OpenID Connect Provider Certification Test Result

Test Info

Test description	Claims request with essential name claim
Profile	[]
Timestamp	2018-05-17T15:36:38Z
Issuer	https://reference.mobileconnect.io/mobileconnect
Test ID	OP-claims-essential

Conditions


verify-claims: status=OK [Verifies that the claims returned as UserInfo or in the ID Token is consistent with what was asked for]
check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
Done: status=OK

Trace Output

0.0	phase	<--<-- 0 --- Webfinger -->-->
0.0	not expected to do	WebFinger
0.0	phase	<--<-- 1 --- Discovery -->-->
0.0	provider_config	`kwargs:{'issuer': 'https://reference.mobileconnect.io/mobileconnect'}`
0.353	http response	`url:https://reference.mobileconnect.io/mobileconnect/.well-known/openid-configuration status_code:200`
0.355	ProviderConfigurationResponse	{ "acr_values_supported": [ "2", "3" ], "authorization_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/auth", "check_session_iframe": "https://reference.mobileconnect.io/mobileconnect/opframe.php", "claim_types_supported": [ "normal" ], "claims_locales_supported": [ "en-US" ], "claims_parameter_supported": true, "claims_supported": [ "name", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "email", "email_verified", "gender", "birthdate", "zoneinfo", "locale", "phone_number", "phone_number_verified", "address", "updated_at" ], "display_values_supported": [ "page", "popup" ], "end_session_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/endsession", "grant_types_supported": [ "authorization_code" ], "id_token_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP" ], "id_token_encryption_enc_values_supported": [ "A128CBC-HS256", "A256CBC-HS512", "A128GCM", "A256GCM" ], "id_token_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512" ], "issuer": "https://reference.mobileconnect.io/mobileconnect", "jwks_uri": "https://reference.mobileconnect.io/mobileconnect/op.jwk", "login_hint_methods_supported": [ "MSISDN", "ENCR_MSISDN", "PCR" ], "mc_atp_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/atp", "mobile_connect_version_supported": [ { "openid": "mc_v1.1" }, { "openid mc_authn": "mc_v1.2" }, { "openid mc_authz": "mc_v1.2" }, { "openid mc_identity_phonenumber": "mc_v1.2" }, { "openid mc_identity_signup": "mc_v1.2" }, { "openid mc_identity_nationalid": "mc_v1.2" }, { "openid mc_atp": "mc_v1.2" } ], "op_policy_uri": "https://reference.mobileconnect.io/mobileconnect/index.php/op_policy", "op_tos_uri": "https://reference.mobileconnect.io/mobileconnect/index.php/op_tos", "premiuminfo_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/premiuminfo", "request_object_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP" ], "request_object_encryption_enc_values_supported": [ "A128CBC-HS256", "A256CBC-HS512", "A128GCM", "A256GCM" ], "request_object_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512" ], "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": false, "response_types_supported": [ "code", "code token", "code id_token", "token", "token id_token", "code token id_token", "id_token" ], "scopes_supported": [ "openid", "mc_authn", "mc_authz", "profile", "email", "address", "phone", "mc_identity_phonenumber", "mc_identity_signup", "mc_identity_nationalid", "mc_atp" ], "service_documentation": "https://reference.mobileconnect.io/mobileconnect/index.php/servicedocs", "subject_types_supported": [ "public", "pairwise" ], "token_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/token", "token_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512" ], "ui_locales_supported": [ "en-US" ], "userinfo_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP" ], "userinfo_encryption_enc_values_supported": [ "A128CBC-HS256", "A256CBC-HS512", "A128GCM", "A256GCM" ], "userinfo_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/userinfo", "userinfo_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512" ], "version": "3.0" }
0.355	phase	<--<-- 2 --- Registration -->-->
0.355	not expected to do	Dynamic registration
0.355	phase	<--<-- 3 --- AsyncAuthn -->-->
0.356	AuthorizationRequest	`{ "claims": { "userinfo": { "name": { "essential": true } } }, "client_id": "7cf82bd4-71c3-47df-9c49-70fae9c9b142", "nonce": "bc3xfkpM3l5dNXIl", "redirect_uri": "https://op.certification.openid.net:61286/authz_cb", "response_type": "code", "scope": "openid", "state": "YBE7Ntfq23F9MEfT" }`
0.356	redirect url	https://reference.mobileconnect.io/mobileconnect/index.php/auth?response_type=code&claims=%7B%22userinfo%22%3A+%7B%22name%22%3A+%7B%22essential%22%3A+true%7D%7D%7D&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61286%2Fauthz_cb&nonce=bc3xfkpM3l5dNXIl&state=YBE7Ntfq23F9MEfT&client_id=7cf82bd4-71c3-47df-9c49-70fae9c9b142&scope=openid
0.356	redirect	https://reference.mobileconnect.io/mobileconnect/index.php/auth?response_type=code&claims=%7B%22userinfo%22%3A+%7B%22name%22%3A+%7B%22essential%22%3A+true%7D%7D%7D&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61286%2Fauthz_cb&nonce=bc3xfkpM3l5dNXIl&state=YBE7Ntfq23F9MEfT&client_id=7cf82bd4-71c3-47df-9c49-70fae9c9b142&scope=openid
0.532	response	{'code': 'JY1xJgZphEStRorp6a-8cdAEHGWFByEPLXPj5GRHjTc', 'state': 'YBE7Ntfq23F9MEfT'}
0.532	response	{'code': 'JY1xJgZphEStRorp6a-8cdAEHGWFByEPLXPj5GRHjTc', 'state': 'YBE7Ntfq23F9MEfT'}
0.532	AuthorizationResponse	`{ "code": "JY1xJgZphEStRorp6a-8cdAEHGWFByEPLXPj5GRHjTc", "state": "YBE7Ntfq23F9MEfT" }`
0.533	phase	<--<-- 4 --- AccessToken -->-->
0.533	request	op_args: {'state': 'YBE7Ntfq23F9MEfT'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61286/authz_cb'}
0.533	do_access_token_request	`kwargs:{'request_args': {'grant_type': 'authorization_code', 'client_id': '7cf82bd4-71c3-47df-9c49-70fae9c9b142', 'code': 'JY1xJgZphEStRorp6a-8cdAEHGWFByEPLXPj5GRHjTc', 'redirect_uri': 'https://op.certification.openid.net:61286/authz_cb', 'state': 'YBE7Ntfq23F9MEfT'}, 'state': 'YBE7Ntfq23F9MEfT'}`
0.533	AccessTokenRequest	`{ "code": "JY1xJgZphEStRorp6a-8cdAEHGWFByEPLXPj5GRHjTc", "grant_type": "authorization_code", "redirect_uri": "https://op.certification.openid.net:61286/authz_cb", "state": "YBE7Ntfq23F9MEfT" }`
0.533	request_url	https://reference.mobileconnect.io/mobileconnect/index.php/token
0.533	request_http_args	{'headers': {'Authorization': 'Basic N2NmODJiZDQtNzFjMy00N2RmLTljNDktNzBmYWU5YzliMTQyOmNhNmE5ZDVjLTg5OTctNDZmOC05NjQwLTdiNTE5MWQyNGVkZQ==', 'Content-Type': 'application/x-www-form-urlencoded'}}
0.533	request	grant_type=authorization_code&code=JY1xJgZphEStRorp6a-8cdAEHGWFByEPLXPj5GRHjTc&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61286%2Fauthz_cb&state=YBE7Ntfq23F9MEfT
0.933	http response	`url:https://reference.mobileconnect.io/mobileconnect/index.php/token status_code:200`
0.934	response	{'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IlBIUE9QLTAwIn0.eyJpc3MiOiJodHRwczpcL1wvcmVmZXJlbmNlLm1vYmlsZWNvbm5lY3QuaW9cL21vYmlsZWNvbm5lY3QiLCJzdWIiOiJGM0VFRDU1RC01RTZELTQ4MjktODhBNi1BMzY1MzI1QThBNUMiLCJhdWQiOlsiN2NmODJiZDQtNzFjMy00N2RmLTljNDktNzBmYWU5YzliMTQyIl0sImV4cCI6MTUyNjU3MTY5OCwiaWF0IjoxNTI2NTcxMzk4LCJub25jZSI6ImJjM3hma3BNM2w1ZE5YSWwiLCJhdF9oYXNoIjoia2x2czB3aXJjV2o0VWFUY2YyeUdrQSIsImF1dGhfdGltZSI6MTUyNjU2NTc5NSwiYWNyIjoiMiIsImF6cCI6IjdjZjgyYmQ0LTcxYzMtNDdkZi05YzQ5LTcwZmFlOWM5YjE0MiIsImhhc2hlZF9sb2dpbl9oaW50IjoiZTNiMGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5NTk5MWI3ODUyYjg1NSJ9.pAR9548tDctCI-Yct0Dw1_VHuE3obV80G-Cw-H5KveHxGV4Ltb_N5Mt18I6UWsXx2Kjgo3PBQvYUGqWzBMBcY4XbdLgBwv-6vW4KTSA9FmRUYn43MVCNFsr-eP-mmeuC_-WSRAgvhvyvr8JL4SHQb6CtCRqirpeqo7AZhikJvcI', 'token_type': 'Bearer', 'expires_in': 3600, 'access_token': 'WP0MUcSzsw_2WkAUhsQ_uOcMRp-1fqsHJ3VUDzW88A8'}
1.29	AccessTokenResponse	{ "access_token": "WP0MUcSzsw_2WkAUhsQ_uOcMRp-1fqsHJ3VUDzW88A8", "expires_in": 3600, "id_token": { "acr": "2", "at_hash": "klvs0wircWj4UaTcf2yGkA", "aud": [ "7cf82bd4-71c3-47df-9c49-70fae9c9b142" ], "auth_time": 1526565795, "azp": "7cf82bd4-71c3-47df-9c49-70fae9c9b142", "exp": 1526571698, "hashed_login_hint": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "iat": 1526571398, "iss": "https://reference.mobileconnect.io/mobileconnect", "nonce": "bc3xfkpM3l5dNXIl", "sub": "F3EED55D-5E6D-4829-88A6-A365325A8A5C" }, "token_type": "Bearer" }
1.29	phase	<--<-- 5 --- UserInfo -->-->
1.29	do_user_info_request	`kwargs:{'method': 'GET', 'authn_method': 'bearer_header', 'state': 'YBE7Ntfq23F9MEfT'}`
1.29	request	{'body': None}
1.29	request_url	https://reference.mobileconnect.io/mobileconnect/index.php/userinfo
1.29	request_http_args	{'headers': {'Authorization': 'Bearer WP0MUcSzsw_2WkAUhsQ_uOcMRp-1fqsHJ3VUDzW88A8'}}
1.675	http response	`url:https://reference.mobileconnect.io/mobileconnect/index.php/userinfo status_code:200`
1.675	OpenIDSchema	`{ "name": "test1", "sub": "F3EED55D-5E6D-4829-88A6-A365325A8A5C" }`
1.675	OpenIDSchema	`{ "name": "test1", "sub": "F3EED55D-5E6D-4829-88A6-A365325A8A5C" }`
1.675	phase	<--<-- 6 --- Done -->-->
1.676	end
1.676	assertion	VerifyClaims
1.676	condition	verify-claims: status=OK [Verifies that the claims returned as UserInfo or in the ID Token is consistent with what was asked for]
1.677	assertion	CheckHTTPResponse
1.677	condition	check-http-response: status=OK [Checks that the HTTP response status is within the 200 or 300 range. Also does some extra JSON checks]
1.677	condition	Done: status=OK

Result

PASSED

(C) 2017-2018 - OpenID Foundation
E-mail: certification@oidf.org
Issues: Github

Version: 2.0.14