Sign upLogin

ory-am/hydra

View on GitHub
Star
internal/certification/CT.F.T.T.s/OP-OAuth-2nd-30s.txt

Summary

Maintainability
Test Coverage
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd-30s
Test description: Trying to use authorization code twice with 30 seconds in between uses must result in an error
Timestamp: 2018-06-23T11:13:52Z

============================================================

Trace output

0.0 phase <--<-- 0 --- Note -->-->
1.252 phase <--<-- 1 --- Webfinger -->-->
1.252 not expected to do WebFinger
1.252 phase <--<-- 2 --- Discovery -->-->
1.252 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
1.36 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
1.361 ProviderConfigurationResponse {
    "authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
    "claims_parameter_supported": false,
    "claims_supported": [
        "sub"
    ],
    "grant_types_supported": [
        "authorization_code",
        "implicit",
        "client_credentials",
        "refresh_token"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "issuer": "https://oidc-certification.ory.sh:8443/",
    "jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
    "registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": true,
    "response_modes_supported": [
        "query",
        "fragment"
    ],
    "response_types_supported": [
        "code",
        "code id_token",
        "id_token",
        "token id_token",
        "token",
        "token id_token code"
    ],
    "scopes_supported": [
        "offline",
        "openid"
    ],
    "subject_types_supported": [
        "pairwise",
        "public"
    ],
    "token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic",
        "private_key_jwt",
        "none"
    ],
    "userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
    "userinfo_signing_alg_values_supported": [
        "none",
        "RS256"
    ],
    "version": "3.0"
}
1.361 phase <--<-- 3 --- Registration -->-->
1.362 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
1.362 RegistrationRequest {
    "application_type": "web",
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "authorization_code",
        "implicit"
    ],
    "jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61353/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61353/authz_cb"
    ],
    "request_uris": [
        "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#kb6WL7hKEbvVio6r"
    ],
    "response_types": [
        "code token"
    ]
}
1.519 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
1.52 RegistrationResponse {
    "client_id": "cef74664-dc43-432c-a3d2-6c6fb7513308",
    "client_secret": "APB88CzhP.QF",
    "client_secret_expires_at": 0,
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "authorization_code",
        "implicit"
    ],
    "id": "cef74664-dc43-432c-a3d2-6c6fb7513308",
    "jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
    "public": false,
    "redirect_uris": [
        "https://op.certification.openid.net:61353/authz_cb"
    ],
    "request_uris": [
        "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#kb6WL7hKEbvVio6r"
    ],
    "response_types": [
        "code token"
    ],
    "scope": "openid offline offline_access profile email address phone",
    "token_endpoint_auth_method": "client_secret_basic",
    "userinfo_signed_response_alg": "none"
}
1.52 phase <--<-- 4 --- AsyncAuthn -->-->
1.521 AuthorizationRequest {
    "client_id": "cef74664-dc43-432c-a3d2-6c6fb7513308",
    "nonce": "RaeLXcfjTaIsmeIg",
    "redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
    "response_type": "code token",
    "scope": "openid",
    "state": "zf92pM1RToLEe9KS"
}
1.521 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=cef74664-dc43-432c-a3d2-6c6fb7513308&state=zf92pM1RToLEe9KS&response_type=code+token&nonce=RaeLXcfjTaIsmeIg
1.521 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=cef74664-dc43-432c-a3d2-6c6fb7513308&state=zf92pM1RToLEe9KS&response_type=code+token&nonce=RaeLXcfjTaIsmeIg
4.603 http args {}
4.771 response URL with fragment
4.771 response access_token=RereK80v103elsUvzT7LXHul3RDmDhZ1pIbxJ6fomGs.wxrMoFyTmugjNRm_1n7BP8HvZS9s0NFj3jgeSSy9n_s&code=9Ck4767MTXSfcN_bEKGwgtC8myCtMuSUXvaZksa1Z5I.CpkrBguCSNOpbbBrEyTjtJVhrilPcl3cZik9ZW8zBV4&expires_in=3599&scope=openid&state=zf92pM1RToLEe9KS&token_type=bearer
4.772 response {'scope': 'openid', 'code': '9Ck4767MTXSfcN_bEKGwgtC8myCtMuSUXvaZksa1Z5I.CpkrBguCSNOpbbBrEyTjtJVhrilPcl3cZik9ZW8zBV4', 'access_token': 'RereK80v103elsUvzT7LXHul3RDmDhZ1pIbxJ6fomGs.wxrMoFyTmugjNRm_1n7BP8HvZS9s0NFj3jgeSSy9n_s', 'state': 'zf92pM1RToLEe9KS', 'expires_in': 3599, 'token_type': 'bearer'}
4.772 AuthorizationResponse {
    "access_token": "RereK80v103elsUvzT7LXHul3RDmDhZ1pIbxJ6fomGs.wxrMoFyTmugjNRm_1n7BP8HvZS9s0NFj3jgeSSy9n_s",
    "code": "9Ck4767MTXSfcN_bEKGwgtC8myCtMuSUXvaZksa1Z5I.CpkrBguCSNOpbbBrEyTjtJVhrilPcl3cZik9ZW8zBV4",
    "expires_in": 3599,
    "scope": "openid",
    "state": "zf92pM1RToLEe9KS",
    "token_type": "bearer"
}
4.772 phase <--<-- 5 --- AccessToken -->-->
4.773 --> request op_args: {'state': 'zf92pM1RToLEe9KS'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.773 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'zf92pM1RToLEe9KS', 'code': '9Ck4767MTXSfcN_bEKGwgtC8myCtMuSUXvaZksa1Z5I.CpkrBguCSNOpbbBrEyTjtJVhrilPcl3cZik9ZW8zBV4', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'cef74664-dc43-432c-a3d2-6c6fb7513308'}, 'state': 'zf92pM1RToLEe9KS'}
4.773 AccessTokenRequest {
    "code": "9Ck4767MTXSfcN_bEKGwgtC8myCtMuSUXvaZksa1Z5I.CpkrBguCSNOpbbBrEyTjtJVhrilPcl3cZik9ZW8zBV4",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
    "state": "zf92pM1RToLEe9KS"
}
4.773 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.773 request_http_args {'headers': {'Authorization': 'Basic Y2VmNzQ2NjQtZGM0My00MzJjLWEzZDItNmM2ZmI3NTEzMzA4OkFQQjg4Q3poUC5RRg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.773 request code=9Ck4767MTXSfcN_bEKGwgtC8myCtMuSUXvaZksa1Z5I.CpkrBguCSNOpbbBrEyTjtJVhrilPcl3cZik9ZW8zBV4&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=zf92pM1RToLEe9KS
5.039 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
5.04 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo1MTk4ZGI1Yi04NzhjLTQ2MzUtYTUzOC1lNjI3Zjk4ZGU5M2UiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoibUFXVzJtNGxnVWxXQ0ctRXFobHVkZyIsImF1ZCI6WyJjZWY3NDY2NC1kYzQzLTQzMmMtYTNkMi02YzZmYjc1MTMzMDgiXSwiYXV0aF90aW1lIjoxNTI5NzUyMzcxLCJjX2hhc2giOiJjcndSQ2hLSE1mVE9RaHRneHRkNEJnIiwiZXhwIjoxNTI5NzU2MDAxLCJpYXQiOjE1Mjk3NTI0MDIsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjhiOTJmNjY5LTEzYWMtNDFhOS1iY2FlLTA4NDk2YTNjMjcxMiIsIm5vbmNlIjoiUmFlTFhjZmpUYUlzbWVJZyIsInJhdCI6MTUyOTc1MjM5OCwic3ViIjoiZm9vQGJhci5jb20ifQ.YOfjjcNkpuBO8RMLv1kYSNblPu9KyNdeamMKDxsmaHMGtSROtWT7PTG4uKp2zw5TduFIFC-z5Gc41oNwdq4mY21OP1M4VK3o0ThBe7jGEcmP42RgWDuShTmJ2kyO40DYVpB4wCsCPjeKBezgLcBlqLHvXic3sMoFLgrSvzzVj4indEbIGFJ0RhVeGdNPZ1s3w6YoWHUSt0xZnhhbC4OvmidWAQJvFkD5Q5MeKCImnkslofArULTdskRhf9kwCLU1Q6-nvRBnO8wXw-o0Wea9jy9EDU7zz0oRUy3tEgJMgoKa_wltDj-2Z-8iYMW_S7qYTjX7JrEAuj8uGfHCbMbBvpbSqzqjc76MVyQKd3FDAqsmWqLzLj5Csuv004H8MHvsqa7DGKOhpODgXU9OL1l_c2lHqylr7-NVgrtFkc8EiIq3iIzhqwDUcb-ZWT_RE67Dqb1hiOFBj3wOCj7Zv1zZuFeeT5K2fPdFHEdoickhl1UtMvvuzF4haoCkOmc_Alx-H6-ZtvrGov6E_BK_JiUsoSmdDiPXzzr0npX1TePXIDfS_AcoHZzkwlCp2X_TIuwwYfyFlry2nCgeSl3JVPo97Us27i9VUS4mLUJROvenDxnA1_ebmBC0LXU49VnhCTKBZ3G4z5o8tmC8AVKD4_G178Mm5_ReZ0hEmo0dKY0msr8', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'zx1RrBlt-Ye-nqkJvz76ojOHOHGuF-5j01rWB3H2-4U.uYMdKxk25XjXuDaQim2it91DBYYC6Tz8jn_UdSqC7Y0', 'scope': 'openid'}
5.119 AccessTokenResponse {
    "access_token": "zx1RrBlt-Ye-nqkJvz76ojOHOHGuF-5j01rWB3H2-4U.uYMdKxk25XjXuDaQim2it91DBYYC6Tz8jn_UdSqC7Y0",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "mAWW2m4lgUlWCG-Eqhludg",
        "aud": [
            "cef74664-dc43-432c-a3d2-6c6fb7513308"
        ],
        "auth_time": 1529752371,
        "c_hash": "crwRChKHMfTOQhtgxtd4Bg",
        "exp": 1529756001,
        "iat": 1529752402,
        "iss": "https://oidc-certification.ory.sh:8443/",
        "jti": "8b92f669-13ac-41a9-bcae-08496a3c2712",
        "nonce": "RaeLXcfjTaIsmeIg",
        "rat": 1529752398,
        "sub": "foo@bar.com"
    },
    "scope": "openid",
    "token_type": "bearer"
}
5.119 phase <--<-- 6 --- TimeDelay -->-->
35.149 phase <--<-- 7 --- AccessToken -->-->
35.149 --> request op_args: {'state': 'zf92pM1RToLEe9KS'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
35.149 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'zf92pM1RToLEe9KS', 'code': '9Ck4767MTXSfcN_bEKGwgtC8myCtMuSUXvaZksa1Z5I.CpkrBguCSNOpbbBrEyTjtJVhrilPcl3cZik9ZW8zBV4', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': 'cef74664-dc43-432c-a3d2-6c6fb7513308'}, 'state': 'zf92pM1RToLEe9KS'}
35.149 AccessTokenRequest {
    "code": "9Ck4767MTXSfcN_bEKGwgtC8myCtMuSUXvaZksa1Z5I.CpkrBguCSNOpbbBrEyTjtJVhrilPcl3cZik9ZW8zBV4",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
    "state": "zf92pM1RToLEe9KS"
}
35.149 request_url https://oidc-certification.ory.sh:8443/oauth2/token
35.149 request_http_args {'headers': {'Authorization': 'Basic Y2VmNzQ2NjQtZGM0My00MzJjLWEzZDItNmM2ZmI3NTEzMzA4OkFQQjg4Q3poUC5RRg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
35.149 request code=9Ck4767MTXSfcN_bEKGwgtC8myCtMuSUXvaZksa1Z5I.CpkrBguCSNOpbbBrEyTjtJVhrilPcl3cZik9ZW8zBV4&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=zf92pM1RToLEe9KS
35.363 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
35.363 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
35.363 event Got expected error
35.364 TokenErrorResponse {
    "error": "invalid_grant",
    "error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
    "error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
    "status_code": 400
}
35.364 phase <--<-- 8 --- Done -->-->
35.364 end 
35.364 assertion VerifyResponse
35.364 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
35.364 condition Done: status=OK



============================================================

Conditions

verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK



============================================================

RESULT: PASSED