internal/certification/CT.F.T.T.s/OP-nonce-noncode.txt
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-nonce-noncode
Test description: Request with nonce, verifies it was returned in ID Token [Implicit, Hybrid]
Timestamp: 2018-06-23T11:09:31Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.079 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.081 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.081 phase <--<-- 2 --- Registration -->-->
0.081 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.081 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#UeKVOtLjrfWqweFu"
],
"response_types": [
"code token"
]
}
0.235 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.236 RegistrationResponse {
"client_id": "6d7ad1a2-3641-4a1c-b763-d3d474cb46da",
"client_secret": "WN8zQ75Kvm_K",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "6d7ad1a2-3641-4a1c-b763-d3d474cb46da",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#UeKVOtLjrfWqweFu"
],
"response_types": [
"code token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.236 phase <--<-- 3 --- AsyncAuthn -->-->
0.236 AuthorizationRequest {
"client_id": "6d7ad1a2-3641-4a1c-b763-d3d474cb46da",
"nonce": "IeQLF1N3sKy81Zs0",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code token",
"scope": "openid",
"state": "sJ73SXCnQINan2ib"
}
0.237 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6d7ad1a2-3641-4a1c-b763-d3d474cb46da&state=sJ73SXCnQINan2ib&response_type=code+token&nonce=IeQLF1N3sKy81Zs0
0.237 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6d7ad1a2-3641-4a1c-b763-d3d474cb46da&state=sJ73SXCnQINan2ib&response_type=code+token&nonce=IeQLF1N3sKy81Zs0
34.611 http args {}
34.773 response URL with fragment
34.774 response access_token=DEdGHhgsH-y8L4wwNJGFrkYENdqVCGPqSqGfwAtFOro.yER_dwjalTAG-LBvMfWkm74zunnGJq4qP_CEEL7P-Ts&code=Y9HyRBMLfZd3xmY2fd-wtNj3L9GLMF2A7hc9NgEO9SI.d9SwnmCj_Wyj_9s4aUWRe501EblFXSY7kdR1V0NJWSg&expires_in=3599&scope=openid&state=sJ73SXCnQINan2ib&token_type=bearer
34.774 response {'scope': 'openid', 'code': 'Y9HyRBMLfZd3xmY2fd-wtNj3L9GLMF2A7hc9NgEO9SI.d9SwnmCj_Wyj_9s4aUWRe501EblFXSY7kdR1V0NJWSg', 'access_token': 'DEdGHhgsH-y8L4wwNJGFrkYENdqVCGPqSqGfwAtFOro.yER_dwjalTAG-LBvMfWkm74zunnGJq4qP_CEEL7P-Ts', 'state': 'sJ73SXCnQINan2ib', 'expires_in': 3599, 'token_type': 'bearer'}
34.775 AuthorizationResponse {
"access_token": "DEdGHhgsH-y8L4wwNJGFrkYENdqVCGPqSqGfwAtFOro.yER_dwjalTAG-LBvMfWkm74zunnGJq4qP_CEEL7P-Ts",
"code": "Y9HyRBMLfZd3xmY2fd-wtNj3L9GLMF2A7hc9NgEO9SI.d9SwnmCj_Wyj_9s4aUWRe501EblFXSY7kdR1V0NJWSg",
"expires_in": 3599,
"scope": "openid",
"state": "sJ73SXCnQINan2ib",
"token_type": "bearer"
}
34.775 phase <--<-- 4 --- AccessToken -->-->
34.775 --> request op_args: {'state': 'sJ73SXCnQINan2ib'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
34.775 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'sJ73SXCnQINan2ib', 'code': 'Y9HyRBMLfZd3xmY2fd-wtNj3L9GLMF2A7hc9NgEO9SI.d9SwnmCj_Wyj_9s4aUWRe501EblFXSY7kdR1V0NJWSg', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '6d7ad1a2-3641-4a1c-b763-d3d474cb46da'}, 'state': 'sJ73SXCnQINan2ib'}
34.775 AccessTokenRequest {
"code": "Y9HyRBMLfZd3xmY2fd-wtNj3L9GLMF2A7hc9NgEO9SI.d9SwnmCj_Wyj_9s4aUWRe501EblFXSY7kdR1V0NJWSg",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "sJ73SXCnQINan2ib"
}
34.775 request_url https://oidc-certification.ory.sh:8443/oauth2/token
34.775 request_http_args {'headers': {'Authorization': 'Basic NmQ3YWQxYTItMzY0MS00YTFjLWI3NjMtZDNkNDc0Y2I0NmRhOldOOHpRNzVLdm1fSw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
34.775 request code=Y9HyRBMLfZd3xmY2fd-wtNj3L9GLMF2A7hc9NgEO9SI.d9SwnmCj_Wyj_9s4aUWRe501EblFXSY7kdR1V0NJWSg&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=sJ73SXCnQINan2ib
35.009 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
35.01 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo1MTk4ZGI1Yi04NzhjLTQ2MzUtYTUzOC1lNjI3Zjk4ZGU5M2UiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoidGVqajFrdzR6WjBDSHdTLW8wSFlvZyIsImF1ZCI6WyI2ZDdhZDFhMi0zNjQxLTRhMWMtYjc2My1kM2Q0NzRjYjQ2ZGEiXSwiYXV0aF90aW1lIjoxNTI5NzUxODI0LCJjX2hhc2giOiJkVnZjZ1ZoRTEtSDl6LWxiNThWTWxBIiwiZXhwIjoxNTI5NzU1NzcwLCJpYXQiOjE1Mjk3NTIxNzEsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjZhMzM3ZTI1LTA3NzctNGVjMS05MDYzLTI3MGEzOWU5NmJjZSIsIm5vbmNlIjoiSWVRTEYxTjNzS3k4MVpzMCIsInJhdCI6MTUyOTc1MjEzNiwic3ViIjoiZm9vQGJhci5jb20ifQ.h1DEmXH7F65nTly7dIyK76f_MKbzY05Y0noqVhTOQlvMaCo9KkyIcYUp3rtNRmMFvcV2hJGFNKBwUvIg5LGZyjKoTGNLkmeIL6aMgysal3BAMwp2l-guFtsNpgoN5VM0-gMYsTBvsif1_UJm-qi13zjd807x1LCvxks44Uy-SHMyhWyQtcC5gvEf5aBUSlk53u1CiwZaYt9QT8RA6FvQ51Sy_BhxUAqxjZ_xXsuHu2So6trzqjAq0sxInLysKwSL13f1jThTV0PAppIK1K-VCVxNFjbhPobyGY2UvgFwTMpfixuJoAWOgKN_9v6cyEGqXv4EuPsL0Vg99RXtMagNqRNuOIXooBZIyGbGmWsP66ueN9L43d5uz8SCqvzpgEfPeaRqjG27EAL8UtHDCk4c_bGEu4n9VHtqRx7OoClR2b4lX-wQLnmU_hIDtTKlft_fIf2wvTL38Kie_EnowiauNOdvrKteYEmWDE4xPUCBn5NPKA8Rz55VoikyGH8yjiR--nOJETvFOWKz2N8TTnkBJwChHMtH3IAgeP3Qq4sxQopdskpmbI1RlRo7pOsAAteVW-kix30DAKRYP74J_VqqanawnZ9kqJpi98NIxUchcFaXQDDsEjowVhyO96iIZ1tmE4EHjueB8M7IKZVED8mLsAFXysgn2w3EOdYMZbnERrY', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'AdD7cAZiciUGy7tsI9KR6kXocmewXYXayd3c44UnIqA.IOZBOS0PFmGopeli4DpQuiLcHTPEdDVfxC78IIM3aBI', 'scope': 'openid'}
35.091 AccessTokenResponse {
"access_token": "AdD7cAZiciUGy7tsI9KR6kXocmewXYXayd3c44UnIqA.IOZBOS0PFmGopeli4DpQuiLcHTPEdDVfxC78IIM3aBI",
"expires_in": 3599,
"id_token": {
"at_hash": "tejj1kw4zZ0CHwS-o0HYog",
"aud": [
"6d7ad1a2-3641-4a1c-b763-d3d474cb46da"
],
"auth_time": 1529751824,
"c_hash": "dVvcgVhE1-H9z-lb58VMlA",
"exp": 1529755770,
"iat": 1529752171,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "6a337e25-0777-4ec1-9063-270a39e96bce",
"nonce": "IeQLF1N3sKy81Zs0",
"rat": 1529752136,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
35.091 phase <--<-- 5 --- Done -->-->
35.091 end
35.092 assertion VerifyResponse
35.092 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
35.092 assertion CheckIdTokenNonce
35.092 condition check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
35.092 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
Done: status=OK
============================================================
RESULT: PASSED