internal/certification/CT.F.T.T.s/OP-prompt-login.txt
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-prompt-login
Test description: Request with prompt=login
Timestamp: 2018-06-23T11:09:43Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.074 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.075 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.075 phase <--<-- 2 --- Registration -->-->
0.075 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['code token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['authorization_code', 'implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.076 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#apXOC3OsrsDK4AdK"
],
"response_types": [
"code token"
]
}
0.265 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.266 RegistrationResponse {
"client_id": "46129dfb-46de-4ce5-b4b3-2fc9bb0d277a",
"client_secret": "XvyjqE-MZ1vS",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"id": "46129dfb-46de-4ce5-b4b3-2fc9bb0d277a",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#apXOC3OsrsDK4AdK"
],
"response_types": [
"code token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.266 phase <--<-- 3 --- AsyncAuthn -->-->
0.267 AuthorizationRequest {
"client_id": "46129dfb-46de-4ce5-b4b3-2fc9bb0d277a",
"nonce": "iOLag6g7ApsPGGIC",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code token",
"scope": "openid",
"state": "OxJonVCISKJ4sXea"
}
0.267 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=46129dfb-46de-4ce5-b4b3-2fc9bb0d277a&state=OxJonVCISKJ4sXea&response_type=code+token&nonce=iOLag6g7ApsPGGIC
0.267 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=46129dfb-46de-4ce5-b4b3-2fc9bb0d277a&state=OxJonVCISKJ4sXea&response_type=code+token&nonce=iOLag6g7ApsPGGIC
3.102 http args {}
3.267 response URL with fragment
3.267 response access_token=TgJaoA1C4IMLuilHPMxJyY010vTUhsI42YVJD0RcK4c.SNBvg6Jh7g-0LYSRetKDiv9nM5eI7ygEJAt1q6FnwVI&code=hyQrdNXgUqzRupJeArU1QnhlbRvHze82lU1unLgt-f4.0cSlW7ILAfGe1SPHroXbMDjOPngPA3ZZ4QU5EUwqn4s&expires_in=3599&scope=openid&state=OxJonVCISKJ4sXea&token_type=bearer
3.267 response {'scope': 'openid', 'code': 'hyQrdNXgUqzRupJeArU1QnhlbRvHze82lU1unLgt-f4.0cSlW7ILAfGe1SPHroXbMDjOPngPA3ZZ4QU5EUwqn4s', 'access_token': 'TgJaoA1C4IMLuilHPMxJyY010vTUhsI42YVJD0RcK4c.SNBvg6Jh7g-0LYSRetKDiv9nM5eI7ygEJAt1q6FnwVI', 'state': 'OxJonVCISKJ4sXea', 'expires_in': 3599, 'token_type': 'bearer'}
3.268 AuthorizationResponse {
"access_token": "TgJaoA1C4IMLuilHPMxJyY010vTUhsI42YVJD0RcK4c.SNBvg6Jh7g-0LYSRetKDiv9nM5eI7ygEJAt1q6FnwVI",
"code": "hyQrdNXgUqzRupJeArU1QnhlbRvHze82lU1unLgt-f4.0cSlW7ILAfGe1SPHroXbMDjOPngPA3ZZ4QU5EUwqn4s",
"expires_in": 3599,
"scope": "openid",
"state": "OxJonVCISKJ4sXea",
"token_type": "bearer"
}
3.268 phase <--<-- 4 --- AccessToken -->-->
3.268 --> request op_args: {'state': 'OxJonVCISKJ4sXea'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
3.268 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'OxJonVCISKJ4sXea', 'code': 'hyQrdNXgUqzRupJeArU1QnhlbRvHze82lU1unLgt-f4.0cSlW7ILAfGe1SPHroXbMDjOPngPA3ZZ4QU5EUwqn4s', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '46129dfb-46de-4ce5-b4b3-2fc9bb0d277a'}, 'state': 'OxJonVCISKJ4sXea'}
3.269 AccessTokenRequest {
"code": "hyQrdNXgUqzRupJeArU1QnhlbRvHze82lU1unLgt-f4.0cSlW7ILAfGe1SPHroXbMDjOPngPA3ZZ4QU5EUwqn4s",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "OxJonVCISKJ4sXea"
}
3.269 request_url https://oidc-certification.ory.sh:8443/oauth2/token
3.269 request_http_args {'headers': {'Authorization': 'Basic NDYxMjlkZmItNDZkZS00Y2U1LWI0YjMtMmZjOWJiMGQyNzdhOlh2eWpxRS1NWjF2Uw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
3.269 request code=hyQrdNXgUqzRupJeArU1QnhlbRvHze82lU1unLgt-f4.0cSlW7ILAfGe1SPHroXbMDjOPngPA3ZZ4QU5EUwqn4s&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=OxJonVCISKJ4sXea
3.493 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
3.494 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo1MTk4ZGI1Yi04NzhjLTQ2MzUtYTUzOC1lNjI3Zjk4ZGU5M2UiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiQll0Nmgtampub25NNnVxbkFUSHpXZyIsImF1ZCI6WyI0NjEyOWRmYi00NmRlLTRjZTUtYjRiMy0yZmM5YmIwZDI3N2EiXSwiYXV0aF90aW1lIjoxNTI5NzUxODI0LCJjX2hhc2giOiJGYXU1SC1nQUZ0SGxRREpFOU9SRERBIiwiZXhwIjoxNTI5NzU1Nzc1LCJpYXQiOjE1Mjk3NTIxNzYsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjY1ZDMwNWY5LTgzYjEtNDBhNi1hMzUwLTViYWQyMzA2ZGUyNCIsIm5vbmNlIjoiaU9MYWc2ZzdBcHNQR0dJQyIsInJhdCI6MTUyOTc1MjE3Mywic3ViIjoiZm9vQGJhci5jb20ifQ.iHYA-WUzduyd2acTVNm6-7SYyM0jLRFtC7vg1EwnqxpOkXjBBNk_2ufC6ApJgpG76Rwr_oCSyCTLwM7zc8DftlrsX33OK3-VQymY7yKu3woxRMK3fKhIIo9w41H28Ww1BPRDORb0WQeagHtD9x_cAkrRNTRr9DbFPyk4BO2IEmlLt6gF-aUDctuh8Lu5iab_Lwv9ShSmg1z4WHrgkFwaankPpGwrSCh_kH5v9JsQoM6rSpzj3qUpSs4VZVbBmCtjX7jh1ptIgGbzqRkgtd8tqu4v1jHp2Ca6MLs0hjfGLgyRx_NXgCOvWPAu3jwqlRhrcWVFztpjH-OhD9PBWqc5ayDFEK6_E95J3DsrqhlZBLaZPS1cetF0twpwV_ixFta4GYAnoxRgRQpf4LE9-0d2D7Jn_nLxzBFVUUsbhYwVPT0zEsPgz2tP_BZPZYEh_c282aXhbQxv-eNLVCeTWhpNqak6V6Z5kPnAh6hJk88dN1HapAY7nQb5xerlCKVVZVj4v6BTNG_bsXsNxRbBvRgtgRba0wKeaW-HoKg_vJAg8n7L1cxVqf_p24kKZl4z9P4JotwO2nUtRvyphz1mc_QoxXN477qPcY-fsCaNu_bS_aXfZE-YtAQMqRSy5LY6UmQ4tqNNUYIbQzW9J3p1zV5r0xqY-QiI8_RpQ6ehNqZcUh4', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'zuI4-to027AyzbpRYXE94xcvjIaNgROr9NnyqdVQrZk.qY06G82A45RCtVIEOMta15weQOrP_yHaNtK2impXru4', 'scope': 'openid'}
3.578 AccessTokenResponse {
"access_token": "zuI4-to027AyzbpRYXE94xcvjIaNgROr9NnyqdVQrZk.qY06G82A45RCtVIEOMta15weQOrP_yHaNtK2impXru4",
"expires_in": 3599,
"id_token": {
"at_hash": "BYt6h-jjnonM6uqnATHzWg",
"aud": [
"46129dfb-46de-4ce5-b4b3-2fc9bb0d277a"
],
"auth_time": 1529751824,
"c_hash": "Fau5H-gAFtHlQDJE9ORDDA",
"exp": 1529755775,
"iat": 1529752176,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "65d305f9-83b1-40a6-a350-5bad2306de24",
"nonce": "iOLag6g7ApsPGGIC",
"rat": 1529752173,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
3.578 phase <--<-- 5 --- Note -->-->
5.202 phase <--<-- 6 --- AsyncAuthn -->-->
5.203 AuthorizationRequest {
"client_id": "46129dfb-46de-4ce5-b4b3-2fc9bb0d277a",
"nonce": "m9WEakyAVyeDBYe2",
"prompt": [
"login"
],
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "code token",
"scope": "openid",
"state": "erD64EP0yuZD53Mr"
}
5.203 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=login&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=46129dfb-46de-4ce5-b4b3-2fc9bb0d277a&state=erD64EP0yuZD53Mr&response_type=code+token&nonce=m9WEakyAVyeDBYe2
5.203 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?prompt=login&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=46129dfb-46de-4ce5-b4b3-2fc9bb0d277a&state=erD64EP0yuZD53Mr&response_type=code+token&nonce=m9WEakyAVyeDBYe2
10.247 http args {}
10.412 response URL with fragment
10.412 response access_token=u1MSz7I4ZGlyzo6b8QM7GJBa5eZlB1DC1N86xSL2Sk4.ZxnXCbq_Oo0MvUmeMilHE-kJNAvlFijYR_awdq47Ciw&code=K-JATHbuFAeRJyqSuZJtwkUwsmi05mvCuzVwQUdfUGU.Bl2Ts0YiPZeuPwuLQarNbnilJzLpFDanDPYeBhyrgEo&expires_in=3599&scope=openid&state=erD64EP0yuZD53Mr&token_type=bearer
10.413 response {'scope': 'openid', 'code': 'K-JATHbuFAeRJyqSuZJtwkUwsmi05mvCuzVwQUdfUGU.Bl2Ts0YiPZeuPwuLQarNbnilJzLpFDanDPYeBhyrgEo', 'access_token': 'u1MSz7I4ZGlyzo6b8QM7GJBa5eZlB1DC1N86xSL2Sk4.ZxnXCbq_Oo0MvUmeMilHE-kJNAvlFijYR_awdq47Ciw', 'state': 'erD64EP0yuZD53Mr', 'expires_in': 3599, 'token_type': 'bearer'}
10.413 AuthorizationResponse {
"access_token": "u1MSz7I4ZGlyzo6b8QM7GJBa5eZlB1DC1N86xSL2Sk4.ZxnXCbq_Oo0MvUmeMilHE-kJNAvlFijYR_awdq47Ciw",
"code": "K-JATHbuFAeRJyqSuZJtwkUwsmi05mvCuzVwQUdfUGU.Bl2Ts0YiPZeuPwuLQarNbnilJzLpFDanDPYeBhyrgEo",
"expires_in": 3599,
"scope": "openid",
"state": "erD64EP0yuZD53Mr",
"token_type": "bearer"
}
10.413 phase <--<-- 7 --- AccessToken -->-->
10.414 --> request op_args: {'state': 'erD64EP0yuZD53Mr'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb'}
10.414 do_access_token_request kwargs:{'request_args': {'grant_type': 'authorization_code', 'state': 'erD64EP0yuZD53Mr', 'code': 'K-JATHbuFAeRJyqSuZJtwkUwsmi05mvCuzVwQUdfUGU.Bl2Ts0YiPZeuPwuLQarNbnilJzLpFDanDPYeBhyrgEo', 'redirect_uri': 'https://op.certification.openid.net:61353/authz_cb', 'client_id': '46129dfb-46de-4ce5-b4b3-2fc9bb0d277a'}, 'state': 'erD64EP0yuZD53Mr'}
10.414 AccessTokenRequest {
"code": "K-JATHbuFAeRJyqSuZJtwkUwsmi05mvCuzVwQUdfUGU.Bl2Ts0YiPZeuPwuLQarNbnilJzLpFDanDPYeBhyrgEo",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"state": "erD64EP0yuZD53Mr"
}
10.414 request_url https://oidc-certification.ory.sh:8443/oauth2/token
10.414 request_http_args {'headers': {'Authorization': 'Basic NDYxMjlkZmItNDZkZS00Y2U1LWI0YjMtMmZjOWJiMGQyNzdhOlh2eWpxRS1NWjF2Uw==', 'Content-Type': 'application/x-www-form-urlencoded'}}
10.414 request code=K-JATHbuFAeRJyqSuZJtwkUwsmi05mvCuzVwQUdfUGU.Bl2Ts0YiPZeuPwuLQarNbnilJzLpFDanDPYeBhyrgEo&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&grant_type=authorization_code&state=erD64EP0yuZD53Mr
10.629 http response url:https://oidc-certification.ory.sh:8443/oauth2/token status_code:200
10.631 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo1MTk4ZGI1Yi04NzhjLTQ2MzUtYTUzOC1lNjI3Zjk4ZGU5M2UiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoieG1UMlNIZ0d0MDlzNm14ZnVSckhnUSIsImF1ZCI6WyI0NjEyOWRmYi00NmRlLTRjZTUtYjRiMy0yZmM5YmIwZDI3N2EiXSwiYXV0aF90aW1lIjoxNTI5NzUyMTgwLCJjX2hhc2giOiJ0VTJBbDFvZlRFbWoxcWhqcjlHZU93IiwiZXhwIjoxNTI5NzU1NzgyLCJpYXQiOjE1Mjk3NTIxODMsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6ImJmOGQ1ZWJhLWRkZWQtNDhiMi1iNWMzLWQ1MjkxYmY2OTFlMyIsIm5vbmNlIjoibTlXRWFreUFWeWVEQlllMiIsInJhdCI6MTUyOTc1MjE3OCwic3ViIjoiZm9vQGJhci5jb20ifQ.oszdUgDh87_vssed3cxeMyY1MI1INzaM2m096WeRtGduR4kRWR48M8Le1WEbRNebs4zPwXc_AK5Z6Ptc-_aeJSsveSBaKiREW3l_eY0ids4LnCyY4hgn-wSxYI61uki25fbXBIUtzudCbF8E2iQGYMNaNtIENflhfggj8laceOhti3zvqIzGzYJ4e7ZpSTAFcra0JKiy-7e3Xj_k7emPCZRgknApZNvdSqh2Su9ZATWlP6Kw_nhj9Jq_f6cZYPxE-kZJq7B2kkt2aE8w3lGKdIPckyIkT5qxvdGTsxcQTgce62Auwo9HZCT857_OMYhzlgpUlKNJmptwkbKpcTKHXzUtOhoJLS76z4Ojaxcjl64OreUz3UD0pno7klClsB6s-N__lpJWl8ppRktf7vnbXXMCmKERCad0nrVMLfQ2uP-ILczUHDaMXx_xqli0fFLHtbOhsa8VrkTnOxHRMnBTKt8X4Ahxn6AYtBY602ifUsBz0GewZRUTI2f6oQVUBwGem_CckXt_aX0NrOa9wT8N8bp_A0jsd4NRAfmtIQiikHG6pZc1swC8S_xkansH3ZPLPKLtu41hEbFc_AcmcS0Axu3GIrHPeCS6VAOzsW222jd-zSvbRQk1IDMURpf5mn9883d0ZKIUCWg36Ru5wDlS942R5G-K9aBroph-kXdHiiY', 'token_type': 'bearer', 'expires_in': 3599, 'access_token': 'qnjfvcCk1AN2abJCo01DuPgOH2kcOg64zB1fMH-yiPk.73vJqGoDhRwDnoCyvU5aaHHkAj-g1THxNv8O5QsIANE', 'scope': 'openid'}
10.634 AccessTokenResponse {
"access_token": "qnjfvcCk1AN2abJCo01DuPgOH2kcOg64zB1fMH-yiPk.73vJqGoDhRwDnoCyvU5aaHHkAj-g1THxNv8O5QsIANE",
"expires_in": 3599,
"id_token": {
"at_hash": "xmT2SHgGt09s6mxfuRrHgQ",
"aud": [
"46129dfb-46de-4ce5-b4b3-2fc9bb0d277a"
],
"auth_time": 1529752180,
"c_hash": "tU2Al1ofTEmj1qhjr9GeOw",
"exp": 1529755782,
"iat": 1529752183,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "bf8d5eba-dded-48b2-b5c3-d5291bf691e3",
"nonce": "m9WEakyAVyeDBYe2",
"rat": 1529752178,
"sub": "foo@bar.com"
},
"scope": "openid",
"token_type": "bearer"
}
10.634 phase <--<-- 8 --- Done -->-->
10.634 end
10.635 assertion VerifyResponse
10.635 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
10.635 assertion MultipleSignOn
10.635 condition multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
10.635 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow]
Done: status=OK
============================================================
RESULT: PASSED