internal/certification/CIT.F.T.T.s/OP-OAuth-2nd.txt
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd
Test description: Trying to use authorization code twice should result in an error
Timestamp: 2018-06-23T11:04:52Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.131 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.132 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.132 phase <--<-- 2 --- Registration -->-->
0.132 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code id_token token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.133 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#DD4IV2uvq4iAD58g"
],
"response_types": [
"code id_token token"
]
}
0.29 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.291 RegistrationResponse {
"client_id": "37e36fbf-1246-4f91-9f32-ba8597bba514",
"client_secret": "2VW_2sDMs3QJ",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "37e36fbf-1246-4f91-9f32-ba8597bba514",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#DD4IV2uvq4iAD58g"
],
"response_types": [
"code id_token token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.291 phase <--<-- 3 --- Note -->-->
1.628 phase <--<-- 4 --- AsyncAuthn -->-->
1.628 AuthorizationRequest {
"client_id": "37e36fbf-1246-4f91-9f32-ba8597bba514",
"nonce": "zuouQpDudpihZrDo",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code id_token token",
"scope": "openid",
"state": "9wzip4uhMatQxDRR"
}
1.629 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=37e36fbf-1246-4f91-9f32-ba8597bba514&state=9wzip4uhMatQxDRR&response_type=code+id_token+token&nonce=zuouQpDudpihZrDo
1.629 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=37e36fbf-1246-4f91-9f32-ba8597bba514&state=9wzip4uhMatQxDRR&response_type=code+id_token+token&nonce=zuouQpDudpihZrDo
12.028 http args {}
12.201 response URL with fragment
12.202 response access_token=TPefHr-2Ye_8R0KN12XdTQ2iyTLLLbdTdYw5z4xTnbQ.4l05XyYeD88WtxDydB-JDWjhLS5Hs-6I1CJ3CxJ4i24&code=_ByeBoeDCK3W9i0HvcrVRLSh5cOXjxQCS095YoE5y6g.u8-QmeuWbDjVOF43YEJdBxcdfpXpymx7irJ0k60nVA0&expires_in=3599&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzplMjcyYTc1NS03YWUyLTQ5MGUtODJmNS02MmUwNjc4NjQxYjAiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiTVp0SUVRV0Z0MGVONENiZFpYa3lZUSIsImF1ZCI6WyIzN2UzNmZiZi0xMjQ2LTRmOTEtOWYzMi1iYTg1OTdiYmE1MTQiXSwiYXV0aF90aW1lIjoxNTI5NzUxODI0LCJjX2hhc2giOiJIaU9zcGN0NHhjZ0p6Q0diZmhtRTBBIiwiZXhwIjoxNTI5NzU1NDkwLCJpYXQiOjE1Mjk3NTE4OTAsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6Ijg5OTBmNzBkLWE0MTQtNDgwOC1iMTJmLWQ4NjIyZjUyNTliNSIsIm5vbmNlIjoienVvdVFwRHVkcGloWnJEbyIsInJhdCI6MTUyOTc1MTg4MCwic3ViIjoiZm9vQGJhci5jb20ifQ.nPk_5zo3sO1pQJc5B12XhxE0hqc8oUoy61DyStZfpeYYEJgE-34BEzQaZIP4aTz1ZyJG7UT42qzYc-kfajyvjFFU6EncXuoeUD_qujViWzxTbJkBdNFYIuE9Q22IQbNw4JPmlRvSK6EtlzoCZ4KeXrhMnj_rNih1lST8oeHUQWVKeZhfi9xkhq-3Rxamz4dxZr_S_ug4uNjRDgRz4wJhH77XFTFO3ubVpu-Ng1eoqA4K2i36zaPgy1jTyjEe4C_8ecMUxW5aJMQ5Z_XverspxMI07ZxRQAAgpc2A60G9T5vUeoSipxxO-1-9RNkxIeKmZnV7qIjrSF3LflYqs0VD4HRHs_4p7SKG735WtAxgd88kM1mIU7Yko_iwha2TRRSeT7pUhmlw5HTM1Zo2MreeNQAjDUYJ878TX8EbWiGyUTRLyJGtQyq4ci2xwdRBfKXWtaleJBr_8jHBvuypEJWw1HtCMZkWzVR6wqo-hJ7TALPF6ttaJDtw6_jJwElx_T6nX8Ma8B1Kj1IMJwfH4oIuegv9GWAb2XllP3oGBPrxsi02r77b1SMWHJpFGkY3SVGiW7FiXEGkPo8lvguWiMfp4AFseQAxfkQ9xtwOatI6Q2M49a1g2FUgZZ978O6cLFQd9N4rDyt-Q71IecRaz-QgA8yMnoS0zlGXVW5iZx-rQhU&scope=openid&state=9wzip4uhMatQxDRR&token_type=bearer
12.202 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzplMjcyYTc1NS03YWUyLTQ5MGUtODJmNS02MmUwNjc4NjQxYjAiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiTVp0SUVRV0Z0MGVONENiZFpYa3lZUSIsImF1ZCI6WyIzN2UzNmZiZi0xMjQ2LTRmOTEtOWYzMi1iYTg1OTdiYmE1MTQiXSwiYXV0aF90aW1lIjoxNTI5NzUxODI0LCJjX2hhc2giOiJIaU9zcGN0NHhjZ0p6Q0diZmhtRTBBIiwiZXhwIjoxNTI5NzU1NDkwLCJpYXQiOjE1Mjk3NTE4OTAsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6Ijg5OTBmNzBkLWE0MTQtNDgwOC1iMTJmLWQ4NjIyZjUyNTliNSIsIm5vbmNlIjoienVvdVFwRHVkcGloWnJEbyIsInJhdCI6MTUyOTc1MTg4MCwic3ViIjoiZm9vQGJhci5jb20ifQ.nPk_5zo3sO1pQJc5B12XhxE0hqc8oUoy61DyStZfpeYYEJgE-34BEzQaZIP4aTz1ZyJG7UT42qzYc-kfajyvjFFU6EncXuoeUD_qujViWzxTbJkBdNFYIuE9Q22IQbNw4JPmlRvSK6EtlzoCZ4KeXrhMnj_rNih1lST8oeHUQWVKeZhfi9xkhq-3Rxamz4dxZr_S_ug4uNjRDgRz4wJhH77XFTFO3ubVpu-Ng1eoqA4K2i36zaPgy1jTyjEe4C_8ecMUxW5aJMQ5Z_XverspxMI07ZxRQAAgpc2A60G9T5vUeoSipxxO-1-9RNkxIeKmZnV7qIjrSF3LflYqs0VD4HRHs_4p7SKG735WtAxgd88kM1mIU7Yko_iwha2TRRSeT7pUhmlw5HTM1Zo2MreeNQAjDUYJ878TX8EbWiGyUTRLyJGtQyq4ci2xwdRBfKXWtaleJBr_8jHBvuypEJWw1HtCMZkWzVR6wqo-hJ7TALPF6ttaJDtw6_jJwElx_T6nX8Ma8B1Kj1IMJwfH4oIuegv9GWAb2XllP3oGBPrxsi02r77b1SMWHJpFGkY3SVGiW7FiXEGkPo8lvguWiMfp4AFseQAxfkQ9xtwOatI6Q2M49a1g2FUgZZ978O6cLFQd9N4rDyt-Q71IecRaz-QgA8yMnoS0zlGXVW5iZx-rQhU', 'scope': 'openid', 'code': '_ByeBoeDCK3W9i0HvcrVRLSh5cOXjxQCS095YoE5y6g.u8-QmeuWbDjVOF43YEJdBxcdfpXpymx7irJ0k60nVA0', 'access_token': 'TPefHr-2Ye_8R0KN12XdTQ2iyTLLLbdTdYw5z4xTnbQ.4l05XyYeD88WtxDydB-JDWjhLS5Hs-6I1CJ3CxJ4i24', 'state': '9wzip4uhMatQxDRR', 'expires_in': 3599, 'token_type': 'bearer'}
12.363 AuthorizationResponse {
"access_token": "TPefHr-2Ye_8R0KN12XdTQ2iyTLLLbdTdYw5z4xTnbQ.4l05XyYeD88WtxDydB-JDWjhLS5Hs-6I1CJ3CxJ4i24",
"code": "_ByeBoeDCK3W9i0HvcrVRLSh5cOXjxQCS095YoE5y6g.u8-QmeuWbDjVOF43YEJdBxcdfpXpymx7irJ0k60nVA0",
"expires_in": 3599,
"id_token": {
"at_hash": "MZtIEQWFt0eN4CbdZXkyYQ",
"aud": [
"37e36fbf-1246-4f91-9f32-ba8597bba514"
],
"auth_time": 1529751824,
"c_hash": "HiOspct4xcgJzCGbfhmE0A",
"exp": 1529755490,
"iat": 1529751890,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "8990f70d-a414-4808-b12f-d8622f5259b5",
"nonce": "zuouQpDudpihZrDo",
"rat": 1529751880,
"sub": "foo@bar.com"
},
"scope": "openid",
"state": "9wzip4uhMatQxDRR",
"token_type": "bearer"
}
12.363 phase <--<-- 5 --- AccessToken -->-->
12.363 --> request op_args: {'state': '9wzip4uhMatQxDRR'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
12.363 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '9wzip4uhMatQxDRR', 'code': '_ByeBoeDCK3W9i0HvcrVRLSh5cOXjxQCS095YoE5y6g.u8-QmeuWbDjVOF43YEJdBxcdfpXpymx7irJ0k60nVA0', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '37e36fbf-1246-4f91-9f32-ba8597bba514'}, 'state': '9wzip4uhMatQxDRR'}
12.363 AccessTokenRequest {
"code": "_ByeBoeDCK3W9i0HvcrVRLSh5cOXjxQCS095YoE5y6g.u8-QmeuWbDjVOF43YEJdBxcdfpXpymx7irJ0k60nVA0",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "9wzip4uhMatQxDRR"
}
12.363 request_url https://oidc-certification.ory.sh:8443/oauth2/token
12.363 request_http_args {'headers': {'Authorization': 'Basic MzdlMzZmYmYtMTI0Ni00ZjkxLTlmMzItYmE4NTk3YmJhNTE0OjJWV18yc0RNczNRSg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
12.363 request code=_ByeBoeDCK3W9i0HvcrVRLSh5cOXjxQCS095YoE5y6g.u8-QmeuWbDjVOF43YEJdBxcdfpXpymx7irJ0k60nVA0&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=9wzip4uhMatQxDRR
12.64 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
12.641 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzplMjcyYTc1NS03YWUyLTQ5MGUtODJmNS02MmUwNjc4NjQxYjAiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiTVp0SUVRV0Z0MGVONENiZFpYa3lZUSIsImF1ZCI6WyIzN2UzNmZiZi0xMjQ2LTRmOTEtOWYzMi1iYTg1OTdiYmE1MTQiXSwiYXV0aF90aW1lIjoxNTI5NzUxODI0LCJjX2hhc2giOiJIaU9zcGN0NHhjZ0p6Q0diZmhtRTBBIiwiZXhwIjoxNTI5NzU1NDkwLCJpYXQiOjE1Mjk3NTE4OTEsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjQyNmE0NzdhLTM2MzUtNGRhNy1iMDUxLWFiZTBjZjU2NzM3YyIsIm5vbmNlIjoienVvdVFwRHVkcGloWnJEbyIsInJhdCI6MTUyOTc1MTg4MCwic3ViIjoiZm9vQGJhci5jb20ifQ.CqW5uCc7yHVufSKPLNmsEeyh6S_cq23f2SeutezGgJ_1mujBVR8Rr8K8pmZ23UnxR38I7CxcB4fvEkzBA96tn-OYzTpplrZgeQf6SrcfeI8XG2Yg2uMAAtv8y3r4kx9FG2O1cLB8kDDTENwHg1wHiKbdnGwsSBUaFCAzemmpp04TbhCpu3dXv62ukCKUrPBsh_nRZuhu0rrEUXKXeSuhaBr_gNvA0BeQBWDkWqGoA2TzfQCNsP-WB8fkf5rm23n8DU7aR6WiucmIhxLrfyDQgJlGaPcExzHYkfYe1DbpK4XrQg-iHKhIMmpewGndcwc0SnIhB3TwPv-kP4ukJTg2s7dgSgERoIXCOxfsHU2YXs_4FNofVMdGm16b-haXS-Bm1EcNRroa8pH85iM2wiJaB4VQJwCOqzXa50x88XjhCHZth6DuvvyEtAosGCxUpplrYiLa2vG-vdMyNPYBexJfh0vxHaQ2TqZUIgv0X2wdNNfXW56XLv3bQeRf5b03xR4GF3gftqUixRil-YJt_pj6sDjfLxjeKYiLtgtfxhBYdzjxvUL_D-d1GxMTZtckt5zl864Cc--M51DYi6NBYBtOn0ecTi9nZ5aO2OhJGs_Iu0xxq7kMbvi7qRVzYZKlHCnivFgXsb7Y7atAPDUHe0uOP3hC2kYg0QuKG1qs8Nfn1bQ', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'NIA_EiPKfZUO1Z6QuD9xMWpHfBIA5Q-IWtCqLUEsB8U.ssX_cfD8-t5sA5kb8YVfLAd0XfNsfb9SyTe-LeWIJJ0', 'scope': 'openid'}
12.645 AccessTokenResponse {
"access_token": "NIA_EiPKfZUO1Z6QuD9xMWpHfBIA5Q-IWtCqLUEsB8U.ssX_cfD8-t5sA5kb8YVfLAd0XfNsfb9SyTe-LeWIJJ0",
"expires_in": 3599,
"id_token": {
"at_hash": "MZtIEQWFt0eN4CbdZXkyYQ",
"aud": [
"37e36fbf-1246-4f91-9f32-ba8597bba514"
],
"auth_time": 1529751824,
"c_hash": "HiOspct4xcgJzCGbfhmE0A",
"exp": 1529755490,
"iat": 1529751891,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "426a477a-3635-4da7-b051-abe0cf56737c",
"nonce": "zuouQpDudpihZrDo",
"rat": 1529751880,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
12.645 phase <--<-- 6 --- AccessToken -->-->
12.645 --> request op_args: {'state': '9wzip4uhMatQxDRR'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
12.645 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '9wzip4uhMatQxDRR', 'code': '_ByeBoeDCK3W9i0HvcrVRLSh5cOXjxQCS095YoE5y6g.u8-QmeuWbDjVOF43YEJdBxcdfpXpymx7irJ0k60nVA0', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '37e36fbf-1246-4f91-9f32-ba8597bba514'}, 'state': '9wzip4uhMatQxDRR'}
12.645 AccessTokenRequest {
"code": "_ByeBoeDCK3W9i0HvcrVRLSh5cOXjxQCS095YoE5y6g.u8-QmeuWbDjVOF43YEJdBxcdfpXpymx7irJ0k60nVA0",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "9wzip4uhMatQxDRR"
}
12.645 request_url https://oidc-certification.ory.sh:8443/oauth2/token
12.645 request_http_args {'headers': {'Authorization': 'Basic MzdlMzZmYmYtMTI0Ni00ZjkxLTlmMzItYmE4NTk3YmJhNTE0OjJWV18yc0RNczNRSg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
12.645 request code=_ByeBoeDCK3W9i0HvcrVRLSh5cOXjxQCS095YoE5y6g.u8-QmeuWbDjVOF43YEJdBxcdfpXpymx7irJ0k60nVA0&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=9wzip4uhMatQxDRR
12.846 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
12.846 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
12.846 event Got expected error
12.847 TokenErrorResponse {
"error": "invalid_grant",
"error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
"error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
"status_code": 400
}
12.847 phase <--<-- 7 --- Done -->-->
12.847 end
12.847 assertion VerifyResponse
12.847 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
12.847 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
============================================================
RESULT: PASSED