OpenID Certification OP Test

Test info

Profile: {'openid-configuration': 'config', 'response_type': 'code', 'crypto': 'none+sign', 'registration': 'static'}
Timestamp: 2015-04-14T17:48:10Z
Test description: Verify that jwks_uri is published [Config, Dynamic]
Test ID: OP-Discovery-jwks_uri
Issuer: accounts.google.com

Test output


__After completing the test flow:__
[providerinfo-has-jwks_uri]
	status: OK
	description: Check that the jwks_uri discovery metadata value is in the provider_info
[check-http-response]
	status: OK
	description: Checks that the HTTP response status is within the 200 or 300 range
[bare-keys]
	status: OK
	description: Dynamic OPs MUST publish their public keys as bare JWK keys
__X:==== END ====__

Trace output


0.000282 ------------ DiscoveryRequest ------------
0.000293 Provider info discover from 'https://accounts.google.com'
0.000299 --> URL: https://accounts.google.com/.well-known/openid-configuration
0.037305 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://accounts.google.com/o/oauth2/auth",
  "claims_parameter_supported": false,
  "claims_supported": [
    "aud",
    "email",
    "email_verified",
    "exp",
    "family_name",
    "given_name",
    "iat",
    "iss",
    "locale",
    "name",
    "picture",
    "sub"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "issuer": "accounts.google.com",
  "jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
  "request_parameter_supported": false,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": true,
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code token",
    "code id_token",
    "token id_token",
    "code token id_token",
    "none"
  ],
  "revocation_endpoint": "https://accounts.google.com/o/oauth2/revoke",
  "scopes_supported": [
    "openid",
    "email",
    "profile"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://www.googleapis.com/oauth2/v3/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://www.googleapis.com/oauth2/v3/userinfo",
  "version": "3.0"
}
0.092846 JWKS: {
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "2a6d85e6e053b81b39315f033f4a6fb40e90c537",
      "kty": "RSA",
      "n": "1K0ovv-ljkjx_JoIq4Qxeezp7tB0en-09D7xc_OzvgB84M8RLpFszbi7jVkXhRI6c2xa7JtbpYCKmD3atvyM-xSJdMC3Fgwxh_h0zG3ckZdWuDaYL0uiuFTb3LgmQHSeDLUbqibwTYneS7-O-JYcplMqkERhtvGVrAj21AGHXbs",
      "use": "sig"
    },
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "f049b0571c3dc2c59cb5fc398146f3f7414a1580",
      "kty": "RSA",
      "n": "q-PZ4aSchysjk4XXQD5fKtyBiYMuUOpsNEc18T20ka25QJ0IZdgg_t6MFK7TLcz7XLmM7p0QshlCui0MfyT7my_0iBnYYY6zLuJkjNH6iIS_vvJtvjiraIpyUo-sFsEGtQCTD3FoRwZSnNVZk0ly1fX9UoVwkm9AV0W6OYEJIdU",
      "use": "sig"
    }
  ]
}
0.100795 ==== END ====

Result

PASSED