internal/certification/IT.F.T.T.s/OP-scope-email.txt from ory-am/hydra

internal/certification/IT.F.T.T.s/OP-scope-email.txt
Summary

Maintainability

Test Coverage

Issues
Test tool version: 2.1.3
Issuer: https://oidc-certification.ory.sh:8443/
Profile: []
Test ID: OP-scope-email
Test description: Scope requesting email claims
Timestamp: 2018-06-23T11:24:52Z

============================================================

Trace output

0.0 phase <--<-- 0 --- Webfinger -->-->
0.0 not expected to do WebFinger
0.0 phase <--<-- 1 --- Discovery -->-->
0.0 provider_config kwargs:{'issuer': 'https://oidc-certification.ory.sh:8443/'}
0.075 http response url:https://oidc-certification.ory.sh:8443/.well-known/openid-configuration status_code:200
0.076 ProviderConfigurationResponse {
    "authorization_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/auth",
    "claims_parameter_supported": false,
    "claims_supported": [
        "sub"
    ],
    "grant_types_supported": [
        "authorization_code",
        "implicit",
        "client_credentials",
        "refresh_token"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "issuer": "https://oidc-certification.ory.sh:8443/",
    "jwks_uri": "https://oidc-certification.ory.sh:8443/.well-known/jwks.json",
    "registration_endpoint": "https://oidc-certification.ory.sh:8443/clients",
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": true,
    "response_modes_supported": [
        "query",
        "fragment"
    ],
    "response_types_supported": [
        "code",
        "code id_token",
        "id_token",
        "token id_token",
        "token",
        "token id_token code"
    ],
    "scopes_supported": [
        "offline",
        "openid"
    ],
    "subject_types_supported": [
        "pairwise",
        "public"
    ],
    "token_endpoint": "https://oidc-certification.ory.sh:8443/oauth2/token",
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic",
        "private_key_jwt",
        "none"
    ],
    "userinfo_endpoint": "https://oidc-certification.ory.sh:8443/userinfo",
    "userinfo_signing_alg_values_supported": [
        "none",
        "RS256"
    ],
    "version": "3.0"
}
0.076 phase <--<-- 2 --- Registration -->-->
0.076 register kwargs:{'application_name': 'OIC test tool', 'response_types': ['id_token token'], 'contacts': ['roland@example.com'], 'redirect_uris': ['https://op.certification.openid.net:61353/authz_cb'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61353/logout'], 'jwks_uri': 'https://op.certification.openid.net:61353/static/jwks_61353.json', 'grant_types': ['implicit'], 'application_type': 'web', 'url': 'https://oidc-certification.ory.sh:8443/clients'}
0.077 RegistrationRequest {
    "application_type": "web",
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "implicit"
    ],
    "jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61353/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61353/authz_cb"
    ],
    "request_uris": [
        "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#FTG0BCrkbr9LEY7M"
    ],
    "response_types": [
        "id_token token"
    ]
}
0.233 http response url:https://oidc-certification.ory.sh:8443/clients status_code:201
0.234 RegistrationResponse {
    "client_id": "e61b2122-3e5e-4498-a4df-76f8b8b64ce9",
    "client_secret": "9Qa29O0YLD4h",
    "client_secret_expires_at": 0,
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "implicit"
    ],
    "id": "e61b2122-3e5e-4498-a4df-76f8b8b64ce9",
    "jwks_uri": "https://op.certification.openid.net:61353/static/jwks_61353.json",
    "public": false,
    "redirect_uris": [
        "https://op.certification.openid.net:61353/authz_cb"
    ],
    "request_uris": [
        "https://op.certification.openid.net:61353/requests/e3ecc141f5419bd33d25d760861d32323144d583feaf26eb1b5cbf20147608b9#FTG0BCrkbr9LEY7M"
    ],
    "response_types": [
        "id_token token"
    ],
    "scope": "openid offline offline_access profile email address phone",
    "token_endpoint_auth_method": "client_secret_basic",
    "userinfo_signed_response_alg": "none"
}
0.234 phase <--<-- 3 --- AsyncAuthn -->-->
0.235 condition Check support: status=WARNING, message=No support for: scopes_supported=['email']
0.235 AuthorizationRequest {
    "client_id": "e61b2122-3e5e-4498-a4df-76f8b8b64ce9",
    "nonce": "MM3cT5X4NqSHrlqa",
    "redirect_uri": "https://op.certification.openid.net:61353/authz_cb",
    "response_type": "id_token token",
    "scope": "openid email",
    "state": "Hkw2BtJOjXgXYmIf"
}
0.235 redirect url https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+email&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=e61b2122-3e5e-4498-a4df-76f8b8b64ce9&state=Hkw2BtJOjXgXYmIf&response_type=id_token+token&nonce=MM3cT5X4NqSHrlqa
0.235 redirect https://oidc-certification.ory.sh:8443/oauth2/auth?scope=openid+email&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61353%2Fauthz_cb&client_id=e61b2122-3e5e-4498-a4df-76f8b8b64ce9&state=Hkw2BtJOjXgXYmIf&response_type=id_token+token&nonce=MM3cT5X4NqSHrlqa
4.04 http args {}
4.239 response URL with fragment
4.239 response access_token=pvFEQTbQXPmj093UotBKf9-xus13tVPOlwvgKTYUV2M.bfeyH2dodA5FOiyueqC4Ckn6kRo90eb5e2qx6JNjVYM&expires_in=3599&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0YWU0OWJmNC05ZGEwLTRhODItYmNjZS04OTNjMzcyOWYyMmEiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiWi1RSDZuTkx0T0h4WkF2N1QyOWxmUSIsImF1ZCI6WyJlNjFiMjEyMi0zZTVlLTQ0OTgtYTRkZi03NmY4YjhiNjRjZTkiXSwiYXV0aF90aW1lIjoxNTI5NzUzMDA5LCJleHAiOjE1Mjk3NTY2OTEsImlhdCI6MTUyOTc1MzA5MSwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvIiwianRpIjoiN2VkODUwNGItMzdhZi00NjBkLTgxMTAtNDM4MTIwNzk0NzJjIiwibm9uY2UiOiJNTTNjVDVYNE5xU0hybHFhIiwicmF0IjoxNTI5NzUzMDg4LCJzdWIiOiJmb29AYmFyLmNvbSJ9.fPntVONhR_FTvgVnXRvL0qVLsalMyOrq8vHuo5wjU6Ls77JGybfD6KhfG7MAY-zdnboRGac_Jgmhmolum0enqw7BtnfJKbgvbZYifaG53yJ-07PvQEGRAIYMt7DgiV1Vq_YcO-NghoD0P2r7wqZy7g8X_AneJdqJGU4497PrgGXN6aTxpA6CNaAvD394Gywimk4EPzLGirbvOuDSly-IYbmh27PmIEfuKgE9k6RWbT2Eu6c2GAV7EkWTQqbVbbavPZo-4C8z6B4obLzXQPJoGzV4Qli08k1EiwIR2ODGZE6Fp66nOyI7SL_OoLoEn7V74ABK9ZCMiC7ZUfD_VqvlkQxt7W3nA8xwt8myztt_DLTdQrjmDmab1fh5qCu9SFzq336VWXFAxI_D9_8QL6uOt2oLmpujk-_Iiq7ZnEQoEZQfreQ6ZqqnEUHe8VLXqO_ajn6MfOSf_Suw6wrkCKQr1VlFLdcSG12P2Hr2--A-HBqUm57Dgd7gimBQ_FQeTlbrrarzYc837s0CZtsuYkfDghVr88byOr4nWxwjsvT0DfyU_Dq56iA2r5Fzi-Zq9xNa63NLca9sLD-cbAJntbBnioZouj8FcDz0SqHUXqGc6WJJQMgh5p7xcFRRoGQVzCuHn3rP0ShpwwvYrp9dgDd_HX1ovkk1ICB4dv5koiHeLh8&scope=openid%20email&state=Hkw2BtJOjXgXYmIf&token_type=bearer
4.239 response {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzo0YWU0OWJmNC05ZGEwLTRhODItYmNjZS04OTNjMzcyOWYyMmEiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiWi1RSDZuTkx0T0h4WkF2N1QyOWxmUSIsImF1ZCI6WyJlNjFiMjEyMi0zZTVlLTQ0OTgtYTRkZi03NmY4YjhiNjRjZTkiXSwiYXV0aF90aW1lIjoxNTI5NzUzMDA5LCJleHAiOjE1Mjk3NTY2OTEsImlhdCI6MTUyOTc1MzA5MSwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNlcnRpZmljYXRpb24ub3J5LnNoOjg0NDMvIiwianRpIjoiN2VkODUwNGItMzdhZi00NjBkLTgxMTAtNDM4MTIwNzk0NzJjIiwibm9uY2UiOiJNTTNjVDVYNE5xU0hybHFhIiwicmF0IjoxNTI5NzUzMDg4LCJzdWIiOiJmb29AYmFyLmNvbSJ9.fPntVONhR_FTvgVnXRvL0qVLsalMyOrq8vHuo5wjU6Ls77JGybfD6KhfG7MAY-zdnboRGac_Jgmhmolum0enqw7BtnfJKbgvbZYifaG53yJ-07PvQEGRAIYMt7DgiV1Vq_YcO-NghoD0P2r7wqZy7g8X_AneJdqJGU4497PrgGXN6aTxpA6CNaAvD394Gywimk4EPzLGirbvOuDSly-IYbmh27PmIEfuKgE9k6RWbT2Eu6c2GAV7EkWTQqbVbbavPZo-4C8z6B4obLzXQPJoGzV4Qli08k1EiwIR2ODGZE6Fp66nOyI7SL_OoLoEn7V74ABK9ZCMiC7ZUfD_VqvlkQxt7W3nA8xwt8myztt_DLTdQrjmDmab1fh5qCu9SFzq336VWXFAxI_D9_8QL6uOt2oLmpujk-_Iiq7ZnEQoEZQfreQ6ZqqnEUHe8VLXqO_ajn6MfOSf_Suw6wrkCKQr1VlFLdcSG12P2Hr2--A-HBqUm57Dgd7gimBQ_FQeTlbrrarzYc837s0CZtsuYkfDghVr88byOr4nWxwjsvT0DfyU_Dq56iA2r5Fzi-Zq9xNa63NLca9sLD-cbAJntbBnioZouj8FcDz0SqHUXqGc6WJJQMgh5p7xcFRRoGQVzCuHn3rP0ShpwwvYrp9dgDd_HX1ovkk1ICB4dv5koiHeLh8', 'scope': 'openid email', 'access_token': 'pvFEQTbQXPmj093UotBKf9-xus13tVPOlwvgKTYUV2M.bfeyH2dodA5FOiyueqC4Ckn6kRo90eb5e2qx6JNjVYM', 'state': 'Hkw2BtJOjXgXYmIf', 'expires_in': 3599, 'token_type': 'bearer'}
4.325 AuthorizationResponse {
    "access_token": "pvFEQTbQXPmj093UotBKf9-xus13tVPOlwvgKTYUV2M.bfeyH2dodA5FOiyueqC4Ckn6kRo90eb5e2qx6JNjVYM",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "Z-QH6nNLtOHxZAv7T29lfQ",
        "aud": [
            "e61b2122-3e5e-4498-a4df-76f8b8b64ce9"
        ],
        "auth_time": 1529753009,
        "exp": 1529756691,
        "iat": 1529753091,
        "iss": "https://oidc-certification.ory.sh:8443/",
        "jti": "7ed8504b-37af-460d-8110-43812079472c",
        "nonce": "MM3cT5X4NqSHrlqa",
        "rat": 1529753088,
        "sub": "foo@bar.com"
    },
    "scope": "openid email",
    "state": "Hkw2BtJOjXgXYmIf",
    "token_type": "bearer"
}
4.325 phase <--<-- 4 --- AccessToken -->-->
4.325 phase <--<-- 5 --- UserInfo -->-->
4.325 do_user_info_request kwargs:{'state': 'Hkw2BtJOjXgXYmIf', 'method': 'GET', 'authn_method': 'bearer_header'}
4.325 request {'body': None}
4.325 request_url https://oidc-certification.ory.sh:8443/userinfo
4.325 request_http_args {'headers': {'Authorization': 'Bearer pvFEQTbQXPmj093UotBKf9-xus13tVPOlwvgKTYUV2M.bfeyH2dodA5FOiyueqC4Ckn6kRo90eb5e2qx6JNjVYM'}}
4.405 http response url:https://oidc-certification.ory.sh:8443/userinfo status_code:200
4.406 OpenIDSchema {
    "sub": "foo@bar.com"
}
4.406 OpenIDSchema {
    "sub": "foo@bar.com"
}
4.406 phase <--<-- 6 --- Done -->-->
4.406 end 
4.407 assertion CheckHTTPResponse
4.407 condition check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
4.407 assertion VerifyResponse
4.407 condition verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
4.407 assertion VerifyScopes
4.408 condition verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['email', 'email_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
4.408 condition Done: status=OK



============================================================

Conditions

Check support: status=WARNING, message=No support for: scopes_supported=['email']
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
verify-scopes: status=WARNING, message=The following claims were missing from the returned information: ['email', 'email_verified'] [Verifies that the claims corresponding to the requested scopes are returned]
Done: status=OK



============================================================

RESULT: WARNING
Warnings:
No support for: scopes_supported=['email']
The following claims were missing from the returned information: ['email', 'email_verified']