Test Info

Issuerhttps://isamfed.com:30443/test
Profile[]
Test IDOP-ClientAuth-Basic-Dynamic
Test descriptionAccess token request with client_secret_basic authentication
Timestamp2019-06-17T15:43:11Z

Conditions


verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK

Trace Output

0phase<--<-- 0 --- Webfinger -->-->
0not expected to doWebFinger
0phase<--<-- 1 --- Discovery -->-->
0provider_config
kwargs:{'issuer': 'https://isamfed.com:30443/test'}
0http response
url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
0ProviderConfigurationResponse
{
    "authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
    "claims_parameter_supported": false,
    "claims_supported": [
        "realmName",
        "preferred_username",
        "given_name",
        "uid",
        "upn",
        "groupIds",
        "employee_id",
        "name",
        "tenantId",
        "mobile_number",
        "department",
        "job_title",
        "family_name",
        "email"
    ],
    "device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
    "grant_types_supported": [
        "urn:ietf:params:oauth:grant-type:jwt-bearer",
        "implicit",
        "urn:ietf:params:oauth:grant-type:saml2-bearer",
        "urn:ietf:params:oauth:grant-type:device_code",
        "client_credentials",
        "password",
        "authorization_code",
        "refresh_token"
    ],
    "id_token_encryption_alg_values_supported": [
        "RSA-OAEP-256"
    ],
    "id_token_encryption_enc_values_supported": [
        "A128CBC-HS256"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
    "issuer": "https://isamfed.com:30443/test",
    "jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
    "name": "OIDCDefinition",
    "poc": "https://isamfed.com:30443/mga/",
    "registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": false,
    "response_modes_supported": [
        "fragment",
        "form_post"
    ],
    "response_types_supported": [
        "token",
        "id_token",
        "token id_token",
        "code",
        "code id_token",
        "code token id_token",
        "code token",
        "none"
    ],
    "revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
    "subject_types_supported": [
        "public"
    ],
    "token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
    "token_endpoint_auth_methods_supported": [
        "private_key_jwt",
        "client_secret_post",
        "client_secret_basic"
    ],
    "user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
    "userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
    "userinfo_signing_alg_values_supported": [
        "RS256"
    ],
    "version": "3.0"
}
0phase<--<-- 2 --- Registration -->-->
0register
kwargs:{'response_types': ['code'], 'grant_types': ['authorization_code'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61583/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61583/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61583/static/jwks_61583.json', 'token_endpoint_auth_method': 'client_secret_basic'}
0RegistrationRequest
{
    "application_type": "web",
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "authorization_code"
    ],
    "jwks_uri": "https://op.certification.openid.net:61583/static/jwks_61583.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61583/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61583/authz_cb"
    ],
    "response_types": [
        "code"
    ],
    "token_endpoint_auth_method": "client_secret_basic"
}
0http response
url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
0RegistrationResponse
{
    "application_type": "web",
    "client_id": "utuK1XaThp2qNpUMtfYq",
    "client_id_issued_at": 1560786189,
    "client_secret": "7zmOW7khLAwkRMJ9sujw",
    "client_secret_expires_at": 0,
    "contacts": [
        "roland@example.com"
    ],
    "grant_types": [
        "authorization_code"
    ],
    "jwks_uri": "https://op.certification.openid.net:61583/static/jwks_61583.json",
    "post_logout_redirect_uris": [
        "https://op.certification.openid.net:61583/logout"
    ],
    "redirect_uris": [
        "https://op.certification.openid.net:61583/authz_cb"
    ],
    "registration_access_token": "cHPJDJm4R0QdzT56JgI0",
    "registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=utuK1XaThp2qNpUMtfYq",
    "response_types": [
        "code"
    ],
    "token_endpoint_auth_method": "client_secret_basic"
}
0phase<--<-- 3 --- AsyncAuthn -->-->
0AuthorizationRequest
{
    "client_id": "utuK1XaThp2qNpUMtfYq",
    "nonce": "B4EYlRRwHwjzd3MC",
    "redirect_uri": "https://op.certification.openid.net:61583/authz_cb",
    "response_type": "code",
    "scope": "openid",
    "state": "lY9zLCbQxVhlLcN2"
}
0redirect urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=lY9zLCbQxVhlLcN2&nonce=B4EYlRRwHwjzd3MC&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61583%2Fauthz_cb&client_id=utuK1XaThp2qNpUMtfYq
0redirecthttps://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=lY9zLCbQxVhlLcN2&nonce=B4EYlRRwHwjzd3MC&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61583%2Fauthz_cb&client_id=utuK1XaThp2qNpUMtfYq
1responseResponse URL with query part
1response{'state': 'lY9zLCbQxVhlLcN2', 'code': 'T5gf0imlvEs6QegsgyDup2CYQJQgN5'}
1response{'state': 'lY9zLCbQxVhlLcN2', 'code': 'T5gf0imlvEs6QegsgyDup2CYQJQgN5'}
1AuthorizationResponse
{
    "code": "T5gf0imlvEs6QegsgyDup2CYQJQgN5",
    "state": "lY9zLCbQxVhlLcN2"
}
1phase<--<-- 4 --- AccessToken -->-->
1requestop_args: {'state': 'lY9zLCbQxVhlLcN2', 'authn_method': 'client_secret_basic'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61583/authz_cb'}
1do_access_token_request
kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61583/authz_cb', 'code': 'T5gf0imlvEs6QegsgyDup2CYQJQgN5', 'state': 'lY9zLCbQxVhlLcN2', 'grant_type': 'authorization_code', 'client_id': 'utuK1XaThp2qNpUMtfYq'}, 'state': 'lY9zLCbQxVhlLcN2', 'authn_method': 'client_secret_basic'}
1AccessTokenRequest
{
    "code": "T5gf0imlvEs6QegsgyDup2CYQJQgN5",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61583/authz_cb",
    "state": "lY9zLCbQxVhlLcN2"
}
1request_urlhttps://isamfed.com:30443/mga/sps/oauth/oauth20/token
1request_http_args{'headers': {'Authorization': 'Basic dXR1SzFYYVRocDJxTnBVTXRmWXE6N3ptT1c3a2hMQXdrUk1KOXN1anc=', 'Content-Type': 'application/x-www-form-urlencoded'}}
1requestgrant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61583%2Fauthz_cb&code=T5gf0imlvEs6QegsgyDup2CYQJQgN5&state=lY9zLCbQxVhlLcN2
2http response
url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
2response{'access_token': 'diF61qPn4Ro0kKWWpIES', 'refresh_token': 'K6jFSJh9gKb9yChzSZf8pwiF3hEsk7kuk66jwXDT', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.JvQGQcaW5WEX4zTzj-0eBCflS2YJPlxdMWLQftXnMiViObiZS3OyNgteDvaIyteq97E57-1vx5jDnX_mMUeWwasQehA2SLaMNxlH5YwI7BMMwfxqyiz68mMF93kqjyCLpv_TEPR4x-44RZLWL6g9dWeF6lV8o98ORYQc8f9aG2rQ8jMTyuFcop_GNkg22EwGkH3t2Rbj7bJaV7KOD9EJWwbnGjq8A2oB_-ESMuG_QKSIEuZyZNc7e-hT_RwDevf9VWWkK3hzySxhKwApkol66Oq2mF2JpHbAC908BGfYgQmuxF6eOeSKsC7PUqu0IMhooK4zNMHSgiQ76yojrPdxGw.i8ljZd0AFXXDwL-3_wtPBQ.b1cOep-mWnTW6Upbyb75__oSjCosn81Y5m14S9SzDO0ldS0DMGfiIe5xVHqK0aKM9bGgAVMlprTkwhhzOL5m7r1jfsQTGDYZBUn2IjzImQfqqILCJS2jrMi1D_2yYpX0OieWxJzJ4zJkmCdkepNvJLVdv7O0020O_PyOXK3F1i9aQokAZRPlNTiX39-FgJ5zemCB8Sp7Vj39JHMILBm0hkhMStpmN7Y6sBm30IdgUmZcpRvPun0ZIkZZX5GjGF0fmaz_GVWSNG7ay7-ElhxTOYkGrupxVy8hyrsTD5ErZQZIfXSVkbXpcGqFjwnpfn3bI4MNHRLVZaq5E17XpWkfIh6wmljvfHNBh6OY_u3Jzz9fbr_Zk885Oeyk4GVtWGepI8d9aAAwL1gN4_WtugiiLL8bqDvJQWb4AyZU2DSFPvkGbiWP1FIabaKWZzav3QOU2sFG8lc_MMIgurYQO6IjXQx8Mvk07oDV_Grthh-Z5j5Z2ZrcSpmu_HpXhq73N2GpGBLCMZpqR6G-QbkPCe9myxXul_UlzO2sPqfT-63SfZCBd4q7Cf_BpHFx8vV_fHVVb4NMqAgCEP14AaiuOOmiot1GePfRavmt5-BaSa32YrfylOfPoc544yfysochPHIhHfYr8T0mVa70Tn94E4WuYgkT7spkDFGP5fcDp4b0EufTBXuLSkmBi4F3mRd7zzBq975yTL2V_6FeJ5DrlrZgdBzxzi5Ku0Ljc4Nu_rGXijyD0NPO7lf_pRcywjF_-HYPLDPeBTJO2jZIKPtM1a4x6QSobKarFuXIR-IC6hzPT6QGQMOhpgOK5I_MkrtVf-3kdG8oQpCIgKSLMbDwlCt0TfWPRGM11-br_l-56Wm9KvcedNA-7YYDZK2uQaiK6B6subgqJ05jFOph8-QJdsp2tW1hjKJAScDDQXWFkLtGW-8vB4pIGJ9Enu3YzBESjlnGvZ-0p8_Azuk_wJUZ3ThCGA.c3A7EOl0LqwWqqPPlE2kPg', 'token_type': 'bearer', 'expires_in': 3599}
2AccessTokenResponse
{
    "access_token": "diF61qPn4Ro0kKWWpIES",
    "expires_in": 3599,
    "id_token": {
        "at_hash": "NoWyzr4zy3ostirvsGZlfg",
        "aud": [
            "utuK1XaThp2qNpUMtfYq"
        ],
        "exp": 1560789610,
        "iat": 1560786190,
        "iss": "https://isamfed.com:30443/test",
        "nonce": "B4EYlRRwHwjzd3MC",
        "rt_hash": "4r_KX-ajdc7gtMnv_OYvtg",
        "sub": "testuser"
    },
    "refresh_token": "K6jFSJh9gKb9yChzSZf8pwiF3hEsk7kuk66jwXDT",
    "scope": "openid",
    "token_type": "bearer"
}
2jws header{'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'}
2jwe header{'alg': 'RSA-OAEP-256', 'enc': 'A128CBC-HS256', 'kid': 'gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww', 'cty': 'JWT'}
2phase<--<-- 5 --- Done -->-->
2end
2assertionVerifyResponse
2conditionverify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
2conditionDone: status=OK

Result

PASSED