Test info

Profile: {'openid-configuration': 'config', 'response_type': 'code+id_token+token', 'crypto': 'none+sign', 'registration': 'static'}
Timestamp: 2017-05-30T12:53:43Z
Test description: Trying to use authorization code twice should result in revoking previously issued access tokens [Basic, Hybrid]
Test ID: OP-OAuth-2nd-Revokes
Issuer: https://is.biocryptology.net/

Test output


__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[verify-response]
	status: OK
	description: Checks that the last response was one of a possible set of OpenID Connect Responses
__X:==== END ====__

Trace output


0.000309 ------------ DiscoveryRequest ------------
0.000323 Provider info discover from 'https://is.biocryptology.net'
0.000329 --> URL: https://is.biocryptology.net/.well-known/openid-configuration
0.585445 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://is.biocryptology.net/V1/auth",
  "check_session_iframe": "http://default.com",
  "claims_parameter_supported": false,
  "claims_supported": [
    "sub",
    "website",
    "zoneinfo",
    "email_verified",
    "birthdate",
    "address",
    "gender",
    "profile",
    "iss",
    "phone_number_verified",
    "given_name",
    "middle_name",
    "locale",
    "picture",
    "updated_at",
    "auth_time",
    "name",
    "nickname",
    "phone_number",
    "family_name",
    "prefered_username",
    "email"
  ],
  "end_session_endpoint": "https://is.biocryptology.net/V1/end",
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "ES512",
    "ES384",
    "ES256",
    "RS512",
    "RS384",
    "RS256",
    "HS512",
    "HS384",
    "HS256"
  ],
  "issuer": "https://is.biocryptology.net/",
  "jwks_uri": "https://is.biocryptology.net/V1/jwks",
  "registration_endpoint": "http://default.com",
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA1_5"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM",
    "A256CBC-HS512",
    "A256CBC-HS384",
    "A256CBC-HS256",
    "A256CBC",
    "A128GCM",
    "A128CBC-HS512",
    "A128CBC-HS384",
    "A128CBC-HS256",
    "A128CBC"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": false,
  "require_request_uri_registration": false,
  "response_modes_supported": [
    "fragment",
    "query",
    "form_post"
  ],
  "response_types_supported": [
    "code",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "revocation_endpoint": "http://default.com",
  "scopes_supported": [
    "email",
    "profile",
    "phone",
    "openid",
    "address"
  ],
  "service_documentation": "http://default.com",
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://is.biocryptology.net/V1/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://is.biocryptology.net/V1/userinfo",
  "version": "3.0"
}
1.156004 JWKS: {
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "MNW3_u22nAteMK20TYs1Cw",
      "kty": "RSA",
      "n": "AI_uKVNJfjEOoKUePXV46VX3dTuL0LrWKmEGbxCJSu6N9PXgeTA3gsM5DVrN9csD6mGcb_Oi1jbEc8duis6JLRXYGT-_ZsVZi2M2Yx1FInuukIP9ZgOdNfPA1ANvkKyoG4QNUzG5cgxDmeP-UikzjGYObzWEFHb9CT_l-yBTgPt_",
      "use": "sig"
    },
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "auG8aS4okJqDRIY2eLD9fA",
      "kty": "RSA",
      "n": "AMRaFFJr_TQ1-XB5JzZ0iF1d2wEeAuxe4ZjjVgbDYwvbyfidZnpfn-lUbzxxVVJj6ItQTNVz3tsGaBM4rwqFH_qDlap84wLv1vjLONLEZDa2xIXiTlA0fvyPuIJcEE1cm9OY36jPhueoA40MRMdXiOU5gfr5wlJtUCLICexV5i-X",
      "use": "sig"
    },
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "r61PR-erDJljxqEv01Sm0g",
      "kty": "RSA",
      "n": "AJVG_Q0e2y6QQAfXowHQBNrZ2bKSbJ094oqTXJgqClG8jHkE1GMnuHORqap5PvCnbO47Mhm18aTTsdrodJC4SVLSCQtVnIhRzV8OHYfkZgHV16tUNcsBPMF-sYnfD7J9UtC7eify6dZPMqM0Bf2EK09fdvJpCmD7pxY5TDVo3inb",
      "use": "sig"
    }
  ]
}
1.166488 ------------ AuthorizationRequest ------------
1.168499 --> URL: https://is.biocryptology.net/V1/auth?nonce=6I3W2KdPTP71&state=q8KSYVsBcltUWAbo&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61022%2Fauthz_cb&response_type=code+id_token+token&client_id=swipe&scope=openid
1.168508 --> BODY: None
1.595027 QUERY_STRING:
2.206956 <-- state=q8KSYVsBcltUWAbo&access_token=hDfe_hUrkEZ8wwMVD_Mexg&token_type=Bearer&expires_in=3600&code=CDzh7vg45ZHHYNgRxGBpVA&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1OVzNfdTIybkF0ZU1LMjBUWXMxQ3cifQ.eyJhY3IiOiIwIiwiYXVkIjoic3dpcGUiLCJhdXRoX3RpbWUiOjE0OTYxNDg4MjgsImF6cCI6InN3aXBlIiwiYXRfaGFzaCI6InFUWjJSemtGV3ZjOUlob3BwQ0xoaHciLCJjX2hhc2giOiJyNW0yY0ZjWTZpdXJHaERuWkxMempRIiwiaWF0IjoxNDk2MTQ4ODI4LCJleHAiOjE0OTYxNTI0MjgsImlzcyI6Imh0dHBzOi8vaXMuYmlvY3J5cHRvbG9neS5uZXQvIiwibm9uY2UiOiI2STNXMktkUFRQNzEiLCJzdWIiOiJNUSJ9.BK7JjKWn-XNAEDRQZd44u39GPx4tqa7TiQc5kwySqJUWzHC6MKUvV4juMEjNjr3MIzxHHcgGoaVCixbHZAklPJqtxo2pXmb5YUrXGELVxOdPsQbQaCFqiywBi9V2y3PlP4YRV4LnQOTeWkqFD2xmyxgmL0eb43TaVUP4dUw0MOo
2.745331 AuthorizationResponse: {
  "access_token": "hDfe_hUrkEZ8wwMVD_Mexg",
  "code": "CDzh7vg45ZHHYNgRxGBpVA",
  "expires_in": 3600,
  "id_token": {
    "claims": {
      "acr": "0",
      "at_hash": "qTZ2RzkFWvc9IhoppCLhhw",
      "aud": [
        "swipe"
      ],
      "auth_time": 1496148828,
      "azp": "swipe",
      "c_hash": "r5m2cFcY6iurGhDnZLLzjQ",
      "exp": 1496152428,
      "iat": 1496148828,
      "iss": "https://is.biocryptology.net/",
      "nonce": "6I3W2KdPTP71",
      "sub": "MQ"
    },
    "jws header parameters": {
      "alg": "RS256",
      "kid": "MNW3_u22nAteMK20TYs1Cw"
    }
  },
  "state": "q8KSYVsBcltUWAbo",
  "token_type": "Bearer"
}
2.745868 ------------ AccessTokenRequest ------------
2.748039 --> URL: https://is.biocryptology.net/V1/token
2.748054 --> BODY: code=CDzh7vg45ZHHYNgRxGBpVA&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61022%2Fauthz_cb&grant_type=authorization_code&state_hash=poBXkly-i7FZBLVDiLX2F0exS-2ZaUV_x23jed7rV5Q%3D
2.748066 --> HEADERS: {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic c3dpcGU6c3dpcGU='}
3.335439 <-- STATUS: 200
3.335588 <-- BODY: {"access_token":"hDfe_hUrkEZ8wwMVD_Mexg","expires_in":3600,"refresh_token":"B0oYS9cvL8APiSX-79Mvww","scope":"openid","token_type":"Bearer","id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1OVzNfdTIybkF0ZU1LMjBUWXMxQ3cifQ.eyJhY3IiOiIwIiwiYXVkIjoic3dpcGUiLCJhdXRoX3RpbWUiOjE0OTYxNDg4MjgsImF6cCI6InN3aXBlIiwiYXRfaGFzaCI6InFUWjJSemtGV3ZjOUlob3BwQ0xoaHciLCJjX2hhc2giOiJyNW0yY0ZjWTZpdXJHaERuWkxMempRIiwiaWF0IjoxNDk2MTQ4ODI4LCJleHAiOjE0OTYxNTI0MjgsImlzcyI6Imh0dHBzOi8vaXMuYmlvY3J5cHRvbG9neS5uZXQvIiwibm9uY2UiOiI2STNXMktkUFRQNzEiLCJzdWIiOiJNUSJ9.BK7JjKWn-XNAEDRQZd44u39GPx4tqa7TiQc5kwySqJUWzHC6MKUvV4juMEjNjr3MIzxHHcgGoaVCixbHZAklPJqtxo2pXmb5YUrXGELVxOdPsQbQaCFqiywBi9V2y3PlP4YRV4LnQOTeWkqFD2xmyxgmL0eb43TaVUP4dUw0MOo"}
3.343614 AccessTokenResponse: {
  "access_token": "hDfe_hUrkEZ8wwMVD_Mexg",
  "expires_in": 3600,
  "id_token": {
    "claims": {
      "acr": "0",
      "at_hash": "qTZ2RzkFWvc9IhoppCLhhw",
      "aud": [
        "swipe"
      ],
      "auth_time": 1496148828,
      "azp": "swipe",
      "c_hash": "r5m2cFcY6iurGhDnZLLzjQ",
      "exp": 1496152428,
      "iat": 1496148828,
      "iss": "https://is.biocryptology.net/",
      "nonce": "6I3W2KdPTP71",
      "sub": "MQ"
    },
    "jws header parameters": {
      "alg": "RS256",
      "kid": "MNW3_u22nAteMK20TYs1Cw"
    }
  },
  "refresh_token": "B0oYS9cvL8APiSX-79Mvww",
  "scope": "openid",
  "token_type": "Bearer"
}
3.354470 ------------ AccessTokenRequest ------------
3.356334 --> URL: https://is.biocryptology.net/V1/token
3.356345 --> BODY: code=CDzh7vg45ZHHYNgRxGBpVA&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61022%2Fauthz_cb&grant_type=authorization_code&state_hash=poBXkly-i7FZBLVDiLX2F0exS-2ZaUV_x23jed7rV5Q%3D
3.356357 --> HEADERS: {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic c3dpcGU6c3dpcGU='}
3.966004 <-- STATUS: 400
3.966266 ErrorResponse: {
  "error": "access_denied",
  "error_description": "Code is invalid",
  "error_uri": null
}
3.978414 ------------ UserInfoRequest ------------
3.978795 --> URL: https://is.biocryptology.net/V1/userinfo
3.978803 --> BODY: None
3.978818 --> HEADERS: {'Authorization': u'Bearer hDfe_hUrkEZ8wwMVD_Mexg'}
4.571290 <-- STATUS: 400
4.571569 ErrorResponse: {
  "error": "access_denied",
  "error_description": "unable to retrieve id token",
  "error_uri": null
}
4.582877 ==== END ====

Result

PASSED