internal/certification/I.F.T.T.s/OP-nonce-noncode.txt
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-nonce-noncode
Test description: Request with nonce, verifies it was returned in ID Token [Implicit, Hybrid]
Timestamp: 2018-06-23T11:27:57Z
============================================================
Trace output
0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.114 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.115 ProviderConfigurationResponse {
"authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
"claims_parameter_supported": false,
"claims_supported": [
"sub"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://oidc-certification.ory.sh:8443/",
"jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
"registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
"fragment"
],
"response_types_supported": [
"code",
"code id_token",
"id_token",
"token id_token",
"token",
"token id_token code"
],
"scopes_supported": [
"offline",
"openid"
],
"subject_types_supported": [
"pairwise",
"public"
],
"token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"none"
],
"userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"RS256"
],
"version": "3.0"
}
0.115 phase <--<-- 2 --- Registration -->-->
0.115 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['id_token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.116 RegistrationRequest {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61353/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#jfMQN53pPWreCiSE"
],
"response_types": [
"id_token"
]
}
0.272 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.273 RegistrationResponse {
"client_id": "6c7f57c7-695a-4963-8455-2e013ca8ca54",
"client_secret": "d6dII5njj3Wi",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit"
],
"id": "6c7f57c7-695a-4963-8455-2e013ca8ca54",
"jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
"public": false,
"redirect_uris": [
"https://op.certification.openid.net:61353/authz_cb"
],
"request_uris": [
"https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#jfMQN53pPWreCiSE"
],
"response_types": [
"id_token"
],
"scope": "openid offline offline_access profile email address phone",
"token_endpoint_auth_method": "client_secret_basic",
"userinfo_signed_response_alg": "none"
}
0.273 phase <--<-- 3 --- AsyncAuthn -->-->
0.274 AuthorizationRequest {
"client_id": "6c7f57c7-695a-4963-8455-2e013ca8ca54",
"nonce": "lSChZpbwZ3eqChYb",
"redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
"response_type": "id_token",
"scope": "openid",
"state": "oRvATxqAZueTGZlz"
}
0.274 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6c7f57c7-695a-4963-8455-2e013ca8ca54&state=oRvATxqAZueTGZlz&response_type=id_token&nonce=lSChZpbwZ3eqChYb
0.274 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=6c7f57c7-695a-4963-8455-2e013ca8ca54&state=oRvATxqAZueTGZlz&response_type=id_token&nonce=lSChZpbwZ3eqChYb
2.445 http args {}
2.663 response URL with fragment
2.663 response id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowNWMyNDc4ZC02M2VkLTQ3YzgtYWQ5Mi03NTE4MWE1NjdmYTAiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmM3ZjU3YzctNjk1YS00OTYzLTg0NTUtMmUwMTNjYThjYTU0Il0sImF1dGhfdGltZSI6MTUyOTc1MzEzNiwiZXhwIjoxNTI5NzU2ODc2LCJpYXQiOjE1Mjk3NTMyNzYsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjVmNTE4NGE1LWM5OTgtNGU0My04ZjQ2LWU2MjQyZWRkNmU2OCIsIm5vbmNlIjoibFNDaFpwYndaM2VxQ2hZYiIsInJhdCI6MTUyOTc1MzI3NSwic3ViIjoiZm9vQGJhci5jb20ifQ.JAyLpgLrWAuWU4j8H35ZtaJiy7Hy-AkSocV9X9WdzRyUSixwqbyYCF2nX_UUS4WTWRYh4RstQyHVjvkMU0OLnf4VuCcM71wk4_yxnWxxBYeu8YIZa9hBLm6lyQNbHjwxSs0BOubq9-nYaqs_GOm-0cJ43mvjF5olw7vyOSSebRtp2RwPjEJknb-9ls3CCKXbZUpEaCSbpZJViSOAV2heGiI8FXz0VYWAa6cN-7AhTc-FCNUN5DaZ0boXAhNXLsTVuIpgN0Ma7XP5xp2HR42JGBooB8XP4jv5iaHZJnv6WG0Kw2xeaKKtpmEBlZAugMMPj-N_o0BCmg8ZhuGhvNnwi0v9u0_bpi48i5O-wjS64-7WCmysq1JywOv_jLYJnCSN1Q1Bej6qhzzvKNFMGSv-xk9ThF64YMx-as9Kuj1xr4-Jw1GT0TcowkcY7njN16nhGLpMFUcFJeC7R_-pQwMJGc8cgUeG60Rmw6G14klRymStc-p6Mpsie6VGcNyzIjmEN2LmF3QI7GvyDyvxyXkQk9a5cg8R510KDbLefXsiIhq6fssfDF9j9JtKExTgYOKQ5v90U2Imt6quCkOi40Yu0uiFuevAyuihhcaJUcbuBmgZO747xQhN6OCDj1nTi0S3SDLYcL0orlSPBEW-f9mm_V4AulUho8P9RysjkWzgNKU&state=oRvATxqAZueTGZlz
2.663 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzowNWMyNDc4ZC02M2VkLTQ3YzgtYWQ5Mi03NTE4MWE1NjdmYTAiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiNmM3ZjU3YzctNjk1YS00OTYzLTg0NTUtMmUwMTNjYThjYTU0Il0sImF1dGhfdGltZSI6MTUyOTc1MzEzNiwiZXhwIjoxNTI5NzU2ODc2LCJpYXQiOjE1Mjk3NTMyNzYsImlzcyI6Imh0dHBzOi8vb2lkYy1jZXJ0aWZpY2F0aW9uLm9yeS5zaDo4NDQzLyIsImp0aSI6IjVmNTE4NGE1LWM5OTgtNGU0My04ZjQ2LWU2MjQyZWRkNmU2OCIsIm5vbmNlIjoibFNDaFpwYndaM2VxQ2hZYiIsInJhdCI6MTUyOTc1MzI3NSwic3ViIjoiZm9vQGJhci5jb20ifQ.JAyLpgLrWAuWU4j8H35ZtaJiy7Hy-AkSocV9X9WdzRyUSixwqbyYCF2nX_UUS4WTWRYh4RstQyHVjvkMU0OLnf4VuCcM71wk4_yxnWxxBYeu8YIZa9hBLm6lyQNbHjwxSs0BOubq9-nYaqs_GOm-0cJ43mvjF5olw7vyOSSebRtp2RwPjEJknb-9ls3CCKXbZUpEaCSbpZJViSOAV2heGiI8FXz0VYWAa6cN-7AhTc-FCNUN5DaZ0boXAhNXLsTVuIpgN0Ma7XP5xp2HR42JGBooB8XP4jv5iaHZJnv6WG0Kw2xeaKKtpmEBlZAugMMPj-N_o0BCmg8ZhuGhvNnwi0v9u0_bpi48i5O-wjS64-7WCmysq1JywOv_jLYJnCSN1Q1Bej6qhzzvKNFMGSv-xk9ThF64YMx-as9Kuj1xr4-Jw1GT0TcowkcY7njN16nhGLpMFUcFJeC7R_-pQwMJGc8cgUeG60Rmw6G14klRymStc-p6Mpsie6VGcNyzIjmEN2LmF3QI7GvyDyvxyXkQk9a5cg8R510KDbLefXsiIhq6fssfDF9j9JtKExTgYOKQ5v90U2Imt6quCkOi40Yu0uiFuevAyuihhcaJUcbuBmgZO747xQhN6OCDj1nTi0S3SDLYcL0orlSPBEW-f9mm_V4AulUho8P9RysjkWzgNKU', 'state': 'oRvATxqAZueTGZlz'}
2.745 AuthorizationResponse {
"id_token": {
"aud": [
"6c7f57c7-695a-4963-8455-2e013ca8ca54"
],
"auth_time": 1529753136,
"exp": 1529756876,
"iat": 1529753276,
"iss": "https://oidc-certification.ory.sh:8443/",
"jti": "5f5184a5-c998-4e43-8f46-e6242edd6e68",
"nonce": "lSChZpbwZ3eqChYb",
"rat": 1529753275,
"sub": "foo@bar.com"
},
"state": "oRvATxqAZueTGZlz"
}
2.745 phase <--<-- 4 --- AccessToken -->-->
2.745 phase <--<-- 5 --- Done -->-->
2.745 end
2.746 assertion VerifyResponse
2.746 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2.746 assertion CheckIdTokenNonce
2.746 condition check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
2.746 condition Done: status=OK
============================================================
Conditions
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
Done: status=OK
============================================================
RESULT: PASSED