Test info

Profile: {'openid-configuration': 'config', 'response_type': 'id_token', 'crypto': 'encrypt+none+sign', 'registration': 'static'}
Timestamp: 2016-02-02T00:24:23Z
Test description: Requesting ID Token with max_age=1 seconds restriction [Basic, Implicit, Hybrid]
Test ID: OP-Req-max_age=1
Issuer: https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth

Test output


__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[claims-check]
	status: OK
	description: Checks if specific claims is present or not
[verify-response]
	status: OK
	description: Checks that the last response was one of a possible set of OpenID Connect Responses
[multiple-sign-on]
	status: OK
	description: Verifies that multiple authentication was used in the flow
[auth_time-check]
	status: WARNING
	description: Check that the auth_time returned in the ID Token is in the expected range.
	info: auth_time [1454372674] not in the expected range: 1454372041 - 1454373263
__X:==== END ====__

Trace output


0.000333 ------------ DiscoveryRequest ------------
0.000348 Provider info discover from 'https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth'
0.000355 --> URL: https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/.well-known/openid-configuration
0.932282 ProviderConfigurationResponse: {
  "account_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/account",
  "authorization_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/authorise",
  "claims_parameter_supported": false,
  "claims_supported": [
    "address",
    "email",
    "family_name",
    "given_name",
    "name",
    "phone_number",
    "preferred_username",
    "sub",
    "updated_at"
  ],
  "display_values_supported": [
    "page",
    "popup",
    "touch",
    "wap"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "issuer": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth",
  "jwks_uri": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/keys",
  "request_parameter_supported": false,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": true,
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "token id_token"
  ],
  "revocation_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/revoke",
  "scopes_supported": [
    "openid",
    "address",
    "profile",
    "email",
    "phone"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/userinfo",
  "version": "3.0"
}
1.879159 JWKS: {
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "468b1763-142a-43da-96e0-53f2b6e1a7ac",
      "kty": "RSA",
      "n": "AM_U2ExHALTmiq8KLBZC7pKylVyr-r6oZrnwaUxQEMxZ6W8D0j_ijYmtj33qFqLCZ7iiAXC5DFDe96UxqxzAAsXUrqEHkhp2KWOZeXiyi0d-94jhZRLdpv9f_imWH-61d_Wj51XkXBSwUIZiwMYjP9ZeMK0gU5fU4fONBCnrIG6y-fbNSFsTiM-QvWG-KMU88o26XQNK924678_sgpVLYoeuKcEtEdvpNCGamttMMhi2B_vzVxn_dIbpsAGf5GbxCfyKw1w4Y9-bYX7YbV0GW25tjnh2Setfoo0EjImMeSQpXO-FYZgI39tSSF2Gm1d1aFu7bBlGYT9W1HUG3rRgUxs",
      "use": "sig"
    },
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "8e6e22ef-f655-4aec-b700-f9cc7f5fca64",
      "kty": "RSA",
      "n": "lXyIIyuY92tQqbnpryqEqLx3ZlZcikt9sK_buJZS5m4RaQxY-JCIvX61l_Kd2OVXTyBpQ17DXT0EgpqKQvKLSmV2Uc1kYanRUbCT3fWI9kNjsaGQW7Y6qXjjhLdXce876pS1lHEYXuF-GuNvhICFu9GvD8KAtiJ4J2jixfaVd6DqBNndPPIGQZCilK5SJxkHBF6Z7r6LE1Cn5ByHPMCkBzRu9BzpDTYH--G9b75oh9YgF8qxZukfAVKBr8UUobHhI2PumpaSsOlp0weCS5MQL7Ti01P4efY6jVZaY5o4NdXzO9OLyrpXlZq5uOXuDrj9jd6Ozr2mV7G2wOg_COOPAw",
      "use": "sig"
    }
  ]
}
1.886481 ------------ AuthorizationRequest ------------
1.886920 --> URL: https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/authorise?nonce=mMHhqBpSfzdT&state=JGVn69tHHiek1luD&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60441%2Fauthz_cb&response_type=id_token&client_id=403a008d-5a9b-46f3-873e-e683435a249b&scope=openid
1.886928 --> BODY: None
2.304159 QUERY_STRING:
4.016800 <-- id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjhlNmUyMmVmLWY2NTUtNGFlYy1iNzAwLWY5Y2M3ZjVmY2E2NCJ9.eyJpc3MiOiJodHRwczovL2VjMi01NC0xNTMtMTY5LTE1MS5hcC1zb3V0aGVhc3QtMi5jb21wdXRlLmFtYXpvbmF3cy5jb20vb2F1dGgiLCJhdWQiOiI0MDNhMDA4ZC01YTliLTQ2ZjMtODczZS1lNjgzNDM1YTI0OWIiLCJleHAiOiIxNDU0Mzc2MjQwIiwiaWF0IjoiMTQ1NDM3MjY0MCIsImF1dGhfdGltZSI6IjE0NTQzNzI1ODAiLCJub25jZSI6Im1NSGhxQnBTZnpkVCIsImF1dGhfbW9kZSI6InNpbXBsZSIsInN1YiI6IjRkMjVjYjQ3LWEwNjMtNDJjMS05ZmU0LWQxMDBmYjEwMDk4YyJ9.LYvKTKxvW8qxLHwssqVZz46s3UDhy4b0qgMg-CF21uYnvmqXziBcKPp2yicxjiVPdHCLyD-gVY2U6xmXq1ZHIca129B_LsRVQKZVhVSxFXWOu2wyWBbdMHpyBQdMaqFdcfMelra7YrAlnbnMzAIf0fe0LERheunww7nmbnCcU1oDC4wsi_ZYTjDs6eLOxE1_0JRfK7PSMeFMHqJoCHjBAaRYwWfO_fgdcylycu1q30tjG340Yor9OCipJznP8Pi5ULtjOa-7wIIpQ7XjRVFTa0jyFwfo7xqVy_Eyv5tgSmXr38PCwxcDsbEmp7mwG_75TNEyrg-6SJQFaq_JiCz7pg&state=JGVn69tHHiek1luD
4.956476 AuthorizationResponse: {
  "id_token": {
    "claims": {
      "aud": [
        "403a008d-5a9b-46f3-873e-e683435a249b"
      ],
      "auth_mode": "simple",
      "auth_time": "1454372580",
      "exp": "1454376240",
      "iat": "1454372640",
      "iss": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth",
      "nonce": "mMHhqBpSfzdT",
      "sub": "4d25cb47-a063-42c1-9fe4-d100fb10098c"
    },
    "jws header parameters": {
      "alg": "RS256",
      "kid": "8e6e22ef-f655-4aec-b700-f9cc7f5fca64",
      "typ": "JWT"
    }
  },
  "state": "JGVn69tHHiek1luD"
}
15.564185 ------------ DiscoveryRequest ------------
15.564208 Provider info discover from 'https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth'
15.564215 --> URL: https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/.well-known/openid-configuration
16.500873 ProviderConfigurationResponse: {
  "account_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/account",
  "authorization_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/authorise",
  "claims_parameter_supported": false,
  "claims_supported": [
    "address",
    "email",
    "family_name",
    "given_name",
    "name",
    "phone_number",
    "preferred_username",
    "sub",
    "updated_at"
  ],
  "display_values_supported": [
    "page",
    "popup",
    "touch",
    "wap"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "issuer": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth",
  "jwks_uri": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/keys",
  "request_parameter_supported": false,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": true,
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "token id_token"
  ],
  "revocation_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/revoke",
  "scopes_supported": [
    "openid",
    "address",
    "profile",
    "email",
    "phone"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/userinfo",
  "version": "3.0"
}
17.454493 JWKS: {
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "468b1763-142a-43da-96e0-53f2b6e1a7ac",
      "kty": "RSA",
      "n": "AM_U2ExHALTmiq8KLBZC7pKylVyr-r6oZrnwaUxQEMxZ6W8D0j_ijYmtj33qFqLCZ7iiAXC5DFDe96UxqxzAAsXUrqEHkhp2KWOZeXiyi0d-94jhZRLdpv9f_imWH-61d_Wj51XkXBSwUIZiwMYjP9ZeMK0gU5fU4fONBCnrIG6y-fbNSFsTiM-QvWG-KMU88o26XQNK924678_sgpVLYoeuKcEtEdvpNCGamttMMhi2B_vzVxn_dIbpsAGf5GbxCfyKw1w4Y9-bYX7YbV0GW25tjnh2Setfoo0EjImMeSQpXO-FYZgI39tSSF2Gm1d1aFu7bBlGYT9W1HUG3rRgUxs",
      "use": "sig"
    },
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "8e6e22ef-f655-4aec-b700-f9cc7f5fca64",
      "kty": "RSA",
      "n": "lXyIIyuY92tQqbnpryqEqLx3ZlZcikt9sK_buJZS5m4RaQxY-JCIvX61l_Kd2OVXTyBpQ17DXT0EgpqKQvKLSmV2Uc1kYanRUbCT3fWI9kNjsaGQW7Y6qXjjhLdXce876pS1lHEYXuF-GuNvhICFu9GvD8KAtiJ4J2jixfaVd6DqBNndPPIGQZCilK5SJxkHBF6Z7r6LE1Cn5ByHPMCkBzRu9BzpDTYH--G9b75oh9YgF8qxZukfAVKBr8UUobHhI2PumpaSsOlp0weCS5MQL7Ti01P4efY6jVZaY5o4NdXzO9OLyrpXlZq5uOXuDrj9jd6Ozr2mV7G2wOg_COOPAw",
      "use": "sig"
    }
  ]
}
18.376694 JWKS: {
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "468b1763-142a-43da-96e0-53f2b6e1a7ac",
      "kty": "RSA",
      "n": "AM_U2ExHALTmiq8KLBZC7pKylVyr-r6oZrnwaUxQEMxZ6W8D0j_ijYmtj33qFqLCZ7iiAXC5DFDe96UxqxzAAsXUrqEHkhp2KWOZeXiyi0d-94jhZRLdpv9f_imWH-61d_Wj51XkXBSwUIZiwMYjP9ZeMK0gU5fU4fONBCnrIG6y-fbNSFsTiM-QvWG-KMU88o26XQNK924678_sgpVLYoeuKcEtEdvpNCGamttMMhi2B_vzVxn_dIbpsAGf5GbxCfyKw1w4Y9-bYX7YbV0GW25tjnh2Setfoo0EjImMeSQpXO-FYZgI39tSSF2Gm1d1aFu7bBlGYT9W1HUG3rRgUxs",
      "use": "sig"
    },
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "8e6e22ef-f655-4aec-b700-f9cc7f5fca64",
      "kty": "RSA",
      "n": "lXyIIyuY92tQqbnpryqEqLx3ZlZcikt9sK_buJZS5m4RaQxY-JCIvX61l_Kd2OVXTyBpQ17DXT0EgpqKQvKLSmV2Uc1kYanRUbCT3fWI9kNjsaGQW7Y6qXjjhLdXce876pS1lHEYXuF-GuNvhICFu9GvD8KAtiJ4J2jixfaVd6DqBNndPPIGQZCilK5SJxkHBF6Z7r6LE1Cn5ByHPMCkBzRu9BzpDTYH--G9b75oh9YgF8qxZukfAVKBr8UUobHhI2PumpaSsOlp0weCS5MQL7Ti01P4efY6jVZaY5o4NdXzO9OLyrpXlZq5uOXuDrj9jd6Ozr2mV7G2wOg_COOPAw",
      "use": "sig"
    }
  ]
}
18.384169 ------------ AuthorizationRequest ------------
18.384635 --> URL: https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/authorise?nonce=ERKwLffuqs4e&max_age=1&state=sMUF62qwecIop4Fq&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60441%2Fauthz_cb&response_type=id_token&client_id=403a008d-5a9b-46f3-873e-e683435a249b&scope=openid
18.384643 --> BODY: None
36.462328 QUERY_STRING:
38.139608 <-- id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjhlNmUyMmVmLWY2NTUtNGFlYy1iNzAwLWY5Y2M3ZjVmY2E2NCJ9.eyJpc3MiOiJodHRwczovL2VjMi01NC0xNTMtMTY5LTE1MS5hcC1zb3V0aGVhc3QtMi5jb21wdXRlLmFtYXpvbmF3cy5jb20vb2F1dGgiLCJhdWQiOiI0MDNhMDA4ZC01YTliLTQ2ZjMtODczZS1lNjgzNDM1YTI0OWIiLCJleHAiOiIxNDU0Mzc2MjU3IiwiaWF0IjoiMTQ1NDM3MjY3NCIsImF1dGhfdGltZSI6IjE0NTQzNzI2NzQiLCJub25jZSI6IkVSS3dMZmZ1cXM0ZSIsImF1dGhfbW9kZSI6InNpbXBsZSIsInN1YiI6IjRkMjVjYjQ3LWEwNjMtNDJjMS05ZmU0LWQxMDBmYjEwMDk4YyJ9.H6ekVYO90ejVtYybBS_oYDJJzkOSvCOE-89wBRFvsmucrqCEDh64yCoeN9tnPThgwF2ap7MiUjTXEMNbmR1ekO4yCMosZnQA3FKJA85iEYXk4iDmR9NIUQj03Oz3-_8YqgSnVpdSJtWRwEEOimJQCNFxKCutchRJ8RRw1pXR5pFrI5dl6GG_gaO7F96tce3uggdPobqm-xd_33EaFhKcQXWog2ksIufYPqcgXZw28TW4_hnKbOR_ao0-U1QPO3p3zdLwS7zxbwRmCtc4aJuP3PMjQZ9IDv-BGq5yDkh1iiOqR0hv_uofzp6_b1P-csMD3YihwijlPbbDwYYm7tAM8A&state=sMUF62qwecIop4Fq
39.097544 AuthorizationResponse: {
  "id_token": {
    "claims": {
      "aud": [
        "403a008d-5a9b-46f3-873e-e683435a249b"
      ],
      "auth_mode": "simple",
      "auth_time": "1454372674",
      "exp": "1454376257",
      "iat": "1454372674",
      "iss": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth",
      "nonce": "ERKwLffuqs4e",
      "sub": "4d25cb47-a063-42c1-9fe4-d100fb10098c"
    },
    "jws header parameters": {
      "alg": "RS256",
      "kid": "8e6e22ef-f655-4aec-b700-f9cc7f5fca64",
      "typ": "JWT"
    }
  },
  "state": "sMUF62qwecIop4Fq"
}
39.098007 ==== END ====

Result

WARNING
Warnings:
auth_time [1454372674] not in the expected range: 1454372041 - 1454373263