODAsInN1YiI6ImZvb0BiYXIuY29tIn0.PiPf7iaNPDC14NqsrfzGLjuZAe9c2AQ4oPCcVqjeBGOoGxvmLwi-YnkfRJJjaTzWCivm6NymNZq7gP7br2i-ID0Cgn0Ox-tcZ6HX_De438Easw-TU1HZOnkxLVb6nWYwkBTGrrPxcO7YzxJAQ5p0xkAI48q329WOleKxjK6d63euvmjB4M8pimCZgT-EseyYQOFzqu4lAn7_pwf7qKoHFa1_98b1n5g2Snn295w9gwgEJksFzmCVRYtR18d7MtEO8YnGPZANUTLD6jVyGCWrIMkm7gAC9WRJCa-Jb8MxQeoGXaJuskv0i6iBkEW0pdKowF5uPvUJBk0cVoCi3NcHOUYjBLuYqp0eO9wy8RUpEeB-eUsrvIjBVDgsYwNmQiJ4IC24T5kiJCEh74Sl_qlWJdkIjm-LbRrL_AmQp4Ftr85NoJIiidZ56XwoPer_Pa6s3w7sfcG6tZJ0NZxoYsuUSGIJo7reVYWCb9D8cJ6HxVe9djc7vPUjYFYfQRl1Z3LFKHQJYv05sR9dLDvdfroOEwCGywScwLneQZlmGedY7iiQzloZSvhwGx3n15gsGOO1giSmpuzt2CcF1a6aV6dR1Ww-IsIhNfrQUiF-QluwV4Lh-T5gZqZ2GF-HhPOTJrD74Fs2-UG90ehtKIaTIQQDDRUAmAqo26-83ucq9G-DwwQ', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'AG9sIqwGoZjt7hjPO_mDZwG7UNbwFlg35okGl9KOd_c.YVmddbnx1l8m8SE0gpFEGAT0e87CEieQpyvYWYZbUhk', 'scope': 'openid'}
3.366 AccessTokenResponse {
"access_token": "AG9sIqwGoZjt7hjPO_mDZwG7UNbwFlg35okGl9KOd_c.YVmddbnx1l8m8SE0gpFEGAT0e87CEieQpyvYWYZbUhk",
"expires_in": 3599,
"id_token": {
"aud": [
"6b484614-5af7-49c6-ae42-a76478fbb424"
],
"auth_time": 1529750975,
"c_hash": "1uaWtTqcbRuNNUeierR7kQ",
"exp": 1529754782,
"iat": 1529751183,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "d8c91da5-19a6-4b9e-a99f-84801bc5c510",
"nonce": "hGQrxOFXkpRg5qBW",
"rat": 1529751180,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.366 phase <--<-- 5 --- UserInfo -->-->
3.366 do_user_info_request kwargs:{'state': 'aSft07CSxD12s7FU', 'method': 'GET', 'authn_method': 'bearer_header'}
3.366 request {'body': None}
3.366 request_url https://oidc-certification.ory.sh:8443/userinfo
3.367 request_http_args {'headers': {'Authorization': 'Bearer AG9sIqwGoZjt7hjPO_mDZwG7UNbwFlg35okGl9KOd_c.YVmddbnx1l8m8SE0gpFEGAT0e87CEieQpyvYWYZbUhk'}}
3.44 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
3.441 OpenIDSchema {
"sub": "foo@bar.com"
}
3.441 OpenIDSchema {
"sub": "foo@bar.com"
}
3.441 phase <--<-- 6 --- Done -->-->
3.441 end
3.442 assertion VerifyClaims
3.442 condition verify-claims: status=WARNING, message=Missing required claim: name [Verifies that the claims returned as UserInfo or in the ID Token is consistent with what was asked for]
3.442 assertion CheckHTTPResponse
3.442 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
3.442 condition Done: status=OK
============================================================
Conditions
verify-claims: status=WARNING, message=Missing required claim: name [Verifies that the claims returned as UserInfo or in the ID Token is consistent with what was asked for]
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK
============================================================
RESULT: WARNING
Warnings:
Missing required claim: name
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-prompt-none-LoggedIn.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000050211�13313423312�016164� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-prompt-none-LoggedIn
Test description: Request with prompt=none when logged in [Basic, Implicit, Hybrid]
Timestamp: 2018-06-23T10:54:02Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.097 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.099 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.099 phase <--<-- 2 --- Registration -->-->
0.099 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.099 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#NkcKPJB0Uqfnep4Z"
],
"response_types": [
"code id_token"
]
}
0.255 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.256 RegistrationResponse {
"client_id": "b0bdf4b9-46ef-43e9-b3a4-177178b27476",
"client_secret": ".ZiGUseli-mO",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "b0bdf4b9-46ef-43e9-b3a4-177178b27476",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#NkcKPJB0Uqfnep4Z"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.256 phase <--<-- 3 --- AsyncAuthn -->-->
0.257 AuthorizationRequest {
"client_id": "b0bdf4b9-46ef-43e9-b3a4-177178b27476",
"nonce": "ZsPHzQAabEkYHJWE",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "81KBgP18N8Y3c8yd"
}
0.257 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=b0bdf4b9-46ef-43e9-b3a4-177178b27476&state=81KBgP18N8Y3c8yd&response_type=code+id_token&nonce=ZsPHzQAabEkYHJWE
0.257 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=b0bdf4b9-46ef-43e9-b3a4-177178b27476&state=81KBgP18N8Y3c8yd&response_type=code+id_token&nonce=ZsPHzQAabEkYHJWE
2.84 http args {}
3.007 response URL with fragment
3.008 response code=QHTT0kKwVcFdHZ9NtoJCtDoCgKLobuURzbByUwI0l6w.U9emfknmq36eU-qrLXAXSs8BNGrIBYVKQP8yXEW90y4&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYjBiZGY0YjktNDZlZi00M2U5LWIzYTQtMTc3MTc4YjI3NDc2Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiSlk0OVlTa3hlRjU3dUIzQ1M5VGZndyIsImV4cCI6MTUyOTc1NDg0MCwiaWF0IjoxNTI5NzUxMjQwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0MjcwNDdlYi1kYjZlLTQ3MTEtOWM4My02YjQ3M2RlZjBiM2QiLCJub25jZSI6IlpzUEh6UUFhYkVrWUhKV0UiLCJyYXQiOjE1Mjk3NTEyMzgsInN1YiI6ImZvb0BiYXIuY29tIn0.WYmIxaHtZ1jZ92pS_lRvMqjq4GaFeePrNT_rxIU60giPQUrtulOJKBaJX12ngnPfG28WcGExjFq0nJp39ufcqV_CxldcTlbPZ1IingTVl-RPQYOXoy32zuap-eqNTUf6JuEemShn9nMKr8yGzbUJiOb8YcenWKphA7cd5cF6ZOYqbox3z4ITUv6I6RhFgNQ1otX9Uc9iDfihA1oSmuoZqXAv4zoFhphRLFPLY2gWGEeTTZBmS7RXp72VPjw0fHCvNlVd_7lE56Ya7CJJT81OLe48wnMpWbelb9q1EH26hMjRAfRwSVHRhUHbKAq0fYV3VSBePbKV2kG-qkKzKn_sAiP8UGp_6G2hT6ZdfiXXIlOMfSGdzhx9L_NSflkPvMJJ1_zxCRUvo4euN1KXXMrD6P1Zu9fmTZkvQYv1ZkDJPkTm0kPLcRZ51hkxu8-Lw0oTdWy4-2OyKjQ_7WpcAZxLh9jrdYoMzrpbHnUNaW5bWXMmoDyRF__zuE5RqD_NRWjAW0qJ7ZkEis10FMUfdhri2fBDr5OmGVTGDMBbyQqoj_C42UD1nCGwkjE9hBZ1T7XIndGibbBWqgFc6C2bFpyc_3Zr6KuptrASWGAu9To8rdmTcjdgE-1osHaU8uO7nNxTe1ZxNblMCKZ5p6oXFIWsQ0NHVcTmp_5D0AzCF72xGO8&state=81KBgP18N8Y3c8yd
3.008 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYjBiZGY0YjktNDZlZi00M2U5LWIzYTQtMTc3MTc4YjI3NDc2Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiSlk0OVlTa3hlRjU3dUIzQ1M5VGZndyIsImV4cCI6MTUyOTc1NDg0MCwiaWF0IjoxNTI5NzUxMjQwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI0MjcwNDdlYi1kYjZlLTQ3MTEtOWM4My02YjQ3M2RlZjBiM2QiLCJub25jZSI6IlpzUEh6UUFhYkVrWUhKV0UiLCJyYXQiOjE1Mjk3NTEyMzgsInN1YiI6ImZvb0BiYXIuY29tIn0.WYmIxaHtZ1jZ92pS_lRvMqjq4GaFeePrNT_rxIU60giPQUrtulOJKBaJX12ngnPfG28WcGExjFq0nJp39ufcqV_CxldcTlbPZ1IingTVl-RPQYOXoy32zuap-eqNTUf6JuEemShn9nMKr8yGzbUJiOb8YcenWKphA7cd5cF6ZOYqbox3z4ITUv6I6RhFgNQ1otX9Uc9iDfihA1oSmuoZqXAv4zoFhphRLFPLY2gWGEeTTZBmS7RXp72VPjw0fHCvNlVd_7lE56Ya7CJJT81OLe48wnMpWbelb9q1EH26hMjRAfRwSVHRhUHbKAq0fYV3VSBePbKV2kG-qkKzKn_sAiP8UGp_6G2hT6ZdfiXXIlOMfSGdzhx9L_NSflkPvMJJ1_zxCRUvo4euN1KXXMrD6P1Zu9fmTZkvQYv1ZkDJPkTm0kPLcRZ51hkxu8-Lw0oTdWy4-2OyKjQ_7WpcAZxLh9jrdYoMzrpbHnUNaW5bWXMmoDyRF__zuE5RqD_NRWjAW0qJ7ZkEis10FMUfdhri2fBDr5OmGVTGDMBbyQqoj_C42UD1nCGwkjE9hBZ1T7XIndGibbBWqgFc6C2bFpyc_3Zr6KuptrASWGAu9To8rdmTcjdgE-1osHaU8uO7nNxTe1ZxNblMCKZ5p6oXFIWsQ0NHVcTmp_5D0AzCF72xGO8', 'state': '81KBgP18N8Y3c8yd', 'code': 'QHTT0kKwVcFdHZ9NtoJCtDoCgKLobuURzbByUwI0l6w.U9emfknmq36eU-qrLXAXSs8BNGrIBYVKQP8yXEW90y4'}
3.09 AuthorizationResponse {
"code": "QHTT0kKwVcFdHZ9NtoJCtDoCgKLobuURzbByUwI0l6w.U9emfknmq36eU-qrLXAXSs8BNGrIBYVKQP8yXEW90y4",
"id_token": {
"aud": [
"b0bdf4b9-46ef-43e9-b3a4-177178b27476"
],
"auth_time": 1529751224,
"c_hash": "JY49YSkxeF57uB3CS9Tfgw",
"exp": 1529754840,
"iat": 1529751240,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "427047eb-db6e-4711-9c83-6b473def0b3d",
"nonce": "ZsPHzQAabEkYHJWE",
"rat": 1529751238,
"sub": "foo@bar.com"
},
"state": "81KBgP18N8Y3c8yd"
}
3.09 phase <--<-- 4 --- AccessToken -->-->
3.09 --> request op_args: {'state': '81KBgP18N8Y3c8yd'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.09 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '81KBgP18N8Y3c8yd', 'code': 'QHTT0kKwVcFdHZ9NtoJCtDoCgKLobuURzbByUwI0l6w.U9emfknmq36eU-qrLXAXSs8BNGrIBYVKQP8yXEW90y4', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'b0bdf4b9-46ef-43e9-b3a4-177178b27476'}, 'state': '81KBgP18N8Y3c8yd'}
3.09 AccessTokenRequest {
"code": "QHTT0kKwVcFdHZ9NtoJCtDoCgKLobuURzbByUwI0l6w.U9emfknmq36eU-qrLXAXSs8BNGrIBYVKQP8yXEW90y4",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "81KBgP18N8Y3c8yd"
}
3.09 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.09 request_http_args {'headers': {'Authorization': 'Basic YjBiZGY0YjktNDZlZi00M2U5LWIzYTQtMTc3MTc4YjI3NDc2Oi5aaUdVc2VsaS1tTw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
3.09 request code=QHTT0kKwVcFdHZ9NtoJCtDoCgKLobuURzbByUwI0l6w.U9emfknmq36eU-qrLXAXSs8BNGrIBYVKQP8yXEW90y4&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=81KBgP18N8Y3c8yd
3.315 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.316 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYjBiZGY0YjktNDZlZi00M2U5LWIzYTQtMTc3MTc4YjI3NDc2Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiSlk0OVlTa3hlRjU3dUIzQ1M5VGZndyIsImV4cCI6MTUyOTc1NDg0MCwiaWF0IjoxNTI5NzUxMjQxLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJiYTFiZDg5OS00YTA5LTQ4MTAtYmJjNC1kZmUxN2ViMWY5MzkiLCJub25jZSI6IlpzUEh6UUFhYkVrWUhKV0UiLCJyYXQiOjE1Mjk3NTEyMzgsInN1YiI6ImZvb0BiYXIuY29tIn0.M-AeTzPXRdUcrwJGN28j-I8XiNSo0xqIEXTEzrZPP_kLU1GNrE83PNx3fXGdGzNwohGZE6u_gf7O35s-1m3ynKNvjOvSpOykfnh0G1dPIE74C7KhpazzWFg1HnccH4dbGN_GTJ6Q-B0JcIgHWHHu0XlEf7MiKNE8UUjxYgjIzKDgYhGzt2tbBAY6dnHIktU1aV_t5Ul0dF2YNBlE_BXgUHbXRU-TElih4rUuEhi4QWCGld9p-7n0hx1osHKyqw3X4ZO4VjCAxL3vAwa4AxURRz5AfczPnItHNfDl0eMdY_0zBYgx96A5S57Zf29MaMLMzhn3jlSlecjER-NbrFLSigyg12AIxOuVTi-3jfjJ2EewA8a2HNm5yqWKAojBQC7Xd-M5aK8zX82-Vi7o5GV7TSleVRKIKgUFvQgtEzK2iJURkYyTEegChaKLDkPirJ3GFW3e1lEYSgU5aONtt_CzJAb1t3OTS5_aE9AM_YNNHfFUiJAMut0WUPiYBDxb7U6XiCAJA5wjFYRrY3Bq3uSWi2Qz22NvN1qXFOSYJ-D8ouiy2kBnF5KdxhQ0iaPhINW1lnzFAplVx7irgnmYfaqavQ8sectJrV7WpVq7fLGcP34uiFKuEGX06z2cxnL6OE6LCnIpgjp5XBipQwv5YAS3VMchgW3R1jmWSkh_nJbZ7Q8', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'DjcySreHaJpXzyDSr46DURILfooP8UktmZ8bn1jq_wU.7BiE6mNr_9Qi8o480ZdjY--MCWIw1ijsBizgJj_AOHo', 'scope': 'openid'}
3.319 AccessTokenResponse {
"access_token": "DjcySreHaJpXzyDSr46DURILfooP8UktmZ8bn1jq_wU.7BiE6mNr_9Qi8o480ZdjY--MCWIw1ijsBizgJj_AOHo",
"expires_in": 3599,
"id_token": {
"aud": [
"b0bdf4b9-46ef-43e9-b3a4-177178b27476"
],
"auth_time": 1529751224,
"c_hash": "JY49YSkxeF57uB3CS9Tfgw",
"exp": 1529754840,
"iat": 1529751241,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "ba1bd899-4a09-4810-bbc4-dfe17eb1f939",
"nonce": "ZsPHzQAabEkYHJWE",
"rat": 1529751238,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.319 phase <--<-- 5 --- AsyncAuthn -->-->
3.32 AuthorizationRequest {
"client_id": "b0bdf4b9-46ef-43e9-b3a4-177178b27476",
"nonce": "byum7cB5IBg8DqXd",
"prompt": [
"none"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "r7U7BRpL6un3bQpQ"
}
3.32 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=b0bdf4b9-46ef-43e9-b3a4-177178b27476&state=r7U7BRpL6un3bQpQ&response_type=code+id_token&nonce=byum7cB5IBg8DqXd
3.32 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=none&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=b0bdf4b9-46ef-43e9-b3a4-177178b27476&state=r7U7BRpL6un3bQpQ&response_type=code+id_token&nonce=byum7cB5IBg8DqXd
4.226 http args {}
4.379 response URL with fragment
4.379 response code=4cPtPAr9mx8m9mnRv01x2k2ZBhe2yu7HqVA0UIPVxNU.3ZyE2UzDZMjUVgAsv9BzvnxDlsXC0S3lkY9uSBiXx3M&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYjBiZGY0YjktNDZlZi00M2U5LWIzYTQtMTc3MTc4YjI3NDc2Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiUmUtM0otcVhXN1MzUjRyazAyWXFLdyIsImV4cCI6MTUyOTc1NDg0MiwiaWF0IjoxNTI5NzUxMjQyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI3MmRjYTFiMy0wZmNhLTQ3NzMtYjBmNC1hNmFjODcwZWZjMDgiLCJub25jZSI6ImJ5dW03Y0I1SUJnOERxWGQiLCJyYXQiOjE1Mjk3NTEyNDEsInN1YiI6ImZvb0BiYXIuY29tIn0.oCuW-criNj0b_L38X-0dwKw6uhHsBnbp5dnRb0A1H1T5AVw4rf66Vszu2OKdrVgz7pjWLs-7hDUliHDI-1gybO_I80WRiuXTzMwyRfF5jsE1pDCUPMpBn-RwL0ZNcHdOK6kjFOKwJcOr7e9AiXX3ju9cCfKT8W63qjr1tNiSCgojTl11Zj5kEpLrR1wfMl24BPkZmjLyLTl2c_EDxTh3sS5st58Y1SvevLLBLlIb_S_ktU0CNqw_DL7IqDL_llLlcScU8_Kgzh5iAlj-kQXLA8geA_KzdPzBu6z7syHcdJlZDa_wQyPyYO67ovgrWBP9OdHCg6GwclbZcWFaO5zP76oPBPn6NuIPOsjxo_Y_UubbXIWG6j9lZ2ed4b7Oijs4BefENaKTxMdfE7rC2CwNVDTaAupFYTDQC1qsHUT3wfzWCPVhsu8wy2iw-yCW1wrT2nyiISYXpRKt1xEodiAYsIsvlrtiPmcFArKAiidN3HrtqGUBMUP_Ny8z9FV6BhU6Tur8GxhVC_zjN3x-A9rQQ5LHOYQ7SZDNn1N3xFgptQcebUnZZ9WBKyT3ZVKv-a-aOgaKy6nkQVr7OXDSNmPYMRCHU80VTefHfWDWTEQXTelscBSENZi3UJi8PThNCdDz4kh8WCqm1HgmhUc4a_GkPcieOh5tpR4DCw38FZS2QJs&state=r7U7BRpL6un3bQpQ
4.38 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYjBiZGY0YjktNDZlZi00M2U5LWIzYTQtMTc3MTc4YjI3NDc2Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiUmUtM0otcVhXN1MzUjRyazAyWXFLdyIsImV4cCI6MTUyOTc1NDg0MiwiaWF0IjoxNTI5NzUxMjQyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI3MmRjYTFiMy0wZmNhLTQ3NzMtYjBmNC1hNmFjODcwZWZjMDgiLCJub25jZSI6ImJ5dW03Y0I1SUJnOERxWGQiLCJyYXQiOjE1Mjk3NTEyNDEsInN1YiI6ImZvb0BiYXIuY29tIn0.oCuW-criNj0b_L38X-0dwKw6uhHsBnbp5dnRb0A1H1T5AVw4rf66Vszu2OKdrVgz7pjWLs-7hDUliHDI-1gybO_I80WRiuXTzMwyRfF5jsE1pDCUPMpBn-RwL0ZNcHdOK6kjFOKwJcOr7e9AiXX3ju9cCfKT8W63qjr1tNiSCgojTl11Zj5kEpLrR1wfMl24BPkZmjLyLTl2c_EDxTh3sS5st58Y1SvevLLBLlIb_S_ktU0CNqw_DL7IqDL_llLlcScU8_Kgzh5iAlj-kQXLA8geA_KzdPzBu6z7syHcdJlZDa_wQyPyYO67ovgrWBP9OdHCg6GwclbZcWFaO5zP76oPBPn6NuIPOsjxo_Y_UubbXIWG6j9lZ2ed4b7Oijs4BefENaKTxMdfE7rC2CwNVDTaAupFYTDQC1qsHUT3wfzWCPVhsu8wy2iw-yCW1wrT2nyiISYXpRKt1xEodiAYsIsvlrtiPmcFArKAiidN3HrtqGUBMUP_Ny8z9FV6BhU6Tur8GxhVC_zjN3x-A9rQQ5LHOYQ7SZDNn1N3xFgptQcebUnZZ9WBKyT3ZVKv-a-aOgaKy6nkQVr7OXDSNmPYMRCHU80VTefHfWDWTEQXTelscBSENZi3UJi8PThNCdDz4kh8WCqm1HgmhUc4a_GkPcieOh5tpR4DCw38FZS2QJs', 'state': 'r7U7BRpL6un3bQpQ', 'code': '4cPtPAr9mx8m9mnRv01x2k2ZBhe2yu7HqVA0UIPVxNU.3ZyE2UzDZMjUVgAsv9BzvnxDlsXC0S3lkY9uSBiXx3M'}
4.383 AuthorizationResponse {
"code": "4cPtPAr9mx8m9mnRv01x2k2ZBhe2yu7HqVA0UIPVxNU.3ZyE2UzDZMjUVgAsv9BzvnxDlsXC0S3lkY9uSBiXx3M",
"id_token": {
"aud": [
"b0bdf4b9-46ef-43e9-b3a4-177178b27476"
],
"auth_time": 1529751224,
"c_hash": "Re-3J-qXW7S3R4rk02YqKw",
"exp": 1529754842,
"iat": 1529751242,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "72dca1b3-0fca-4773-b0f4-a6ac870efc08",
"nonce": "byum7cB5IBg8DqXd",
"rat": 1529751241,
"sub": "foo@bar.com"
},
"state": "r7U7BRpL6un3bQpQ"
}
4.383 phase <--<-- 6 --- AccessToken -->-->
4.383 --> request op_args: {'state': 'r7U7BRpL6un3bQpQ'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.383 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'r7U7BRpL6un3bQpQ', 'code': '4cPtPAr9mx8m9mnRv01x2k2ZBhe2yu7HqVA0UIPVxNU.3ZyE2UzDZMjUVgAsv9BzvnxDlsXC0S3lkY9uSBiXx3M', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'b0bdf4b9-46ef-43e9-b3a4-177178b27476'}, 'state': 'r7U7BRpL6un3bQpQ'}
4.383 AccessTokenRequest {
"code": "4cPtPAr9mx8m9mnRv01x2k2ZBhe2yu7HqVA0UIPVxNU.3ZyE2UzDZMjUVgAsv9BzvnxDlsXC0S3lkY9uSBiXx3M",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "r7U7BRpL6un3bQpQ"
}
4.383 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.383 request_http_args {'headers': {'Authorization': 'Basic YjBiZGY0YjktNDZlZi00M2U5LWIzYTQtMTc3MTc4YjI3NDc2Oi5aaUdVc2VsaS1tTw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.383 request code=4cPtPAr9mx8m9mnRv01x2k2ZBhe2yu7HqVA0UIPVxNU.3ZyE2UzDZMjUVgAsv9BzvnxDlsXC0S3lkY9uSBiXx3M&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=r7U7BRpL6un3bQpQ
4.599 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.6 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYjBiZGY0YjktNDZlZi00M2U5LWIzYTQtMTc3MTc4YjI3NDc2Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoiUmUtM0otcVhXN1MzUjRyazAyWXFLdyIsImV4cCI6MTUyOTc1NDg0MiwiaWF0IjoxNTI5NzUxMjQyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIzN2MzZWZjOC00ZGYyLTRlOTYtYTkxYS04NGQwMmE4ZTk5OTAiLCJub25jZSI6ImJ5dW03Y0I1SUJnOERxWGQiLCJyYXQiOjE1Mjk3NTEyNDEsInN1YiI6ImZvb0BiYXIuY29tIn0.WgDPAH1PUdyIIpIqZ9Qr1V9UWCQ5LMrfqB5mOkagbSdjjXlVu2eaWYJ0RqpLE1orskSevVyp4CKiHGZeO2XbgEGV8-wRHrGCuT8LOvdjyjc520Z4BAIdO1ZsZ2NddJvFasIIYSt_uSr0XCA8le6U7Yy5f3bmBz4Q6KYS7BGkvqtqpkzXvtCWaR44BVW7AysdFP9TAbfgXPm4isn0h-tDunos76f7G_xRsemrJc-v-ATkSCyB-QmfZ1uTLUAcZsf3QjJHUsyV0GOqeGFP5-mNiLfjWToA347gEYqP-1KxHhTdUCiE9-Z-6fPwUqg9Xa9149R_ZzpoIaQF3_SXgiBB_0lhyBwiAalDZViYFPdyaVETK41VkL8eDBbNUhOJv1NMqd2EOVNyu6DCb4Yi2vokx0hy1oRN252BM2E39AyXLMoYZZWFZFrh03iPSkss1uVqH8IgjgKVdzXNCszxbi-qI4VEXTSxcjUEwSg5_Mcx0SmfUV0CqOdLXqNX38oWuMHYao39_8Gbhpks6vfYziZsbXESmohInsg_cXl09SpZh-Wm5SYym_XD_h-NZDKUzzqRoEVzdeb6XsQ3p1ZW04pL1X3mUq13-Kqgr_Q_Le9oBerxZjgAn6imlf9Poalw1w6dMZsdNMynJCtq6Zrsb_eAlhLXrDNw7_kxVlI3Y2FHsos', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'sr40dxsqPj16smD8QwjCZy9nHdMAUivOYBmuzN8zx9A.JC7SCiWffQ3cmsbQTgRf83vXLLGNGWHX-A7elL_tdDw', 'scope': 'openid'}
4.603 AccessTokenResponse {
"access_token": "sr40dxsqPj16smD8QwjCZy9nHdMAUivOYBmuzN8zx9A.JC7SCiWffQ3cmsbQTgRf83vXLLGNGWHX-A7elL_tdDw",
"expires_in": 3599,
"id_token": {
"aud": [
"b0bdf4b9-46ef-43e9-b3a4-177178b27476"
],
"auth_time": 1529751224,
"c_hash": "Re-3J-qXW7S3R4rk02YqKw",
"exp": 1529754842,
"iat": 1529751242,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "37c3efc8-4df2-4e96-a91a-84d02a8e9990",
"nonce": "byum7cB5IBg8DqXd",
"rat": 1529751241,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
4.604 phase <--<-- 7 --- Done -->-->
4.604 end
4.604 assertion VerifyResponse
4.604 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
4.604 assertion SameAuthn
4.605 condition same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
4.605 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Req-max_age=1.txt������������������������������������������������������������������������������0000644�0000000�0000000�00000061236�13313423564�014546� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Req-max_age=1
Test description: Requesting ID Token with max_age=1 seconds restriction
Timestamp: 2018-06-23T10:56:52Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.093 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.094 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.094 phase <--<-- 2 --- Registration -->-->
0.094 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.095 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Q0QQ7sge7NhJepue"
],
"response_types": [
"code id_token"
]
}
0.254 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.255 RegistrationResponse {
"client_id": "8a45761b-e14e-4aca-ba7b-11e05ebaa414",
"client_secret": "cghi8J1H9J5c",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "8a45761b-e14e-4aca-ba7b-11e05ebaa414",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#Q0QQ7sge7NhJepue"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.255 phase <--<-- 3 --- AsyncAuthn -->-->
0.256 AuthorizationRequest {
"client_id": "8a45761b-e14e-4aca-ba7b-11e05ebaa414",
"nonce": "k7JAEXOu94XrLKZI",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "x4eC9w4BpZMoeyp2"
}
0.256 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=8a45761b-e14e-4aca-ba7b-11e05ebaa414&state=x4eC9w4BpZMoeyp2&response_type=code+id_token&nonce=k7JAEXOu94XrLKZI
0.256 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=8a45761b-e14e-4aca-ba7b-11e05ebaa414&state=x4eC9w4BpZMoeyp2&response_type=code+id_token&nonce=k7JAEXOu94XrLKZI
2.605 http args {}
2.778 response URL with fragment
2.778 response code=jIsVipKIupqfOwqNS-PPeTF2v_wWNMDQdHX0z_kpBbg.4Wvlmsl-56tXK2XOErjWxbymUBxGHlFJir2xaWzo86A&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOGE0NTc2MWItZTE0ZS00YWNhLWJhN2ItMTFlMDVlYmFhNDE0Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoienZ3alB5djVzY3F4Q2pfcDRaWGJ5QSIsImV4cCI6MTUyOTc1NTAwNCwiaWF0IjoxNTI5NzUxNDA0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI3ODYxZTFmNC1lOTczLTQ0MzgtODY5OC1hNzlkMjE1NTcyNDYiLCJub25jZSI6Ims3SkFFWE91OTRYckxLWkkiLCJyYXQiOjE1Mjk3NTE0MDIsInN1YiI6ImZvb0BiYXIuY29tIn0.o4eXYh6OxW0RoVnQgZthjY93w9g44GTnA9P_q5y6nl7_0k__sCiEtnhpSi6g0Hnm6dGx1gShAz3wS0de3BYZ1qv9c7mzeR46ffju-qHh6w_bsBB1j5URYIm4AZ7rIqr-yre78c85ScjHJoqaIQInGvZkGb9NX3Sq3_zRvw15A8m3RqBJEPkXMAAT-LSPBpCPzYQ8aHSodaC0oL8X__1m7HS-ZY-vyqpNoLbTc_vGQfeEuDqARbDI_k6AB2zSNMvrAL3A3UqUF3XmAKEhzkWUxcfqxKnPuyjdFJo4JZ833bTJztbKziS-0JTW2qzEgQEDMhC0vcRRiked9RKMBruC8Q1SpYIwKU9-6fsercLC7BsKp7349l9ZogynhJqGtp0Azfv4USt0dWtndDiza3CX4BagJq-GTkz5Zias0U-lT9RONSczMSsRzIEs1_ZdBi4KFbG6WtxTadXBh4Md1epRNP_QtrZcn2cafNTUTCMS4iF_udjph2F5cDfM5_CjnD0Lomtz4jNEsiEp2Oup0Jkr3j8HGQqkPlaL-qD-ab02Z7AlY5AiAD-whtTF0wbDaPMMexjHLmOA64mwJqHbu7wxghrIuZZX3ry_3yt24iXIuWAgbqezgbgwr2gntyPTPPaDa4RpP7aWSO60RD-b4QWzIJNXCwCrdVAD_r4sWqP3JXY&state=x4eC9w4BpZMoeyp2
2.778 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOGE0NTc2MWItZTE0ZS00YWNhLWJhN2ItMTFlMDVlYmFhNDE0Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoienZ3alB5djVzY3F4Q2pfcDRaWGJ5QSIsImV4cCI6MTUyOTc1NTAwNCwiaWF0IjoxNTI5NzUxNDA0LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiI3ODYxZTFmNC1lOTczLTQ0MzgtODY5OC1hNzlkMjE1NTcyNDYiLCJub25jZSI6Ims3SkFFWE91OTRYckxLWkkiLCJyYXQiOjE1Mjk3NTE0MDIsInN1YiI6ImZvb0BiYXIuY29tIn0.o4eXYh6OxW0RoVnQgZthjY93w9g44GTnA9P_q5y6nl7_0k__sCiEtnhpSi6g0Hnm6dGx1gShAz3wS0de3BYZ1qv9c7mzeR46ffju-qHh6w_bsBB1j5URYIm4AZ7rIqr-yre78c85ScjHJoqaIQInGvZkGb9NX3Sq3_zRvw15A8m3RqBJEPkXMAAT-LSPBpCPzYQ8aHSodaC0oL8X__1m7HS-ZY-vyqpNoLbTc_vGQfeEuDqARbDI_k6AB2zSNMvrAL3A3UqUF3XmAKEhzkWUxcfqxKnPuyjdFJo4JZ833bTJztbKziS-0JTW2qzEgQEDMhC0vcRRiked9RKMBruC8Q1SpYIwKU9-6fsercLC7BsKp7349l9ZogynhJqGtp0Azfv4USt0dWtndDiza3CX4BagJq-GTkz5Zias0U-lT9RONSczMSsRzIEs1_ZdBi4KFbG6WtxTadXBh4Md1epRNP_QtrZcn2cafNTUTCMS4iF_udjph2F5cDfM5_CjnD0Lomtz4jNEsiEp2Oup0Jkr3j8HGQqkPlaL-qD-ab02Z7AlY5AiAD-whtTF0wbDaPMMexjHLmOA64mwJqHbu7wxghrIuZZX3ry_3yt24iXIuWAgbqezgbgwr2gntyPTPPaDa4RpP7aWSO60RD-b4QWzIJNXCwCrdVAD_r4sWqP3JXY', 'state': 'x4eC9w4BpZMoeyp2', 'code': 'jIsVipKIupqfOwqNS-PPeTF2v_wWNMDQdHX0z_kpBbg.4Wvlmsl-56tXK2XOErjWxbymUBxGHlFJir2xaWzo86A'}
2.858 AuthorizationResponse {
"code": "jIsVipKIupqfOwqNS-PPeTF2v_wWNMDQdHX0z_kpBbg.4Wvlmsl-56tXK2XOErjWxbymUBxGHlFJir2xaWzo86A",
"id_token": {
"aud": [
"8a45761b-e14e-4aca-ba7b-11e05ebaa414"
],
"auth_time": 1529751224,
"c_hash": "zvwjPyv5scqxCj_p4ZXbyA",
"exp": 1529755004,
"iat": 1529751404,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "7861e1f4-e973-4438-8698-a79d21557246",
"nonce": "k7JAEXOu94XrLKZI",
"rat": 1529751402,
"sub": "foo@bar.com"
},
"state": "x4eC9w4BpZMoeyp2"
}
2.858 phase <--<-- 4 --- AccessToken -->-->
2.858 --> request op_args: {'state': 'x4eC9w4BpZMoeyp2'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.858 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'x4eC9w4BpZMoeyp2', 'code': 'jIsVipKIupqfOwqNS-PPeTF2v_wWNMDQdHX0z_kpBbg.4Wvlmsl-56tXK2XOErjWxbymUBxGHlFJir2xaWzo86A', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '8a45761b-e14e-4aca-ba7b-11e05ebaa414'}, 'state': 'x4eC9w4BpZMoeyp2'}
2.858 AccessTokenRequest {
"code": "jIsVipKIupqfOwqNS-PPeTF2v_wWNMDQdHX0z_kpBbg.4Wvlmsl-56tXK2XOErjWxbymUBxGHlFJir2xaWzo86A",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "x4eC9w4BpZMoeyp2"
}
2.858 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.858 request_http_args {'headers': {'Authorization': 'Basic OGE0NTc2MWItZTE0ZS00YWNhLWJhN2ItMTFlMDVlYmFhNDE0OmNnaGk4SjFIOUo1Yw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.858 request code=jIsVipKIupqfOwqNS-PPeTF2v_wWNMDQdHX0z_kpBbg.4Wvlmsl-56tXK2XOErjWxbymUBxGHlFJir2xaWzo86A&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=x4eC9w4BpZMoeyp2
3.081 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.082 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiOGE0NTc2MWItZTE0ZS00YWNhLWJhN2ItMTFlMDVlYmFhNDE0Il0sImF1dGhfdGltZSI6MTUyOTc1MTIyNCwiY19oYXNoIjoienZ3alB5djVzY3F4Q2pfcDRaWGJ5QSIsImV4cCI6MTUyOTc1NTAwNCwiaWF0IjoxNTI5NzUxNDA1LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmZDAwYjA0MS1kYjI2LTQ2ZWMtYTljYS1hMjI3NTEyMmIzNmYiLCJub25jZSI6Ims3SkFFWE91OTRYckxLWkkiLCJyYXQiOjE1Mjk3NTE0MDIsInN1YiI6ImZvb0BiYXIuY29tIn0.yQ3X04cdpXiVXvRBp96ICE1SJr1M7yTy5ub940TV7vX0uavmcBJM_1zJKOofjt8Dog8cwwFtN1E5ussWUm2abvyQRte5sGvGN7I6s_2kIDpWIoT0XWZhQ3AUoq164NPUvgrnfPmzKiRm1up62u94wTV3xxbaddy3c2UvLkQb4LW8QhznMwTfXFn6lHr0X2wm8l1597JaF7fCqc3w0fA3LTlD1AQHZaROPjEfzTdZgRChPi44ZqoHdnbQuEYOIqERNKM3zuhMnLe18Q8m_OFxQl_WDxBRtILney87TznMYpLfYWj66zeWof_wnZwbbikv_PZqRmPQ1sdn21mkRpLAhZLt6-hR_pkekeRLagQX8NyA8oGRNM6p9E-O_fu8gYhEh8CpdrssDo-eLsYfFixFu38NzdZqD6StyzFoYIhTSr7N7qyxV4dakQfikHWsnBqlmmUDaE5cH1-bW7aV_8Sd6ZJSCIqtwpGT6o5DLzkb_emk7BBLO8vrDYtM1mClNiDQfQQmxSZ8YjEA-Jj0Kvq2hS5QofnQigV1Znxbf-AqXwaxIUpInEYtBBbk5Q_mF0njKxKh8aULQG9j5Pcud9TAhd9Wrbi0cM5aLatZOcwWYe1ysfm0thnmwake4DEmiuS9E9NwD0w_vGo3wFr6AFME9AetmoCCvC_4FR8NmQD7IuM', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'PBgI998yEUu5b9n92b3kMtvLYRhxW_nHCJWwLBAeGXI.xcFUf-6bwBWFkI2m8p0EFoRF119GO6cOThmuT06sM9o', 'scope': 'openid'}
3.085 AccessTokenResponse {
"access_token": "PBgI998yEUu5b9n92b3kMtvLYRhxW_nHCJWwLBAeGXI.xcFUf-6bwBWFkI2m8p0EFoRF119GO6cOThmuT06sM9o",
"expires_in": 3599,
"id_token": {
"aud": [
"8a45761b-e14e-4aca-ba7b-11e05ebaa414"
],
"auth_time": 1529751224,
"c_hash": "zvwjPyv5scqxCj_p4ZXbyA",
"exp": 1529755004,
"iat": 1529751405,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "fd00b041-db26-46ec-a9ca-a2275122b36f",
"nonce": "k7JAEXOu94XrLKZI",
"rat": 1529751402,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.086 phase <--<-- 5 --- Note -->-->
4.195 phase <--<-- 6 --- Webfinger -->-->
4.195 not expected to do WebFinger
4.195 phase <--<-- 7 --- Discovery -->-->
4.195 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
4.27 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
4.271 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
4.271 phase <--<-- 8 --- Registration -->-->
4.271 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
4.271 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#nhvxrWibrF2SsB8C"
],
"response_types": [
"code id_token"
]
}
4.428 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
4.429 RegistrationResponse {
"client_id": "158d7ab8-abdb-4e7d-83a2-e7be554c69cc",
"client_secret": "tlruE59wZUiv",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "158d7ab8-abdb-4e7d-83a2-e7be554c69cc",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#nhvxrWibrF2SsB8C"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
4.429 phase <--<-- 9 --- AsyncAuthn -->-->
4.43 AuthorizationRequest {
"client_id": "158d7ab8-abdb-4e7d-83a2-e7be554c69cc",
"max_age": 1,
"nonce": "mLa0KLJYXI5WGo7n",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "dr1sMUnYZUzWPQyg"
}
4.43 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?max_age=1&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=158d7ab8-abdb-4e7d-83a2-e7be554c69cc&state=dr1sMUnYZUzWPQyg&response_type=code+id_token&nonce=mLa0KLJYXI5WGo7n
4.43 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?max_age=1&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=158d7ab8-abdb-4e7d-83a2-e7be554c69cc&state=dr1sMUnYZUzWPQyg&response_type=code+id_token&nonce=mLa0KLJYXI5WGo7n
9.961 http args {}
10.146 response URL with fragment
10.146 response code=TSSPLMEla5t0kEgD4KRshCT-B7RTgnUE6u_k8c58sjY.kf0LytheMTLKHAEImCzXNKJYSduXnQ_Y7x2wK87zIBY&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU4ZDdhYjgtYWJkYi00ZTdkLTgzYTItZTdiZTU1NGM2OWNjIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiWHVWN0JZUjFwTVMwSTNKTENOdUpZdyIsImV4cCI6MTUyOTc1NTAxMiwiaWF0IjoxNTI5NzUxNDEyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmOGVhMjZkNi1hNWZhLTRjZDYtOTkwYi00Mjk1OGFlODlhMmQiLCJub25jZSI6Im1MYTBLTEpZWEk1V0dvN24iLCJyYXQiOjE1Mjk3NTE0MDcsInN1YiI6ImZvb0BiYXIuY29tIn0.ZD0sWtsldKtp2nnccFLpBHc334Bezx7XheDAICDzeNrcTWsWcZBD-VAIJSdJ6CL3H2JgmFgO-svKIRRMqpPiXervk1bBA2-eeD61hFpB4RsARdPQXLUpk1qsADsEe9T0Zb4UR-W_SEHb_8TrdxSuNX3frTWSuh3Pk6U9lkI2Mk2OLYEBsgMRVQvhlS4qWLoAcaPNjfzXJg6fhjK6s2r4fKFGwFx54B4YGezOS5shMwL0IYEPLAewqcbRGmtcMINcWAorlFpwBOHgKnD7N7fb2Z51wm3BesTpD2i_-v5V6mwBX6ewqp_xif7I46rBDDOtcyHEJWZn7U0ylnHoU6HEHiWmqV_3K41CQ6voPTB06wnithvmxWYSNUEU51AlfrfHHtuh2WQE7hxamoHWyl4fdWcYlTZ_5hylHsk6kOdqhkEd8PryKcBLJnrdJRPEb4wDXAfPb0dOE5sczyczEslPXZTFW3nGdCHSNraAKq3pVNoOVeYR0m-lqUjfZd9DAYTkoeVZqexfaIPiWoGgn-8sqenublen-EyvLGsCQq4KATa16z2wubjy9buUHxkAXBrsViE3m8fQrZV6IYG3X4nM91mZ7UGoZKqb7F7y80Nll7OPxyp1IwkEBN4mdqhv3WrNc1ijY-vtdrvZkqTdDDz133WXH__KQ4F3n5Ab55pkPPo&state=dr1sMUnYZUzWPQyg
10.146 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU4ZDdhYjgtYWJkYi00ZTdkLTgzYTItZTdiZTU1NGM2OWNjIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiWHVWN0JZUjFwTVMwSTNKTENOdUpZdyIsImV4cCI6MTUyOTc1NTAxMiwiaWF0IjoxNTI5NzUxNDEyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJmOGVhMjZkNi1hNWZhLTRjZDYtOTkwYi00Mjk1OGFlODlhMmQiLCJub25jZSI6Im1MYTBLTEpZWEk1V0dvN24iLCJyYXQiOjE1Mjk3NTE0MDcsInN1YiI6ImZvb0BiYXIuY29tIn0.ZD0sWtsldKtp2nnccFLpBHc334Bezx7XheDAICDzeNrcTWsWcZBD-VAIJSdJ6CL3H2JgmFgO-svKIRRMqpPiXervk1bBA2-eeD61hFpB4RsARdPQXLUpk1qsADsEe9T0Zb4UR-W_SEHb_8TrdxSuNX3frTWSuh3Pk6U9lkI2Mk2OLYEBsgMRVQvhlS4qWLoAcaPNjfzXJg6fhjK6s2r4fKFGwFx54B4YGezOS5shMwL0IYEPLAewqcbRGmtcMINcWAorlFpwBOHgKnD7N7fb2Z51wm3BesTpD2i_-v5V6mwBX6ewqp_xif7I46rBDDOtcyHEJWZn7U0ylnHoU6HEHiWmqV_3K41CQ6voPTB06wnithvmxWYSNUEU51AlfrfHHtuh2WQE7hxamoHWyl4fdWcYlTZ_5hylHsk6kOdqhkEd8PryKcBLJnrdJRPEb4wDXAfPb0dOE5sczyczEslPXZTFW3nGdCHSNraAKq3pVNoOVeYR0m-lqUjfZd9DAYTkoeVZqexfaIPiWoGgn-8sqenublen-EyvLGsCQq4KATa16z2wubjy9buUHxkAXBrsViE3m8fQrZV6IYG3X4nM91mZ7UGoZKqb7F7y80Nll7OPxyp1IwkEBN4mdqhv3WrNc1ijY-vtdrvZkqTdDDz133WXH__KQ4F3n5Ab55pkPPo', 'state': 'dr1sMUnYZUzWPQyg', 'code': 'TSSPLMEla5t0kEgD4KRshCT-B7RTgnUE6u_k8c58sjY.kf0LytheMTLKHAEImCzXNKJYSduXnQ_Y7x2wK87zIBY'}
10.15 AuthorizationResponse {
"code": "TSSPLMEla5t0kEgD4KRshCT-B7RTgnUE6u_k8c58sjY.kf0LytheMTLKHAEImCzXNKJYSduXnQ_Y7x2wK87zIBY",
"id_token": {
"aud": [
"158d7ab8-abdb-4e7d-83a2-e7be554c69cc"
],
"auth_time": 1529751409,
"c_hash": "XuV7BYR1pMS0I3JLCNuJYw",
"exp": 1529755012,
"iat": 1529751412,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "f8ea26d6-a5fa-4cd6-990b-42958ae89a2d",
"nonce": "mLa0KLJYXI5WGo7n",
"rat": 1529751407,
"sub": "foo@bar.com"
},
"state": "dr1sMUnYZUzWPQyg"
}
10.15 phase <--<-- 10 --- AccessToken -->-->
10.15 --> request op_args: {'state': 'dr1sMUnYZUzWPQyg'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
10.15 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'dr1sMUnYZUzWPQyg', 'code': 'TSSPLMEla5t0kEgD4KRshCT-B7RTgnUE6u_k8c58sjY.kf0LytheMTLKHAEImCzXNKJYSduXnQ_Y7x2wK87zIBY', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '158d7ab8-abdb-4e7d-83a2-e7be554c69cc'}, 'state': 'dr1sMUnYZUzWPQyg'}
10.15 AccessTokenRequest {
"code": "TSSPLMEla5t0kEgD4KRshCT-B7RTgnUE6u_k8c58sjY.kf0LytheMTLKHAEImCzXNKJYSduXnQ_Y7x2wK87zIBY",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "dr1sMUnYZUzWPQyg"
}
10.15 request_url https://oidc-certification.ory.sh:8443/oauth2/token
10.15 request_http_args {'headers': {'Authorization': 'Basic MTU4ZDdhYjgtYWJkYi00ZTdkLTgzYTItZTdiZTU1NGM2OWNjOnRscnVFNTl3WlVpdg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
10.15 request code=TSSPLMEla5t0kEgD4KRshCT-B7RTgnUE6u_k8c58sjY.kf0LytheMTLKHAEImCzXNKJYSduXnQ_Y7x2wK87zIBY&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=dr1sMUnYZUzWPQyg
10.394 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
10.395 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMTU4ZDdhYjgtYWJkYi00ZTdkLTgzYTItZTdiZTU1NGM2OWNjIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiWHVWN0JZUjFwTVMwSTNKTENOdUpZdyIsImV4cCI6MTUyOTc1NTAxMiwiaWF0IjoxNTI5NzUxNDEyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJjZjM4ZjY4YS1kZmE5LTQ4NGQtOWU4NC0yN2IxMzk3NWJjZmIiLCJub25jZSI6Im1MYTBLTEpZWEk1V0dvN24iLCJyYXQiOjE1Mjk3NTE0MDcsInN1YiI6ImZvb0BiYXIuY29tIn0.sf6SDZd0CS9MxQFMKOtUnI9Xv5rK352LElBdcYYi_b7XQ17wpLYRfeAzrYTH9gWfLu4w2qqYRKenBzbWHsYaqFhvH2AcFIQFSbKYCj3By5GMANg1QtlhU6eMvGKTj18EtOGxsmu5bqIQcqKn3i6uqDo_bw22P4i5SYcA6vUgafdKtBUXcWYavAKQllTacQVj5K9hZRsucBcxrIu2LQLOZdrK3-pi4AcJFgrU8Tf0bIO-UiaTSGvgLkmkRQfy5mv4uIbzOS58Tn9oWnatXP_iUVUoRFyzQsPLJGfrM2GJ7CIWcLVVPgkpxNPc7sA5V9eUIYNl81CgcIqDJ7W3P4SZ5UtV0g2OAESZTznt60s3BFcOuIg7DkIi2Q2bs5GrmuVkNPtuc88FZPHti28AKpU3W4gQZoU8qEddMMbtLVhgRf-dZvdjeNomDjaQXCGVcrFC12jLrftmghu_jXJHDk8htW7yadSl8l7L2B2II1j8FUjuKb_XBvE8r78v4BCQKh18EpSj9pBBCGv8_N08BBLuAcio6ODtF-yyymsh68RCT-nbRuxVytqp-UWEX-94CBa-hieZ7GFeiMDVY5_NRQZ6o8qBrW6_PL1fm-TIedhGolMob6D3fBTSAwn-8r7u9rKNcA6zJ7Jh9FLPenPq0yOwHEMlkRCawl0RtARjBJhYmsM', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'rjLL0E0phvp1T6fVXNf9st3f8rQuE7_9tolj7NLeGUc.lUiYAvquWxqUEpbz39rVanXY1Iv_rWEfLrMG3zObB38', 'scope': 'openid'}
10.399 AccessTokenResponse {
"access_token": "rjLL0E0phvp1T6fVXNf9st3f8rQuE7_9tolj7NLeGUc.lUiYAvquWxqUEpbz39rVanXY1Iv_rWEfLrMG3zObB38",
"expires_in": 3599,
"id_token": {
"aud": [
"158d7ab8-abdb-4e7d-83a2-e7be554c69cc"
],
"auth_time": 1529751409,
"c_hash": "XuV7BYR1pMS0I3JLCNuJYw",
"exp": 1529755012,
"iat": 1529751412,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "cf38f68a-dfa9-484d-9e84-27b13975bcfb",
"nonce": "mLa0KLJYXI5WGo7n",
"rat": 1529751407,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
10.399 phase <--<-- 11 --- Done -->-->
10.399 end
10.399 assertion AuthTimeCheck
10.399 condition auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
10.4 assertion VerifyResponse
10.4 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
10.4 assertion ClaimsCheck
10.4 condition claims-check: status=OK [Checks if specific claims is present or not]
10.4 assertion MultipleSignOn
10.401 condition multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
10.401 condition Done: status=OK
============================================================
Conditions
auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
claims-check: status=OK [Checks if specific claims is present or not]
multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
Done: status=OK
============================================================
RESULT: PASSED
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-UserInfo-Header.txt����������������������������������������������������������������������������0000644�0000000�0000000�00000031763�13313423206�015155� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-UserInfo-Header
Test description: UserInfo Endpoint access with POST and bearer header
Timestamp: 2018-06-23T10:52:54Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.072 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.073 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.073 phase <--<-- 2 --- Registration -->-->
0.073 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.074 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#SobNoal7WW8YmbCp"
],
"response_types": [
"code id_token"
]
}
0.233 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.234 RegistrationResponse {
"client_id": "c33f10fb-702e-490d-837d-d0962571f97e",
"client_secret": "4z~ROYHpIzCb",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "c33f10fb-702e-490d-837d-d0962571f97e",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#SobNoal7WW8YmbCp"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.234 phase <--<-- 3 --- AsyncAuthn -->-->
0.234 AuthorizationRequest {
"client_id": "c33f10fb-702e-490d-837d-d0962571f97e",
"nonce": "dDthcIXLhoMk7zes",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "ZNroQQVOPbhfgiKn"
}
0.235 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=c33f10fb-702e-490d-837d-d0962571f97e&state=ZNroQQVOPbhfgiKn&response_type=code+id_token&nonce=dDthcIXLhoMk7zes
0.235 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=c33f10fb-702e-490d-837d-d0962571f97e&state=ZNroQQVOPbhfgiKn&response_type=code+id_token&nonce=dDthcIXLhoMk7zes
2.228 http args {}
2.396 response URL with fragment
2.396 response code=PO2dZ92lkRnGMrUQMXry0uYsT2WrodwkEKDgw5ejg8M.xql59IvwwRlxXlac-LEqmWuZNtB00apqvJlQrKwYepY&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYzMzZjEwZmItNzAyZS00OTBkLTgzN2QtZDA5NjI1NzFmOTdlIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoicU82dW9UUlVLem8tSVh6QURUbXExUSIsImV4cCI6MTUyOTc1NDc3MywiaWF0IjoxNTI5NzUxMTczLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJlMWQwNjBkMC0xZmRmLTRiY2ItYmFkYS00OTAyYzBiYzVkMTIiLCJub25jZSI6ImREdGhjSVhMaG9Nazd6ZXMiLCJyYXQiOjE1Mjk3NTExNzEsInN1YiI6ImZvb0BiYXIuY29tIn0.X7UjCQ6FfIt2KrqkG7vZ6YlLqLuFkPcw0msxhBiafuW5RyAdN28CD1TH5teUmaLgsITxojfAvm8hQyDztA6HhZvgWwY-U8YontVxzOtBsBURZqx7swLyR_WUJqLrNTpKWTDfULJCNbQtvFrOEhLKgCmftr6TEbjQlt89JrjHyAen1MKWG5NMEq1cgiA12OkOL77hNsFUwxL1uqhg984ui5RQhcNvAjNuhI63qLt7qdHkBNAS58WCjIm5q_9fyQ58KeCiIbLr9lfcH8RFLQQNfniwz_cVdr-dlu6UEYk47jkmz6Bg2KFNYWdXgrLVgjgugyeZS7gsqPsiK_fdCOAvc80KQTjTU3V2pb56era7pxVS9eHi_ZmStyGJ62GxbSIakEQjF6hzHLOX-T_UMoQcxKmJ_JbQvi6hkYKCSWKRDe6HzkSboFhpJ-_BQfw-U5ppoVBROqsLF08oIIYCkVq8dXc5UHE5ywNSo-pJYbnndsHPdCUg7gEbRsegImn6ZcBeZJEwGhJ30uqDPZVO-S1uQKRjpfo0Z5TJCfxhKFTl5AmRaPmwOzzRF3KC3v6uecpNtxIfpsdVTfLETg2l_iCw1AcZ6ZlUOfEGWTh4fPhLxoPqDVgpLwIGueBnABZtRfSX5inZI4WBQFURaaL9W4Y5V4v24WZoAzqJZd3xrWP0kUk&state=ZNroQQVOPbhfgiKn
2.396 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYzMzZjEwZmItNzAyZS00OTBkLTgzN2QtZDA5NjI1NzFmOTdlIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoicU82dW9UUlVLem8tSVh6QURUbXExUSIsImV4cCI6MTUyOTc1NDc3MywiaWF0IjoxNTI5NzUxMTczLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJlMWQwNjBkMC0xZmRmLTRiY2ItYmFkYS00OTAyYzBiYzVkMTIiLCJub25jZSI6ImREdGhjSVhMaG9Nazd6ZXMiLCJyYXQiOjE1Mjk3NTExNzEsInN1YiI6ImZvb0BiYXIuY29tIn0.X7UjCQ6FfIt2KrqkG7vZ6YlLqLuFkPcw0msxhBiafuW5RyAdN28CD1TH5teUmaLgsITxojfAvm8hQyDztA6HhZvgWwY-U8YontVxzOtBsBURZqx7swLyR_WUJqLrNTpKWTDfULJCNbQtvFrOEhLKgCmftr6TEbjQlt89JrjHyAen1MKWG5NMEq1cgiA12OkOL77hNsFUwxL1uqhg984ui5RQhcNvAjNuhI63qLt7qdHkBNAS58WCjIm5q_9fyQ58KeCiIbLr9lfcH8RFLQQNfniwz_cVdr-dlu6UEYk47jkmz6Bg2KFNYWdXgrLVgjgugyeZS7gsqPsiK_fdCOAvc80KQTjTU3V2pb56era7pxVS9eHi_ZmStyGJ62GxbSIakEQjF6hzHLOX-T_UMoQcxKmJ_JbQvi6hkYKCSWKRDe6HzkSboFhpJ-_BQfw-U5ppoVBROqsLF08oIIYCkVq8dXc5UHE5ywNSo-pJYbnndsHPdCUg7gEbRsegImn6ZcBeZJEwGhJ30uqDPZVO-S1uQKRjpfo0Z5TJCfxhKFTl5AmRaPmwOzzRF3KC3v6uecpNtxIfpsdVTfLETg2l_iCw1AcZ6ZlUOfEGWTh4fPhLxoPqDVgpLwIGueBnABZtRfSX5inZI4WBQFURaaL9W4Y5V4v24WZoAzqJZd3xrWP0kUk', 'state': 'ZNroQQVOPbhfgiKn', 'code': 'PO2dZ92lkRnGMrUQMXry0uYsT2WrodwkEKDgw5ejg8M.xql59IvwwRlxXlac-LEqmWuZNtB00apqvJlQrKwYepY'}
2.493 AuthorizationResponse {
"code": "PO2dZ92lkRnGMrUQMXry0uYsT2WrodwkEKDgw5ejg8M.xql59IvwwRlxXlac-LEqmWuZNtB00apqvJlQrKwYepY",
"id_token": {
"aud": [
"c33f10fb-702e-490d-837d-d0962571f97e"
],
"auth_time": 1529750975,
"c_hash": "qO6uoTRUKzo-IXzADTmq1Q",
"exp": 1529754773,
"iat": 1529751173,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "e1d060d0-1fdf-4bcb-bada-4902c0bc5d12",
"nonce": "dDthcIXLhoMk7zes",
"rat": 1529751171,
"sub": "foo@bar.com"
},
"state": "ZNroQQVOPbhfgiKn"
}
2.493 phase <--<-- 4 --- AccessToken -->-->
2.494 --> request op_args: {'state': 'ZNroQQVOPbhfgiKn'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.494 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'ZNroQQVOPbhfgiKn', 'code': 'PO2dZ92lkRnGMrUQMXry0uYsT2WrodwkEKDgw5ejg8M.xql59IvwwRlxXlac-LEqmWuZNtB00apqvJlQrKwYepY', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'c33f10fb-702e-490d-837d-d0962571f97e'}, 'state': 'ZNroQQVOPbhfgiKn'}
2.494 AccessTokenRequest {
"code": "PO2dZ92lkRnGMrUQMXry0uYsT2WrodwkEKDgw5ejg8M.xql59IvwwRlxXlac-LEqmWuZNtB00apqvJlQrKwYepY",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "ZNroQQVOPbhfgiKn"
}
2.494 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.494 request_http_args {'headers': {'Authorization': 'Basic YzMzZjEwZmItNzAyZS00OTBkLTgzN2QtZDA5NjI1NzFmOTdlOjR6JTdFUk9ZSHBJekNi', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.494 request code=PO2dZ92lkRnGMrUQMXry0uYsT2WrodwkEKDgw5ejg8M.xql59IvwwRlxXlac-LEqmWuZNtB00apqvJlQrKwYepY&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=ZNroQQVOPbhfgiKn
2.706 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
2.707 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiYzMzZjEwZmItNzAyZS00OTBkLTgzN2QtZDA5NjI1NzFmOTdlIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoicU82dW9UUlVLem8tSVh6QURUbXExUSIsImV4cCI6MTUyOTc1NDc3MywiaWF0IjoxNTI5NzUxMTczLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIxYjQ1NTMxZC1iNzc3LTQwNWEtYThhOS0wYThjMzg4OTdlM2QiLCJub25jZSI6ImREdGhjSVhMaG9Nazd6ZXMiLCJyYXQiOjE1Mjk3NTExNzEsInN1YiI6ImZvb0BiYXIuY29tIn0.VB0gpjQD43LQ-o9RJkVOwlm365mPveES6Vw6I6-xgLWYL2kGlm_iWcd6SdFAL7TQ8-AI1xS1RL1WXqdKQhiescmf1JeF3d99hXLByvqTF5_b65lSvCqQ7F4E-rYBBiMzGMjrlrXt0IoEynENtaKnKQ58RnAxYEja1OGDrX0E_t6HmI33Mr-_0jmYKi9n_-RTShWisS5htc7a_OWToBWRJni0G_yAhpYKWXTB104m9bm6PwOl3F0eaohu8tE7kL1dfpFKblyDzmlojW2ae2bNxaLvIw8kTNZ8eSextHqWIxwPFK-IbP7l0zqEHqKquyAPNkJPVYv3mWVvgkeuwgxq_Kz6EmZRBv61eFjL4VH5TD85FtlaKrB29s0J9kgi0aXeQa8tjWzApNYww3DJ7oPQS6gUIwckUaitA0cXkiZBoPqlMw2hx8oCIT-hwh0LhPlSdl1DnPFghKG008y5YnV5FWTdqG0IEc6_WWUnyWRAouL70ubs_fSVuHfZOs9L3aBJOTQ_WhMDgJmvEzvq4XkGWy8Uyk_DehkWiRgDKAJDVg6g3vTlY8ZGb7zvmLdR68UP9pAvjyl4WihVnm4ysOzFJ6w83orxaN2t4z7i8ZrfmulPMKRhyiMnXSF6Y_ZpCVqIWXi6ynn1dqnIC47EtDntHG-KH8Opg662jU2U8Adpv08', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'swVrd5CuG2eBQ0eQiGO5BEsbVXsXtFplXcpc8uIRiFA.q8b-fZvxdshQwIF0-L8my9-Wf9S2U_nfIqkh_HuluFk', 'scope': 'openid'}
2.71 AccessTokenResponse {
"access_token": "swVrd5CuG2eBQ0eQiGO5BEsbVXsXtFplXcpc8uIRiFA.q8b-fZvxdshQwIF0-L8my9-Wf9S2U_nfIqkh_HuluFk",
"expires_in": 3599,
"id_token": {
"aud": [
"c33f10fb-702e-490d-837d-d0962571f97e"
],
"auth_time": 1529750975,
"c_hash": "qO6uoTRUKzo-IXzADTmq1Q",
"exp": 1529754773,
"iat": 1529751173,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "1b45531d-b777-405a-a8a9-0a8c38897e3d",
"nonce": "dDthcIXLhoMk7zes",
"rat": 1529751171,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
2.71 phase <--<-- 5 --- UserInfo -->-->
2.711 do_user_info_request kwargs:{'state': 'ZNroQQVOPbhfgiKn', 'method': 'POST', 'behavior': 'use_authorization_header'}
2.711 request {'body': ''}
2.711 request_url https://oidc-certification.ory.sh:8443/userinfo
2.711 request_http_args {'headers': {'Authorization': 'Bearer swVrd5CuG2eBQ0eQiGO5BEsbVXsXtFplXcpc8uIRiFA.q8b-fZvxdshQwIF0-L8my9-Wf9S2U_nfIqkh_HuluFk', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.784 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
2.785 OpenIDSchema {
"sub": "foo@bar.com"
}
2.785 OpenIDSchema {
"sub": "foo@bar.com"
}
2.785 phase <--<-- 6 --- Done -->-->
2.785 end
2.786 assertion VerifyResponse
2.786 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.786 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�������������./OP-Registration-Dynamic.txt�����������������������������������������������������������������������0000644�0000000�0000000�00000011613�13313423103�016255� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-Dynamic
Test description: Client registration request
Timestamp: 2018-06-23T10:51:47Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.07 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.072 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.072 phase <--<-- 2 --- Registration -->-->
0.072 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.072 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#aVT41venqjHeHmMa"
],
"response_types": [
"code id_token"
]
}
0.228 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.229 RegistrationResponse {
"client_id": "5b349756-bbd9-460f-b6df-b690064edec2",
"client_secret": "tV10khdQwy1m",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "5b349756-bbd9-460f-b6df-b690064edec2",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#aVT41venqjHeHmMa"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.229 phase <--<-- 3 --- Done -->-->
0.229 end
0.23 assertion CheckHTTPResponse
0.23 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
0.23 condition Done: status=OK
============================================================
Conditions
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK
============================================================
RESULT: PASSED
���������������������������������������������������������������������������������������������������������������������./OP-display-page.txt�������������������������������������������������������������������������������0000644�0000000�0000000�00000022063�13313423234�014606� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-display-page
Test description: Request with display=page
Timestamp: 2018-06-23T10:53:16Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
7.39 phase <--<-- 1 --- Webfinger -->-->
7.391 not expected to do WebFinger
7.391 phase <--<-- 2 --- Discovery -->-->
7.391 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
7.476 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
7.477 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
7.477 phase <--<-- 3 --- Registration -->-->
7.477 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
7.478 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#ekUoir3BzIdrIhA2"
],
"response_types": [
"code id_token"
]
}
7.643 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
7.644 RegistrationResponse {
"client_id": "3e7bb4cb-2870-460e-8aec-16ce918b242d",
"client_secret": "B0~lL4eV.UXQ",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "3e7bb4cb-2870-460e-8aec-16ce918b242d",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#ekUoir3BzIdrIhA2"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
7.644 phase <--<-- 4 --- AsyncAuthn -->-->
7.645 AuthorizationRequest {
"client_id": "3e7bb4cb-2870-460e-8aec-16ce918b242d",
"display": "page",
"nonce": "bmimf5CAulOnXaTI",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "0TeRiQinuw3aYQH0"
}
7.645 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=3e7bb4cb-2870-460e-8aec-16ce918b242d&state=0TeRiQinuw3aYQH0&response_type=code+id_token&nonce=bmimf5CAulOnXaTI&display=page
7.645 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=3e7bb4cb-2870-460e-8aec-16ce918b242d&state=0TeRiQinuw3aYQH0&response_type=code+id_token&nonce=bmimf5CAulOnXaTI&display=page
10.504 http args {}
10.671 response URL with fragment
10.672 response code=2F3v2l_UCmkXeyioyqeRujdKsNz0KgcY61wPU3VPrVM.UuLTifXNuqkWwdDWKC4jybXILE2enCaNKj8Wd1YniMs&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiM2U3YmI0Y2ItMjg3MC00NjBlLThhZWMtMTZjZTkxOGIyNDJkIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiTEVyekdVWmNkWE5jT0VkU0tMRDNwZyIsImV4cCI6MTUyOTc1NDc5NiwiaWF0IjoxNTI5NzUxMTk2LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJkZGIyNjYwYy03OTE3LTRjMzktOWM2Zi1jNzRkNTEwOWRjMTYiLCJub25jZSI6ImJtaW1mNUNBdWxPblhhVEkiLCJyYXQiOjE1Mjk3NTExOTMsInN1YiI6ImZvb0BiYXIuY29tIn0.dNYUeCaD5hEaMyw3tJus49KCjmrB1SI-G7SpC24RNaBSi2OnmHGKQxb0LJOJ3eIHpR3MXAOXr-ClRM9oFURBGq2F7VSJQlmSU3XnTt25-KUKFcUo0jLZwMo-tbxS954LQyeVCez6xH9HRW3nfQ_ZCs6UP0s1EJ6lPv04_fJ5dT1PQmEK6hrEmjDHZjXdqUH_IiVxWoJAYC3yAe6K5aTxKdQwfSZZhZel029t-bDHv3FzzsKKrxjU9p8TfcXrLsT_tsnXrkPuaaomR-UcFP3fMpykpv8tMNV1osCXBQ-uHVIKO_kApL5R5_jTaKu_sWLksLzJxOgs3gbzMjpEImIBvrZ_RopSmTcwzMwiNY_S7Nwo-7bHeQmsFh_W16aEWnJPgnx_Re05UjGbz-dm1W3jQAqZXSWtPgPeXISzAQ3pv19TGHPhv-XUeKk3j9brm3XCLP5kDP6Q8N7BbjNNuJHfVC6fReD9HAG4uW_1XvIcaFD5CZ99EyTaEsp3Z8qeHNDAUG6ORFmKYPMDIuvhLTB-uE-PbC1RsF9ZQqww_mGhkHjqySA3D3jH0YD043P8LR4RExZjKLyYsXILENqiIpJTSPUe3ZNsBuSQKNmkiCLhckGN4LTAfaNyDt-ogTeMOaWh-JSPuKER2uI59BxWkiA0ExaM4IPX_LFkSNCafjT7nYo&state=0TeRiQinuw3aYQH0
10.672 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiM2U3YmI0Y2ItMjg3MC00NjBlLThhZWMtMTZjZTkxOGIyNDJkIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiTEVyekdVWmNkWE5jT0VkU0tMRDNwZyIsImV4cCI6MTUyOTc1NDc5NiwiaWF0IjoxNTI5NzUxMTk2LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJkZGIyNjYwYy03OTE3LTRjMzktOWM2Zi1jNzRkNTEwOWRjMTYiLCJub25jZSI6ImJtaW1mNUNBdWxPblhhVEkiLCJyYXQiOjE1Mjk3NTExOTMsInN1YiI6ImZvb0BiYXIuY29tIn0.dNYUeCaD5hEaMyw3tJus49KCjmrB1SI-G7SpC24RNaBSi2OnmHGKQxb0LJOJ3eIHpR3MXAOXr-ClRM9oFURBGq2F7VSJQlmSU3XnTt25-KUKFcUo0jLZwMo-tbxS954LQyeVCez6xH9HRW3nfQ_ZCs6UP0s1EJ6lPv04_fJ5dT1PQmEK6hrEmjDHZjXdqUH_IiVxWoJAYC3yAe6K5aTxKdQwfSZZhZel029t-bDHv3FzzsKKrxjU9p8TfcXrLsT_tsnXrkPuaaomR-UcFP3fMpykpv8tMNV1osCXBQ-uHVIKO_kApL5R5_jTaKu_sWLksLzJxOgs3gbzMjpEImIBvrZ_RopSmTcwzMwiNY_S7Nwo-7bHeQmsFh_W16aEWnJPgnx_Re05UjGbz-dm1W3jQAqZXSWtPgPeXISzAQ3pv19TGHPhv-XUeKk3j9brm3XCLP5kDP6Q8N7BbjNNuJHfVC6fReD9HAG4uW_1XvIcaFD5CZ99EyTaEsp3Z8qeHNDAUG6ORFmKYPMDIuvhLTB-uE-PbC1RsF9ZQqww_mGhkHjqySA3D3jH0YD043P8LR4RExZjKLyYsXILENqiIpJTSPUe3ZNsBuSQKNmkiCLhckGN4LTAfaNyDt-ogTeMOaWh-JSPuKER2uI59BxWkiA0ExaM4IPX_LFkSNCafjT7nYo', 'state': '0TeRiQinuw3aYQH0', 'code': '2F3v2l_UCmkXeyioyqeRujdKsNz0KgcY61wPU3VPrVM.UuLTifXNuqkWwdDWKC4jybXILE2enCaNKj8Wd1YniMs'}
10.753 AuthorizationResponse {
"code": "2F3v2l_UCmkXeyioyqeRujdKsNz0KgcY61wPU3VPrVM.UuLTifXNuqkWwdDWKC4jybXILE2enCaNKj8Wd1YniMs",
"id_token": {
"aud": [
"3e7bb4cb-2870-460e-8aec-16ce918b242d"
],
"auth_time": 1529750975,
"c_hash": "LErzGUZcdXNcOEdSKLD3pg",
"exp": 1529754796,
"iat": 1529751196,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "ddb2660c-7917-4c39-9c6f-c74d5109dc16",
"nonce": "bmimf5CAulOnXaTI",
"rat": 1529751193,
"sub": "foo@bar.com"
},
"state": "0TeRiQinuw3aYQH0"
}
10.753 phase <--<-- 5 --- Done -->-->
10.753 end
10.753 assertion VerifyResponse
10.753 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
10.753 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-Registration-Endpoint.txt����������������������������������������������������������������������0000644�0000000�0000000�00000005207�13313423105�016455� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-Registration-Endpoint
Test description: Verify that registration_endpoint is published
Timestamp: 2018-06-23T10:51:49Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.074 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.076 phase <--<-- 2 --- Done -->-->
0.076 end
0.076 assertion VerifyOPHasRegistrationEndpoint
0.076 condition verify-op-has-registration-endpoint: status=OK [Verify that the OP has a registration endpoint]
0.076 condition Done: status=OK
============================================================
Conditions
verify-op-has-registration-endpoint: status=OK [Verify that the OP has a registration endpoint]
Done: status=OK
============================================================
RESULT: PASSED
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./OP-IDToken-C-Signature.txt������������������������������������������������������������������������0000644�0000000�0000000�00000031031�13313423144�015636� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-IDToken-C-Signature
Test description: Does the OP sign the ID Token and with what
Timestamp: 2018-06-23T10:52:20Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.074 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#XiIminCBzanmSSIl"
],
"response_types": [
"code id_token"
]
}
0.233 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.234 RegistrationResponse {
"client_id": "00068b75-61fb-4b08-9c0e-72bb0f2ddf12",
"client_secret": "e33_WHog_Ikl",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "00068b75-61fb-4b08-9c0e-72bb0f2ddf12",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#XiIminCBzanmSSIl"
],
"response_types": [
"code id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.234 phase <--<-- 3 --- AsyncAuthn -->-->
0.234 AuthorizationRequest {
"client_id": "00068b75-61fb-4b08-9c0e-72bb0f2ddf12",
"nonce": "HSzVU44xLhqXeUa4",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "A6WIQrkFEoCM1izG"
}
0.234 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=00068b75-61fb-4b08-9c0e-72bb0f2ddf12&state=A6WIQrkFEoCM1izG&response_type=code+id_token&nonce=HSzVU44xLhqXeUa4
0.234 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=00068b75-61fb-4b08-9c0e-72bb0f2ddf12&state=A6WIQrkFEoCM1izG&response_type=code+id_token&nonce=HSzVU44xLhqXeUa4
2.61 http args {}
2.784 response URL with fragment
2.784 response code=9sLzymMA-2Vk7HBo9Esgo6cqVgEm9JZEGaNtcmJU-h8.AgNR2qzmob1bhvmIM3ikVYzylGmejSTRvoqiCtMgGtg&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMDAwNjhiNzUtNjFmYi00YjA4LTljMGUtNzJiYjBmMmRkZjEyIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiRnR2MWViVDN0cE81cUVDeFo2eTdZdyIsImV4cCI6MTUyOTc1NDczOSwiaWF0IjoxNTI5NzUxMTM5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIzYzBmMzYyMS1iZGE2LTRmM2YtOGEyMS1iNmRkMDc2OTg3YjYiLCJub25jZSI6IkhTelZVNDR4TGhxWGVVYTQiLCJyYXQiOjE1Mjk3NTExMzcsInN1YiI6ImZvb0BiYXIuY29tIn0.whGFRnijiE_HrMMOwLaFqITjJM62R1RnW0OMohWI5GXqKdPAjVkxJerxcgKpWgnNgRz7s5Fe2LV6o9BL6bTZoiHWaS5fYCXS6RSFGmDBlFcjNiu9V0Fnwrx0NLn2Bib45tGM1aE22t8bnDjDDdPlKZkFwQzB8VD9ydA5S_OtQNrb0doeEup-58KNVSF1N_CjjZhc6ccnFY22etVReRvOe7y5Ocbq_JM_0Xyp072VU8PtkF2NaxOpzp4cE7sjXpwMmsAm-cJJ8uVOZ1l-PqWyLIYNMALvrvvKcpHT21gYt4N9toSji4E2zW6SNJvEv9qYfLqLwlCICWCspDzyZKTuzh-uHjC9QXKmHyxZznjXxSZrj-jUmpOMlj7-l8Bye2wABbFoMl1Fr2EVBvN8kwRW_lKZIMskSmfoQF9EQYg8IIfkQUNsmrddgfQuN9IERT3vS8vi_CgM28Rm156mpSQOgGoH7x6xOon_0EBn1g-LvhsI1HPtsFsq5zs-C2wlswageO7B1OwglvRMyS07MShGzzGMd2e5gucTk--s8WSDzXBclGctbQkEDCFoyz9FvzrUWKJsEizL4Pno75CSfW4T2XoDUAfQu-evJFTkzA5sAKhAA_fgO0daWbisMCD3rv-JlsrSG4zs41QVd3QyJ2gBDKt91LD2SzK6rhsXyaRTpKQ&state=A6WIQrkFEoCM1izG
2.784 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMDAwNjhiNzUtNjFmYi00YjA4LTljMGUtNzJiYjBmMmRkZjEyIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiRnR2MWViVDN0cE81cUVDeFo2eTdZdyIsImV4cCI6MTUyOTc1NDczOSwiaWF0IjoxNTI5NzUxMTM5LCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIzYzBmMzYyMS1iZGE2LTRmM2YtOGEyMS1iNmRkMDc2OTg3YjYiLCJub25jZSI6IkhTelZVNDR4TGhxWGVVYTQiLCJyYXQiOjE1Mjk3NTExMzcsInN1YiI6ImZvb0BiYXIuY29tIn0.whGFRnijiE_HrMMOwLaFqITjJM62R1RnW0OMohWI5GXqKdPAjVkxJerxcgKpWgnNgRz7s5Fe2LV6o9BL6bTZoiHWaS5fYCXS6RSFGmDBlFcjNiu9V0Fnwrx0NLn2Bib45tGM1aE22t8bnDjDDdPlKZkFwQzB8VD9ydA5S_OtQNrb0doeEup-58KNVSF1N_CjjZhc6ccnFY22etVReRvOe7y5Ocbq_JM_0Xyp072VU8PtkF2NaxOpzp4cE7sjXpwMmsAm-cJJ8uVOZ1l-PqWyLIYNMALvrvvKcpHT21gYt4N9toSji4E2zW6SNJvEv9qYfLqLwlCICWCspDzyZKTuzh-uHjC9QXKmHyxZznjXxSZrj-jUmpOMlj7-l8Bye2wABbFoMl1Fr2EVBvN8kwRW_lKZIMskSmfoQF9EQYg8IIfkQUNsmrddgfQuN9IERT3vS8vi_CgM28Rm156mpSQOgGoH7x6xOon_0EBn1g-LvhsI1HPtsFsq5zs-C2wlswageO7B1OwglvRMyS07MShGzzGMd2e5gucTk--s8WSDzXBclGctbQkEDCFoyz9FvzrUWKJsEizL4Pno75CSfW4T2XoDUAfQu-evJFTkzA5sAKhAA_fgO0daWbisMCD3rv-JlsrSG4zs41QVd3QyJ2gBDKt91LD2SzK6rhsXyaRTpKQ', 'state': 'A6WIQrkFEoCM1izG', 'code': '9sLzymMA-2Vk7HBo9Esgo6cqVgEm9JZEGaNtcmJU-h8.AgNR2qzmob1bhvmIM3ikVYzylGmejSTRvoqiCtMgGtg'}
2.866 AuthorizationResponse {
"code": "9sLzymMA-2Vk7HBo9Esgo6cqVgEm9JZEGaNtcmJU-h8.AgNR2qzmob1bhvmIM3ikVYzylGmejSTRvoqiCtMgGtg",
"id_token": {
"aud": [
"00068b75-61fb-4b08-9c0e-72bb0f2ddf12"
],
"auth_time": 1529750975,
"c_hash": "Ftv1ebT3tpO5qECxZ6y7Yw",
"exp": 1529754739,
"iat": 1529751139,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "3c0f3621-bda6-4f3f-8a21-b6dd076987b6",
"nonce": "HSzVU44xLhqXeUa4",
"rat": 1529751137,
"sub": "foo@bar.com"
},
"state": "A6WIQrkFEoCM1izG"
}
2.866 phase <--<-- 4 --- AccessToken -->-->
2.866 --> request op_args: {'state': 'A6WIQrkFEoCM1izG'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
2.866 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'A6WIQrkFEoCM1izG', 'code': '9sLzymMA-2Vk7HBo9Esgo6cqVgEm9JZEGaNtcmJU-h8.AgNR2qzmob1bhvmIM3ikVYzylGmejSTRvoqiCtMgGtg', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '00068b75-61fb-4b08-9c0e-72bb0f2ddf12'}, 'state': 'A6WIQrkFEoCM1izG'}
2.866 AccessTokenRequest {
"code": "9sLzymMA-2Vk7HBo9Esgo6cqVgEm9JZEGaNtcmJU-h8.AgNR2qzmob1bhvmIM3ikVYzylGmejSTRvoqiCtMgGtg",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "A6WIQrkFEoCM1izG"
}
2.866 request_url https://oidc-certification.ory.sh:8443/oauth2/token
2.866 request_http_args {'headers': {'Authorization': 'Basic MDAwNjhiNzUtNjFmYi00YjA4LTljMGUtNzJiYjBmMmRkZjEyOmUzM19XSG9nX0lrbA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
2.866 request code=9sLzymMA-2Vk7HBo9Esgo6cqVgEm9JZEGaNtcmJU-h8.AgNR2qzmob1bhvmIM3ikVYzylGmejSTRvoqiCtMgGtg&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=A6WIQrkFEoCM1izG
3.083 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.084 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiMDAwNjhiNzUtNjFmYi00YjA4LTljMGUtNzJiYjBmMmRkZjEyIl0sImF1dGhfdGltZSI6MTUyOTc1MDk3NSwiY19oYXNoIjoiRnR2MWViVDN0cE81cUVDeFo2eTdZdyIsImV4cCI6MTUyOTc1NDczOSwiaWF0IjoxNTI5NzUxMTQwLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiIyOGUxNTM1Yy0xNWZkLTRkY2ItOWNiZS1mZWNhMzY2MTQ4MTciLCJub25jZSI6IkhTelZVNDR4TGhxWGVVYTQiLCJyYXQiOjE1Mjk3NTExMzcsInN1YiI6ImZvb0BiYXIuY29tIn0.YPgxbrGkXPTSogMnwqbK9s-4qs8KwgWCYX73iYEaBX2JcOEw689ZW6FrJKjsgEdpDg0clwuZMK-AE5-hvJnCbx9ZjCIH49JejsktMj2HUvKZTmqHGdfCxvjqrkx-LoaA6psimq7Avuf4HJI4OZNGWHYhPEfYvEg6rgeU4DiottqcTLvk9KoJe5saVl37gSSgQvsc-XNTnkKJ7xHvh2SFBDKZewLVs-mMNqirDE2c_ThC6h2w540iOCjdtFM_FyDxrpRcYz8NAY2VkH37HtNYZkmx2lSg9xU_Bk9I3_wB4FqHMFvrVX4kYqqojNjEkhPomuMXrGpFfGogsXhp3SEBKUO0FC37M1UCzi2yScMnnRIfm9ZZ2SWGuhrLFe5C7OB_dTTy5LVLjT_q4My5U-jj_Tm-5PPJA_P8nem_lc8DYBKicbtsaj8h8731FTnvR-rdZaCBlVflnXDqOqqjDKhRXxAJ1KJE2VDW-o5soVeNWGAi-L-DxNXJbirflw8ZYETXZq8ncjiAvbwx_8sBHDLGewc30IHQ5Y17cvhuYN5ALiBK3ABcCgr2S6qy9DrZuhv9H8kSmmnA3bqTjQ2z5oaKZp6GYHh52j2PXCXAfmDiDbvsKhkv0SzZi9WJ0m4vS4wmPBE1IbgiKL_zRLMy8yPY1GJ_V_q9iPfdj22y3l_Rzys', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'YzhhK2sEDyRCVI8B2x09IwsXPHz31rYFjH5kBRBMheI.JuYFEQDsObSnBximByVdrTnvRUaJ-q_r-FFKA5tJYj0', 'scope': 'openid'}
3.087 AccessTokenResponse {
"access_token": "YzhhK2sEDyRCVI8B2x09IwsXPHz31rYFjH5kBRBMheI.JuYFEQDsObSnBximByVdrTnvRUaJ-q_r-FFKA5tJYj0",
"expires_in": 3599,
"id_token": {
"aud": [
"00068b75-61fb-4b08-9c0e-72bb0f2ddf12"
],
"auth_time": 1529750975,
"c_hash": "Ftv1ebT3tpO5qECxZ6y7Yw",
"exp": 1529754739,
"iat": 1529751140,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "28e1535c-15fd-4dcb-9cbe-feca36614817",
"nonce": "HSzVU44xLhqXeUa4",
"rat": 1529751137,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.088 phase <--<-- 5 --- Done -->-->
3.088 end
3.088 assertion VerifyResponse
3.088 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
3.089 assertion IsIDTokenSigned
3.089 condition is-idtoken-signed: status=OK [Checks if the id_token is signed]
3.089 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
is-idtoken-signed: status=OK [Checks if the id_token is signed]
Done: status=OK
============================================================
RESULT: PASSED
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������