Test Info

Test descriptionRequesting ID Token with max_age=10000 seconds restriction
Profile[]
Test IDOP-Req-max_age=10000
Timestamp2017-12-18T21:06:21Z
Issuerhttps://oidctest.idautoengineering.net/idp

Conditions


claims-check: status=OK [Checks if specific claims is present or not]
same-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
Done: status=OK

Trace Output

0.0phase<--<-- 0 --- Webfinger -->-->
0.0not expected to doWebFinger
0.0phase<--<-- 1 --- Discovery -->-->
0.0provider_config
kwargs:{'issuer': 'https://oidctest.idautoengineering.net/idp'}
0.024http response
url:https://oidctest.idautoengineering.net/idp/.well-known/openid-configuration status_code:200
0.025ProviderConfigurationResponse
{
    "authorization_endpoint": "https://oidctest.idautoengineering.net/idp/profile/oidc/auth",
    "claim_types_supported": [
        "normal"
    ],
    "claims_parameter_supported": false,
    "claims_supported": [
        "sub",
        "name",
        "given_name",
        "family_name",
        "email"
    ],
    "display_values_supported": [
        "page"
    ],
    "grant_types_supported": [
        "authorization_code"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "issuer": "https://oidctest.idautoengineering.net/idp",
    "jwks_uri": "https://oidctest.idautoengineering.net/idp/profile/oidc/jwks",
    "request_parameter_supported": false,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": true,
    "response_modes_supported": [
        "query"
    ],
    "response_types_supported": [
        "code",
        "token",
        "id_token"
    ],
    "scopes_supported": [
        "openid"
    ],
    "subject_types_supported": [
        "public"
    ],
    "token_endpoint": "https://oidctest.idautoengineering.net/idp/profile/oidc/token",
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic"
    ],
    "userinfo_endpoint": "https://oidctest.idautoengineering.net/idp/profile/oidc/userinfo",
    "userinfo_signing_alg_values_supported": [
        "RS256"
    ],
    "version": "3.0"
}
0.025phase<--<-- 2 --- Registration -->-->
0.025not expected to doDynamic registration
0.026phase<--<-- 3 --- AsyncAuthn -->-->
0.026AuthorizationRequest
{
    "client_id": "3000badf0c55d2cae7c22b3d63e3f667",
    "nonce": "tq8MJiFCprNEG4Nq",
    "redirect_uri": "https://op.certification.openid.net:60992/authz_cb",
    "response_type": "code",
    "scope": "openid",
    "state": "DMDCScaAcBE1xk74"
}
0.026redirect urlhttps://oidctest.idautoengineering.net/idp/profile/oidc/auth?scope=openid&nonce=tq8MJiFCprNEG4Nq&state=DMDCScaAcBE1xk74&response_type=code&client_id=3000badf0c55d2cae7c22b3d63e3f667&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60992%2Fauthz_cb
0.026redirecthttps://oidctest.idautoengineering.net/idp/profile/oidc/auth?scope=openid&nonce=tq8MJiFCprNEG4Nq&state=DMDCScaAcBE1xk74&response_type=code&client_id=3000badf0c55d2cae7c22b3d63e3f667&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60992%2Fauthz_cb
0.299response{'code': 'GSCHiBrWWt01gCjyDT6vxiOW1b2iR4uQ0p-TnUNe5mxeRkknhs', 'state': 'DMDCScaAcBE1xk74'}
0.3response{'code': 'GSCHiBrWWt01gCjyDT6vxiOW1b2iR4uQ0p-TnUNe5mxeRkknhs', 'state': 'DMDCScaAcBE1xk74'}
0.3AuthorizationResponse
{
    "code": "GSCHiBrWWt01gCjyDT6vxiOW1b2iR4uQ0p-TnUNe5mxeRkknhs",
    "state": "DMDCScaAcBE1xk74"
}
0.3phase<--<-- 4 --- AccessToken -->-->
0.3requestop_args: {'state': 'DMDCScaAcBE1xk74'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:60992/authz_cb'}
0.3do_access_token_request
kwargs:{'request_args': {'code': 'GSCHiBrWWt01gCjyDT6vxiOW1b2iR4uQ0p-TnUNe5mxeRkknhs', 'state': 'DMDCScaAcBE1xk74', 'grant_type': 'authorization_code', 'client_id': '3000badf0c55d2cae7c22b3d63e3f667', 'redirect_uri': 'https://op.certification.openid.net:60992/authz_cb'}, 'state': 'DMDCScaAcBE1xk74'}
0.3AccessTokenRequest
{
    "client_id": "3000badf0c55d2cae7c22b3d63e3f667",
    "code": "GSCHiBrWWt01gCjyDT6vxiOW1b2iR4uQ0p-TnUNe5mxeRkknhs",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:60992/authz_cb",
    "state": "DMDCScaAcBE1xk74"
}
0.3request_urlhttps://oidctest.idautoengineering.net/idp/profile/oidc/token
0.3request_http_args{'headers': {'Authorization': 'Basic MzAwMGJhZGYwYzU1ZDJjYWU3YzIyYjNkNjNlM2Y2Njc6ODY5N2E4OTlhYzFjNzYwODAyNmM4ZDEzN2E1YzMzYTAwM2RlMDA1MDc2MzBmMmQ2OGM5NTNlMTNkNzVlNjFiYg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
0.3requestclient_id=3000badf0c55d2cae7c22b3d63e3f667&state=DMDCScaAcBE1xk74&code=GSCHiBrWWt01gCjyDT6vxiOW1b2iR4uQ0p-TnUNe5mxeRkknhs&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60992%2Fauthz_cb
0.335http response
url:https://oidctest.idautoengineering.net/idp/profile/oidc/token status_code:200
0.336response{'refresh_token': 'FnEoMtxoi/pBnNBLGa6DGwd8peGTqJf~zprr_PaSNMYe9y1sva', 'expires_in': 32399, 'scope': 'openid', 'access_token': 'wcAO3lUBNwScg3zfTW1n4Bz159zJq.8su.X~DGOfgi7xW3EybP', 'id_token': 'eyJraWQiOiI2NTJlNjk1N2UxNzNmYzYxOTYxN2ZhMjNjMzZjYmFjNTRhNWZhNzhlNjBiNzA2Mjg5NmI2ZDgzNTdkNDVhOWYxIiwiYWxnIjoiUlMyNTYifQ.eyJpYXQiOjE1MTM2MzExODEsImV4cCI6MTUxMzYzMTI0MSwiaXNzIjoiaHR0cHM6Ly9vaWRjdGVzdC5pZGF1dG9lbmdpbmVlcmluZy5uZXQvaWRwIiwiYXVkIjoiMzAwMGJhZGYwYzU1ZDJjYWU3YzIyYjNkNjNlM2Y2NjciLCJzdWIiOiIyNjIwMjdhMC1hZjc3LTExZTctODc2ZC0wMjc0MGM1NDljY2EiLCJhdXRoX3RpbWUiOjE1MTM2MzExNjUsIm5vbmNlIjoidHE4TUppRkNwck5FRzROcSIsImF6cCI6IjMwMDBiYWRmMGM1NWQyY2FlN2MyMmIzZDYzZTNmNjY3IiwibmFtZSI6IlN5c3RlbSBBZG1pbiIsImdpdmVuX25hbWUiOiJTeXN0ZW0iLCJmYW1pbHlfbmFtZSI6IkFkbWluIiwiZW1haWwiOiJqYmVsbGFzc2FpQGlkZW50aXR5YXV0b21hdGlvbi5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXRfaGFzaCI6IkZEQmJhemsyNjhiYWl5OFZXZUlCNnc9PSJ9.BgeuHYHWipycKX4VEMz_3BOUcmzCgQ_14PHm9cmX9BqakmoRNo5PZQo-ZbsBOr_Aa6l1c_kJEPnscxvSkgPIp_--AbtAI7G0xJc3aQxVO2ZdNqxCq8kFC_PA4DHAfJvRcN3mWHsOGYeJENDsP5Isj3a1HPwmR9Kv3r62wySxnWsRiuCsn4XUHaU0SBDa36oiDH-tgCkoD1i6a39Pmm_vMiNS17bM4JrMO4glvjBNDUEi7HNIiNmS-iBRio2PrAx3hqaPfqCGAUY6CFXF1MCMLCayFM2EO31Qap7wkhe31oXteAt6cNKQQXTFkf0rmk653YcmZcPQs8luBXvzqDvbcg', 'token_type': 'Bearer'}
0.362AccessTokenResponse
{
    "access_token": "wcAO3lUBNwScg3zfTW1n4Bz159zJq.8su.X~DGOfgi7xW3EybP",
    "expires_in": 32399,
    "id_token": {
        "at_hash": "FDBbazk268baiy8VWeIB6w==",
        "aud": [
            "3000badf0c55d2cae7c22b3d63e3f667"
        ],
        "auth_time": 1513631165,
        "azp": "3000badf0c55d2cae7c22b3d63e3f667",
        "email": "jbellassai@identityautomation.com",
        "email_verified": true,
        "exp": 1513631241,
        "family_name": "Admin",
        "given_name": "System",
        "iat": 1513631181,
        "iss": "https://oidctest.idautoengineering.net/idp",
        "name": "System Admin",
        "nonce": "tq8MJiFCprNEG4Nq",
        "sub": "262027a0-af77-11e7-876d-02740c549cca"
    },
    "refresh_token": "FnEoMtxoi/pBnNBLGa6DGwd8peGTqJf~zprr_PaSNMYe9y1sva",
    "scope": "openid",
    "token_type": "Bearer"
}
0.362phase<--<-- 5 --- AsyncAuthn -->-->
0.362AuthorizationRequest
{
    "client_id": "3000badf0c55d2cae7c22b3d63e3f667",
    "max_age": 10000,
    "nonce": "PDbBxe8lLZQk13AV",
    "redirect_uri": "https://op.certification.openid.net:60992/authz_cb",
    "response_type": "code",
    "scope": "openid",
    "state": "kNxbbGnnmq9LppJW"
}
0.362redirect urlhttps://oidctest.idautoengineering.net/idp/profile/oidc/auth?max_age=10000&nonce=PDbBxe8lLZQk13AV&scope=openid&state=kNxbbGnnmq9LppJW&response_type=code&client_id=3000badf0c55d2cae7c22b3d63e3f667&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60992%2Fauthz_cb
0.362redirecthttps://oidctest.idautoengineering.net/idp/profile/oidc/auth?max_age=10000&nonce=PDbBxe8lLZQk13AV&scope=openid&state=kNxbbGnnmq9LppJW&response_type=code&client_id=3000badf0c55d2cae7c22b3d63e3f667&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60992%2Fauthz_cb
0.635response{'code': 'cnNMMxEQFhwMcxolU3DJ1JNueqXIxaJbiP07Tg9oqXDdGHWaYw', 'state': 'kNxbbGnnmq9LppJW'}
0.636response{'code': 'cnNMMxEQFhwMcxolU3DJ1JNueqXIxaJbiP07Tg9oqXDdGHWaYw', 'state': 'kNxbbGnnmq9LppJW'}
0.636AuthorizationResponse
{
    "code": "cnNMMxEQFhwMcxolU3DJ1JNueqXIxaJbiP07Tg9oqXDdGHWaYw",
    "state": "kNxbbGnnmq9LppJW"
}
0.636phase<--<-- 6 --- AccessToken -->-->
0.636requestop_args: {'state': 'kNxbbGnnmq9LppJW'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:60992/authz_cb'}
0.636do_access_token_request
kwargs:{'request_args': {'code': 'cnNMMxEQFhwMcxolU3DJ1JNueqXIxaJbiP07Tg9oqXDdGHWaYw', 'state': 'kNxbbGnnmq9LppJW', 'grant_type': 'authorization_code', 'client_id': '3000badf0c55d2cae7c22b3d63e3f667', 'redirect_uri': 'https://op.certification.openid.net:60992/authz_cb'}, 'state': 'kNxbbGnnmq9LppJW'}
0.636AccessTokenRequest
{
    "client_id": "3000badf0c55d2cae7c22b3d63e3f667",
    "code": "cnNMMxEQFhwMcxolU3DJ1JNueqXIxaJbiP07Tg9oqXDdGHWaYw",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:60992/authz_cb",
    "state": "kNxbbGnnmq9LppJW"
}
0.636request_urlhttps://oidctest.idautoengineering.net/idp/profile/oidc/token
0.636request_http_args{'headers': {'Authorization': 'Basic MzAwMGJhZGYwYzU1ZDJjYWU3YzIyYjNkNjNlM2Y2Njc6ODY5N2E4OTlhYzFjNzYwODAyNmM4ZDEzN2E1YzMzYTAwM2RlMDA1MDc2MzBmMmQ2OGM5NTNlMTNkNzVlNjFiYg==', 'Content-Type': 'application/x-www-form-urlencoded'}}
0.636requestclient_id=3000badf0c55d2cae7c22b3d63e3f667&state=kNxbbGnnmq9LppJW&code=cnNMMxEQFhwMcxolU3DJ1JNueqXIxaJbiP07Tg9oqXDdGHWaYw&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60992%2Fauthz_cb
0.668http response
url:https://oidctest.idautoengineering.net/idp/profile/oidc/token status_code:200
0.669response{'refresh_token': 'ih/~6URJQ43z256wjO-Q~uUXhS0j4kuqR7rpVju8fJQ3wio5AS', 'expires_in': 32399, 'scope': 'openid', 'access_token': 'u6S.w/~_Lk.tStCWk_y2C85uS+opa2Po8nhcFYnxwAd~bDpu~v', 'id_token': 'eyJraWQiOiI2NTJlNjk1N2UxNzNmYzYxOTYxN2ZhMjNjMzZjYmFjNTRhNWZhNzhlNjBiNzA2Mjg5NmI2ZDgzNTdkNDVhOWYxIiwiYWxnIjoiUlMyNTYifQ.eyJpYXQiOjE1MTM2MzExODEsImV4cCI6MTUxMzYzMTI0MSwiaXNzIjoiaHR0cHM6Ly9vaWRjdGVzdC5pZGF1dG9lbmdpbmVlcmluZy5uZXQvaWRwIiwiYXVkIjoiMzAwMGJhZGYwYzU1ZDJjYWU3YzIyYjNkNjNlM2Y2NjciLCJzdWIiOiIyNjIwMjdhMC1hZjc3LTExZTctODc2ZC0wMjc0MGM1NDljY2EiLCJhdXRoX3RpbWUiOjE1MTM2MzExNjUsIm5vbmNlIjoiUERiQnhlOGxMWlFrMTNBViIsImF6cCI6IjMwMDBiYWRmMGM1NWQyY2FlN2MyMmIzZDYzZTNmNjY3IiwibmFtZSI6IlN5c3RlbSBBZG1pbiIsImdpdmVuX25hbWUiOiJTeXN0ZW0iLCJmYW1pbHlfbmFtZSI6IkFkbWluIiwiZW1haWwiOiJqYmVsbGFzc2FpQGlkZW50aXR5YXV0b21hdGlvbi5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXRfaGFzaCI6Img2Rnh0ajMtaVFabnQ3bE9RYzhDV2c9PSJ9.AEacDnGLUNHvhDGrwS6ihZm9AKZr1GngkPPZGa8MUerpE3RzhrnzTFzWaySrZU2VJUlEVYDgPX-s1dokaZUaFMsWiS8KNiPRccnVkCjOH-n63HrPmSnmOLq0wVawQI7cHwYXEhF4LcVLqQyEIBwA7mfMuDPTN4LD8EvT1Gszb2p6ehL4KvDDTd3z45hz5-c0E99tiOl1oJaGOnLht_Y5SRArwuR_EPZeUZ-ro30aG8xcVInvD3nnLk8MVXadyUXHv9K_VCpmCzmw5HkDaxKtys6tzvfG2M52ieb_PBhHDiGPzX5CvhemmaGu0hhXI26A23lo-n99I4WRlXQMXybg2A', 'token_type': 'Bearer'}
0.672AccessTokenResponse
{
    "access_token": "u6S.w/~_Lk.tStCWk_y2C85uS+opa2Po8nhcFYnxwAd~bDpu~v",
    "expires_in": 32399,
    "id_token": {
        "at_hash": "h6Fxtj3-iQZnt7lOQc8CWg==",
        "aud": [
            "3000badf0c55d2cae7c22b3d63e3f667"
        ],
        "auth_time": 1513631165,
        "azp": "3000badf0c55d2cae7c22b3d63e3f667",
        "email": "jbellassai@identityautomation.com",
        "email_verified": true,
        "exp": 1513631241,
        "family_name": "Admin",
        "given_name": "System",
        "iat": 1513631181,
        "iss": "https://oidctest.idautoengineering.net/idp",
        "name": "System Admin",
        "nonce": "PDbBxe8lLZQk13AV",
        "sub": "262027a0-af77-11e7-876d-02740c549cca"
    },
    "refresh_token": "ih/~6URJQ43z256wjO-Q~uUXhS0j4kuqR7rpVju8fJQ3wio5AS",
    "scope": "openid",
    "token_type": "Bearer"
}
0.672phase<--<-- 7 --- Done -->-->
0.672end
0.672assertionClaimsCheck
0.672conditionclaims-check: status=OK [Checks if specific claims is present or not]
0.673assertionSameAuthn
0.673conditionsame-authn: status=OK [Verifies that the same authentication was used twice in the flow.]
0.673assertionVerifyResponse
0.673conditionverify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
0.673assertionAuthTimeCheck
0.674conditionauth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.]
0.674conditionDone: status=OK

Result

PASSED