internal/certification/CIT.F.T.T.s/OP-OAuth-2nd-30s.txt
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd-30s
Test description: Trying to use authorization code twice with 30 seconds in between uses must result in an error
Timestamp: 2018-06-23T11:05:28Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Note -->-->
1.017 phase <--<-- 1 --- Webfinger -->-->
1.017 not expected to do WebFinger
1.017 phase <--<-- 2 --- Discovery -->-->
1.017 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.091 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.092 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
1.092 phase <--<-- 3 --- Registration -->-->
1.092 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.093 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#vAOmvaRdqd362FuL"
],
"response_types": [
"code id_token token"
]
}
1.253 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.254 RegistrationResponse {
"client_id": "bbb10108-f746-4593-830a-93fef9f95d85",
"client_secret": "G7KU-i8JYiMY",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "bbb10108-f746-4593-830a-93fef9f95d85",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#vAOmvaRdqd362FuL"
],
"response_types": [
"code id_token token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
1.254 phase <--<-- 4 --- AsyncAuthn -->-->
1.255 AuthorizationRequest {
"client_id": "bbb10108-f746-4593-830a-93fef9f95d85",
"nonce": "sWdflVLovEfLtiz2",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token token",
"scope": "openid",
"state": "ef7XzASOYeAGytVx"
}
1.255 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=bbb10108-f746-4593-830a-93fef9f95d85&state=ef7XzASOYeAGytVx&response_type=code+id_token+token&nonce=sWdflVLovEfLtiz2
1.255 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=bbb10108-f746-4593-830a-93fef9f95d85&state=ef7XzASOYeAGytVx&response_type=code+id_token+token&nonce=sWdflVLovEfLtiz2
3.893 http args {}
4.069 response URL with fragment
4.069 response access_token=742TgMo5SjRgOjMs_hlL1HDk3zRAx8gQOh-vQSwWzt0.ox-ksf3KnOrrqoZStLW4HeSaP4vsYGiMQbEPi9yTgdQ&code=xsiflTCjFrQmMQrpV1OfffsyAR3eVTnDM8ok2_GTe1w.j2g3KmLfVrl_WGyeWeapSd5KYv3TdBkPQXv7K-KaA1Y&expires_in=3599&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzplMjcyYTc1NS03YWUyLTQ5MGUtODJmNS02MmUwNjc4NjQxYjAiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiZENDQkw2NlktY2JaUTFRaVpuQlNaUSIsImF1ZCI6WyJiYmIxMDEwOC1mNzQ2LTQ1OTMtODMwYS05M2ZlZjlmOTVkODUiXSwiYXV0aF90aW1lIjoxNTI5NzUxODI0LCJjX2hhc2giOiI3WGZLTUZ4Z2lHWi1ja05wejY2eEtRIiwiZXhwIjoxNTI5NzU1NDk3LCJpYXQiOjE1Mjk3NTE4OTcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjQ2N2UwMDhlLTI0NGMtNDdiMS04YzY1LWY2OWViZjc4OWQ4MCIsIm5vbmNlIjoic1dkZmxWTG92RWZMdGl6MiIsInJhdCI6MTUyOTc1MTg5NCwic3ViIjoiZm9vQGJhci5jb20ifQ.VOhHotK-ZNEtUCR0aN6iu91f8kDupz9_Qcoou_u0hWepxmp7jiQM26CZJ6YayGaFew5dS1vYkPQw6L4iBo1NgmEKBx3x6gHrs_tGnnsZSgNnZWWk5Okf84Udd3lEjToquJIvSZGro9cGkoNVbPl0HYlegjzYAFFAj_O6Alxsi50I4dzQQF25WiIWZ-wMGZGgzEA0ijJTyGd9pp46cFu4PSRmP41QLpDXRRFo8EYcTiUlcl9E99fxFFniNWdfEsnSKYP1UK7Pit4tUibrkkuMVmv4fyB8NTsBUBt0oAZZ81ti8JxLkjHaLO2KpQDdTNRQH3VMAMrocmLf4LgAOFwIBPHpvDBVFaci1CN7XPIEmCzZLqiC3nzNHoS0ApLGGX4uxwke-LcRd9CBmK5mJpU-btJ-Kp10U2v2lc6W8YpW6_QXByfsWNsZqRuKaITT-bKyJjfHBUAT_KXz43ElRPQmP_wp9wdasfMoQFgI2xReFLUrOp2KEIR3Pl16TpaeHEmF4FKq60pfsxKY9eT4948oJsIpl8Tz41xrqKX_a6aB28-hUAb1sM8qF34VKpDppheY_y4nWb6JsZa1DHvToBqAFt3a6E75YovKJLxorNnzzyGq7KFN-mBCyDFeLrkZAhxrkBccbGvyjIkmhZxTe3ppI38HFPrqA75TbwcRsAARGaE&scope=openid&state=ef7XzASOYeAGytVx&token_type=bearer
4.07 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzplMjcyYTc1NS03YWUyLTQ5MGUtODJmNS02MmUwNjc4NjQxYjAiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiZENDQkw2NlktY2JaUTFRaVpuQlNaUSIsImF1ZCI6WyJiYmIxMDEwOC1mNzQ2LTQ1OTMtODMwYS05M2ZlZjlmOTVkODUiXSwiYXV0aF90aW1lIjoxNTI5NzUxODI0LCJjX2hhc2giOiI3WGZLTUZ4Z2lHWi1ja05wejY2eEtRIiwiZXhwIjoxNTI5NzU1NDk3LCJpYXQiOjE1Mjk3NTE4OTcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjQ2N2UwMDhlLTI0NGMtNDdiMS04YzY1LWY2OWViZjc4OWQ4MCIsIm5vbmNlIjoic1dkZmxWTG92RWZMdGl6MiIsInJhdCI6MTUyOTc1MTg5NCwic3ViIjoiZm9vQGJhci5jb20ifQ.VOhHotK-ZNEtUCR0aN6iu91f8kDupz9_Qcoou_u0hWepxmp7jiQM26CZJ6YayGaFew5dS1vYkPQw6L4iBo1NgmEKBx3x6gHrs_tGnnsZSgNnZWWk5Okf84Udd3lEjToquJIvSZGro9cGkoNVbPl0HYlegjzYAFFAj_O6Alxsi50I4dzQQF25WiIWZ-wMGZGgzEA0ijJTyGd9pp46cFu4PSRmP41QLpDXRRFo8EYcTiUlcl9E99fxFFniNWdfEsnSKYP1UK7Pit4tUibrkkuMVmv4fyB8NTsBUBt0oAZZ81ti8JxLkjHaLO2KpQDdTNRQH3VMAMrocmLf4LgAOFwIBPHpvDBVFaci1CN7XPIEmCzZLqiC3nzNHoS0ApLGGX4uxwke-LcRd9CBmK5mJpU-btJ-Kp10U2v2lc6W8YpW6_QXByfsWNsZqRuKaITT-bKyJjfHBUAT_KXz43ElRPQmP_wp9wdasfMoQFgI2xReFLUrOp2KEIR3Pl16TpaeHEmF4FKq60pfsxKY9eT4948oJsIpl8Tz41xrqKX_a6aB28-hUAb1sM8qF34VKpDppheY_y4nWb6JsZa1DHvToBqAFt3a6E75YovKJLxorNnzzyGq7KFN-mBCyDFeLrkZAhxrkBccbGvyjIkmhZxTe3ppI38HFPrqA75TbwcRsAARGaE', 'scope': 'openid', 'code': 'xsiflTCjFrQmMQrpV1OfffsyAR3eVTnDM8ok2_GTe1w.j2g3KmLfVrl_WGyeWeapSd5KYv3TdBkPQXv7K-KaA1Y', 'access_token': '742TgMo5SjRgOjMs_hlL1HDk3zRAx8gQOh-vQSwWzt0.ox-ksf3KnOrrqoZStLW4HeSaP4vsYGiMQbEPi9yTgdQ', 'state': 'ef7XzASOYeAGytVx', 'expires_in': 3599, 'token_type': 'bearer'}
4.22 AuthorizationResponse {
"access_token": "742TgMo5SjRgOjMs_hlL1HDk3zRAx8gQOh-vQSwWzt0.ox-ksf3KnOrrqoZStLW4HeSaP4vsYGiMQbEPi9yTgdQ",
"code": "xsiflTCjFrQmMQrpV1OfffsyAR3eVTnDM8ok2_GTe1w.j2g3KmLfVrl_WGyeWeapSd5KYv3TdBkPQXv7K-KaA1Y",
"expires_in": 3599,
"id_token": {
"at_hash": "dCCBL66Y-cbZQ1QiZnBSZQ",
"aud": [
"bbb10108-f746-4593-830a-93fef9f95d85"
],
"auth_time": 1529751824,
"c_hash": "7XfKMFxgiGZ-ckNpz66xKQ",
"exp": 1529755497,
"iat": 1529751897,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "467e008e-244c-47b1-8c65-f69ebf789d80",
"nonce": "sWdflVLovEfLtiz2",
"rat": 1529751894,
"sub": "foo@bar.com"
},
"scope": "openid",
"state": "ef7XzASOYeAGytVx",
"token_type": "bearer"
}
4.22 phase <--<-- 5 --- AccessToken -->-->
4.22 --> request op_args: {'state': 'ef7XzASOYeAGytVx'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.22 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'ef7XzASOYeAGytVx', 'code': 'xsiflTCjFrQmMQrpV1OfffsyAR3eVTnDM8ok2_GTe1w.j2g3KmLfVrl_WGyeWeapSd5KYv3TdBkPQXv7K-KaA1Y', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'bbb10108-f746-4593-830a-93fef9f95d85'}, 'state': 'ef7XzASOYeAGytVx'}
4.22 AccessTokenRequest {
"code": "xsiflTCjFrQmMQrpV1OfffsyAR3eVTnDM8ok2_GTe1w.j2g3KmLfVrl_WGyeWeapSd5KYv3TdBkPQXv7K-KaA1Y",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "ef7XzASOYeAGytVx"
}
4.22 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.22 request_http_args {'headers': {'Authorization': 'Basic YmJiMTAxMDgtZjc0Ni00NTkzLTgzMGEtOTNmZWY5Zjk1ZDg1Okc3S1UtaThKWWlNWQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.22 request code=xsiflTCjFrQmMQrpV1OfffsyAR3eVTnDM8ok2_GTe1w.j2g3KmLfVrl_WGyeWeapSd5KYv3TdBkPQXv7K-KaA1Y&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=ef7XzASOYeAGytVx
4.43 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
4.431 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzplMjcyYTc1NS03YWUyLTQ5MGUtODJmNS02MmUwNjc4NjQxYjAiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiZENDQkw2NlktY2JaUTFRaVpuQlNaUSIsImF1ZCI6WyJiYmIxMDEwOC1mNzQ2LTQ1OTMtODMwYS05M2ZlZjlmOTVkODUiXSwiYXV0aF90aW1lIjoxNTI5NzUxODI0LCJjX2hhc2giOiI3WGZLTUZ4Z2lHWi1ja05wejY2eEtRIiwiZXhwIjoxNTI5NzU1NDk3LCJpYXQiOjE1Mjk3NTE4OTcsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjU5ZjNiNGIwLWNhYWMtNDdhMC04NWNmLTRhZWJjMDlmMjQxNyIsIm5vbmNlIjoic1dkZmxWTG92RWZMdGl6MiIsInJhdCI6MTUyOTc1MTg5NCwic3ViIjoiZm9vQGJhci5jb20ifQ.FsZdIWeAn_yhg2u6S-GeiG4gMn_iQVY0dVoNaz76ZZhKSbeA07FP-ZPD-QwS99Lc1JqW87VeW7Fxq14W0yfXbdazNSnBSyoJ_x9P_0X524Esh0z5JXB0OO1rq8zvh0dIyUsNhow0Aw5TV_J7cIQYKheN5EEWct_pK1IPnu2Ij1uCex-BUuRL8-19-2z0xMKUC80L8QlR9tCX1w76eUpYu_Cc_IygCk1m5C77_gOQzoOFMBv_5Cyx76GAkHwDcmCUxgm7l0nZVHl1h90cfDjEeRs_txODAbycqLhpDmGwJOW3iPL4xvz75lTSLpliHErR8kbHUzq1WMCXz6pKmG8L4KJZubOXq3Ck3Pgegtl4cAkEEiQqadFhAD865gRAbaX6Xot1o0ENIauKYQlaaChYVmgIyDnBA-WuqUoSGQje5y4Jel7FmeesVgj7-xl65WL61FMsy1dASLb7weEOV-FivgxQ_fT5O9ezvHdTSHFAm0E2TYjtzIA_qeoGa1s4dJ61wadUTd7XsuHufV0MrDN94lES9_L6pbQYNjDgObtbFLY_9wgS4RDpRWTIrblJu5jZwfg1oVtmFBOtGIE5LdbI_mn-zL04EzURn1UOj0gonKWJmDBMRxYXhJ4-EmFGVZWIMxUUPUxWdsqe0Xc0ZANIJkw1vi94RSYyJnb2yAJQe9k', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'STZB3UB4Bxh8-lf4N9s9ffshPymxNdyWFzKU-IKc7f8.Ncxt9P7lCjkXwOr-nof7gBsi3v2dVfV33SvSQJEbjdU', 'scope': 'openid'}
4.434 AccessTokenResponse {
"access_token": "STZB3UB4Bxh8-lf4N9s9ffshPymxNdyWFzKU-IKc7f8.Ncxt9P7lCjkXwOr-nof7gBsi3v2dVfV33SvSQJEbjdU",
"expires_in": 3599,
"id_token": {
"at_hash": "dCCBL66Y-cbZQ1QiZnBSZQ",
"aud": [
"bbb10108-f746-4593-830a-93fef9f95d85"
],
"auth_time": 1529751824,
"c_hash": "7XfKMFxgiGZ-ckNpz66xKQ",
"exp": 1529755497,
"iat": 1529751897,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "59f3b4b0-caac-47a0-85cf-4aebc09f2417",
"nonce": "sWdflVLovEfLtiz2",
"rat": 1529751894,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
4.435 phase <--<-- 6 --- TimeDelay -->-->
34.45 phase <--<-- 7 --- AccessToken -->-->
34.45 --> request op_args: {'state': 'ef7XzASOYeAGytVx'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
34.45 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'ef7XzASOYeAGytVx', 'code': 'xsiflTCjFrQmMQrpV1OfffsyAR3eVTnDM8ok2_GTe1w.j2g3KmLfVrl_WGyeWeapSd5KYv3TdBkPQXv7K-KaA1Y', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'bbb10108-f746-4593-830a-93fef9f95d85'}, 'state': 'ef7XzASOYeAGytVx'}
34.45 AccessTokenRequest {
"code": "xsiflTCjFrQmMQrpV1OfffsyAR3eVTnDM8ok2_GTe1w.j2g3KmLfVrl_WGyeWeapSd5KYv3TdBkPQXv7K-KaA1Y",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "ef7XzASOYeAGytVx"
}
34.45 request_url https://oidc-certification.ory.sh:8443/oauth2/token
34.45 request_http_args {'headers': {'Authorization': 'Basic YmJiMTAxMDgtZjc0Ni00NTkzLTgzMGEtOTNmZWY5Zjk1ZDg1Okc3S1UtaThKWWlNWQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
34.45 request code=xsiflTCjFrQmMQrpV1OfffsyAR3eVTnDM8ok2_GTe1w.j2g3KmLfVrl_WGyeWeapSd5KYv3TdBkPQXv7K-KaA1Y&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=ef7XzASOYeAGytVx
34.624 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
34.624 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
34.624 event Got expected error
34.625 TokenErrorResponse {
"error": "invalid_grant",
"error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code": 400
}
34.625 phase <--<-- 8 --- Done -->-->
34.625 end
34.625 assertion VerifyResponse
34.625 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
34.625 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED