Test Info

Issuerhttps://oidc-conformance.ping-eng.com:9031
Profile[]
Test IDOP-nonce-NoReq-noncode
Test descriptionReject requests without nonce unless using the code flow
Timestamp2018-09-21T17:35:02Z

Conditions


verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK

Trace Output

0.0phase<--<-- 0 --- Webfinger -->-->
0.0not expected to doWebFinger
0.0phase<--<-- 1 --- Discovery -->-->
0.0not expected to doDynamic discovery
0.0phase<--<-- 2 --- Note -->-->
7.486phase<--<-- 3 --- Registration -->-->
7.486register
kwargs:{'response_types': ['code id_token token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61401/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61401/logout'], 'url': 'https://oidc-conformance.ping-eng.com:9031/as/clients.oauth2', 'jwks_uri': 'https://op.certification.openid.net:61401/static/jwks_61401.json'}
7.486RegistrationRequest
{
    "application_type": "web",
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "implicit",
        "authorization_code"
    ],
    "jwks_uri": "https://op.certification.openid.net:61401/static/jwks_61401.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61401/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61401/authz_cb"
    ],
    "request_uris": [
        "https://op.certification.openid.net:61401/requests/876669ef2b3891075309a06e00b98e6ace4cfca108af01becb9a804fff95d8c4#mocnyPCaOPMmwf3L"
    ],
    "response_types": [
        "code id_token token"
    ]
}
7.99http response
url:https://oidc-conformance.ping-eng.com:9031/as/clients.oauth2 status_code:201
7.991RegistrationResponse
{
    "client_id": "dc-tQfK78uN7Le05P9LGYAUHA",
    "client_name": "dc-tQfK78uN7Le05P9LGYAUHA",
    "client_secret": "0bPbK808xCqYUeOzjAcUDh",
    "client_secret_expires_at": 0,
    "grant_access_session_revocation_api": false,
    "grant_types": [
        "implicit",
        "authorization_code"
    ],
    "jwks_uri": "https://op.certification.openid.net:61401/static/jwks_61401.json",
    "persistent_grant_expiration_type": "server_default",
    "pingaccess_logout_capable": false,
    "redirect_uris": [
        "https://op.certification.openid.net:61401/authz_cb"
    ],
    "refresh_token_rolling_policy": "server_default",
    "response_types": [
        "code id_token token"
    ],
    "scope": "address phone edit openid profile admin email",
    "token_endpoint_auth_method": "client_secret_basic",
    "validate_using_all_eligible_atms": false
}
7.991phase<--<-- 4 --- AsyncAuthn -->-->
7.991AuthorizationRequest
{
    "client_id": "dc-tQfK78uN7Le05P9LGYAUHA",
    "redirect_uri": "https://op.certification.openid.net:61401/authz_cb",
    "response_type": "code id_token token",
    "scope": "openid",
    "state": "7YExArUBqitLgUxt"
}
7.991redirect urlhttps://oidc-conformance.ping-eng.com:9031/as/authorization.oauth2?state=7YExArUBqitLgUxt&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61401%2Fauthz_cb&client_id=dc-tQfK78uN7Le05P9LGYAUHA
7.991redirecthttps://oidc-conformance.ping-eng.com:9031/as/authorization.oauth2?state=7YExArUBqitLgUxt&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61401%2Fauthz_cb&client_id=dc-tQfK78uN7Le05P9LGYAUHA
8.273http args{}
8.442responseURL with fragment
8.442responseerror_description=nonce+is+required+in+the+context+of+this+request.&state=7YExArUBqitLgUxt&error=invalid_request
8.443response{'error_description': 'nonce is required in the context of this request.', 'state': '7YExArUBqitLgUxt', 'error': 'invalid_request'}
8.443AuthorizationErrorResponse
{
    "error": "invalid_request",
    "error_description": "nonce is required in the context of this request.",
    "state": "7YExArUBqitLgUxt"
}
8.443AuthorizationErrorResponse
{
    "error": "invalid_request",
    "error_description": "nonce is required in the context of this request.",
    "state": "7YExArUBqitLgUxt"
}
8.443phase<--<-- 5 --- Done -->-->
8.443end
8.444assertionVerifyResponse
8.444conditionverify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
8.444conditionDone: status=OK

Result

PASSED