0.0 | phase | <--<-- 0 --- Webfinger -->--> |
0.0 | not expected to do | WebFinger |
0.0 | phase | <--<-- 1 --- Discovery -->--> |
0.0 | provider_config | kwargs:{'issuer': 'https://reference.mobileconnect.io/mobileconnect'}
|
0.355 | http response | url:https://reference.mobileconnect.io/mobileconnect/.well-known/openid-configuration status_code:200
|
0.357 | ProviderConfigurationResponse | {
"acr_values_supported": [
"2",
"3"
],
"authorization_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/auth",
"check_session_iframe": "https://reference.mobileconnect.io/mobileconnect/opframe.php",
"claim_types_supported": [
"normal"
],
"claims_locales_supported": [
"en-US"
],
"claims_parameter_supported": true,
"claims_supported": [
"name",
"given_name",
"family_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"email",
"email_verified",
"gender",
"birthdate",
"zoneinfo",
"locale",
"phone_number",
"phone_number_verified",
"address",
"updated_at"
],
"display_values_supported": [
"page",
"popup"
],
"end_session_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/endsession",
"grant_types_supported": [
"authorization_code"
],
"id_token_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"id_token_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"issuer": "https://reference.mobileconnect.io/mobileconnect",
"jwks_uri": "https://reference.mobileconnect.io/mobileconnect/op.jwk",
"login_hint_methods_supported": [
"MSISDN",
"ENCR_MSISDN",
"PCR"
],
"mc_atp_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/atp",
"mobile_connect_version_supported": [
{
"openid": "mc_v1.1"
},
{
"openid mc_authn": "mc_v1.2"
},
{
"openid mc_authz": "mc_v1.2"
},
{
"openid mc_identity_phonenumber": "mc_v1.2"
},
{
"openid mc_identity_signup": "mc_v1.2"
},
{
"openid mc_identity_nationalid": "mc_v1.2"
},
{
"openid mc_atp": "mc_v1.2"
}
],
"op_policy_uri": "https://reference.mobileconnect.io/mobileconnect/index.php/op_policy",
"op_tos_uri": "https://reference.mobileconnect.io/mobileconnect/index.php/op_tos",
"premiuminfo_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/premiuminfo",
"request_object_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"request_object_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"request_object_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_types_supported": [
"code",
"code token",
"code id_token",
"token",
"token id_token",
"code token id_token",
"id_token"
],
"scopes_supported": [
"openid",
"mc_authn",
"mc_authz",
"profile",
"email",
"address",
"phone",
"mc_identity_phonenumber",
"mc_identity_signup",
"mc_identity_nationalid",
"mc_atp"
],
"service_documentation": "https://reference.mobileconnect.io/mobileconnect/index.php/servicedocs",
"subject_types_supported": [
"public",
"pairwise"
],
"token_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"client_secret_jwt",
"private_key_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"ui_locales_supported": [
"en-US"
],
"userinfo_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"userinfo_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"userinfo_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/userinfo",
"userinfo_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"version": "3.0"
}
|
0.357 | phase | <--<-- 2 --- Registration -->--> |
0.357 | not expected to do | Dynamic registration |
0.357 | phase | <--<-- 3 --- AsyncAuthn -->--> |
0.357 | AuthorizationRequest | {
"client_id": "7cf82bd4-71c3-47df-9c49-70fae9c9b142",
"nonce": "Hgb06JFGakI8jUZY",
"redirect_uri": "https://op.certification.openid.net:61286/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "97RJd6LZjCVszlsv"
}
|
0.358 | redirect url | https://reference.mobileconnect.io/mobileconnect/index.php/auth?response_type=code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61286%2Fauthz_cb&scope=openid&nonce=Hgb06JFGakI8jUZY&client_id=7cf82bd4-71c3-47df-9c49-70fae9c9b142&state=97RJd6LZjCVszlsv |
0.358 | redirect | https://reference.mobileconnect.io/mobileconnect/index.php/auth?response_type=code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61286%2Fauthz_cb&scope=openid&nonce=Hgb06JFGakI8jUZY&client_id=7cf82bd4-71c3-47df-9c49-70fae9c9b142&state=97RJd6LZjCVszlsv |
0.53 | response | {'code': 'Dqtw4bxfCWszUlifJqWPSMsJqzlK114JeNvdY8QM7hY', 'state': '97RJd6LZjCVszlsv'} |
0.531 | response | {'code': 'Dqtw4bxfCWszUlifJqWPSMsJqzlK114JeNvdY8QM7hY', 'state': '97RJd6LZjCVszlsv'} |
0.531 | AuthorizationResponse | {
"code": "Dqtw4bxfCWszUlifJqWPSMsJqzlK114JeNvdY8QM7hY",
"state": "97RJd6LZjCVszlsv"
}
|
0.531 | phase | <--<-- 4 --- AccessToken -->--> |
0.531 | request | op_args: {'state': '97RJd6LZjCVszlsv'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61286/authz_cb'} |
0.531 | do_access_token_request | kwargs:{'request_args': {'grant_type': 'authorization_code', 'client_id': '7cf82bd4-71c3-47df-9c49-70fae9c9b142', 'code': 'Dqtw4bxfCWszUlifJqWPSMsJqzlK114JeNvdY8QM7hY', 'redirect_uri': 'https://op.certification.openid.net:61286/authz_cb', 'state': '97RJd6LZjCVszlsv'}, 'state': '97RJd6LZjCVszlsv'}
|
0.531 | AccessTokenRequest | {
"code": "Dqtw4bxfCWszUlifJqWPSMsJqzlK114JeNvdY8QM7hY",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61286/authz_cb",
"state": "97RJd6LZjCVszlsv"
}
|
0.531 | request_url | https://reference.mobileconnect.io/mobileconnect/index.php/token |
0.531 | request_http_args | {'headers': {'Authorization': 'Basic N2NmODJiZDQtNzFjMy00N2RmLTljNDktNzBmYWU5YzliMTQyOmNhNmE5ZDVjLTg5OTctNDZmOC05NjQwLTdiNTE5MWQyNGVkZQ==', 'Content-Type': 'application/x-www-form-urlencoded'}} |
0.531 | request | grant_type=authorization_code&code=Dqtw4bxfCWszUlifJqWPSMsJqzlK114JeNvdY8QM7hY&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61286%2Fauthz_cb&state=97RJd6LZjCVszlsv |
0.932 | http response | url:https://reference.mobileconnect.io/mobileconnect/index.php/token status_code:200
|
0.933 | response | {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IlBIUE9QLTAwIn0.eyJpc3MiOiJodHRwczpcL1wvcmVmZXJlbmNlLm1vYmlsZWNvbm5lY3QuaW9cL21vYmlsZWNvbm5lY3QiLCJzdWIiOiJGM0VFRDU1RC01RTZELTQ4MjktODhBNi1BMzY1MzI1QThBNUMiLCJhdWQiOlsiN2NmODJiZDQtNzFjMy00N2RmLTljNDktNzBmYWU5YzliMTQyIl0sImV4cCI6MTUyNjU3MTgzNiwiaWF0IjoxNTI2NTcxNTM2LCJub25jZSI6IkhnYjA2SkZHYWtJOGpVWlkiLCJhdF9oYXNoIjoiRlNfNTF0WlcxcnVJU1pJWFMwanJMZyIsImF1dGhfdGltZSI6MTUyNjU3MTQyOCwiYWNyIjoiMiIsImF6cCI6IjdjZjgyYmQ0LTcxYzMtNDdkZi05YzQ5LTcwZmFlOWM5YjE0MiIsImhhc2hlZF9sb2dpbl9oaW50IjoiZTNiMGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5NTk5MWI3ODUyYjg1NSJ9.Z5d4u2X98f3YxXhsw73C9Cn5--wx2LRUGZQ5aLoxV6nP___UgUzPwdH6Z8XLCdybVbUaMYUU63Zq4fNCjaHKeSgh38q83aK0gxSo6vP6aDbPGKv64KGLn13BUXZv3b2SJdrhT5zHyZQw_rfL-vQvPlAHDaQ6_xsZbS6VJXV4-GE', 'token_type': 'Bearer', 'expires_in': 3600, 'access_token': 'Kof7qtt7c3QM84tg2oszLJLAmePYJKv3ydMOAzDhcYQ'} |
1.291 | AccessTokenResponse | {
"access_token": "Kof7qtt7c3QM84tg2oszLJLAmePYJKv3ydMOAzDhcYQ",
"expires_in": 3600,
"id_token": {
"acr": "2",
"at_hash": "FS_51tZW1ruISZIXS0jrLg",
"aud": [
"7cf82bd4-71c3-47df-9c49-70fae9c9b142"
],
"auth_time": 1526571428,
"azp": "7cf82bd4-71c3-47df-9c49-70fae9c9b142",
"exp": 1526571836,
"hashed_login_hint": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"iat": 1526571536,
"iss": "https://reference.mobileconnect.io/mobileconnect",
"nonce": "Hgb06JFGakI8jUZY",
"sub": "F3EED55D-5E6D-4829-88A6-A365325A8A5C"
},
"token_type": "Bearer"
}
|
1.291 | phase | <--<-- 5 --- Note -->--> |
2.726 | phase | <--<-- 6 --- Webfinger -->--> |
2.726 | not expected to do | WebFinger |
2.726 | phase | <--<-- 7 --- Discovery -->--> |
2.726 | provider_config | kwargs:{'issuer': 'https://reference.mobileconnect.io/mobileconnect'}
|
3.08 | http response | url:https://reference.mobileconnect.io/mobileconnect/.well-known/openid-configuration status_code:200
|
3.082 | ProviderConfigurationResponse | {
"acr_values_supported": [
"2",
"3"
],
"authorization_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/auth",
"check_session_iframe": "https://reference.mobileconnect.io/mobileconnect/opframe.php",
"claim_types_supported": [
"normal"
],
"claims_locales_supported": [
"en-US"
],
"claims_parameter_supported": true,
"claims_supported": [
"name",
"given_name",
"family_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"email",
"email_verified",
"gender",
"birthdate",
"zoneinfo",
"locale",
"phone_number",
"phone_number_verified",
"address",
"updated_at"
],
"display_values_supported": [
"page",
"popup"
],
"end_session_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/endsession",
"grant_types_supported": [
"authorization_code"
],
"id_token_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"id_token_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"issuer": "https://reference.mobileconnect.io/mobileconnect",
"jwks_uri": "https://reference.mobileconnect.io/mobileconnect/op.jwk",
"login_hint_methods_supported": [
"MSISDN",
"ENCR_MSISDN",
"PCR"
],
"mc_atp_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/atp",
"mobile_connect_version_supported": [
{
"openid": "mc_v1.1"
},
{
"openid mc_authn": "mc_v1.2"
},
{
"openid mc_authz": "mc_v1.2"
},
{
"openid mc_identity_phonenumber": "mc_v1.2"
},
{
"openid mc_identity_signup": "mc_v1.2"
},
{
"openid mc_identity_nationalid": "mc_v1.2"
},
{
"openid mc_atp": "mc_v1.2"
}
],
"op_policy_uri": "https://reference.mobileconnect.io/mobileconnect/index.php/op_policy",
"op_tos_uri": "https://reference.mobileconnect.io/mobileconnect/index.php/op_tos",
"premiuminfo_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/premiuminfo",
"request_object_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"request_object_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"request_object_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_types_supported": [
"code",
"code token",
"code id_token",
"token",
"token id_token",
"code token id_token",
"id_token"
],
"scopes_supported": [
"openid",
"mc_authn",
"mc_authz",
"profile",
"email",
"address",
"phone",
"mc_identity_phonenumber",
"mc_identity_signup",
"mc_identity_nationalid",
"mc_atp"
],
"service_documentation": "https://reference.mobileconnect.io/mobileconnect/index.php/servicedocs",
"subject_types_supported": [
"public",
"pairwise"
],
"token_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"client_secret_jwt",
"private_key_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"ui_locales_supported": [
"en-US"
],
"userinfo_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"userinfo_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"userinfo_endpoint": "https://reference.mobileconnect.io/mobileconnect/index.php/userinfo",
"userinfo_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"version": "3.0"
}
|
3.082 | phase | <--<-- 8 --- Registration -->--> |
3.082 | not expected to do | Dynamic registration |
3.082 | phase | <--<-- 9 --- AsyncAuthn -->--> |
3.083 | AuthorizationRequest | {
"client_id": "7cf82bd4-71c3-47df-9c49-70fae9c9b142",
"max_age": 1,
"nonce": "mSjbyds4Qa1TW0AK",
"redirect_uri": "https://op.certification.openid.net:61286/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "6D8LflvvHu4KCY5M"
}
|
3.083 | redirect url | https://reference.mobileconnect.io/mobileconnect/index.php/auth?max_age=1&response_type=code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61286%2Fauthz_cb&scope=openid&nonce=mSjbyds4Qa1TW0AK&client_id=7cf82bd4-71c3-47df-9c49-70fae9c9b142&state=6D8LflvvHu4KCY5M |
3.083 | redirect | https://reference.mobileconnect.io/mobileconnect/index.php/auth?max_age=1&response_type=code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61286%2Fauthz_cb&scope=openid&nonce=mSjbyds4Qa1TW0AK&client_id=7cf82bd4-71c3-47df-9c49-70fae9c9b142&state=6D8LflvvHu4KCY5M |
11.763 | response | {'code': 'IP9X4HEtARajxtJJk8F9TYRnVFre6QDY_DjjD4HibPM', 'state': '6D8LflvvHu4KCY5M'} |
11.763 | response | {'code': 'IP9X4HEtARajxtJJk8F9TYRnVFre6QDY_DjjD4HibPM', 'state': '6D8LflvvHu4KCY5M'} |
11.763 | AuthorizationResponse | {
"code": "IP9X4HEtARajxtJJk8F9TYRnVFre6QDY_DjjD4HibPM",
"state": "6D8LflvvHu4KCY5M"
}
|
11.764 | phase | <--<-- 10 --- AccessToken -->--> |
11.764 | request | op_args: {'state': '6D8LflvvHu4KCY5M'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61286/authz_cb'} |
11.764 | do_access_token_request | kwargs:{'request_args': {'grant_type': 'authorization_code', 'client_id': '7cf82bd4-71c3-47df-9c49-70fae9c9b142', 'code': 'IP9X4HEtARajxtJJk8F9TYRnVFre6QDY_DjjD4HibPM', 'redirect_uri': 'https://op.certification.openid.net:61286/authz_cb', 'state': '6D8LflvvHu4KCY5M'}, 'state': '6D8LflvvHu4KCY5M'}
|
11.764 | AccessTokenRequest | {
"code": "IP9X4HEtARajxtJJk8F9TYRnVFre6QDY_DjjD4HibPM",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61286/authz_cb",
"state": "6D8LflvvHu4KCY5M"
}
|
11.764 | request_url | https://reference.mobileconnect.io/mobileconnect/index.php/token |
11.764 | request_http_args | {'headers': {'Authorization': 'Basic N2NmODJiZDQtNzFjMy00N2RmLTljNDktNzBmYWU5YzliMTQyOmNhNmE5ZDVjLTg5OTctNDZmOC05NjQwLTdiNTE5MWQyNGVkZQ==', 'Content-Type': 'application/x-www-form-urlencoded'}} |
11.764 | request | grant_type=authorization_code&code=IP9X4HEtARajxtJJk8F9TYRnVFre6QDY_DjjD4HibPM&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61286%2Fauthz_cb&state=6D8LflvvHu4KCY5M |
12.176 | http response | url:https://reference.mobileconnect.io/mobileconnect/index.php/token status_code:200
|
12.177 | response | {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IlBIUE9QLTAwIn0.eyJpc3MiOiJodHRwczpcL1wvcmVmZXJlbmNlLm1vYmlsZWNvbm5lY3QuaW9cL21vYmlsZWNvbm5lY3QiLCJzdWIiOiJGM0VFRDU1RC01RTZELTQ4MjktODhBNi1BMzY1MzI1QThBNUMiLCJhdWQiOlsiN2NmODJiZDQtNzFjMy00N2RmLTljNDktNzBmYWU5YzliMTQyIl0sImV4cCI6MTUyNjU3MTg0NywiaWF0IjoxNTI2NTcxNTQ3LCJub25jZSI6Im1TamJ5ZHM0UWExVFcwQUsiLCJhdF9oYXNoIjoiR1BOcTkwNUl5aElxWVhvLUV4WE9fQSIsImF1dGhfdGltZSI6MTUyNjU3MTU0NCwiYWNyIjoiMiIsImFtciI6WyJPSyJdLCJhenAiOiI3Y2Y4MmJkNC03MWMzLTQ3ZGYtOWM0OS03MGZhZTljOWIxNDIiLCJoYXNoZWRfbG9naW5faGludCI6ImUzYjBjNDQyOThmYzFjMTQ5YWZiZjRjODk5NmZiOTI0MjdhZTQxZTQ2NDliOTM0Y2E0OTU5OTFiNzg1MmI4NTUifQ.GbfaMvTVByCOsstPbJW7YqwkLUu2c6M1qn0WyQhHu1nUYm1VCjTevCtPNCOLFeBJ9u8MFqaNCZNkQfIzR2-5wcOTw1UpdH0ugViFWaCmPkF2GGYBFWgUuSWJScQLkhkkiPFNJfuswuXv5Jqq3A73mmTBwfXyGEM2KNUSPMLfLVU', 'token_type': 'Bearer', 'expires_in': 3600, 'access_token': 'siQpfefmwM1lBrnvIHrWCprM0Ya_RiK25XmASd2CAXI'} |
12.179 | AccessTokenResponse | {
"access_token": "siQpfefmwM1lBrnvIHrWCprM0Ya_RiK25XmASd2CAXI",
"expires_in": 3600,
"id_token": {
"acr": "2",
"amr": [
"OK"
],
"at_hash": "GPNq905IyhIqYXo-ExXO_A",
"aud": [
"7cf82bd4-71c3-47df-9c49-70fae9c9b142"
],
"auth_time": 1526571544,
"azp": "7cf82bd4-71c3-47df-9c49-70fae9c9b142",
"exp": 1526571847,
"hashed_login_hint": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"iat": 1526571547,
"iss": "https://reference.mobileconnect.io/mobileconnect",
"nonce": "mSjbyds4Qa1TW0AK",
"sub": "F3EED55D-5E6D-4829-88A6-A365325A8A5C"
},
"token_type": "Bearer"
}
|
12.18 | phase | <--<-- 11 --- Done -->--> |
12.18 | end | |
12.18 | assertion | VerifyResponse |
12.18 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
12.18 | assertion | MultipleSignOn |
12.181 | condition | multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow] |
12.181 | assertion | ClaimsCheck |
12.181 | condition | claims-check: status=OK [Checks if specific claims is present or not] |
12.181 | assertion | AuthTimeCheck |
12.181 | condition | auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.] |
12.181 | condition | Done: status=OK |