Test info
Profile: {'openid-configuration': 'config', 'response_type': 'code+id_token', 'crypto': 'none+sign', 'registration': 'static'}
Timestamp: 2017-05-30T11:56:24Z
Test description: Reject requests without nonce unless using the code flow [Implicit, Hybrid]
Test ID: OP-nonce-NoReq-noncode
Issuer: https://is.biocryptology.net/
Test output
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[verify-response]
status: OK
description: Checks that the last response was one of a possible set of OpenID Connect Responses
__X:==== END ====__
Trace output
0.000292 ------------ DiscoveryRequest ------------
0.000305 Provider info discover from 'https://is.biocryptology.net'
0.000311 --> URL: https://is.biocryptology.net/.well-known/openid-configuration
0.563232 ProviderConfigurationResponse: {
"authorization_endpoint": "https://is.biocryptology.net/V1/auth",
"check_session_iframe": "http://default.com",
"claims_parameter_supported": false,
"claims_supported": [
"sub",
"website",
"zoneinfo",
"email_verified",
"birthdate",
"address",
"gender",
"profile",
"iss",
"phone_number_verified",
"given_name",
"middle_name",
"locale",
"picture",
"updated_at",
"auth_time",
"name",
"nickname",
"phone_number",
"family_name",
"prefered_username",
"email"
],
"end_session_endpoint": "https://is.biocryptology.net/V1/end",
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_signing_alg_values_supported": [
"ES512",
"ES384",
"ES256",
"RS512",
"RS384",
"RS256",
"HS512",
"HS384",
"HS256"
],
"issuer": "https://is.biocryptology.net/",
"jwks_uri": "https://is.biocryptology.net/V1/jwks",
"registration_endpoint": "http://default.com",
"request_object_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA1_5"
],
"request_object_encryption_enc_values_supported": [
"A256GCM",
"A256CBC-HS512",
"A256CBC-HS384",
"A256CBC-HS256",
"A256CBC",
"A128GCM",
"A128CBC-HS512",
"A128CBC-HS384",
"A128CBC-HS256",
"A128CBC"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": false,
"require_request_uri_registration": false,
"response_modes_supported": [
"fragment",
"query",
"form_post"
],
"response_types_supported": [
"code",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"revocation_endpoint": "http://default.com",
"scopes_supported": [
"address",
"openid",
"email",
"profile",
"phone"
],
"service_documentation": "http://default.com",
"subject_types_supported": [
"public"
],
"token_endpoint": "https://is.biocryptology.net/V1/token",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"userinfo_endpoint": "https://is.biocryptology.net/V1/userinfo",
"version": "3.0"
}
1.105538 JWKS: {
"keys": [
{
"alg": "RS256",
"e": "AQAB",
"kid": "VnM0xeyREJYPYH6TiRYiPQ",
"kty": "RSA",
"n": "AKZG968CgFxr3JL9mWnb4G89_jJbjj7xAssoIOh0DwHSPzAsOBHtzlVlR0ztsS3JpMLXqwqaY8AG4zWsLOroH8IQc3KAlJovJgd7LgjL7V_vEvE5kJZaWF7ZwHWJBZGK27U2HwhTUEUYFP_54a5PtxV-miTvrHauDhq0JCJpLjX7",
"use": "sig"
},
{
"alg": "RS256",
"e": "AQAB",
"kid": "JqQoW7rvif1FvJV9KpH4cw",
"kty": "RSA",
"n": "AJBvEeDKnMPBXkRDcWmijy8ziIDB_8H3qEWFrlQSQXK4R2lrPsjakC8eUz3C4-zKOiuZE0UXivQ5IAHS3P6Zq1nXZRkaOoocCDcVuzQQwOTg61CStkvFLeUSTdnagPt7mLmnkjRUcU060KXlUHCaIsbk_KuAssWuLMzCQduCWyQ1",
"use": "sig"
},
{
"alg": "RS256",
"e": "AQAB",
"kid": "yTxSHOzNdzhSJlEY1AyLRQ",
"kty": "RSA",
"n": "ANkzi_C2lc5nwwZq84d33tZVDIxIo4ZOC0c9lvC4xfyAX77BX2WRCX4-ixK80cCWJPxYTvQ0__SjCWX1Y7AXIljmYwuFVqjhoZ3NWN6pvGwIFZolYt5HQiLrVpVA6pDLUpZnWozT48ciQ3rMx9Y21A2cmElslVa-FeTDQGAw_Jwr",
"use": "sig"
}
]
}
1.109361 ------------ AuthorizationRequest ------------
1.111141 --> URL: https://is.biocryptology.net/V1/auth?scope=openid&state=54bSocBdWRVka0CG&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61021%2Fauthz_cb&response_type=code+id_token&client_id=swipe
1.111149 --> BODY: None
1.274369 QUERY_STRING:
2.234125 <-- error=invalid_request&error_description=%27nonce%27+required+for+%27code%27+flow&state=54bSocBdWRVka0CG
2.235029 AuthorizationErrorResponse: {
"error": "invalid_request",
"error_description": "'nonce' required for 'code' flow",
"state": "54bSocBdWRVka0CG"
}
2.235327 ==== END ====
Result
PASSED