internal/certification/CI.F.T.T.s/OP-OAuth-2nd.txt from ory-am/hydra

internal/certification/CI.F.T.T.s/OP-OAuth-2nd.txt
Summary

Maintainability

Test Coverage

Issues
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd
Test description: Trying to use authorization code twice should result in an error
Timestamp: 2018-06-23T10:57:23Z

============================================================

Trace output

0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
    "authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
    "claims_parameter_supported": false,
    "claims_supported": [
        "sub"
    ],
    "grant_types_supported": [
        "authorization_code",
        "implicit",
        "client_credentials",
        "refresh_token"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "issuer": "https://oidc-certification.ory.sh:8443/",
    "jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
    "registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": true,
    "response_modes_supported": [
        "query",
        "fragment"
    ],
    "response_types_supported": [
        "code",
        "code id_token",
        "id_token",
        "token id_token",
        "token",
        "token id_token code"
    ],
    "scopes_supported": [
        "offline",
        "openid"
    ],
    "subject_types_supported": [
        "pairwise",
        "public"
    ],
    "token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic",
        "private_key_jwt",
        "none"
    ],
    "userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
    "userinfo_signing_alg_values_supported": [
        "none",
        "RS256"
    ],
    "version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.075 RegistrationRequest {
    "application_type": "web",
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "authorization_code",
        "implicit"
    ],
    "jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61353/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61353/authz_cb"
    ],
    "request_uris": [
        "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#eYjqrW47xyOMOfSk"
    ],
    "response_types": [
        "code id_token"
    ]
}
0.231 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.232 RegistrationResponse {
    "client_id": "56d5a7ed-90b1-4c66-9436-4d77fbbb650a",
    "client_secret": "C7isK6zN8X7Y",
    "client_secret_expires_at": 0,
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "authorization_code",
        "implicit"
    ],
    "id": "56d5a7ed-90b1-4c66-9436-4d77fbbb650a",
    "jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
    "public": false,
    "redirect_uris": [
        "https://op.certification.openid.net:61353/authz_cb"
    ],
    "request_uris": [
        "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#eYjqrW47xyOMOfSk"
    ],
    "response_types": [
        "code id_token"
    ],
    "scope": "openid offline offline_access profile email address phone",
    "token_endpoint_auth_method": "client_secret_basic",
    "userinfo_signed_response_alg": "none"
}
0.232 phase <--<-- 3 --- Note -->-->
2.737 phase <--<-- 4 --- AsyncAuthn -->-->
2.738 AuthorizationRequest {
    "client_id": "56d5a7ed-90b1-4c66-9436-4d77fbbb650a",
    "nonce": "W52p79cU7QV79PhK",
    "redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
    "response_type": "code id_token",
    "scope": "openid",
    "state": "XWmOmGw9T6nhwzkh"
}
2.738 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=56d5a7ed-90b1-4c66-9436-4d77fbbb650a&state=XWmOmGw9T6nhwzkh&response_type=code+id_token&nonce=W52p79cU7QV79PhK
2.738 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=56d5a7ed-90b1-4c66-9436-4d77fbbb650a&state=XWmOmGw9T6nhwzkh&response_type=code+id_token&nonce=W52p79cU7QV79PhK
6.398 http args {}
6.575 response URL with fragment
6.575 response code=9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNTZkNWE3ZWQtOTBiMS00YzY2LTk0MzYtNGQ3N2ZiYmI2NTBhIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiOFNyVTRjZURvTHFSTVhkU1lpbHJaUSIsImV4cCI6MTUyOTc1NTA0MiwiaWF0IjoxNTI5NzUxNDQyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJjNDYwOTJhNi04OGQzLTRmYjktOGI0My0yYjU2ZTE3NTcwOGUiLCJub25jZSI6Ilc1MnA3OWNVN1FWNzlQaEsiLCJyYXQiOjE1Mjk3NTE0MzksInN1YiI6ImZvb0BiYXIuY29tIn0.Y7VBgmfpKtUZ5kmVbaOcKz5hSWMzinEo8Bnmb_XLPneTyXE1vslcauGHZ0ti-BMXHutVHke0Qah-slzxmvRrSvpZwlf_hyXFUYKH4-hmEw0QYGeGE_JY-3-7WeyRj0fCfpLCIaRchEWs8HZjRFXd8wfy0YD-utIu-InZZFJbArhfH0lFK61LYCpuDZfH5Ud_n4Ts-JynQ1Y8pmLYQL352rjnXJzyfRx9AkK4MKED3mfq4Va-ViGjG1NI9kVnlN0_mlgBN2UfyfJna0cMQxTdA7m8aPmaljSgIZFYwitLO9r7ismkyNZ17OxOkbJH1-AZQj5h_IL04AclBl6nUxPSULEPRQI1KB0Yq_NZm9eKT5uM6oxQ1ZFrzi0VzzFKta0RUsn1Kyur69t2AppO8rayzCUGiQsd4ii4Hukza22ozuswi440-l0-xMonob5xo7xeOY2ksKpA0p_IJxdI2scHPWCzQIc5cHM0nHkEcUbrY0m6uMx8zAg4uKh7TjrVZmUTi3ktW5HZhFOSlzkVcoRgQYKIYOWZARBOZt40UAANHq8HEMgIo5k_2kr7EoQK198vSbIaQny47kNjrBud8qmtA0wOI6pvBUCdLTWgZJBcg1LIwvlcFOOQf7Hcxkv3qn0Jv-FzbTVb22h1AclhFnG4TeCAswdOa5j-HUzt0KInrPE&state=XWmOmGw9T6nhwzkh
6.575 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNTZkNWE3ZWQtOTBiMS00YzY2LTk0MzYtNGQ3N2ZiYmI2NTBhIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiOFNyVTRjZURvTHFSTVhkU1lpbHJaUSIsImV4cCI6MTUyOTc1NTA0MiwiaWF0IjoxNTI5NzUxNDQyLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJjNDYwOTJhNi04OGQzLTRmYjktOGI0My0yYjU2ZTE3NTcwOGUiLCJub25jZSI6Ilc1MnA3OWNVN1FWNzlQaEsiLCJyYXQiOjE1Mjk3NTE0MzksInN1YiI6ImZvb0BiYXIuY29tIn0.Y7VBgmfpKtUZ5kmVbaOcKz5hSWMzinEo8Bnmb_XLPneTyXE1vslcauGHZ0ti-BMXHutVHke0Qah-slzxmvRrSvpZwlf_hyXFUYKH4-hmEw0QYGeGE_JY-3-7WeyRj0fCfpLCIaRchEWs8HZjRFXd8wfy0YD-utIu-InZZFJbArhfH0lFK61LYCpuDZfH5Ud_n4Ts-JynQ1Y8pmLYQL352rjnXJzyfRx9AkK4MKED3mfq4Va-ViGjG1NI9kVnlN0_mlgBN2UfyfJna0cMQxTdA7m8aPmaljSgIZFYwitLO9r7ismkyNZ17OxOkbJH1-AZQj5h_IL04AclBl6nUxPSULEPRQI1KB0Yq_NZm9eKT5uM6oxQ1ZFrzi0VzzFKta0RUsn1Kyur69t2AppO8rayzCUGiQsd4ii4Hukza22ozuswi440-l0-xMonob5xo7xeOY2ksKpA0p_IJxdI2scHPWCzQIc5cHM0nHkEcUbrY0m6uMx8zAg4uKh7TjrVZmUTi3ktW5HZhFOSlzkVcoRgQYKIYOWZARBOZt40UAANHq8HEMgIo5k_2kr7EoQK198vSbIaQny47kNjrBud8qmtA0wOI6pvBUCdLTWgZJBcg1LIwvlcFOOQf7Hcxkv3qn0Jv-FzbTVb22h1AclhFnG4TeCAswdOa5j-HUzt0KInrPE', 'state': 'XWmOmGw9T6nhwzkh', 'code': '9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o'}
6.654 AuthorizationResponse {
    "code": "9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o",
    "id_token": {
        "aud": [
            "56d5a7ed-90b1-4c66-9436-4d77fbbb650a"
        ],
        "auth_time": 1529751409,
        "c_hash": "8SrU4ceDoLqRMXdSYilrZQ",
        "exp": 1529755042,
        "iat": 1529751442,
        "iss": "https://oidc-certification.ory.sh:8443/",
        "jti": "c46092a6-88d3-4fb9-8b43-2b56e175708e",
        "nonce": "W52p79cU7QV79PhK",
        "rat": 1529751439,
        "sub": "foo@bar.com"
    },
    "state": "XWmOmGw9T6nhwzkh"
}
6.655 phase <--<-- 5 --- AccessToken -->-->
6.655 --> request op_args: {'state': 'XWmOmGw9T6nhwzkh'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
6.655 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'XWmOmGw9T6nhwzkh', 'code': '9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '56d5a7ed-90b1-4c66-9436-4d77fbbb650a'}, 'state': 'XWmOmGw9T6nhwzkh'}
6.655 AccessTokenRequest {
    "code": "9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
    "state": "XWmOmGw9T6nhwzkh"
}
6.655 request_url https://oidc-certification.ory.sh:8443/oauth2/token
6.655 request_http_args {'headers': {'Authorization': 'Basic NTZkNWE3ZWQtOTBiMS00YzY2LTk0MzYtNGQ3N2ZiYmI2NTBhOkM3aXNLNnpOOFg3WQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
6.655 request code=9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=XWmOmGw9T6nhwzkh
6.864 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
6.865 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowYWNmNmM2NC00ZDU1LTQ4ODgtYWJiOS1iMmEzZjY2MWVlN2YiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNTZkNWE3ZWQtOTBiMS00YzY2LTk0MzYtNGQ3N2ZiYmI2NTBhIl0sImF1dGhfdGltZSI6MTUyOTc1MTQwOSwiY19oYXNoIjoiOFNyVTRjZURvTHFSTVhkU1lpbHJaUSIsImV4cCI6MTUyOTc1NTA0MiwiaWF0IjoxNTI5NzUxNDQzLCJpc3MiOiJodHRwczovL29pZGMtY2VydGlmaWNhdGlvbi5vcnkuc2g6ODQ0My8iLCJqdGkiOiJlY2RkZjBjZS05ODNlLTQyZTUtOGIzMS01MzJiMmMyMWQ4NWMiLCJub25jZSI6Ilc1MnA3OWNVN1FWNzlQaEsiLCJyYXQiOjE1Mjk3NTE0MzksInN1YiI6ImZvb0BiYXIuY29tIn0.DppI2FmrJ5gjI-alBAIcmHj_Gx9sDmB-QdzdSGPMr_cDxvSfPEeW1v-tDFQLgR4kHANemy84INZJbIWa5GSQdyFtlUizMw_vS-fErvocQX9y13Lbt2-bc-1Ezzvb9IcwaE0OrFbMe5jaeDPaqI_ucu6eSmQLS32r9zaUou6yEp_C6ftSAws-K97Nt-KhYUR8ReAwGHE5USe7G24oHxju8zPhIs_kcEDmOE5dgSGc4S4MX2WZcDZhUQyc32k9Vyr-E0zZHtljk9dJUwM0Ua4tj7aw1Mlm3LHnCTqoUugFkTqET4DRzNGQpdDbzrLaEkJZ4ve7PILfHED13jW_OpUgn1qcpEChUlkPQzCBQgXljfQNXvwxi_fyx0vAJtFNkezdy6TUzob5cV6BiGIZK_1bRmw0LlWzpbIvRDX_8KymUbzElZzHJlJ5DlT8UxyPw9XiTi7YSOGJGoGr5iYPfCKR0YJOU4E7sDwR0oG86KC4pcrJReV1eedXSKbE8pN9-BON6nuCyzlSWFjZMHORubpHRhXwFVSfpe9Lvxf6u7-4eiPZe35GzKY8pn8Pxs6qB5X8-ZIHfq1SHnKcNOn0_VXbHGfuZ4isdCbgtZMVUXysbxxnTI3vvp0hIzDEsKK9LShBmpGN2EXk70hmmlgWcc3ZFYABoz7QV6IYKckSyfftlfM', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'sQ0WB52e1yomAf1xx7WddYIzEz51xwrCd9OW9HcR3do.Jq-97mvh0Ol9-bhGAflozH5cBDLb6gIyfHGmMJxT3I8', 'scope': 'openid'}
6.869 AccessTokenResponse {
    "access_token": "sQ0WB52e1yomAf1xx7WddYIzEz51xwrCd9OW9HcR3do.Jq-97mvh0Ol9-bhGAflozH5cBDLb6gIyfHGmMJxT3I8",
    "expires_in": 3599,
    "id_token": {
        "aud": [
            "56d5a7ed-90b1-4c66-9436-4d77fbbb650a"
        ],
        "auth_time": 1529751409,
        "c_hash": "8SrU4ceDoLqRMXdSYilrZQ",
        "exp": 1529755042,
        "iat": 1529751443,
        "iss": "https://oidc-certification.ory.sh:8443/",
        "jti": "ecddf0ce-983e-42e5-8b31-532b2c21d85c",
        "nonce": "W52p79cU7QV79PhK",
        "rat": 1529751439,
        "sub": "foo@bar.com"
    },
    "scope": "openid",
    "token_type": "bearer"
}
6.869 phase <--<-- 6 --- AccessToken -->-->
6.869 --> request op_args: {'state': 'XWmOmGw9T6nhwzkh'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
6.869 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'XWmOmGw9T6nhwzkh', 'code': '9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '56d5a7ed-90b1-4c66-9436-4d77fbbb650a'}, 'state': 'XWmOmGw9T6nhwzkh'}
6.869 AccessTokenRequest {
    "code": "9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
    "state": "XWmOmGw9T6nhwzkh"
}
6.869 request_url https://oidc-certification.ory.sh:8443/oauth2/token
6.869 request_http_args {'headers': {'Authorization': 'Basic NTZkNWE3ZWQtOTBiMS00YzY2LTk0MzYtNGQ3N2ZiYmI2NTBhOkM3aXNLNnpOOFg3WQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
6.869 request code=9Yv2EYOElE3gAwNGdzzA8_OgP6JCYYWUXfyP0BinRL8.YN2Eg0vFfLCKd_Hy1eDl542JWrsAPhGei5RmzrR_H0o&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=XWmOmGw9T6nhwzkh
7.059 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
7.06 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
7.06 event Got expected error
7.06 TokenErrorResponse {
    "error": "invalid_grant",
    "error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
    "error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
    "status_code": 400
}
7.061 phase <--<-- 7 --- Done -->-->
7.061 end 
7.061 assertion VerifyResponse
7.061 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
7.061 condition Done: status=OK



============================================================

Conditions

verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK



============================================================

RESULT: PASSED