internal/certification/CT.F.T.T.s/OP-OAuth-2nd.txt from ory-am/hydra

internal/certification/CT.F.T.T.s/OP-OAuth-2nd.txt
Summary

Maintainability

Test Coverage

Issues
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-OAuth-2nd
Test description: Trying to use authorization code twice should result in an error
Timestamp: 2018-06-23T11:13:14Z

============================================================

Trace output

0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.073 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.074 ProviderConfigurationResponse {
    "authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
    "claims_parameter_supported": false,
    "claims_supported": [
        "sub"
    ],
    "grant_types_supported": [
        "authorization_code",
        "implicit",
        "client_credentials",
        "refresh_token"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "issuer": "https://oidc-certification.ory.sh:8443/",
    "jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
    "registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": true,
    "response_modes_supported": [
        "query",
        "fragment"
    ],
    "response_types_supported": [
        "code",
        "code id_token",
        "id_token",
        "token id_token",
        "token",
        "token id_token code"
    ],
    "scopes_supported": [
        "offline",
        "openid"
    ],
    "subject_types_supported": [
        "pairwise",
        "public"
    ],
    "token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic",
        "private_key_jwt",
        "none"
    ],
    "userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
    "userinfo_signing_alg_values_supported": [
        "none",
        "RS256"
    ],
    "version": "3.0"
}
0.074 phase <--<-- 2 --- Registration -->-->
0.074 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.075 RegistrationRequest {
    "application_type": "web",
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "authorization_code",
        "implicit"
    ],
    "jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61353/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61353/authz_cb"
    ],
    "request_uris": [
        "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#NHcINjpjqJb2NAAC"
    ],
    "response_types": [
        "code token"
    ]
}
0.23 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.231 RegistrationResponse {
    "client_id": "067e554b-8c35-498f-b62a-89fd2714734c",
    "client_secret": "LTVaLgmZ.sx1",
    "client_secret_expires_at": 0,
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "authorization_code",
        "implicit"
    ],
    "id": "067e554b-8c35-498f-b62a-89fd2714734c",
    "jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
    "public": false,
    "redirect_uris": [
        "https://op.certification.openid.net:61353/authz_cb"
    ],
    "request_uris": [
        "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#NHcINjpjqJb2NAAC"
    ],
    "response_types": [
        "code token"
    ],
    "scope": "openid offline offline_access profile email address phone",
    "token_endpoint_auth_method": "client_secret_basic",
    "userinfo_signed_response_alg": "none"
}
0.231 phase <--<-- 3 --- Note -->-->
1.396 phase <--<-- 4 --- AsyncAuthn -->-->
1.397 AuthorizationRequest {
    "client_id": "067e554b-8c35-498f-b62a-89fd2714734c",
    "nonce": "Lbm6TxMWupcBULhy",
    "redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
    "response_type": "code token",
    "scope": "openid",
    "state": "5kOSP1Szu9sSUcww"
}
1.397 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=067e554b-8c35-498f-b62a-89fd2714734c&state=5kOSP1Szu9sSUcww&response_type=code+token&nonce=Lbm6TxMWupcBULhy
1.397 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=067e554b-8c35-498f-b62a-89fd2714734c&state=5kOSP1Szu9sSUcww&response_type=code+token&nonce=Lbm6TxMWupcBULhy
4.733 http args {}
4.912 response URL with fragment
4.912 response access_token=V_PZr89J7ppQZPgzy6bwqZ48Bv19RwH9lYgvSIRypq0.Mm5uq9Gnb6WCdZunKHvq7pOx6ct5NVgSdv_bLALGsHA&code=J5ECtZMNR8RNPhDSn-2mCIYCdYBLK8cNpST0uuT7qDM.jO3CmvR0C1ryUEhrbJl29J3sN5WmMDs2vv1ExYfKBCk&expires_in=3599&scope=openid&state=5kOSP1Szu9sSUcww&token_type=bearer
4.912 response {'scope': 'openid', 'code': 'J5ECtZMNR8RNPhDSn-2mCIYCdYBLK8cNpST0uuT7qDM.jO3CmvR0C1ryUEhrbJl29J3sN5WmMDs2vv1ExYfKBCk', 'access_token': 'V_PZr89J7ppQZPgzy6bwqZ48Bv19RwH9lYgvSIRypq0.Mm5uq9Gnb6WCdZunKHvq7pOx6ct5NVgSdv_bLALGsHA', 'state': '5kOSP1Szu9sSUcww', 'expires_in': 3599, 'token_type': 'bearer'}
4.913 AuthorizationResponse {
    "access_token": "V_PZr89J7ppQZPgzy6bwqZ48Bv19RwH9lYgvSIRypq0.Mm5uq9Gnb6WCdZunKHvq7pOx6ct5NVgSdv_bLALGsHA",
    "code": "J5ECtZMNR8RNPhDSn-2mCIYCdYBLK8cNpST0uuT7qDM.jO3CmvR0C1ryUEhrbJl29J3sN5WmMDs2vv1ExYfKBCk",
    "expires_in": 3599,
    "scope": "openid",
    "state": "5kOSP1Szu9sSUcww",
    "token_type": "bearer"
}
4.913 phase <--<-- 5 --- AccessToken -->-->
4.913 --> request op_args: {'state': '5kOSP1Szu9sSUcww'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
4.913 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '5kOSP1Szu9sSUcww', 'code': 'J5ECtZMNR8RNPhDSn-2mCIYCdYBLK8cNpST0uuT7qDM.jO3CmvR0C1ryUEhrbJl29J3sN5WmMDs2vv1ExYfKBCk', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '067e554b-8c35-498f-b62a-89fd2714734c'}, 'state': '5kOSP1Szu9sSUcww'}
4.913 AccessTokenRequest {
    "code": "J5ECtZMNR8RNPhDSn-2mCIYCdYBLK8cNpST0uuT7qDM.jO3CmvR0C1ryUEhrbJl29J3sN5WmMDs2vv1ExYfKBCk",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
    "state": "5kOSP1Szu9sSUcww"
}
4.913 request_url https://oidc-certification.ory.sh:8443/oauth2/token
4.913 request_http_args {'headers': {'Authorization': 'Basic MDY3ZTU1NGItOGMzNS00OThmLWI2MmEtODlmZDI3MTQ3MzRjOkxUVmFMZ21aLnN4MQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
4.913 request code=J5ECtZMNR8RNPhDSn-2mCIYCdYBLK8cNpST0uuT7qDM.jO3CmvR0C1ryUEhrbJl29J3sN5WmMDs2vv1ExYfKBCk&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=5kOSP1Szu9sSUcww
5.129 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
5.13 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo1MTk4ZGI1Yi04NzhjLTQ2MzUtYTUzOC1lNjI3Zjk4ZGU5M2UiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiRWJJVHA0VWQzLWxraFBXSmVnRmJSQSIsImF1ZCI6WyIwNjdlNTU0Yi04YzM1LTQ5OGYtYjYyYS04OWZkMjcxNDczNGMiXSwiYXV0aF90aW1lIjoxNTI5NzUyMzcxLCJjX2hhc2giOiJadWlJdThpZFdLTVVkUU1kM0lrM013IiwiZXhwIjoxNTI5NzU1OTkzLCJpYXQiOjE1Mjk3NTIzOTMsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImJjYzViMDI1LTk4YmUtNDdiOS04MTNiLThkNjcyMGJkZjVjZSIsIm5vbmNlIjoiTGJtNlR4TVd1cGNCVUxoeSIsInJhdCI6MTUyOTc1MjM5MCwic3ViIjoiZm9vQGJhci5jb20ifQ.h0xvCaBMHTd6WiWBsbFRHHWr6pXWOQZkPIXzBIF-2CM2zHVmFhzl-pJ4ZUNI1Tbg8Wz_9MAPkypecEIT0LYTV1Kz5xDIoaNXYzV4jB9Zv26fZ1esxu2MyYecmYK7uM5Cah8LRHvblBPVoZkMNq0vyc6S_JJi1F3xWevvhisul24NjOKTv3rgAMIPjADgQQ0we3oQ8d5Inhq5-uHU57XiLJJ8HhcXVp9pKNrYTpMk7lFZDK4OZw6NR6H-sKn9-xwWFrf3PvV1YWEflmABRGVROKIGYEDLDOpaerT2LCoFN28idRdV2hFTJ-y8pcVLX3SJ_agV0PiY-fUBqz9MtQWitmLh8JioG2i-jNpCz9cE4hKYrP6CZaVuTF8yXCQm7GvY_jG1jDCAtsttUOaajSwlIfdRHENZy-kbFX_AFolMG4RAc1bCzdWPvZJdSRjF8XVJyD0VQCI1eU6c2BIsN1i0ebX7zmcD2Q_MCEhxEmpxvYb6ZWOlMi4O9Og1d8_NCrBLtylIa4wGRJCnlL3g9x9jD6E1oBsMxZVp3FEi2JqBNnTxY6NJFQT9-g3Ms5hIaRNT3GGk8XUMSWUWNba9qinnE_Kqb1tsqF3MesfAM1qLQja9RmYFsXJ9kQwVZPRvc38lQT8vq74_dz_sS1v4-vOlN-ZF4_7FWAfn6XAavzTAXSg', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'GJUAp7cW1YoX7rsW84qgM7f0wSmSTsQDEAT0Z4teO1s.VQq5_R7uBMfxPPz_XfE8fzRdsSywqPez_NHHfZ8QgwQ', 'scope': 'openid'}
5.22 AccessTokenResponse {
    "access_token": "GJUAp7cW1YoX7rsW84qgM7f0wSmSTsQDEAT0Z4teO1s.VQq5_R7uBMfxPPz_XfE8fzRdsSywqPez_NHHfZ8QgwQ",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "EbITp4Ud3-lkhPWJegFbRA",
        "aud": [
            "067e554b-8c35-498f-b62a-89fd2714734c"
        ],
        "auth_time": 1529752371,
        "c_hash": "ZuiIu8idWKMUdQMd3Ik3Mw",
        "exp": 1529755993,
        "iat": 1529752393,
        "iss": "https://oidc-certification.ory.sh:8443/",
        "jti": "bcc5b025-98be-47b9-813b-8d6720bdf5ce",
        "nonce": "Lbm6TxMWupcBULhy",
        "rat": 1529752390,
        "sub": "foo@bar.com"
    },
    "scope": "openid",
    "token_type": "bearer"
}
5.221 phase <--<-- 6 --- AccessToken -->-->
5.221 --> request op_args: {'state': '5kOSP1Szu9sSUcww'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
5.221 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': '5kOSP1Szu9sSUcww', 'code': 'J5ECtZMNR8RNPhDSn-2mCIYCdYBLK8cNpST0uuT7qDM.jO3CmvR0C1ryUEhrbJl29J3sN5WmMDs2vv1ExYfKBCk', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '067e554b-8c35-498f-b62a-89fd2714734c'}, 'state': '5kOSP1Szu9sSUcww'}
5.221 AccessTokenRequest {
    "code": "J5ECtZMNR8RNPhDSn-2mCIYCdYBLK8cNpST0uuT7qDM.jO3CmvR0C1ryUEhrbJl29J3sN5WmMDs2vv1ExYfKBCk",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
    "state": "5kOSP1Szu9sSUcww"
}
5.221 request_url https://oidc-certification.ory.sh:8443/oauth2/token
5.221 request_http_args {'headers': {'Authorization': 'Basic MDY3ZTU1NGItOGMzNS00OThmLWI2MmEtODlmZDI3MTQ3MzRjOkxUVmFMZ21aLnN4MQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
5.221 request code=J5ECtZMNR8RNPhDSn-2mCIYCdYBLK8cNpST0uuT7qDM.jO3CmvR0C1ryUEhrbJl29J3sN5WmMDs2vv1ExYfKBCk&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=5kOSP1Szu9sSUcww
5.389 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:400 message:{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client","status_code":400,"error_debug":"The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found."}
5.389 response {'error_debug': 'The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.', 'error_description': 'The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client', 'error': 'invalid_grant', 'status_code': 400}
5.389 event Got expected error
5.389 TokenErrorResponse {
    "error": "invalid_grant",
    "error_debug": "The authorization code has already been used.Additionally, an error occurred during processing the refresh token revocation: Not found.",
    "error_description": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
    "status_code": 400
}
5.39 phase <--<-- 7 --- Done -->-->
5.39 end 
5.39 assertion VerifyResponse
5.39 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
5.39 condition Done: status=OK



============================================================

Conditions

verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK



============================================================

RESULT: PASSED