Test info
Profile: {'openid-configuration': 'config', 'response_type': 'id_token+token', 'crypto': 'encrypt+none+sign', 'registration': 'static'}
Timestamp: 2016-02-01T23:39:12Z
Test description: Requesting ID Token with max_age=1 seconds restriction [Basic, Implicit, Hybrid]
Test ID: OP-Req-max_age=1
Issuer: https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth
Test output
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[claims-check]
status: OK
description: Checks if specific claims is present or not
[verify-response]
status: OK
description: Checks that the last response was one of a possible set of OpenID Connect Responses
[multiple-sign-on]
status: OK
description: Verifies that multiple authentication was used in the flow
[auth_time-check]
status: WARNING
description: Check that the auth_time returned in the ID Token is in the expected range.
info: auth_time [1454369962] not in the expected range: 1454369321 - 1454370551
__X:==== END ====__
Trace output
0.000475 ------------ DiscoveryRequest ------------
0.000492 Provider info discover from 'https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth'
0.000500 --> URL: https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/.well-known/openid-configuration
0.919303 ProviderConfigurationResponse: {
"account_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/account",
"authorization_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/authorise",
"claims_parameter_supported": false,
"claims_supported": [
"address",
"email",
"family_name",
"given_name",
"name",
"phone_number",
"preferred_username",
"sub",
"updated_at"
],
"display_values_supported": [
"page",
"popup",
"touch",
"wap"
],
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth",
"jwks_uri": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/keys",
"request_parameter_supported": false,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_types_supported": [
"code",
"token",
"id_token",
"token id_token"
],
"revocation_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/revoke",
"scopes_supported": [
"openid",
"address",
"profile",
"email",
"phone"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/token",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"userinfo_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/userinfo",
"version": "3.0"
}
1.846488 JWKS: {
"keys": [
{
"alg": "RS256",
"e": "AQAB",
"kid": "468b1763-142a-43da-96e0-53f2b6e1a7ac",
"kty": "RSA",
"n": "AM_U2ExHALTmiq8KLBZC7pKylVyr-r6oZrnwaUxQEMxZ6W8D0j_ijYmtj33qFqLCZ7iiAXC5DFDe96UxqxzAAsXUrqEHkhp2KWOZeXiyi0d-94jhZRLdpv9f_imWH-61d_Wj51XkXBSwUIZiwMYjP9ZeMK0gU5fU4fONBCnrIG6y-fbNSFsTiM-QvWG-KMU88o26XQNK924678_sgpVLYoeuKcEtEdvpNCGamttMMhi2B_vzVxn_dIbpsAGf5GbxCfyKw1w4Y9-bYX7YbV0GW25tjnh2Setfoo0EjImMeSQpXO-FYZgI39tSSF2Gm1d1aFu7bBlGYT9W1HUG3rRgUxs",
"use": "sig"
}
]
}
1.860772 ------------ AuthorizationRequest ------------
1.861266 --> URL: https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/authorise?nonce=MsAgMi8xMKQz&state=fA5XJ0fYYwIqyY3l&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60441%2Fauthz_cb&response_type=id_token+token&client_id=403a008d-5a9b-46f3-873e-e683435a249b&scope=openid
1.861276 --> BODY: None
2.261085 QUERY_STRING:
3.441655 <-- access_token=dB7QeOHKTcCRc3p4sIOtOg&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjQ2OGIxNzYzLTE0MmEtNDNkYS05NmUwLTUzZjJiNmUxYTdhYyJ9.eyJpc3MiOiJodHRwczovL2VjMi01NC0xNTMtMTY5LTE1MS5hcC1zb3V0aGVhc3QtMi5jb21wdXRlLmFtYXpvbmF3cy5jb20vb2F1dGgiLCJhdWQiOiI0MDNhMDA4ZC01YTliLTQ2ZjMtODczZS1lNjgzNDM1YTI0OWIiLCJleHAiOiIxNDU0MzczNTIzIiwiaWF0IjoiMTQ1NDM2OTkyMyIsImF1dGhfdGltZSI6IjE0NTQzNjk4OTAiLCJub25jZSI6Ik1zQWdNaTh4TUtReiIsImF1dGhfbW9kZSI6InNpbXBsZSIsInN1YiI6IjRkMjVjYjQ3LWEwNjMtNDJjMS05ZmU0LWQxMDBmYjEwMDk4YyIsImF0X2hhc2giOiJOajhVUlVwME1FNkFxNkxiM05Ra2hRIn0.uT67QjuJmhZGjXTmgZDM9eQYSP3DB3fiLRHJYi10d46Pj8t5HyAhDZOcIk6vMfOhLKA3gqsOEQdzzFUxXv5Ei8qC7epOwgXinv2i2CMa_-Jr1b6SoBcM_SuP6SjrX9SyHGr0Pz3mFI4EwicO1Zf4cUYogg3ijK3TqKLcciB4rrIjzryTCpBOHKMBfDrzP2N1DYRzIwM1wEEsxPT9HcqTY2lV_XKX8DWB0Y8xUEDqcKgw9aBQd14hAkIsq7eH0ayCwBygId60yEaAxyqAMrwF3bM_--v3U0OT9kykjgJfO7pQJ2YqGWUyT7SIZlF0Qn93xet_6uduyMDmm5TmkWucXQ&state=fA5XJ0fYYwIqyY3l
4.395538 AuthorizationResponse: {
"access_token": "dB7QeOHKTcCRc3p4sIOtOg",
"id_token": {
"claims": {
"at_hash": "Nj8URUp0ME6Aq6Lb3NQkhQ",
"aud": [
"403a008d-5a9b-46f3-873e-e683435a249b"
],
"auth_mode": "simple",
"auth_time": "1454369890",
"exp": "1454373523",
"iat": "1454369923",
"iss": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth",
"nonce": "MsAgMi8xMKQz",
"sub": "4d25cb47-a063-42c1-9fe4-d100fb10098c"
},
"jws header parameters": {
"alg": "RS256",
"kid": "468b1763-142a-43da-96e0-53f2b6e1a7ac",
"typ": "JWT"
}
},
"state": "fA5XJ0fYYwIqyY3l"
}
12.609171 ------------ DiscoveryRequest ------------
12.609195 Provider info discover from 'https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth'
12.609203 --> URL: https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/.well-known/openid-configuration
13.526086 ProviderConfigurationResponse: {
"account_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/account",
"authorization_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/authorise",
"claims_parameter_supported": false,
"claims_supported": [
"address",
"email",
"family_name",
"given_name",
"name",
"phone_number",
"preferred_username",
"sub",
"updated_at"
],
"display_values_supported": [
"page",
"popup",
"touch",
"wap"
],
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth",
"jwks_uri": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/keys",
"request_parameter_supported": false,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"response_types_supported": [
"code",
"token",
"id_token",
"token id_token"
],
"revocation_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/revoke",
"scopes_supported": [
"openid",
"address",
"profile",
"email",
"phone"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/token",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"userinfo_endpoint": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/userinfo",
"version": "3.0"
}
14.488416 JWKS: {
"keys": [
{
"alg": "RS256",
"e": "AQAB",
"kid": "468b1763-142a-43da-96e0-53f2b6e1a7ac",
"kty": "RSA",
"n": "AM_U2ExHALTmiq8KLBZC7pKylVyr-r6oZrnwaUxQEMxZ6W8D0j_ijYmtj33qFqLCZ7iiAXC5DFDe96UxqxzAAsXUrqEHkhp2KWOZeXiyi0d-94jhZRLdpv9f_imWH-61d_Wj51XkXBSwUIZiwMYjP9ZeMK0gU5fU4fONBCnrIG6y-fbNSFsTiM-QvWG-KMU88o26XQNK924678_sgpVLYoeuKcEtEdvpNCGamttMMhi2B_vzVxn_dIbpsAGf5GbxCfyKw1w4Y9-bYX7YbV0GW25tjnh2Setfoo0EjImMeSQpXO-FYZgI39tSSF2Gm1d1aFu7bBlGYT9W1HUG3rRgUxs",
"use": "sig"
}
]
}
15.402572 JWKS: {
"keys": [
{
"alg": "RS256",
"e": "AQAB",
"kid": "468b1763-142a-43da-96e0-53f2b6e1a7ac",
"kty": "RSA",
"n": "AM_U2ExHALTmiq8KLBZC7pKylVyr-r6oZrnwaUxQEMxZ6W8D0j_ijYmtj33qFqLCZ7iiAXC5DFDe96UxqxzAAsXUrqEHkhp2KWOZeXiyi0d-94jhZRLdpv9f_imWH-61d_Wj51XkXBSwUIZiwMYjP9ZeMK0gU5fU4fONBCnrIG6y-fbNSFsTiM-QvWG-KMU88o26XQNK924678_sgpVLYoeuKcEtEdvpNCGamttMMhi2B_vzVxn_dIbpsAGf5GbxCfyKw1w4Y9-bYX7YbV0GW25tjnh2Setfoo0EjImMeSQpXO-FYZgI39tSSF2Gm1d1aFu7bBlGYT9W1HUG3rRgUxs",
"use": "sig"
}
]
}
15.411126 ------------ AuthorizationRequest ------------
15.411599 --> URL: https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth/authorise?nonce=xEeYpxOvrJmx&max_age=1&state=Le3bqGnpDTkzjYrJ&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60441%2Fauthz_cb&response_type=id_token+token&client_id=403a008d-5a9b-46f3-873e-e683435a249b&scope=openid
15.411607 --> BODY: None
41.892189 QUERY_STRING:
43.324097 <-- access_token=DFrDWI99T9qV9w1g2rftFA&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjQ2OGIxNzYzLTE0MmEtNDNkYS05NmUwLTUzZjJiNmUxYTdhYyJ9.eyJpc3MiOiJodHRwczovL2VjMi01NC0xNTMtMTY5LTE1MS5hcC1zb3V0aGVhc3QtMi5jb21wdXRlLmFtYXpvbmF3cy5jb20vb2F1dGgiLCJhdWQiOiI0MDNhMDA4ZC01YTliLTQ2ZjMtODczZS1lNjgzNDM1YTI0OWIiLCJleHAiOiIxNDU0MzczNTM3IiwiaWF0IjoiMTQ1NDM2OTk2MiIsImF1dGhfdGltZSI6IjE0NTQzNjk5NjIiLCJub25jZSI6InhFZVlweE92ckpteCIsImF1dGhfbW9kZSI6InNpbXBsZSIsInN1YiI6IjRkMjVjYjQ3LWEwNjMtNDJjMS05ZmU0LWQxMDBmYjEwMDk4YyIsImF0X2hhc2giOiJvamxNSnhHYklSMUdialJ2V0psUUdBIn0.RQebCC3vU8UwJ7fSHvbTbHY2WZ08tE1sXpo626WDOV1taXunZgnzKyi4E4LHOd22NFeM1eB94FAhX3BwdcKQUINXO6U73qhrrdpzQAn_e6Ld9XoAEcBgOriZKBVPzVf63Wv2r7Dxrxtz9_Qhp5ZEavHomybX7Mh4njVQGZDvWYQ5kaNwzbc-c0bHgpbiWrDzGkkLwTZtDYjzQzzTN2opQwOMvQxusHBJRuAQCMQWrsXA1fuQPYyInkyel_ygqTTDDOwXpwqJ7hCJzhG9VL4NLmYVJGt6mscpRm6TOKmCztn_ZxLyxEFLBFhzILMvaLyLXOOh1qeF4OBFX7LMdZSjrg&state=Le3bqGnpDTkzjYrJ
44.364411 AuthorizationResponse: {
"access_token": "DFrDWI99T9qV9w1g2rftFA",
"id_token": {
"claims": {
"at_hash": "ojlMJxGbIR1GbjRvWJlQGA",
"aud": [
"403a008d-5a9b-46f3-873e-e683435a249b"
],
"auth_mode": "simple",
"auth_time": "1454369962",
"exp": "1454373537",
"iat": "1454369962",
"iss": "https://ec2-54-153-169-151.ap-southeast-2.compute.amazonaws.com/oauth",
"nonce": "xEeYpxOvrJmx",
"sub": "4d25cb47-a063-42c1-9fe4-d100fb10098c"
},
"jws header parameters": {
"alg": "RS256",
"kid": "468b1763-142a-43da-96e0-53f2b6e1a7ac",
"typ": "JWT"
}
},
"state": "Le3bqGnpDTkzjYrJ"
}
44.364887 ==== END ====
Result
WARNING
Warnings:
auth_time [1454369962] not in the expected range: 1454369321 - 1454370551