Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-05-14 12:31:13 INFO
TEST-RUNNER
Test instance gU6JBEy5z1ALd4n created
baseUrl
https://www.certification.openid.net/test/a/3_0_1
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code",
  "server_metadata": "discovery",
  "response_mode": "default",
  "client_registration": "dynamic_client"
}
alias
3_0_1
description
Tests with 3.0.1
planId
eoRiDGpQbhrb8
config
{
  "alias": "3_0_1",
  "description": "Tests with 3.0.1",
  "server": {
    "discoveryUrl": "https://testop.funet.fi/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "cert1",
    "client_secret": "changeit",
    "client_name": "second-cert-client"
  },
  "client_secret_post": {
    "client_id": "cert1_post",
    "client_secret": "changeit"
  },
  "client2": {
    "client_id": "cert2",
    "client_secret": "changeit",
    "client_name": "third-cert-client"
  }
}
testName
oidcc-refresh-token
2021-05-14 12:31:13 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
2021-05-14 12:31:13
GetDynamicServerConfiguration
HTTP request
request_uri
https://testop.funet.fi/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-05-14 12:31:13 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Fri, 14 May 2021 12:31:13 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "2259",
  "set-cookie": "JSESSIONID\u003dnode017tq0sqx6qxu0zekbu8o8hug743.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"authorization_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/authorize","token_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/token","registration_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/register","issuer":"https:\/\/testop.funet.fi","jwks_uri":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/keyset","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"grant_types_supported":["authorization_code","implicit","refresh_token"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"request_object_signing_alg_values_supported":["none","RS256","RS384","RS512","HS256","HS384","HS512","ES256","ES384","ES512"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"subject_types_supported":["public","pairwise"],"userinfo_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/userinfo","acr_values_supported":["password"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"display_values_supported":["page"],"claims_supported":["aud","iss","sub","iat","exp","acr","auth_time","email","email_verified","address","phone","phone_number_verified","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"claims_parameter_supported":true}
2021-05-14 12:31:13
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{"authorization_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/authorize","token_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/token","registration_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/register","issuer":"https:\/\/testop.funet.fi","jwks_uri":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/keyset","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"grant_types_supported":["authorization_code","implicit","refresh_token"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"request_object_signing_alg_values_supported":["none","RS256","RS384","RS512","HS256","HS384","HS512","ES256","ES384","ES512"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"subject_types_supported":["public","pairwise"],"userinfo_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/userinfo","acr_values_supported":["password"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"display_values_supported":["page"],"claims_supported":["aud","iss","sub","iat","exp","acr","auth_time","email","email_verified","address","phone","phone_number_verified","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"claims_parameter_supported":true}
2021-05-14 12:31:13 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
authorization_endpoint
https://testop.funet.fi/idp/profile/oidc/authorize
token_endpoint
https://testop.funet.fi/idp/profile/oidc/token
registration_endpoint
https://testop.funet.fi/idp/profile/oidc/register
issuer
https://testop.funet.fi
jwks_uri
https://testop.funet.fi/idp/profile/oidc/keyset
scopes_supported
[
  "openid",
  "profile",
  "email",
  "address",
  "phone",
  "offline_access"
]
response_types_supported
[
  "code",
  "id_token",
  "id_token token",
  "code id_token",
  "code token",
  "code id_token token"
]
response_modes_supported
[
  "query",
  "fragment",
  "form_post"
]
grant_types_supported
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
token_endpoint_auth_methods_supported
[
  "client_secret_basic",
  "client_secret_post",
  "client_secret_jwt",
  "private_key_jwt"
]
request_object_signing_alg_values_supported
[
  "none",
  "RS256",
  "RS384",
  "RS512",
  "HS256",
  "HS384",
  "HS512",
  "ES256",
  "ES384",
  "ES512"
]
request_parameter_supported
true
request_uri_parameter_supported
true
subject_types_supported
[
  "public",
  "pairwise"
]
userinfo_endpoint
https://testop.funet.fi/idp/profile/oidc/userinfo
acr_values_supported
[
  "password"
]
id_token_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "HS256",
  "HS384",
  "HS512"
]
id_token_encryption_alg_values_supported
[
  "RSA1_5",
  "RSA-OAEP",
  "RSA-OAEP-256",
  "A128KW",
  "A192KW",
  "A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW"
]
id_token_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A192CBC-HS384",
  "A256CBC-HS512",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
userinfo_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "HS256",
  "HS384",
  "HS512"
]
userinfo_encryption_alg_values_supported
[
  "RSA1_5",
  "RSA-OAEP",
  "RSA-OAEP-256",
  "A128KW",
  "A192KW",
  "A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW"
]
userinfo_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A192CBC-HS384",
  "A256CBC-HS512",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
display_values_supported
[
  "page"
]
claims_supported
[
  "aud",
  "iss",
  "sub",
  "iat",
  "exp",
  "acr",
  "auth_time",
  "email",
  "email_verified",
  "address",
  "phone",
  "phone_number_verified",
  "name",
  "family_name",
  "given_name",
  "middle_name",
  "nickname",
  "preferred_username",
  "profile",
  "picture",
  "website",
  "gender",
  "birthdate",
  "zoneinfo",
  "locale",
  "updated_at"
]
claims_parameter_supported
true
2021-05-14 12:31:13 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-05-14 12:31:13 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
authorization_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
token_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
2021-05-14 12:31:13
FetchServerKeys
Fetching server key
jwks_uri
https://testop.funet.fi/idp/profile/oidc/keyset
2021-05-14 12:31:13
FetchServerKeys
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/keyset
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-05-14 12:31:14 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Fri, 14 May 2021 12:31:14 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "1146",
  "set-cookie": "JSESSIONID\u003dnode01t3i8zpd897ax1byvmw8ngxyw44.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"keys":[{"kty":"RSA","e":"AQAB","kid":"testKeyFromPEM","n":"sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"},{"kty":"EC","use":"sig","crv":"P-256","kid":"defaultECSign","x":"U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA","y":"CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"},{"kty":"RSA","e":"AQAB","use":"enc","kid":"defaultRSAEnc","n":"io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"}]}
2021-05-14 12:31:14
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kty":"RSA","e":"AQAB","kid":"testKeyFromPEM","n":"sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"},{"kty":"EC","use":"sig","crv":"P-256","kid":"defaultECSign","x":"U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA","y":"CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"},{"kty":"RSA","e":"AQAB","use":"enc","kid":"defaultRSAEnc","n":"io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"}]}
2021-05-14 12:31:14 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "testKeyFromPEM",
      "n": "sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "defaultECSign",
      "x": "U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA",
      "y": "CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "defaultRSAEnc",
      "n": "io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"
    }
  ]
}
2021-05-14 12:31:14 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "testKeyFromPEM",
      "n": "sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "defaultECSign",
      "x": "U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA",
      "y": "CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "defaultRSAEnc",
      "n": "io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"
    }
  ]
}
2021-05-14 12:31:14 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-05-14 12:31:14 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2021-05-14 12:31:14 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-14 12:31:14 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-05-14 12:31:14 SUCCESS
GetDynamicClientConfiguration
Created dynamic_client_registration_template object from the client configuration.
client_id
cert1
client_secret
changeit
client_name
second-cert-client
2021-05-14 12:31:14 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "-B99PG8GBNMlm5SLxyUcs-kzzhNxjpj5jRsxUDZBNycxYWcfbIEUdTYEMlNHFbIksX5u6nbKojJrshGLEimWjGI6NR-sJ009HrVDo-iq4bGLD1-7ruQWKtVbzp0DqO7BAzIYqDdp9JSeKa-sKcrxgTD4lNXsG0Zf7zJg7Bz0JyU",
      "kty": "RSA",
      "q": "iMY3SEWREW72RkRKJySUHH5TrtwqZDAUMFkfxK35hhdwV3n_OIcc8FBqIr_FkR5k7SfsjP1JVySqXQAd5UoP-jKE6c1tLa50-9vo8fXHi1cUSyXRPjoQpTQa5qfpth1fSM1mtwo19xILP2FfYsZQi0JwlLGdx6n5G2VsyTw1AT0",
      "d": "POY5u5UoHOWPfCylxGICvMUfqK9YC8EmpdTU4nUAS2yOMp32o0wyiZJjSyMD57Fipk_1S7JZCrdVXjOuHXisrKrfz3De_qyAXSkt1jt5eM72hH4Bu6TV8S7ermqd0JdXjBwmulh7ixslCgbpgtwNAJQ8xPoB_hGS_1hsY3sMJneiak5JrYDx7yaCl6km9VUZLbNxw7oZ3PcBTVu8mrEg-SpRzlQXLMgg72yrDsumehIoKQLTNVL1ahicymo8n84HteWfi06HEiP8_US9SKlSZekR7nNdF-Ah07Rkdv286JzLdp-MZknxJJgUbXniYpxqDT3DBApF8BJ1BNRQon7j0Q",
      "e": "AQAB",
      "use": "sig",
      "qi": "zirnZtI_66NFq8WT3P7e5wbomWt5RFTiROqAHWuhAoPTN9ouk_tFkMjLfwc57ypKeG9D2cNzjUjB9Tzs_BdDiKyK93lj4YR_99Oy42xcw2vlVGyVyWITpvMq1KkqvcSI8mviN5T__k2vpWz4jb82Jlz9ZiMPeufsPGiADhqFsKo",
      "dp": "i7X_aJYDR5g05uO_yQSmos8-8lyUZnzQl5mmLMo_8nRJI9VTJl-QS2d8-XFW52qFqsPMZI07EBVf-sZSDooIUUfGCr-oygB919qtGZAbGDZGXQPExHd92-SDa1WSB_9YAxqkM6PwL123qTVXtbimP955OiUyazE3N5KgbJLpD1k",
      "alg": "RS256",
      "dq": "E46cOwZPfvmp11ROchhl4Uki-B7dJORHDr6_ryTdSBIz6x4zo0aWmbo14vAe9OgusEaEKYjSItbIUXIB1FZpwHHW1YOdN-n5KkZAodBuDvuNmE05BTfSR30S16Zs4bCDfmp4ZHXeT4zR9Occd4g53h_K70gScolYaFVxX7jvL1U",
      "n": "hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"
    }
  ]
}
2021-05-14 12:31:14 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-14 12:31:14 SUCCESS
CreateDynamicRegistrationRequest
Created dynamic registration request
client_name
second-cert-client gU6JBEy5z1ALd4n
2021-05-14 12:31:14
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2021-05-14 12:31:14
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client gU6JBEy5z1ALd4n",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"
      }
    ]
  }
}
2021-05-14 12:31:14
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client gU6JBEy5z1ALd4n",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic"
}
2021-05-14 12:31:14
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client gU6JBEy5z1ALd4n",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ]
}
2021-05-14 12:31:14
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client gU6JBEy5z1ALd4n",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ]
}
2021-05-14 12:31:14
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client gU6JBEy5z1ALd4n",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2021-05-14 12:31:14
AddRefreshTokenGrantTypeToDynamicRegistrationRequest
Added 'refresh_token' to 'grant_types'
grant_types
[
  "authorization_code",
  "refresh_token"
]
2021-05-14 12:31:14
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/register
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "717"
}
request_body
{"client_name":"second-cert-client gU6JBEy5z1ALd4n","grant_types":["authorization_code","refresh_token"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"}]},"token_endpoint_auth_method":"client_secret_basic","response_types":["code"],"redirect_uris":["https://www.certification.openid.net/test/a/3_0_1/callback"],"contacts":["certification@oidf.org"]}
2021-05-14 12:31:14 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "date": "Fri, 14 May 2021 12:31:14 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1042",
  "set-cookie": "JSESSIONID\u003dnode0s1jrlsvl96k2jqkk9hrqgthc45.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"grant_types":["refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_c0f078030d91dd324de7b22d2331b7b7","client_secret_expires_at":1652531474,"scope":"openid profile email address phone offline_access","client_id_issued_at":1620995474,"client_secret":"_4dc3c05d2b4d0e9121cfc641a00ef9da","client_name":"second-cert-client gU6JBEy5z1ALd4n","contacts":["certification@oidf.org"],"response_types":["code"],"id_token_signed_response_alg":"RS256"}
2021-05-14 12:31:14
CallDynamicRegistrationEndpoint
Registration endpoint response
dynamic_registration_response
{"grant_types":["refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_c0f078030d91dd324de7b22d2331b7b7","client_secret_expires_at":1652531474,"scope":"openid profile email address phone offline_access","client_id_issued_at":1620995474,"client_secret":"_4dc3c05d2b4d0e9121cfc641a00ef9da","client_name":"second-cert-client gU6JBEy5z1ALd4n","contacts":["certification@oidf.org"],"response_types":["code"],"id_token_signed_response_alg":"RS256"}
2021-05-14 12:31:14
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
grant_types
[
  "refresh_token",
  "authorization_code"
]
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "hJDYd8fpXY5Ityfnc7uGvJzMkE32NsClxBVZQABLpXebyyWNK0vAeweD-Jrh8qlH35MfyjCgYDBvD_O5b1HPBGAN1Bz_u4eOJFIqHm9V-e67sNMQQ2ZQKp-8f0ABDDHUK7yldKm8bn5w4P03MOoAZYCekwpj8epTjvBpZwawUHFGRu0OApxNkjPXbHz6RdBUn9vD6Xo0eL3ddnfjlhN4MboGBi71K_e6DuaetLTCJBFn_EWDgw_OJ2Sd_wnmta6QwAES6SvSGiMRO6Pey0t7jwzsB5Bf5LUMY9GJ4-JXjyerbB1zoM9sBoSeO2sSGCXiQYfThRVt2vut3JQloP140Q"
    }
  ]
}
subject_type
public
application_type
web
redirect_uris
[
  "https://www.certification.openid.net/test/a/3_0_1/callback"
]
token_endpoint_auth_method
client_secret_basic
client_id
_c0f078030d91dd324de7b22d2331b7b7
client_secret_expires_at
1652531474
scope
openid profile email address phone offline_access
client_id_issued_at
1620995474
client_secret
_4dc3c05d2b4d0e9121cfc641a00ef9da
client_name
second-cert-client gU6JBEy5z1ALd4n
contacts
[
  "certification@oidf.org"
]
response_types
[
  "code"
]
id_token_signed_response_alg
RS256
2021-05-14 12:31:14
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2021-05-14 12:31:14
SetScopeInClientConfigurationToOpenIdOfflineAccessIfServerSupportsOfflineAccess
Set scope in client configuration to "openid offline_access"as 'scope_supported' contains 'offline_access'
scope
openid offline_access
2021-05-14 12:31:14 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
Contents of 'token_endpoint_auth_methods_supported' in discovery document matches expectations.
actual
[
  "client_secret_basic",
  "client_secret_post",
  "client_secret_jwt",
  "private_key_jwt"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2021-05-14 12:31:14 SUCCESS
GetDynamicClient2Configuration
Found a dynamic_client_registration_template object
client_id
cert2
client_secret
changeit
client_name
third-cert-client
2021-05-14 12:31:14 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "3lZoYwHBNgj6dDdVGcNOe4eFre6LDbpxHYIiBtvjqrSvYhkpV4UtyUjMtNlyBT4GgnyhpEUIXpoaQAeLj5l3nfQEd7r09MHgBQeapkVuDJs001GsQkqurPbrTPusutKyU5-BTHk-aL9RY6Q7nSARl5jOx2bP3Uz_tFusSHKPYGc",
      "kty": "RSA",
      "q": "n0-76K-Ogf2t9XEKamZWKt5eAX05FABcX3Kg5MkL3l_WbO726roqcoJC3Cvxn0Z8NVk1jDmOhO6hIwTz2bEuaDmbg1Z6GtwYEaD2HFo57UnMk9c5xbgyfx8gJ1vDbqgY47Vpu98LB_AbiP1zuTRrAtQEBhI4Hb6NVuAGhT9iPUE",
      "d": "dmueKDCc2sDK4tmr7gNgR6a9O62mVVdL2D_VSkgOEPwbProBcuffrFddjvOTDSaDTk8NzUl62dDiSkRPIx_wxnkhkkujrrCBBq8DvSxQIN3aLjwxRrOs9OEAveKnMc0CRkXxOL8PSzuzkWCv96ApS1juLPAOhrUvyg66GaZzPMd4HYP8uK9lS5rXED2kZRcZiHP110PyP5P6VVWOb31YQlpAcq3FLNhEXJx5jSv_DBQ60vGT_SgTDT4qxM2KkL1gLt0nWPrOYv0-pKm8GwDwE3pgoLTqhyqhNLJ9e8RJcjXHgOK8ndanilUWMW0qD8jzqejfL__Kr-V1M_n580hqgQ",
      "e": "AQAB",
      "use": "sig",
      "qi": "3U7BBNcB21rFBtadI_Ip1fpEVUk38q6KYVxS36bDlq19bsf9MJEuUXAF-brNG8o-0rng063p6YyfkMmtnT8jG6WJgrqy83iKPR0bETzohXpXYIXlKPPiCPWawH-tFxaEoagDueI6nkLJwL5D-4st18anJg89Qd3e-qqcm2cj8Qc",
      "dp": "kfs98rO2PlpKx3-FGrNHlof216qmFk9x8aP9328E3pJgDRLkOBizZVOtRJj46kQ9VfOq1gaVZjfcQGoz0gc7qLQNMufH6eRZyDOj8MPpa9GEL7OSXLxYUCyXdiZQ1SF-ALXb2XBJ79CeCcRNd-8UXerw6a-xj2X9Bliil7bQOMU",
      "alg": "RS256",
      "dq": "W1gzbQpkEqKqwOVszG8bDv9rNT1godhHHq8yE5w3Au0-nD00NIhD2F5aCbXkl6ephkk9S8agshXFLLglPXe7HSWSxm6qGoaCAnGhS8ZsGmNLOqWYSYcA5SSqogaaevNFOiMFmiQcRhPlJdn1JYcpqHh6SiTeKifdEKfo9TPPl0E",
      "n": "ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"
    }
  ]
}
2021-05-14 12:31:14 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-14 12:31:14 SUCCESS
CreateDynamicRegistrationRequest
Created dynamic registration request
client_name
third-cert-client gU6JBEy5z1ALd4n
2021-05-14 12:31:14
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2021-05-14 12:31:14
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client gU6JBEy5z1ALd4n",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"
      }
    ]
  }
}
2021-05-14 12:31:14
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client gU6JBEy5z1ALd4n",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic"
}
2021-05-14 12:31:14
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client gU6JBEy5z1ALd4n",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ]
}
2021-05-14 12:31:14
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client gU6JBEy5z1ALd4n",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ]
}
2021-05-14 12:31:14
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client gU6JBEy5z1ALd4n",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2021-05-14 12:31:14
AddRefreshTokenGrantTypeToDynamicRegistrationRequest
Added 'refresh_token' to 'grant_types'
grant_types
[
  "authorization_code",
  "refresh_token"
]
2021-05-14 12:31:14
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/register
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "716"
}
request_body
{"client_name":"third-cert-client gU6JBEy5z1ALd4n","grant_types":["authorization_code","refresh_token"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"}]},"token_endpoint_auth_method":"client_secret_basic","response_types":["code"],"redirect_uris":["https://www.certification.openid.net/test/a/3_0_1/callback"],"contacts":["certification@oidf.org"]}
2021-05-14 12:31:15 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "date": "Fri, 14 May 2021 12:31:15 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1041",
  "set-cookie": "JSESSIONID\u003dnode0hkvtnpqnpvik1nhpyu99nrjzb46.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"grant_types":["refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_21e3b91fc2f619b4472b97aac97b5db4","client_secret_expires_at":1652531475,"scope":"openid profile email address phone offline_access","client_id_issued_at":1620995475,"client_secret":"_acbd0826eb43c656ccdb7078bb3386c6","client_name":"third-cert-client gU6JBEy5z1ALd4n","contacts":["certification@oidf.org"],"response_types":["code"],"id_token_signed_response_alg":"RS256"}
2021-05-14 12:31:15
CallDynamicRegistrationEndpoint
Registration endpoint response
dynamic_registration_response
{"grant_types":["refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_21e3b91fc2f619b4472b97aac97b5db4","client_secret_expires_at":1652531475,"scope":"openid profile email address phone offline_access","client_id_issued_at":1620995475,"client_secret":"_acbd0826eb43c656ccdb7078bb3386c6","client_name":"third-cert-client gU6JBEy5z1ALd4n","contacts":["certification@oidf.org"],"response_types":["code"],"id_token_signed_response_alg":"RS256"}
2021-05-14 12:31:15
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
grant_types
[
  "refresh_token",
  "authorization_code"
]
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "ilzqsumsTWBsF6mR_yqK4OH1iotr5v8kj2sE-IHpYFoFiQ71AmufPnHq0w3hEYTtzpnMb_YIZ1iltM5aweJXtDWnnFiDrFoE7z7mCUPi8RbbVnLbDvOUa21ypcDGbVPIK3NMX2z3SeQucsSPVGTLvDm23Zx5hl4mEc1QE8rE-FruaEuaHn4C9BG6-HOxLSHgKaRiPER6iw9BT3mnQeCa_hadYlSEG-ONDOHapWWY191LiDe7TsXFcxhRwpzBSE-9uu2ja-JV_21lSEMQ5luC1JvrBzR3BHyg9CV9CFjp9u5wm8jcDJgOmG9SphKTJARZHjX19s-JPElAIKTQgM4FJw"
    }
  ]
}
subject_type
public
application_type
web
redirect_uris
[
  "https://www.certification.openid.net/test/a/3_0_1/callback"
]
token_endpoint_auth_method
client_secret_basic
client_id
_21e3b91fc2f619b4472b97aac97b5db4
client_secret_expires_at
1652531475
scope
openid profile email address phone offline_access
client_id_issued_at
1620995475
client_secret
_acbd0826eb43c656ccdb7078bb3386c6
client_name
third-cert-client gU6JBEy5z1ALd4n
contacts
[
  "certification@oidf.org"
]
response_types
[
  "code"
]
id_token_signed_response_alg
RS256
2021-05-14 12:31:15
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2021-05-14 12:31:15
SetScopeInClientConfigurationToOpenIdOfflineAccessIfServerSupportsOfflineAccess
Set scope in client configuration to "openid offline_access"as 'scope_supported' contains 'offline_access'
scope
openid offline_access
2021-05-14 12:31:15 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
Contents of 'token_endpoint_auth_methods_supported' in discovery document matches expectations.
actual
[
  "client_secret_basic",
  "client_secret_post",
  "client_secret_jwt",
  "private_key_jwt"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2021-05-14 12:31:15 SUCCESS
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
protected_resource_url
https://testop.funet.fi/idp/profile/oidc/userinfo
2021-05-14 12:31:15
oidcc-refresh-token
Setup Done
Make request to authorization endpoint
2021-05-14 12:31:15 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
_c0f078030d91dd324de7b22d2331b7b7
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
2021-05-14 12:31:15
CreateRandomStateValue
Created state value
requested_state_length
10
state
NgrKnDlH9V
2021-05-14 12:31:15 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
_c0f078030d91dd324de7b22d2331b7b7
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
NgrKnDlH9V
2021-05-14 12:31:15
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
mqaantFFFe
2021-05-14 12:31:15 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
_c0f078030d91dd324de7b22d2331b7b7
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
NgrKnDlH9V
nonce
mqaantFFFe
2021-05-14 12:31:15 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
_c0f078030d91dd324de7b22d2331b7b7
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
NgrKnDlH9V
nonce
mqaantFFFe
response_type
code
2021-05-14 12:31:15 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
client_id
_c0f078030d91dd324de7b22d2331b7b7
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
NgrKnDlH9V
nonce
mqaantFFFe
response_type
code
prompt
consent
2021-05-14 12:31:15 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_c0f078030d91dd324de7b22d2331b7b7&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=NgrKnDlH9V&nonce=mqaantFFFe&response_type=code&prompt=consent
2021-05-14 12:31:15 REDIRECT
oidcc-refresh-token
Redirecting to authorization endpoint
redirect_to
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_c0f078030d91dd324de7b22d2331b7b7&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=NgrKnDlH9V&nonce=mqaantFFFe&response_type=code&prompt=consent
2021-05-14 12:31:19 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance gU6JBEy5z1ALd4n
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "__utma\u003d201319536.760360395.1526462956.1616416266.1620398155.50; __utmz\u003d201319536.1620398155.50.31.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d90025DB2622B722EFF73B77629DCFF22",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "code": "AAdzZWNyZXQxsAvZTIrDV986iSVS3W_gGv6lftaS0Bbjt8-2UBtxx0zr1oHNp2EXLCM3NMMqshj1H_6pKzPRx-HWs0x_-jN2EFFfW-fyERUan31Wq95Y46s083f9Lk70QPColSmTCZYzmhsuD2gIE65iNiDIaye3j2I7Vezr7--H6DhB9LFYHEFuA_LS3OpZ2T6OrVJzIRUop9my6A_-TTrcRLkfUCpw6ywOaCaWAQiOQMgMFYTsxL27yZs8Zyw3XzxK9cQp2bPmRzvOK0b032HjDo6eZhxdKuNmJuE_whVa_YptRZ-R4StypVhlvehc8vumUCsHpqE-MRgRqvqdabzptD4GeONjORWgbDIV8vwHTMe-m_9Oqe59PYGrUrSsFEPCSJX_oiKKnbhwrl51Iez1dcGx_dVxQaqu4dH8j3PHU-sjalR2A0buKEKFH3A5F6NoMKPzK60",
  "state": "NgrKnDlH9V"
}
incoming_body
2021-05-14 12:31:19 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/1S1eIkEN3zmTKpvKDdwz",
  "fullUrl": "https://www.certification.openid.net/test/a/3_0_1/implicit/1S1eIkEN3zmTKpvKDdwz"
}
2021-05-14 12:31:19 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance gU6JBEy5z1ALd4n
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/3_0_1/implicit/1S1eIkEN3zmTKpvKDdwz, returnUrl=/log-detail.html?log=gU6JBEy5z1ALd4n}]
outgoing_path
callback
2021-05-14 12:31:19 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance gU6JBEy5z1ALd4n
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/3_0_1/callback?code\u003dAAdzZWNyZXQxsAvZTIrDV986iSVS3W_gGv6lftaS0Bbjt8-2UBtxx0zr1oHNp2EXLCM3NMMqshj1H_6pKzPRx-HWs0x_-jN2EFFfW-fyERUan31Wq95Y46s083f9Lk70QPColSmTCZYzmhsuD2gIE65iNiDIaye3j2I7Vezr7--H6DhB9LFYHEFuA_LS3OpZ2T6OrVJzIRUop9my6A_-TTrcRLkfUCpw6ywOaCaWAQiOQMgMFYTsxL27yZs8Zyw3XzxK9cQp2bPmRzvOK0b032HjDo6eZhxdKuNmJuE_whVa_YptRZ-R4StypVhlvehc8vumUCsHpqE-MRgRqvqdabzptD4GeONjORWgbDIV8vwHTMe-m_9Oqe59PYGrUrSsFEPCSJX_oiKKnbhwrl51Iez1dcGx_dVxQaqu4dH8j3PHU-sjalR2A0buKEKFH3A5F6NoMKPzK60\u0026state\u003dNgrKnDlH9V",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "__utma\u003d201319536.760360395.1526462956.1616416266.1620398155.50; __utmz\u003d201319536.1620398155.50.31.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d90025DB2622B722EFF73B77629DCFF22",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/1S1eIkEN3zmTKpvKDdwz
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-05-14 12:31:19 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance gU6JBEy5z1ALd4n
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/1S1eIkEN3zmTKpvKDdwz
2021-05-14 12:31:20 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2021-05-14 12:31:20 REDIRECT-IN
oidcc-refresh-token
Authorization endpoint response captured
url_query
{
  "code": "AAdzZWNyZXQxsAvZTIrDV986iSVS3W_gGv6lftaS0Bbjt8-2UBtxx0zr1oHNp2EXLCM3NMMqshj1H_6pKzPRx-HWs0x_-jN2EFFfW-fyERUan31Wq95Y46s083f9Lk70QPColSmTCZYzmhsuD2gIE65iNiDIaye3j2I7Vezr7--H6DhB9LFYHEFuA_LS3OpZ2T6OrVJzIRUop9my6A_-TTrcRLkfUCpw6ywOaCaWAQiOQMgMFYTsxL27yZs8Zyw3XzxK9cQp2bPmRzvOK0b032HjDo6eZhxdKuNmJuE_whVa_YptRZ-R4StypVhlvehc8vumUCsHpqE-MRgRqvqdabzptD4GeONjORWgbDIV8vwHTMe-m_9Oqe59PYGrUrSsFEPCSJX_oiKKnbhwrl51Iez1dcGx_dVxQaqu4dH8j3PHU-sjalR2A0buKEKFH3A5F6NoMKPzK60",
  "state": "NgrKnDlH9V"
}
headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "__utma\u003d201319536.760360395.1526462956.1616416266.1620398155.50; __utmz\u003d201319536.1620398155.50.31.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d90025DB2622B722EFF73B77629DCFF22",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{}
post_body
Verify authorization endpoint response
2021-05-14 12:31:20 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2021-05-14 12:31:20
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
2021-05-14 12:31:20 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2021-05-14 12:31:20 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
NgrKnDlH9V
2021-05-14 12:31:20 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
AAdzZWNyZXQxsAvZTIrDV986iSVS3W_gGv6lftaS0Bbjt8-2UBtxx0zr1oHNp2EXLCM3NMMqshj1H_6pKzPRx-HWs0x_-jN2EFFfW-fyERUan31Wq95Y46s083f9Lk70QPColSmTCZYzmhsuD2gIE65iNiDIaye3j2I7Vezr7--H6DhB9LFYHEFuA_LS3OpZ2T6OrVJzIRUop9my6A_-TTrcRLkfUCpw6ywOaCaWAQiOQMgMFYTsxL27yZs8Zyw3XzxK9cQp2bPmRzvOK0b032HjDo6eZhxdKuNmJuE_whVa_YptRZ-R4StypVhlvehc8vumUCsHpqE-MRgRqvqdabzptD4GeONjORWgbDIV8vwHTMe-m_9Oqe59PYGrUrSsFEPCSJX_oiKKnbhwrl51Iez1dcGx_dVxQaqu4dH8j3PHU-sjalR2A0buKEKFH3A5F6NoMKPzK60
2021-05-14 12:31:20 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
AAdzZWNyZXQxsAvZTIrDV986iSVS3W_gGv6lftaS0Bbjt8-2UBtxx0zr1oHNp2EXLCM3NMMqshj1H_6pKzPRx-HWs0x_-jN2EFFfW-fyERUan31Wq95Y46s083f9Lk70QPColSmTCZYzmhsuD2gIE65iNiDIaye3j2I7Vezr7--H6DhB9LFYHEFuA_LS3OpZ2T6OrVJzIRUop9my6A_-TTrcRLkfUCpw6ywOaCaWAQiOQMgMFYTsxL27yZs8Zyw3XzxK9cQp2bPmRzvOK0b032HjDo6eZhxdKuNmJuE_whVa_YptRZ-R4StypVhlvehc8vumUCsHpqE-MRgRqvqdabzptD4GeONjORWgbDIV8vwHTMe-m_9Oqe59PYGrUrSsFEPCSJX_oiKKnbhwrl51Iez1dcGx_dVxQaqu4dH8j3PHU-sjalR2A0buKEKFH3A5F6NoMKPzK60
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
2021-05-14 12:31:20 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3Ol80ZGMzYzA1ZDJiNGQwZTkxMjFjZmM2NDFhMDBlZjlkYQ==
2021-05-14 12:31:20
CallTokenEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3Ol80ZGMzYzA1ZDJiNGQwZTkxMjFjZmM2NDFhMDBlZjlkYQ\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "580"
}
request_body
grant_type=authorization_code&code=AAdzZWNyZXQxsAvZTIrDV986iSVS3W_gGv6lftaS0Bbjt8-2UBtxx0zr1oHNp2EXLCM3NMMqshj1H_6pKzPRx-HWs0x_-jN2EFFfW-fyERUan31Wq95Y46s083f9Lk70QPColSmTCZYzmhsuD2gIE65iNiDIaye3j2I7Vezr7--H6DhB9LFYHEFuA_LS3OpZ2T6OrVJzIRUop9my6A_-TTrcRLkfUCpw6ywOaCaWAQiOQMgMFYTsxL27yZs8Zyw3XzxK9cQp2bPmRzvOK0b032HjDo6eZhxdKuNmJuE_whVa_YptRZ-R4StypVhlvehc8vumUCsHpqE-MRgRqvqdabzptD4GeONjORWgbDIV8vwHTMe-m_9Oqe59PYGrUrSsFEPCSJX_oiKKnbhwrl51Iez1dcGx_dVxQaqu4dH8j3PHU-sjalR2A0buKEKFH3A5F6NoMKPzK60&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2F3_0_1%2Fcallback
2021-05-14 12:31:20 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Fri, 14 May 2021 12:31:20 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1878",
  "set-cookie": "JSESSIONID\u003dnode0a536sqa8jwh960ikr2dhw6cd47.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQxKVrDoXn19b-q5SWHJTDGAoTLEIWg_ROlFbBHq8zJ0upcEClfpn9pbo_pzVeDi315Oq4EsRIqVoYKcvFkRJH8UOEjMe5f8ZU2rvnTIK2NuIjfSVLRho4lwy0p0eTrghc9OtXL24BczjIzHZMFYkroNNPTrc8O3qqyD1EZZxjfNXvkc5ggC6odCmHDfiO02Tt4O_oqmKwnMim46nd3_1_t17SLy9CZgxSO5E5Ia2Ze5PqNR0rvfim075tNZmUkn0XWHvztkHqQ5A1dciE36m4MKedd5n4bnY9Fvh3QNqcymXLcpy7ldfq6QDfiTPlApEyUDdEkXknv-VUXaetIcCMgtAtfdLUu_t1i_Ox31xyLzie8is3XOmikQi9EfTO_ppTTpkT4HYqL3ex0HOfK0dh0RCsrQyvrwsNCBrkd7t9yrL0LB1QQzlizhI9dX8U","refresh_token":"AAdzZWNyZXQxht6QiWPsRbwbwpMqxArbFvIrAMVqayEin3f_EBORit3bwXCgZj0L_MEjMthDO2XI6j1b08Jfs58j10LGKX46q9BtWxrU_MdggIEweqPfZXTlYhnxL3rPSxw6CS0FUhoFPMnslrPmO8qVUIwSElCbJ1NMCTqQ_eZlypGeGc1so_3lNHXUywq2KS1ZMYbr_Z6k7aFdKxqf8JRpMG_JP1d9ATTNrA5nuDQtYdKQr5zkUXJ1zEJxPFL28pkZNebnMiA3upHvtJbCLXgpfPRCugTl-qDJH1SCVZcmu7-H3a4w1E7yR9OOSRdh4QYCJ-VorkGsJ5JcuF6jukNcaDdLWREY2o1W6QOrhTyrXduB5irECbjMgUvJb9CdNii0I0i5zpSvljGXWFcT9IpHYulgDJmy8bSFNMoZ97ubjIWt-Vx4vd16Qh6THSoFz8J7gnkPN2rc","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiOThtejhoSF9VQWJwTXE5N2RCcGRlZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODAsImlhdCI6MTYyMDk5NTQ4MCwibm9uY2UiOiJtcWFhbnRGRkZlIn0.qJNLFSsS5t2q1icuI4YSpOg8ype9Qd1h9HEd2NpZGeOcDEtqcusJ_IVbNO5tlljVJgAbfOksP70nvZfWXKf4PLx7_bNosCk2lx5VGTOOdbbOnUO2_WnbQdkbKWWTk_ZMd69OvRUaUW3kiCmoy_kmn918VxiuTxQEClyO975vQfx2MbRqN3fOIlS68m8VYNQ-oxvG8gvb4jfWwVQYdJJKZuMtvRRauCyMBfqtFBJ4NDOBQtMP-gGYGLlHGV90jRzBetugrTAqhTo8spBGkxMKkCS18E0GI0yqFpajS93P3HnHfn0J13AAL_sqQnTknc8Zaa840pHGtVcIbFAm8wQEhp0ejFksssQ7gBVboXoY4ZYBMce_SRlKp-y_YreUAxaSOq425p2e4FsT4nvW5ookCKSBNfu7Rq05spLuS3g8mP1E_wwrROXHM5ZanhkrVLkUe9lnskX-i-dwMSTd7yYz-IsTVe9524vF5zF81UkhPbvRwjQW3VWBa7JVnTd8ZCJp","token_type":"Bearer","expires_in":600}
2021-05-14 12:31:20
CallTokenEndpoint
Token endpoint response
token_endpoint_response
{"access_token":"AAdzZWNyZXQxKVrDoXn19b-q5SWHJTDGAoTLEIWg_ROlFbBHq8zJ0upcEClfpn9pbo_pzVeDi315Oq4EsRIqVoYKcvFkRJH8UOEjMe5f8ZU2rvnTIK2NuIjfSVLRho4lwy0p0eTrghc9OtXL24BczjIzHZMFYkroNNPTrc8O3qqyD1EZZxjfNXvkc5ggC6odCmHDfiO02Tt4O_oqmKwnMim46nd3_1_t17SLy9CZgxSO5E5Ia2Ze5PqNR0rvfim075tNZmUkn0XWHvztkHqQ5A1dciE36m4MKedd5n4bnY9Fvh3QNqcymXLcpy7ldfq6QDfiTPlApEyUDdEkXknv-VUXaetIcCMgtAtfdLUu_t1i_Ox31xyLzie8is3XOmikQi9EfTO_ppTTpkT4HYqL3ex0HOfK0dh0RCsrQyvrwsNCBrkd7t9yrL0LB1QQzlizhI9dX8U","refresh_token":"AAdzZWNyZXQxht6QiWPsRbwbwpMqxArbFvIrAMVqayEin3f_EBORit3bwXCgZj0L_MEjMthDO2XI6j1b08Jfs58j10LGKX46q9BtWxrU_MdggIEweqPfZXTlYhnxL3rPSxw6CS0FUhoFPMnslrPmO8qVUIwSElCbJ1NMCTqQ_eZlypGeGc1so_3lNHXUywq2KS1ZMYbr_Z6k7aFdKxqf8JRpMG_JP1d9ATTNrA5nuDQtYdKQr5zkUXJ1zEJxPFL28pkZNebnMiA3upHvtJbCLXgpfPRCugTl-qDJH1SCVZcmu7-H3a4w1E7yR9OOSRdh4QYCJ-VorkGsJ5JcuF6jukNcaDdLWREY2o1W6QOrhTyrXduB5irECbjMgUvJb9CdNii0I0i5zpSvljGXWFcT9IpHYulgDJmy8bSFNMoZ97ubjIWt-Vx4vd16Qh6THSoFz8J7gnkPN2rc","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiOThtejhoSF9VQWJwTXE5N2RCcGRlZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODAsImlhdCI6MTYyMDk5NTQ4MCwibm9uY2UiOiJtcWFhbnRGRkZlIn0.qJNLFSsS5t2q1icuI4YSpOg8ype9Qd1h9HEd2NpZGeOcDEtqcusJ_IVbNO5tlljVJgAbfOksP70nvZfWXKf4PLx7_bNosCk2lx5VGTOOdbbOnUO2_WnbQdkbKWWTk_ZMd69OvRUaUW3kiCmoy_kmn918VxiuTxQEClyO975vQfx2MbRqN3fOIlS68m8VYNQ-oxvG8gvb4jfWwVQYdJJKZuMtvRRauCyMBfqtFBJ4NDOBQtMP-gGYGLlHGV90jRzBetugrTAqhTo8spBGkxMKkCS18E0GI0yqFpajS93P3HnHfn0J13AAL_sqQnTknc8Zaa840pHGtVcIbFAm8wQEhp0ejFksssQ7gBVboXoY4ZYBMce_SRlKp-y_YreUAxaSOq425p2e4FsT4nvW5ookCKSBNfu7Rq05spLuS3g8mP1E_wwrROXHM5ZanhkrVLkUe9lnskX-i-dwMSTd7yYz-IsTVe9524vF5zF81UkhPbvRwjQW3VWBa7JVnTd8ZCJp","token_type":"Bearer","expires_in":600}
2021-05-14 12:31:20 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
AAdzZWNyZXQxKVrDoXn19b-q5SWHJTDGAoTLEIWg_ROlFbBHq8zJ0upcEClfpn9pbo_pzVeDi315Oq4EsRIqVoYKcvFkRJH8UOEjMe5f8ZU2rvnTIK2NuIjfSVLRho4lwy0p0eTrghc9OtXL24BczjIzHZMFYkroNNPTrc8O3qqyD1EZZxjfNXvkc5ggC6odCmHDfiO02Tt4O_oqmKwnMim46nd3_1_t17SLy9CZgxSO5E5Ia2Ze5PqNR0rvfim075tNZmUkn0XWHvztkHqQ5A1dciE36m4MKedd5n4bnY9Fvh3QNqcymXLcpy7ldfq6QDfiTPlApEyUDdEkXknv-VUXaetIcCMgtAtfdLUu_t1i_Ox31xyLzie8is3XOmikQi9EfTO_ppTTpkT4HYqL3ex0HOfK0dh0RCsrQyvrwsNCBrkd7t9yrL0LB1QQzlizhI9dX8U
refresh_token
AAdzZWNyZXQxht6QiWPsRbwbwpMqxArbFvIrAMVqayEin3f_EBORit3bwXCgZj0L_MEjMthDO2XI6j1b08Jfs58j10LGKX46q9BtWxrU_MdggIEweqPfZXTlYhnxL3rPSxw6CS0FUhoFPMnslrPmO8qVUIwSElCbJ1NMCTqQ_eZlypGeGc1so_3lNHXUywq2KS1ZMYbr_Z6k7aFdKxqf8JRpMG_JP1d9ATTNrA5nuDQtYdKQr5zkUXJ1zEJxPFL28pkZNebnMiA3upHvtJbCLXgpfPRCugTl-qDJH1SCVZcmu7-H3a4w1E7yR9OOSRdh4QYCJ-VorkGsJ5JcuF6jukNcaDdLWREY2o1W6QOrhTyrXduB5irECbjMgUvJb9CdNii0I0i5zpSvljGXWFcT9IpHYulgDJmy8bSFNMoZ97ubjIWt-Vx4vd16Qh6THSoFz8J7gnkPN2rc
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiOThtejhoSF9VQWJwTXE5N2RCcGRlZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODAsImlhdCI6MTYyMDk5NTQ4MCwibm9uY2UiOiJtcWFhbnRGRkZlIn0.qJNLFSsS5t2q1icuI4YSpOg8ype9Qd1h9HEd2NpZGeOcDEtqcusJ_IVbNO5tlljVJgAbfOksP70nvZfWXKf4PLx7_bNosCk2lx5VGTOOdbbOnUO2_WnbQdkbKWWTk_ZMd69OvRUaUW3kiCmoy_kmn918VxiuTxQEClyO975vQfx2MbRqN3fOIlS68m8VYNQ-oxvG8gvb4jfWwVQYdJJKZuMtvRRauCyMBfqtFBJ4NDOBQtMP-gGYGLlHGV90jRzBetugrTAqhTo8spBGkxMKkCS18E0GI0yqFpajS93P3HnHfn0J13AAL_sqQnTknc8Zaa840pHGtVcIbFAm8wQEhp0ejFksssQ7gBVboXoY4ZYBMce_SRlKp-y_YreUAxaSOq425p2e4FsT4nvW5ookCKSBNfu7Rq05spLuS3g8mP1E_wwrROXHM5ZanhkrVLkUe9lnskX-i-dwMSTd7yYz-IsTVe9524vF5zF81UkhPbvRwjQW3VWBa7JVnTd8ZCJp
token_type
Bearer
expires_in
600
2021-05-14 12:31:20 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-14 12:31:20 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
AAdzZWNyZXQxKVrDoXn19b-q5SWHJTDGAoTLEIWg_ROlFbBHq8zJ0upcEClfpn9pbo_pzVeDi315Oq4EsRIqVoYKcvFkRJH8UOEjMe5f8ZU2rvnTIK2NuIjfSVLRho4lwy0p0eTrghc9OtXL24BczjIzHZMFYkroNNPTrc8O3qqyD1EZZxjfNXvkc5ggC6odCmHDfiO02Tt4O_oqmKwnMim46nd3_1_t17SLy9CZgxSO5E5Ia2Ze5PqNR0rvfim075tNZmUkn0XWHvztkHqQ5A1dciE36m4MKedd5n4bnY9Fvh3QNqcymXLcpy7ldfq6QDfiTPlApEyUDdEkXknv-VUXaetIcCMgtAtfdLUu_t1i_Ox31xyLzie8is3XOmikQi9EfTO_ppTTpkT4HYqL3ex0HOfK0dh0RCsrQyvrwsNCBrkd7t9yrL0LB1QQzlizhI9dX8U
2021-05-14 12:31:20 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQxKVrDoXn19b-q5SWHJTDGAoTLEIWg_ROlFbBHq8zJ0upcEClfpn9pbo_pzVeDi315Oq4EsRIqVoYKcvFkRJH8UOEjMe5f8ZU2rvnTIK2NuIjfSVLRho4lwy0p0eTrghc9OtXL24BczjIzHZMFYkroNNPTrc8O3qqyD1EZZxjfNXvkc5ggC6odCmHDfiO02Tt4O_oqmKwnMim46nd3_1_t17SLy9CZgxSO5E5Ia2Ze5PqNR0rvfim075tNZmUkn0XWHvztkHqQ5A1dciE36m4MKedd5n4bnY9Fvh3QNqcymXLcpy7ldfq6QDfiTPlApEyUDdEkXknv-VUXaetIcCMgtAtfdLUu_t1i_Ox31xyLzie8is3XOmikQi9EfTO_ppTTpkT4HYqL3ex0HOfK0dh0RCsrQyvrwsNCBrkd7t9yrL0LB1QQzlizhI9dX8U
type
Bearer
2021-05-14 12:31:20 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-14 12:31:20 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-14 12:31:20 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
AAdzZWNyZXQxht6QiWPsRbwbwpMqxArbFvIrAMVqayEin3f_EBORit3bwXCgZj0L_MEjMthDO2XI6j1b08Jfs58j10LGKX46q9BtWxrU_MdggIEweqPfZXTlYhnxL3rPSxw6CS0FUhoFPMnslrPmO8qVUIwSElCbJ1NMCTqQ_eZlypGeGc1so_3lNHXUywq2KS1ZMYbr_Z6k7aFdKxqf8JRpMG_JP1d9ATTNrA5nuDQtYdKQr5zkUXJ1zEJxPFL28pkZNebnMiA3upHvtJbCLXgpfPRCugTl-qDJH1SCVZcmu7-H3a4w1E7yR9OOSRdh4QYCJ-VorkGsJ5JcuF6jukNcaDdLWREY2o1W6QOrhTyrXduB5irECbjMgUvJb9CdNii0I0i5zpSvljGXWFcT9IpHYulgDJmy8bSFNMoZ97ubjIWt-Vx4vd16Qh6THSoFz8J7gnkPN2rc
2021-05-14 12:31:20 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiOThtejhoSF9VQWJwTXE5N2RCcGRlZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODAsImlhdCI6MTYyMDk5NTQ4MCwibm9uY2UiOiJtcWFhbnRGRkZlIn0.qJNLFSsS5t2q1icuI4YSpOg8ype9Qd1h9HEd2NpZGeOcDEtqcusJ_IVbNO5tlljVJgAbfOksP70nvZfWXKf4PLx7_bNosCk2lx5VGTOOdbbOnUO2_WnbQdkbKWWTk_ZMd69OvRUaUW3kiCmoy_kmn918VxiuTxQEClyO975vQfx2MbRqN3fOIlS68m8VYNQ-oxvG8gvb4jfWwVQYdJJKZuMtvRRauCyMBfqtFBJ4NDOBQtMP-gGYGLlHGV90jRzBetugrTAqhTo8spBGkxMKkCS18E0GI0yqFpajS93P3HnHfn0J13AAL_sqQnTknc8Zaa840pHGtVcIbFAm8wQEhp0ejFksssQ7gBVboXoY4ZYBMce_SRlKp-y_YreUAxaSOq425p2e4FsT4nvW5ookCKSBNfu7Rq05spLuS3g8mP1E_wwrROXHM5ZanhkrVLkUe9lnskX-i-dwMSTd7yYz-IsTVe9524vF5zF81UkhPbvRwjQW3VWBa7JVnTd8ZCJp
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "98mz8hH_UAbpMq97dBpdeg",
  "sub": "teppo@funet.fi",
  "aud": "_c0f078030d91dd324de7b22d2331b7b7",
  "acr": "password",
  "auth_time": 1620994680,
  "iss": "https://testop.funet.fi",
  "exp": 1620999080,
  "iat": 1620995480,
  "nonce": "mqaantFFFe"
}
2021-05-14 12:31:20 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2021-05-14 12:31:20 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
mqaantFFFe
2021-05-14 12:31:20 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2021-05-14 12:31:20 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiOThtejhoSF9VQWJwTXE5N2RCcGRlZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODAsImlhdCI6MTYyMDk5NTQ4MCwibm9uY2UiOiJtcWFhbnRGRkZlIn0.qJNLFSsS5t2q1icuI4YSpOg8ype9Qd1h9HEd2NpZGeOcDEtqcusJ_IVbNO5tlljVJgAbfOksP70nvZfWXKf4PLx7_bNosCk2lx5VGTOOdbbOnUO2_WnbQdkbKWWTk_ZMd69OvRUaUW3kiCmoy_kmn918VxiuTxQEClyO975vQfx2MbRqN3fOIlS68m8VYNQ-oxvG8gvb4jfWwVQYdJJKZuMtvRRauCyMBfqtFBJ4NDOBQtMP-gGYGLlHGV90jRzBetugrTAqhTo8spBGkxMKkCS18E0GI0yqFpajS93P3HnHfn0J13AAL_sqQnTknc8Zaa840pHGtVcIbFAm8wQEhp0ejFksssQ7gBVboXoY4ZYBMce_SRlKp-y_YreUAxaSOq425p2e4FsT4nvW5ookCKSBNfu7Rq05spLuS3g8mP1E_wwrROXHM5ZanhkrVLkUe9lnskX-i-dwMSTd7yYz-IsTVe9524vF5zF81UkhPbvRwjQW3VWBa7JVnTd8ZCJp
2021-05-14 12:31:20 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiOThtejhoSF9VQWJwTXE5N2RCcGRlZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODAsImlhdCI6MTYyMDk5NTQ4MCwibm9uY2UiOiJtcWFhbnRGRkZlIn0.qJNLFSsS5t2q1icuI4YSpOg8ype9Qd1h9HEd2NpZGeOcDEtqcusJ_IVbNO5tlljVJgAbfOksP70nvZfWXKf4PLx7_bNosCk2lx5VGTOOdbbOnUO2_WnbQdkbKWWTk_ZMd69OvRUaUW3kiCmoy_kmn918VxiuTxQEClyO975vQfx2MbRqN3fOIlS68m8VYNQ-oxvG8gvb4jfWwVQYdJJKZuMtvRRauCyMBfqtFBJ4NDOBQtMP-gGYGLlHGV90jRzBetugrTAqhTo8spBGkxMKkCS18E0GI0yqFpajS93P3HnHfn0J13AAL_sqQnTknc8Zaa840pHGtVcIbFAm8wQEhp0ejFksssQ7gBVboXoY4ZYBMce_SRlKp-y_YreUAxaSOq425p2e4FsT4nvW5ookCKSBNfu7Rq05spLuS3g8mP1E_wwrROXHM5ZanhkrVLkUe9lnskX-i-dwMSTd7yYz-IsTVe9524vF5zF81UkhPbvRwjQW3VWBa7JVnTd8ZCJp
2021-05-14 12:31:20 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
teppo@funet.fi
2021-05-14 12:31:20 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxht6QiWPsRbwbwpMqxArbFvIrAMVqayEin3f_EBORit3bwXCgZj0L_MEjMthDO2XI6j1b08Jfs58j10LGKX46q9BtWxrU_MdggIEweqPfZXTlYhnxL3rPSxw6CS0FUhoFPMnslrPmO8qVUIwSElCbJ1NMCTqQ_eZlypGeGc1so_3lNHXUywq2KS1ZMYbr_Z6k7aFdKxqf8JRpMG_JP1d9ATTNrA5nuDQtYdKQr5zkUXJ1zEJxPFL28pkZNebnMiA3upHvtJbCLXgpfPRCugTl-qDJH1SCVZcmu7-H3a4w1E7yR9OOSRdh4QYCJ-VorkGsJ5JcuF6jukNcaDdLWREY2o1W6QOrhTyrXduB5irECbjMgUvJb9CdNii0I0i5zpSvljGXWFcT9IpHYulgDJmy8bSFNMoZ97ubjIWt-Vx4vd16Qh6THSoFz8J7gnkPN2rc
2021-05-14 12:31:20 SUCCESS
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
supported_grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2021-05-14 12:31:20 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Refresh Token Request
2021-05-14 12:31:20 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxht6QiWPsRbwbwpMqxArbFvIrAMVqayEin3f_EBORit3bwXCgZj0L_MEjMthDO2XI6j1b08Jfs58j10LGKX46q9BtWxrU_MdggIEweqPfZXTlYhnxL3rPSxw6CS0FUhoFPMnslrPmO8qVUIwSElCbJ1NMCTqQ_eZlypGeGc1so_3lNHXUywq2KS1ZMYbr_Z6k7aFdKxqf8JRpMG_JP1d9ATTNrA5nuDQtYdKQr5zkUXJ1zEJxPFL28pkZNebnMiA3upHvtJbCLXgpfPRCugTl-qDJH1SCVZcmu7-H3a4w1E7yR9OOSRdh4QYCJ-VorkGsJ5JcuF6jukNcaDdLWREY2o1W6QOrhTyrXduB5irECbjMgUvJb9CdNii0I0i5zpSvljGXWFcT9IpHYulgDJmy8bSFNMoZ97ubjIWt-Vx4vd16Qh6THSoFz8J7gnkPN2rc
2021-05-14 12:31:20 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid offline_access' to token endpoint request
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxht6QiWPsRbwbwpMqxArbFvIrAMVqayEin3f_EBORit3bwXCgZj0L_MEjMthDO2XI6j1b08Jfs58j10LGKX46q9BtWxrU_MdggIEweqPfZXTlYhnxL3rPSxw6CS0FUhoFPMnslrPmO8qVUIwSElCbJ1NMCTqQ_eZlypGeGc1so_3lNHXUywq2KS1ZMYbr_Z6k7aFdKxqf8JRpMG_JP1d9ATTNrA5nuDQtYdKQr5zkUXJ1zEJxPFL28pkZNebnMiA3upHvtJbCLXgpfPRCugTl-qDJH1SCVZcmu7-H3a4w1E7yR9OOSRdh4QYCJ-VorkGsJ5JcuF6jukNcaDdLWREY2o1W6QOrhTyrXduB5irECbjMgUvJb9CdNii0I0i5zpSvljGXWFcT9IpHYulgDJmy8bSFNMoZ97ubjIWt-Vx4vd16Qh6THSoFz8J7gnkPN2rc
scope
openid offline_access
2021-05-14 12:31:20 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3Ol80ZGMzYzA1ZDJiNGQwZTkxMjFjZmM2NDFhMDBlZjlkYQ==
2021-05-14 12:31:20 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2021-05-14 12:31:21 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2021-05-14 12:31:21
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3Ol80ZGMzYzA1ZDJiNGQwZTkxMjFjZmM2NDFhMDBlZjlkYQ\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "527"
}
request_body
grant_type=refresh_token&refresh_token=AAdzZWNyZXQxht6QiWPsRbwbwpMqxArbFvIrAMVqayEin3f_EBORit3bwXCgZj0L_MEjMthDO2XI6j1b08Jfs58j10LGKX46q9BtWxrU_MdggIEweqPfZXTlYhnxL3rPSxw6CS0FUhoFPMnslrPmO8qVUIwSElCbJ1NMCTqQ_eZlypGeGc1so_3lNHXUywq2KS1ZMYbr_Z6k7aFdKxqf8JRpMG_JP1d9ATTNrA5nuDQtYdKQr5zkUXJ1zEJxPFL28pkZNebnMiA3upHvtJbCLXgpfPRCugTl-qDJH1SCVZcmu7-H3a4w1E7yR9OOSRdh4QYCJ-VorkGsJ5JcuF6jukNcaDdLWREY2o1W6QOrhTyrXduB5irECbjMgUvJb9CdNii0I0i5zpSvljGXWFcT9IpHYulgDJmy8bSFNMoZ97ubjIWt-Vx4vd16Qh6THSoFz8J7gnkPN2rc&scope=openid+offline_access
2021-05-14 12:31:22 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Fri, 14 May 2021 12:31:22 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1885",
  "set-cookie": "JSESSIONID\u003dnode01fchnjwwysag310rky8ijizlpq48.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQx1c_APkqa854jp-BPVACbcPto-S7Asm11eolCNp3End_GrMUl27zwGKbyP4-mZzHcr2A4aVn92dxd5L8-uwN_dBqPObdsonK_RlEyfitehDNfIVpe0XjrsG_L6tm9l9W-Zok1tV15wXfAaZa7I07WFo7gYTewxGTNFR9C9xtT0VH3KwwIPfhARX2lqZhK2BPEsMh6vEDQHxZikSvPad5EotkLSnDfWH46G18BxEZBl7f-4pgz63V0-Ky58uP_oTVSypGKH9yNDOHmH958i4HsKHvyIye5sY23dxZ6wONlhU8EoH3n_jC3KA-YqpuAKrbSzheU69bDuSGLU3eTqlXSLd8NjAtiohoJe-oLZqCNgnpPKSVirYrRIOIE1ADwDLleboHDgg6u0qDx3ILCRzXZNRw7erpJlfqGt2P-Jgk22JN6ni8VmEEylp4tzyYLou74","refresh_token":"AAdzZWNyZXQxYyfO-awBodKErzXyw4vfF_2u-ZgYHwwOWjN_0EdDn8XDySJNokOkwVypRonuAnsaXy2xO1XZ6rJLCyFzq76zXbmddB2hYN5n0e9Gvv4xAnSsWN9DMVbxjlLQYLnHyJC-LPMiPE11bYrdZq-bvh1j9EOcqR1nGDxC7GUUh52xxCZMeBks9SUxu9AGHyy63GtncGFhMLsR6nWeWWhN2DxIJkT0BFv02lGk0upIFizSZTTB-cAbrkYwpQB8LCAJDiND4FK7emqorgeqh3VXZqLqloFPS13cpGiHZSpOqCqhNQ75rKvSn3ETXiCgO7CMJYZr7qff9CIB60vP6hTli0SyAkptmXU0UUP6EL94F4oGDGT4erCkukyXZFuW3WKits3DlSWcqQT17HljPjgsXd7qw-EB9p1azSxmShURxsDsi829kLNulo6JA-FUapQu6vARGg","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiVlhBbktTckZoQ2tXVlNScGNIZlh3USIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODIsImlhdCI6MTYyMDk5NTQ4Miwibm9uY2UiOiJtcWFhbnRGRkZlIn0.ljNu6JqAU_7YUAE5t8ZzYnvjEFUaxO01daBgORaNgiRie65dE-N_Px_LqFJHJGK_TStIbNS9hsH66tV-w_If1GoXj3dWn450bnWGKQLwwFWAqwZcNFkTEtA8khxRuN1OoJE0aRF2mKl3osH2sSd0bSzZrnBbWf-TdUdKV3PzC3mgdaWSsJGjt9gwkS4nhaRfaYYSVQyUxPfBBfUO1BVi8I6hCr3zH0myNxDiHhu6V3EtBlSueQai6pEBRFcqzuIRbC14szod-N7jiaN3jAL43QYIGRn1zwgX-lwb8tyIKxsQ9p_uI7eqZOzm_j5nwu9v0-uDpQGoWkUHOK-_oki026OXVfEoHOGD7QK2t3osVcwU321FDKeE4wiwQa4zOImdxDD6ljJXyQOgvPwvTd17ppdx3bESw0jpFdwA1GuYvKkAtO2XdYU_2LNDKkgb_ZoPyFKQvMfdonKyKrY6DR62xqR6O-QtE5aQiz5E_hcC02f3fhbr4-Ek0N0k34cUsv-H","token_type":"Bearer","expires_in":600}
2021-05-14 12:31:22 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
access_token
AAdzZWNyZXQx1c_APkqa854jp-BPVACbcPto-S7Asm11eolCNp3End_GrMUl27zwGKbyP4-mZzHcr2A4aVn92dxd5L8-uwN_dBqPObdsonK_RlEyfitehDNfIVpe0XjrsG_L6tm9l9W-Zok1tV15wXfAaZa7I07WFo7gYTewxGTNFR9C9xtT0VH3KwwIPfhARX2lqZhK2BPEsMh6vEDQHxZikSvPad5EotkLSnDfWH46G18BxEZBl7f-4pgz63V0-Ky58uP_oTVSypGKH9yNDOHmH958i4HsKHvyIye5sY23dxZ6wONlhU8EoH3n_jC3KA-YqpuAKrbSzheU69bDuSGLU3eTqlXSLd8NjAtiohoJe-oLZqCNgnpPKSVirYrRIOIE1ADwDLleboHDgg6u0qDx3ILCRzXZNRw7erpJlfqGt2P-Jgk22JN6ni8VmEEylp4tzyYLou74
refresh_token
AAdzZWNyZXQxYyfO-awBodKErzXyw4vfF_2u-ZgYHwwOWjN_0EdDn8XDySJNokOkwVypRonuAnsaXy2xO1XZ6rJLCyFzq76zXbmddB2hYN5n0e9Gvv4xAnSsWN9DMVbxjlLQYLnHyJC-LPMiPE11bYrdZq-bvh1j9EOcqR1nGDxC7GUUh52xxCZMeBks9SUxu9AGHyy63GtncGFhMLsR6nWeWWhN2DxIJkT0BFv02lGk0upIFizSZTTB-cAbrkYwpQB8LCAJDiND4FK7emqorgeqh3VXZqLqloFPS13cpGiHZSpOqCqhNQ75rKvSn3ETXiCgO7CMJYZr7qff9CIB60vP6hTli0SyAkptmXU0UUP6EL94F4oGDGT4erCkukyXZFuW3WKits3DlSWcqQT17HljPjgsXd7qw-EB9p1azSxmShURxsDsi829kLNulo6JA-FUapQu6vARGg
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiVlhBbktTckZoQ2tXVlNScGNIZlh3USIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODIsImlhdCI6MTYyMDk5NTQ4Miwibm9uY2UiOiJtcWFhbnRGRkZlIn0.ljNu6JqAU_7YUAE5t8ZzYnvjEFUaxO01daBgORaNgiRie65dE-N_Px_LqFJHJGK_TStIbNS9hsH66tV-w_If1GoXj3dWn450bnWGKQLwwFWAqwZcNFkTEtA8khxRuN1OoJE0aRF2mKl3osH2sSd0bSzZrnBbWf-TdUdKV3PzC3mgdaWSsJGjt9gwkS4nhaRfaYYSVQyUxPfBBfUO1BVi8I6hCr3zH0myNxDiHhu6V3EtBlSueQai6pEBRFcqzuIRbC14szod-N7jiaN3jAL43QYIGRn1zwgX-lwb8tyIKxsQ9p_uI7eqZOzm_j5nwu9v0-uDpQGoWkUHOK-_oki026OXVfEoHOGD7QK2t3osVcwU321FDKeE4wiwQa4zOImdxDD6ljJXyQOgvPwvTd17ppdx3bESw0jpFdwA1GuYvKkAtO2XdYU_2LNDKkgb_ZoPyFKQvMfdonKyKrY6DR62xqR6O-QtE5aQiz5E_hcC02f3fhbr4-Ek0N0k34cUsv-H
token_type
Bearer
expires_in
600
2021-05-14 12:31:22 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2021-05-14 12:31:22 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2021-05-14 12:31:22 SUCCESS
CheckTokenEndpointCacheHeaders
'pragma' and 'cache-control' headers in token endpoint response contain expected values.
cache_control_header
[
  "no-store",
  "no-store"
]
pragma_header
no-cache
2021-05-14 12:31:22 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-14 12:31:22 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQx1c_APkqa854jp-BPVACbcPto-S7Asm11eolCNp3End_GrMUl27zwGKbyP4-mZzHcr2A4aVn92dxd5L8-uwN_dBqPObdsonK_RlEyfitehDNfIVpe0XjrsG_L6tm9l9W-Zok1tV15wXfAaZa7I07WFo7gYTewxGTNFR9C9xtT0VH3KwwIPfhARX2lqZhK2BPEsMh6vEDQHxZikSvPad5EotkLSnDfWH46G18BxEZBl7f-4pgz63V0-Ky58uP_oTVSypGKH9yNDOHmH958i4HsKHvyIye5sY23dxZ6wONlhU8EoH3n_jC3KA-YqpuAKrbSzheU69bDuSGLU3eTqlXSLd8NjAtiohoJe-oLZqCNgnpPKSVirYrRIOIE1ADwDLleboHDgg6u0qDx3ILCRzXZNRw7erpJlfqGt2P-Jgk22JN6ni8VmEEylp4tzyYLou74
type
Bearer
2021-05-14 12:31:22 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2021-05-14 12:31:22 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
2715.4815947670313
expected
96.0
2021-05-14 12:31:22 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2021-05-14 12:31:22 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-14 12:31:22 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-14 12:31:22 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
AAdzZWNyZXQxKVrDoXn19b-q5SWHJTDGAoTLEIWg_ROlFbBHq8zJ0upcEClfpn9pbo_pzVeDi315Oq4EsRIqVoYKcvFkRJH8UOEjMe5f8ZU2rvnTIK2NuIjfSVLRho4lwy0p0eTrghc9OtXL24BczjIzHZMFYkroNNPTrc8O3qqyD1EZZxjfNXvkc5ggC6odCmHDfiO02Tt4O_oqmKwnMim46nd3_1_t17SLy9CZgxSO5E5Ia2Ze5PqNR0rvfim075tNZmUkn0XWHvztkHqQ5A1dciE36m4MKedd5n4bnY9Fvh3QNqcymXLcpy7ldfq6QDfiTPlApEyUDdEkXknv-VUXaetIcCMgtAtfdLUu_t1i_Ox31xyLzie8is3XOmikQi9EfTO_ppTTpkT4HYqL3ex0HOfK0dh0RCsrQyvrwsNCBrkd7t9yrL0LB1QQzlizhI9dX8U
second_access_token
AAdzZWNyZXQx1c_APkqa854jp-BPVACbcPto-S7Asm11eolCNp3End_GrMUl27zwGKbyP4-mZzHcr2A4aVn92dxd5L8-uwN_dBqPObdsonK_RlEyfitehDNfIVpe0XjrsG_L6tm9l9W-Zok1tV15wXfAaZa7I07WFo7gYTewxGTNFR9C9xtT0VH3KwwIPfhARX2lqZhK2BPEsMh6vEDQHxZikSvPad5EotkLSnDfWH46G18BxEZBl7f-4pgz63V0-Ky58uP_oTVSypGKH9yNDOHmH958i4HsKHvyIye5sY23dxZ6wONlhU8EoH3n_jC3KA-YqpuAKrbSzheU69bDuSGLU3eTqlXSLd8NjAtiohoJe-oLZqCNgnpPKSVirYrRIOIE1ADwDLleboHDgg6u0qDx3ILCRzXZNRw7erpJlfqGt2P-Jgk22JN6ni8VmEEylp4tzyYLou74
2021-05-14 12:31:22 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiVlhBbktTckZoQ2tXVlNScGNIZlh3USIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODIsImlhdCI6MTYyMDk5NTQ4Miwibm9uY2UiOiJtcWFhbnRGRkZlIn0.ljNu6JqAU_7YUAE5t8ZzYnvjEFUaxO01daBgORaNgiRie65dE-N_Px_LqFJHJGK_TStIbNS9hsH66tV-w_If1GoXj3dWn450bnWGKQLwwFWAqwZcNFkTEtA8khxRuN1OoJE0aRF2mKl3osH2sSd0bSzZrnBbWf-TdUdKV3PzC3mgdaWSsJGjt9gwkS4nhaRfaYYSVQyUxPfBBfUO1BVi8I6hCr3zH0myNxDiHhu6V3EtBlSueQai6pEBRFcqzuIRbC14szod-N7jiaN3jAL43QYIGRn1zwgX-lwb8tyIKxsQ9p_uI7eqZOzm_j5nwu9v0-uDpQGoWkUHOK-_oki026OXVfEoHOGD7QK2t3osVcwU321FDKeE4wiwQa4zOImdxDD6ljJXyQOgvPwvTd17ppdx3bESw0jpFdwA1GuYvKkAtO2XdYU_2LNDKkgb_ZoPyFKQvMfdonKyKrY6DR62xqR6O-QtE5aQiz5E_hcC02f3fhbr4-Ek0N0k34cUsv-H
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "VXAnKSrFhCkWVSRpcHfXwQ",
  "sub": "teppo@funet.fi",
  "aud": "_c0f078030d91dd324de7b22d2331b7b7",
  "acr": "password",
  "auth_time": 1620994680,
  "iss": "https://testop.funet.fi",
  "exp": 1620999082,
  "iat": 1620995482,
  "nonce": "mqaantFFFe"
}
2021-05-14 12:31:22 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxYyfO-awBodKErzXyw4vfF_2u-ZgYHwwOWjN_0EdDn8XDySJNokOkwVypRonuAnsaXy2xO1XZ6rJLCyFzq76zXbmddB2hYN5n0e9Gvv4xAnSsWN9DMVbxjlLQYLnHyJC-LPMiPE11bYrdZq-bvh1j9EOcqR1nGDxC7GUUh52xxCZMeBks9SUxu9AGHyy63GtncGFhMLsR6nWeWWhN2DxIJkT0BFv02lGk0upIFizSZTTB-cAbrkYwpQB8LCAJDiND4FK7emqorgeqh3VXZqLqloFPS13cpGiHZSpOqCqhNQ75rKvSn3ETXiCgO7CMJYZr7qff9CIB60vP6hTli0SyAkptmXU0UUP6EL94F4oGDGT4erCkukyXZFuW3WKits3DlSWcqQT17HljPjgsXd7qw-EB9p1azSxmShURxsDsi829kLNulo6JA-FUapQu6vARGg
2021-05-14 12:31:22 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
3696
required
128
2021-05-14 12:31:22 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
2730.441682464461
expected
96.0
2021-05-14 12:31:22 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://testop.funet.fi",
  "second": "https://testop.funet.fi",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "teppo@funet.fi",
  "second": "teppo@funet.fi",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1620995480,
  "second": 1620995482,
  "note": "Values are expected to be different"
}
aud
{
  "first": "_c0f078030d91dd324de7b22d2331b7b7",
  "second": "_c0f078030d91dd324de7b22d2331b7b7",
  "note": "Values are expected to be equal"
}
auth_time
{
  "first": 1620994680,
  "second": 1620994680,
  "note": "Values are expected to be equal"
}
azp
Id tokens do not contain azp claims
Userinfo endpoint tests
2021-05-14 12:31:22
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/userinfo
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer AAdzZWNyZXQx1c_APkqa854jp-BPVACbcPto-S7Asm11eolCNp3End_GrMUl27zwGKbyP4-mZzHcr2A4aVn92dxd5L8-uwN_dBqPObdsonK_RlEyfitehDNfIVpe0XjrsG_L6tm9l9W-Zok1tV15wXfAaZa7I07WFo7gYTewxGTNFR9C9xtT0VH3KwwIPfhARX2lqZhK2BPEsMh6vEDQHxZikSvPad5EotkLSnDfWH46G18BxEZBl7f-4pgz63V0-Ky58uP_oTVSypGKH9yNDOHmH958i4HsKHvyIye5sY23dxZ6wONlhU8EoH3n_jC3KA-YqpuAKrbSzheU69bDuSGLU3eTqlXSLd8NjAtiohoJe-oLZqCNgnpPKSVirYrRIOIE1ADwDLleboHDgg6u0qDx3ILCRzXZNRw7erpJlfqGt2P-Jgk22JN6ni8VmEEylp4tzyYLou74",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2021-05-14 12:31:22 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Fri, 14 May 2021 12:31:22 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode0ugjtvuzq1ufj4s7x8xfvu9z49.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"sub":"teppo@funet.fi"}
2021-05-14 12:31:22 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "date": "Fri, 14 May 2021 12:31:22 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode0ugjtvuzq1ufj4s7x8xfvu9z49.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
status_code
{
  "code": 200
}
body
{"sub":"teppo@funet.fi"}
Second client: Make request to authorization endpoint
2021-05-14 12:31:22 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
_21e3b91fc2f619b4472b97aac97b5db4
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
2021-05-14 12:31:22
CreateRandomStateValue
Created state value
requested_state_length
10
state
wb9Q3X1fUx
2021-05-14 12:31:22 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
_21e3b91fc2f619b4472b97aac97b5db4
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
wb9Q3X1fUx
2021-05-14 12:31:22
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
1uZxNq9ZAI
2021-05-14 12:31:22 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
_21e3b91fc2f619b4472b97aac97b5db4
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
wb9Q3X1fUx
nonce
1uZxNq9ZAI
2021-05-14 12:31:22 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
_21e3b91fc2f619b4472b97aac97b5db4
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
wb9Q3X1fUx
nonce
1uZxNq9ZAI
response_type
code
2021-05-14 12:31:22 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
client_id
_21e3b91fc2f619b4472b97aac97b5db4
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
wb9Q3X1fUx
nonce
1uZxNq9ZAI
response_type
code
prompt
consent
2021-05-14 12:31:22 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_21e3b91fc2f619b4472b97aac97b5db4&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=wb9Q3X1fUx&nonce=1uZxNq9ZAI&response_type=code&prompt=consent
2021-05-14 12:31:22 REDIRECT
oidcc-refresh-token
Redirecting to authorization endpoint
redirect_to
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_21e3b91fc2f619b4472b97aac97b5db4&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=wb9Q3X1fUx&nonce=1uZxNq9ZAI&response_type=code&prompt=consent
2021-05-14 12:31:28 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance gU6JBEy5z1ALd4n
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "__utma\u003d201319536.760360395.1526462956.1616416266.1620398155.50; __utmz\u003d201319536.1620398155.50.31.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d90025DB2622B722EFF73B77629DCFF22",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "code": "AAdzZWNyZXQxUBe_RVh9N3Z6nOUpEucCEvzF3Ehm68Oi6dfuvCOIT7xdLDZQTwILkXcgte9-L_lch6POzLjQ5ZgDuw73braJ2BD88wxAtEEFuYbdzGKw4mtwSh1TuPwWkOyzzqpULWzjHgMyqSqaHYqWsfvhY1pLx_GQvKeU5geVvkB_Etj4LPWrRwDMq-6g5fhqRUaA8X5dtr9ZEQMnIpajWAYHYgO233_6CcLrhBfIBc68N2spjnDjbZk5LGOqwPi-kKy_mF8O5nzlowkM4ubKl9e20rbD28V_COzQgr1-wHmOzgwT7Wez8XTK0iEoVNAl0xpuPk4pA50Qv6B-rGf4mkmxQrGyPLMv2PXKnVwdQzK9MtYXUMLD8p26X34fV8LByloXp9vCHcZ4L9tNTJoYRHgIgtE2MS5_HuqjpHVKrAOkLdaUQDhxrTqgV6sOor2-bNg3Zs0WYQ",
  "state": "wb9Q3X1fUx"
}
incoming_body
2021-05-14 12:31:28 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/uToCAX4e2LlNXr4GAmqM",
  "fullUrl": "https://www.certification.openid.net/test/a/3_0_1/implicit/uToCAX4e2LlNXr4GAmqM"
}
2021-05-14 12:31:28 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance gU6JBEy5z1ALd4n
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/3_0_1/implicit/uToCAX4e2LlNXr4GAmqM, returnUrl=/log-detail.html?log=gU6JBEy5z1ALd4n}]
outgoing_path
callback
2021-05-14 12:31:28 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance gU6JBEy5z1ALd4n
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/3_0_1/callback?code\u003dAAdzZWNyZXQxUBe_RVh9N3Z6nOUpEucCEvzF3Ehm68Oi6dfuvCOIT7xdLDZQTwILkXcgte9-L_lch6POzLjQ5ZgDuw73braJ2BD88wxAtEEFuYbdzGKw4mtwSh1TuPwWkOyzzqpULWzjHgMyqSqaHYqWsfvhY1pLx_GQvKeU5geVvkB_Etj4LPWrRwDMq-6g5fhqRUaA8X5dtr9ZEQMnIpajWAYHYgO233_6CcLrhBfIBc68N2spjnDjbZk5LGOqwPi-kKy_mF8O5nzlowkM4ubKl9e20rbD28V_COzQgr1-wHmOzgwT7Wez8XTK0iEoVNAl0xpuPk4pA50Qv6B-rGf4mkmxQrGyPLMv2PXKnVwdQzK9MtYXUMLD8p26X34fV8LByloXp9vCHcZ4L9tNTJoYRHgIgtE2MS5_HuqjpHVKrAOkLdaUQDhxrTqgV6sOor2-bNg3Zs0WYQ\u0026state\u003dwb9Q3X1fUx",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "__utma\u003d201319536.760360395.1526462956.1616416266.1620398155.50; __utmz\u003d201319536.1620398155.50.31.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d90025DB2622B722EFF73B77629DCFF22",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/uToCAX4e2LlNXr4GAmqM
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-05-14 12:31:28 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance gU6JBEy5z1ALd4n
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/uToCAX4e2LlNXr4GAmqM
2021-05-14 12:31:28 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2021-05-14 12:31:28 REDIRECT-IN
oidcc-refresh-token
Authorization endpoint response captured
url_query
{
  "code": "AAdzZWNyZXQxUBe_RVh9N3Z6nOUpEucCEvzF3Ehm68Oi6dfuvCOIT7xdLDZQTwILkXcgte9-L_lch6POzLjQ5ZgDuw73braJ2BD88wxAtEEFuYbdzGKw4mtwSh1TuPwWkOyzzqpULWzjHgMyqSqaHYqWsfvhY1pLx_GQvKeU5geVvkB_Etj4LPWrRwDMq-6g5fhqRUaA8X5dtr9ZEQMnIpajWAYHYgO233_6CcLrhBfIBc68N2spjnDjbZk5LGOqwPi-kKy_mF8O5nzlowkM4ubKl9e20rbD28V_COzQgr1-wHmOzgwT7Wez8XTK0iEoVNAl0xpuPk4pA50Qv6B-rGf4mkmxQrGyPLMv2PXKnVwdQzK9MtYXUMLD8p26X34fV8LByloXp9vCHcZ4L9tNTJoYRHgIgtE2MS5_HuqjpHVKrAOkLdaUQDhxrTqgV6sOor2-bNg3Zs0WYQ",
  "state": "wb9Q3X1fUx"
}
headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "__utma\u003d201319536.760360395.1526462956.1616416266.1620398155.50; __utmz\u003d201319536.1620398155.50.31.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d90025DB2622B722EFF73B77629DCFF22",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{}
post_body
Second client: Verify authorization endpoint response
2021-05-14 12:31:28 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2021-05-14 12:31:28
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
2021-05-14 12:31:28 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2021-05-14 12:31:28 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
wb9Q3X1fUx
2021-05-14 12:31:28 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
AAdzZWNyZXQxUBe_RVh9N3Z6nOUpEucCEvzF3Ehm68Oi6dfuvCOIT7xdLDZQTwILkXcgte9-L_lch6POzLjQ5ZgDuw73braJ2BD88wxAtEEFuYbdzGKw4mtwSh1TuPwWkOyzzqpULWzjHgMyqSqaHYqWsfvhY1pLx_GQvKeU5geVvkB_Etj4LPWrRwDMq-6g5fhqRUaA8X5dtr9ZEQMnIpajWAYHYgO233_6CcLrhBfIBc68N2spjnDjbZk5LGOqwPi-kKy_mF8O5nzlowkM4ubKl9e20rbD28V_COzQgr1-wHmOzgwT7Wez8XTK0iEoVNAl0xpuPk4pA50Qv6B-rGf4mkmxQrGyPLMv2PXKnVwdQzK9MtYXUMLD8p26X34fV8LByloXp9vCHcZ4L9tNTJoYRHgIgtE2MS5_HuqjpHVKrAOkLdaUQDhxrTqgV6sOor2-bNg3Zs0WYQ
2021-05-14 12:31:28 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
AAdzZWNyZXQxUBe_RVh9N3Z6nOUpEucCEvzF3Ehm68Oi6dfuvCOIT7xdLDZQTwILkXcgte9-L_lch6POzLjQ5ZgDuw73braJ2BD88wxAtEEFuYbdzGKw4mtwSh1TuPwWkOyzzqpULWzjHgMyqSqaHYqWsfvhY1pLx_GQvKeU5geVvkB_Etj4LPWrRwDMq-6g5fhqRUaA8X5dtr9ZEQMnIpajWAYHYgO233_6CcLrhBfIBc68N2spjnDjbZk5LGOqwPi-kKy_mF8O5nzlowkM4ubKl9e20rbD28V_COzQgr1-wHmOzgwT7Wez8XTK0iEoVNAl0xpuPk4pA50Qv6B-rGf4mkmxQrGyPLMv2PXKnVwdQzK9MtYXUMLD8p26X34fV8LByloXp9vCHcZ4L9tNTJoYRHgIgtE2MS5_HuqjpHVKrAOkLdaUQDhxrTqgV6sOor2-bNg3Zs0WYQ
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
2021-05-14 12:31:28 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic XzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0Ol9hY2JkMDgyNmViNDNjNjU2Y2NkYjcwNzhiYjMzODZjNg==
2021-05-14 12:31:28
CallTokenEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic XzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0Ol9hY2JkMDgyNmViNDNjNjU2Y2NkYjcwNzhiYjMzODZjNg\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "583"
}
request_body
grant_type=authorization_code&code=AAdzZWNyZXQxUBe_RVh9N3Z6nOUpEucCEvzF3Ehm68Oi6dfuvCOIT7xdLDZQTwILkXcgte9-L_lch6POzLjQ5ZgDuw73braJ2BD88wxAtEEFuYbdzGKw4mtwSh1TuPwWkOyzzqpULWzjHgMyqSqaHYqWsfvhY1pLx_GQvKeU5geVvkB_Etj4LPWrRwDMq-6g5fhqRUaA8X5dtr9ZEQMnIpajWAYHYgO233_6CcLrhBfIBc68N2spjnDjbZk5LGOqwPi-kKy_mF8O5nzlowkM4ubKl9e20rbD28V_COzQgr1-wHmOzgwT7Wez8XTK0iEoVNAl0xpuPk4pA50Qv6B-rGf4mkmxQrGyPLMv2PXKnVwdQzK9MtYXUMLD8p26X34fV8LByloXp9vCHcZ4L9tNTJoYRHgIgtE2MS5_HuqjpHVKrAOkLdaUQDhxrTqgV6sOor2-bNg3Zs0WYQ&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2F3_0_1%2Fcallback
2021-05-14 12:31:29 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Fri, 14 May 2021 12:31:29 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1886",
  "set-cookie": "JSESSIONID\u003dnode0100te1o44igems25dak1wf6m650.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQxDFLnB0GTv6DU0FN0hJdPQycARr91mCk-HWwhXmuQHZXXOLtTxKKXqeRspeya7Vhf_QFse0JCDNONXgCesWEjHTLXjxP87gPz8RFJziaTn8OF2Zs6ReVrhMlf1-mlNoph_VYsDv7HGGUu7S_faBCISZ0s0bpztJe9mMpFAUmN4DOUxazMe1viakEz1bMPlkQE-0JCdzsbcyErrrA2cMB5qqO2UodvKzAjQbtRmtElk883hXWlWur5fuOTZdvIzGq_va-FS0yaFWL8qCTOp0IQVPjd5AcVNvKxq7UNnhImyh52o7mZxFJfwCbDUXsrPKChoM9rsa4FZBvcSr2q5CGMip8bA_gVmDABREI4pMkQSVLs3UX-lMP5efgVFDqtShaL2LlAPjlMMgQxWcopU7i_5aJF84ctCNFjY-zbwnvz8TEajEXhQxMPeTxli16SwSqU","refresh_token":"AAdzZWNyZXQxO42B8XQILx9JnKrzBQUNjvPg6bmRbaXEy2rocmpkfPq-TOMsTSCNoZbNXFEUr16u7MtQ_0VZyigrZRSpdKt7RCNIubfEhwOQ_qEhTV0vUXPoz6N4YOjVk8WFpOhJlHwT4XNsJ92z4QTaMzFmnZCyJ54QEQStGCDyhoRNtElSg8-8IdFMhSMe0RcVzN5FzQbaW0Svkk2uP48wItIQrrjj5ZXyFONIbx6vCVhf-Mu60kvqt3z06nCTjTq9XkQDvQjag0gNoQrqTGjZp_SjRmYSDmp4bXmGuS3FdQLXfVCxBIxvNqL7Xd1YVksmV-mmvB7iM8MjTYD50ueF0bbZhRLaPeZgpyMmBeopA_V7NYHPnuM7AgbkwFwL9e5qHWBxf-kqxbIKvwj-tU3BtccXHLu9kbjn2jwIU7y0Yx7_pyUaio4pNqF1cafIQmKP5SZM-XxAPmU","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoidnF4aTlaMTdINjVRdWE5Z3dJeXlDQSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiXzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODksImlhdCI6MTYyMDk5NTQ4OSwibm9uY2UiOiIxdVp4TnE5WkFJIn0.ZWTsv1AUb7tkcJ9xnYvgx6NMfpr1BQy7ReHUfOHd9hQh2e72DadN0-AEEudF8F5hxs6oMULfwRAf-mAyIHKeUVp7-r_z9HY5_c2Fja2jWTFOkEzICvfSzAth3N9E8qfJGGiw18vj_zZ61czzHOJ8jb0ynM8s7PKma0ASfEe8b8OE380BmUFCf7quYy229KnbzOA4buyTogQMWCBJmMxGRZLBXP98EXRXfvZzEDmzOuuaLXUm_gc_qTFdhowtnS_CZIkqx9BCi-WBONTIkidoSHlAU8Bfq_PW0LH4R_0H4KAM_YG8hl_RlDk4wB76JbWTtMEIKpr-oHL3C_1WomwMHuczGvQmKU06YzF0VobzxgJFujxCw8cxbenoYIhZPBmAYhx8MIGVMtGZx7pSNFTIO_PxCTFuE0vea1ezcjcxEYPWhXB2zFfOpv0c_8Fe5GXuCXPMiECdw2X-dxF-TpXlTMVNV2OQm6bwZKsjbnlnjsbr3zoMKu3zKp1pibUiVp1u","token_type":"Bearer","expires_in":600}
2021-05-14 12:31:29
CallTokenEndpoint
Token endpoint response
token_endpoint_response
{"access_token":"AAdzZWNyZXQxDFLnB0GTv6DU0FN0hJdPQycARr91mCk-HWwhXmuQHZXXOLtTxKKXqeRspeya7Vhf_QFse0JCDNONXgCesWEjHTLXjxP87gPz8RFJziaTn8OF2Zs6ReVrhMlf1-mlNoph_VYsDv7HGGUu7S_faBCISZ0s0bpztJe9mMpFAUmN4DOUxazMe1viakEz1bMPlkQE-0JCdzsbcyErrrA2cMB5qqO2UodvKzAjQbtRmtElk883hXWlWur5fuOTZdvIzGq_va-FS0yaFWL8qCTOp0IQVPjd5AcVNvKxq7UNnhImyh52o7mZxFJfwCbDUXsrPKChoM9rsa4FZBvcSr2q5CGMip8bA_gVmDABREI4pMkQSVLs3UX-lMP5efgVFDqtShaL2LlAPjlMMgQxWcopU7i_5aJF84ctCNFjY-zbwnvz8TEajEXhQxMPeTxli16SwSqU","refresh_token":"AAdzZWNyZXQxO42B8XQILx9JnKrzBQUNjvPg6bmRbaXEy2rocmpkfPq-TOMsTSCNoZbNXFEUr16u7MtQ_0VZyigrZRSpdKt7RCNIubfEhwOQ_qEhTV0vUXPoz6N4YOjVk8WFpOhJlHwT4XNsJ92z4QTaMzFmnZCyJ54QEQStGCDyhoRNtElSg8-8IdFMhSMe0RcVzN5FzQbaW0Svkk2uP48wItIQrrjj5ZXyFONIbx6vCVhf-Mu60kvqt3z06nCTjTq9XkQDvQjag0gNoQrqTGjZp_SjRmYSDmp4bXmGuS3FdQLXfVCxBIxvNqL7Xd1YVksmV-mmvB7iM8MjTYD50ueF0bbZhRLaPeZgpyMmBeopA_V7NYHPnuM7AgbkwFwL9e5qHWBxf-kqxbIKvwj-tU3BtccXHLu9kbjn2jwIU7y0Yx7_pyUaio4pNqF1cafIQmKP5SZM-XxAPmU","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoidnF4aTlaMTdINjVRdWE5Z3dJeXlDQSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiXzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODksImlhdCI6MTYyMDk5NTQ4OSwibm9uY2UiOiIxdVp4TnE5WkFJIn0.ZWTsv1AUb7tkcJ9xnYvgx6NMfpr1BQy7ReHUfOHd9hQh2e72DadN0-AEEudF8F5hxs6oMULfwRAf-mAyIHKeUVp7-r_z9HY5_c2Fja2jWTFOkEzICvfSzAth3N9E8qfJGGiw18vj_zZ61czzHOJ8jb0ynM8s7PKma0ASfEe8b8OE380BmUFCf7quYy229KnbzOA4buyTogQMWCBJmMxGRZLBXP98EXRXfvZzEDmzOuuaLXUm_gc_qTFdhowtnS_CZIkqx9BCi-WBONTIkidoSHlAU8Bfq_PW0LH4R_0H4KAM_YG8hl_RlDk4wB76JbWTtMEIKpr-oHL3C_1WomwMHuczGvQmKU06YzF0VobzxgJFujxCw8cxbenoYIhZPBmAYhx8MIGVMtGZx7pSNFTIO_PxCTFuE0vea1ezcjcxEYPWhXB2zFfOpv0c_8Fe5GXuCXPMiECdw2X-dxF-TpXlTMVNV2OQm6bwZKsjbnlnjsbr3zoMKu3zKp1pibUiVp1u","token_type":"Bearer","expires_in":600}
2021-05-14 12:31:29 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
AAdzZWNyZXQxDFLnB0GTv6DU0FN0hJdPQycARr91mCk-HWwhXmuQHZXXOLtTxKKXqeRspeya7Vhf_QFse0JCDNONXgCesWEjHTLXjxP87gPz8RFJziaTn8OF2Zs6ReVrhMlf1-mlNoph_VYsDv7HGGUu7S_faBCISZ0s0bpztJe9mMpFAUmN4DOUxazMe1viakEz1bMPlkQE-0JCdzsbcyErrrA2cMB5qqO2UodvKzAjQbtRmtElk883hXWlWur5fuOTZdvIzGq_va-FS0yaFWL8qCTOp0IQVPjd5AcVNvKxq7UNnhImyh52o7mZxFJfwCbDUXsrPKChoM9rsa4FZBvcSr2q5CGMip8bA_gVmDABREI4pMkQSVLs3UX-lMP5efgVFDqtShaL2LlAPjlMMgQxWcopU7i_5aJF84ctCNFjY-zbwnvz8TEajEXhQxMPeTxli16SwSqU
refresh_token
AAdzZWNyZXQxO42B8XQILx9JnKrzBQUNjvPg6bmRbaXEy2rocmpkfPq-TOMsTSCNoZbNXFEUr16u7MtQ_0VZyigrZRSpdKt7RCNIubfEhwOQ_qEhTV0vUXPoz6N4YOjVk8WFpOhJlHwT4XNsJ92z4QTaMzFmnZCyJ54QEQStGCDyhoRNtElSg8-8IdFMhSMe0RcVzN5FzQbaW0Svkk2uP48wItIQrrjj5ZXyFONIbx6vCVhf-Mu60kvqt3z06nCTjTq9XkQDvQjag0gNoQrqTGjZp_SjRmYSDmp4bXmGuS3FdQLXfVCxBIxvNqL7Xd1YVksmV-mmvB7iM8MjTYD50ueF0bbZhRLaPeZgpyMmBeopA_V7NYHPnuM7AgbkwFwL9e5qHWBxf-kqxbIKvwj-tU3BtccXHLu9kbjn2jwIU7y0Yx7_pyUaio4pNqF1cafIQmKP5SZM-XxAPmU
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoidnF4aTlaMTdINjVRdWE5Z3dJeXlDQSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiXzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODksImlhdCI6MTYyMDk5NTQ4OSwibm9uY2UiOiIxdVp4TnE5WkFJIn0.ZWTsv1AUb7tkcJ9xnYvgx6NMfpr1BQy7ReHUfOHd9hQh2e72DadN0-AEEudF8F5hxs6oMULfwRAf-mAyIHKeUVp7-r_z9HY5_c2Fja2jWTFOkEzICvfSzAth3N9E8qfJGGiw18vj_zZ61czzHOJ8jb0ynM8s7PKma0ASfEe8b8OE380BmUFCf7quYy229KnbzOA4buyTogQMWCBJmMxGRZLBXP98EXRXfvZzEDmzOuuaLXUm_gc_qTFdhowtnS_CZIkqx9BCi-WBONTIkidoSHlAU8Bfq_PW0LH4R_0H4KAM_YG8hl_RlDk4wB76JbWTtMEIKpr-oHL3C_1WomwMHuczGvQmKU06YzF0VobzxgJFujxCw8cxbenoYIhZPBmAYhx8MIGVMtGZx7pSNFTIO_PxCTFuE0vea1ezcjcxEYPWhXB2zFfOpv0c_8Fe5GXuCXPMiECdw2X-dxF-TpXlTMVNV2OQm6bwZKsjbnlnjsbr3zoMKu3zKp1pibUiVp1u
token_type
Bearer
expires_in
600
2021-05-14 12:31:29 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-14 12:31:29 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
AAdzZWNyZXQxDFLnB0GTv6DU0FN0hJdPQycARr91mCk-HWwhXmuQHZXXOLtTxKKXqeRspeya7Vhf_QFse0JCDNONXgCesWEjHTLXjxP87gPz8RFJziaTn8OF2Zs6ReVrhMlf1-mlNoph_VYsDv7HGGUu7S_faBCISZ0s0bpztJe9mMpFAUmN4DOUxazMe1viakEz1bMPlkQE-0JCdzsbcyErrrA2cMB5qqO2UodvKzAjQbtRmtElk883hXWlWur5fuOTZdvIzGq_va-FS0yaFWL8qCTOp0IQVPjd5AcVNvKxq7UNnhImyh52o7mZxFJfwCbDUXsrPKChoM9rsa4FZBvcSr2q5CGMip8bA_gVmDABREI4pMkQSVLs3UX-lMP5efgVFDqtShaL2LlAPjlMMgQxWcopU7i_5aJF84ctCNFjY-zbwnvz8TEajEXhQxMPeTxli16SwSqU
2021-05-14 12:31:29 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQxDFLnB0GTv6DU0FN0hJdPQycARr91mCk-HWwhXmuQHZXXOLtTxKKXqeRspeya7Vhf_QFse0JCDNONXgCesWEjHTLXjxP87gPz8RFJziaTn8OF2Zs6ReVrhMlf1-mlNoph_VYsDv7HGGUu7S_faBCISZ0s0bpztJe9mMpFAUmN4DOUxazMe1viakEz1bMPlkQE-0JCdzsbcyErrrA2cMB5qqO2UodvKzAjQbtRmtElk883hXWlWur5fuOTZdvIzGq_va-FS0yaFWL8qCTOp0IQVPjd5AcVNvKxq7UNnhImyh52o7mZxFJfwCbDUXsrPKChoM9rsa4FZBvcSr2q5CGMip8bA_gVmDABREI4pMkQSVLs3UX-lMP5efgVFDqtShaL2LlAPjlMMgQxWcopU7i_5aJF84ctCNFjY-zbwnvz8TEajEXhQxMPeTxli16SwSqU
type
Bearer
2021-05-14 12:31:29 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-14 12:31:29 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-14 12:31:29 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
AAdzZWNyZXQxO42B8XQILx9JnKrzBQUNjvPg6bmRbaXEy2rocmpkfPq-TOMsTSCNoZbNXFEUr16u7MtQ_0VZyigrZRSpdKt7RCNIubfEhwOQ_qEhTV0vUXPoz6N4YOjVk8WFpOhJlHwT4XNsJ92z4QTaMzFmnZCyJ54QEQStGCDyhoRNtElSg8-8IdFMhSMe0RcVzN5FzQbaW0Svkk2uP48wItIQrrjj5ZXyFONIbx6vCVhf-Mu60kvqt3z06nCTjTq9XkQDvQjag0gNoQrqTGjZp_SjRmYSDmp4bXmGuS3FdQLXfVCxBIxvNqL7Xd1YVksmV-mmvB7iM8MjTYD50ueF0bbZhRLaPeZgpyMmBeopA_V7NYHPnuM7AgbkwFwL9e5qHWBxf-kqxbIKvwj-tU3BtccXHLu9kbjn2jwIU7y0Yx7_pyUaio4pNqF1cafIQmKP5SZM-XxAPmU
2021-05-14 12:31:29 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoidnF4aTlaMTdINjVRdWE5Z3dJeXlDQSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiXzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODksImlhdCI6MTYyMDk5NTQ4OSwibm9uY2UiOiIxdVp4TnE5WkFJIn0.ZWTsv1AUb7tkcJ9xnYvgx6NMfpr1BQy7ReHUfOHd9hQh2e72DadN0-AEEudF8F5hxs6oMULfwRAf-mAyIHKeUVp7-r_z9HY5_c2Fja2jWTFOkEzICvfSzAth3N9E8qfJGGiw18vj_zZ61czzHOJ8jb0ynM8s7PKma0ASfEe8b8OE380BmUFCf7quYy229KnbzOA4buyTogQMWCBJmMxGRZLBXP98EXRXfvZzEDmzOuuaLXUm_gc_qTFdhowtnS_CZIkqx9BCi-WBONTIkidoSHlAU8Bfq_PW0LH4R_0H4KAM_YG8hl_RlDk4wB76JbWTtMEIKpr-oHL3C_1WomwMHuczGvQmKU06YzF0VobzxgJFujxCw8cxbenoYIhZPBmAYhx8MIGVMtGZx7pSNFTIO_PxCTFuE0vea1ezcjcxEYPWhXB2zFfOpv0c_8Fe5GXuCXPMiECdw2X-dxF-TpXlTMVNV2OQm6bwZKsjbnlnjsbr3zoMKu3zKp1pibUiVp1u
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "vqxi9Z17H65Qua9gwIyyCA",
  "sub": "teppo@funet.fi",
  "aud": "_21e3b91fc2f619b4472b97aac97b5db4",
  "acr": "password",
  "auth_time": 1620994680,
  "iss": "https://testop.funet.fi",
  "exp": 1620999089,
  "iat": 1620995489,
  "nonce": "1uZxNq9ZAI"
}
2021-05-14 12:31:29 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2021-05-14 12:31:29 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
1uZxNq9ZAI
2021-05-14 12:31:29 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2021-05-14 12:31:29 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoidnF4aTlaMTdINjVRdWE5Z3dJeXlDQSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiXzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODksImlhdCI6MTYyMDk5NTQ4OSwibm9uY2UiOiIxdVp4TnE5WkFJIn0.ZWTsv1AUb7tkcJ9xnYvgx6NMfpr1BQy7ReHUfOHd9hQh2e72DadN0-AEEudF8F5hxs6oMULfwRAf-mAyIHKeUVp7-r_z9HY5_c2Fja2jWTFOkEzICvfSzAth3N9E8qfJGGiw18vj_zZ61czzHOJ8jb0ynM8s7PKma0ASfEe8b8OE380BmUFCf7quYy229KnbzOA4buyTogQMWCBJmMxGRZLBXP98EXRXfvZzEDmzOuuaLXUm_gc_qTFdhowtnS_CZIkqx9BCi-WBONTIkidoSHlAU8Bfq_PW0LH4R_0H4KAM_YG8hl_RlDk4wB76JbWTtMEIKpr-oHL3C_1WomwMHuczGvQmKU06YzF0VobzxgJFujxCw8cxbenoYIhZPBmAYhx8MIGVMtGZx7pSNFTIO_PxCTFuE0vea1ezcjcxEYPWhXB2zFfOpv0c_8Fe5GXuCXPMiECdw2X-dxF-TpXlTMVNV2OQm6bwZKsjbnlnjsbr3zoMKu3zKp1pibUiVp1u
2021-05-14 12:31:29 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoidnF4aTlaMTdINjVRdWE5Z3dJeXlDQSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiXzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwODksImlhdCI6MTYyMDk5NTQ4OSwibm9uY2UiOiIxdVp4TnE5WkFJIn0.ZWTsv1AUb7tkcJ9xnYvgx6NMfpr1BQy7ReHUfOHd9hQh2e72DadN0-AEEudF8F5hxs6oMULfwRAf-mAyIHKeUVp7-r_z9HY5_c2Fja2jWTFOkEzICvfSzAth3N9E8qfJGGiw18vj_zZ61czzHOJ8jb0ynM8s7PKma0ASfEe8b8OE380BmUFCf7quYy229KnbzOA4buyTogQMWCBJmMxGRZLBXP98EXRXfvZzEDmzOuuaLXUm_gc_qTFdhowtnS_CZIkqx9BCi-WBONTIkidoSHlAU8Bfq_PW0LH4R_0H4KAM_YG8hl_RlDk4wB76JbWTtMEIKpr-oHL3C_1WomwMHuczGvQmKU06YzF0VobzxgJFujxCw8cxbenoYIhZPBmAYhx8MIGVMtGZx7pSNFTIO_PxCTFuE0vea1ezcjcxEYPWhXB2zFfOpv0c_8Fe5GXuCXPMiECdw2X-dxF-TpXlTMVNV2OQm6bwZKsjbnlnjsbr3zoMKu3zKp1pibUiVp1u
2021-05-14 12:31:29 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
teppo@funet.fi
2021-05-14 12:31:29 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxO42B8XQILx9JnKrzBQUNjvPg6bmRbaXEy2rocmpkfPq-TOMsTSCNoZbNXFEUr16u7MtQ_0VZyigrZRSpdKt7RCNIubfEhwOQ_qEhTV0vUXPoz6N4YOjVk8WFpOhJlHwT4XNsJ92z4QTaMzFmnZCyJ54QEQStGCDyhoRNtElSg8-8IdFMhSMe0RcVzN5FzQbaW0Svkk2uP48wItIQrrjj5ZXyFONIbx6vCVhf-Mu60kvqt3z06nCTjTq9XkQDvQjag0gNoQrqTGjZp_SjRmYSDmp4bXmGuS3FdQLXfVCxBIxvNqL7Xd1YVksmV-mmvB7iM8MjTYD50ueF0bbZhRLaPeZgpyMmBeopA_V7NYHPnuM7AgbkwFwL9e5qHWBxf-kqxbIKvwj-tU3BtccXHLu9kbjn2jwIU7y0Yx7_pyUaio4pNqF1cafIQmKP5SZM-XxAPmU
2021-05-14 12:31:29 SUCCESS
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
supported_grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2021-05-14 12:31:29 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Second client: Refresh Token Request
2021-05-14 12:31:29 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxO42B8XQILx9JnKrzBQUNjvPg6bmRbaXEy2rocmpkfPq-TOMsTSCNoZbNXFEUr16u7MtQ_0VZyigrZRSpdKt7RCNIubfEhwOQ_qEhTV0vUXPoz6N4YOjVk8WFpOhJlHwT4XNsJ92z4QTaMzFmnZCyJ54QEQStGCDyhoRNtElSg8-8IdFMhSMe0RcVzN5FzQbaW0Svkk2uP48wItIQrrjj5ZXyFONIbx6vCVhf-Mu60kvqt3z06nCTjTq9XkQDvQjag0gNoQrqTGjZp_SjRmYSDmp4bXmGuS3FdQLXfVCxBIxvNqL7Xd1YVksmV-mmvB7iM8MjTYD50ueF0bbZhRLaPeZgpyMmBeopA_V7NYHPnuM7AgbkwFwL9e5qHWBxf-kqxbIKvwj-tU3BtccXHLu9kbjn2jwIU7y0Yx7_pyUaio4pNqF1cafIQmKP5SZM-XxAPmU
2021-05-14 12:31:29 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic XzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0Ol9hY2JkMDgyNmViNDNjNjU2Y2NkYjcwNzhiYjMzODZjNg==
2021-05-14 12:31:29 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2021-05-14 12:31:30 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2021-05-14 12:31:30
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic XzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0Ol9hY2JkMDgyNmViNDNjNjU2Y2NkYjcwNzhiYjMzODZjNg\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "502"
}
request_body
grant_type=refresh_token&refresh_token=AAdzZWNyZXQxO42B8XQILx9JnKrzBQUNjvPg6bmRbaXEy2rocmpkfPq-TOMsTSCNoZbNXFEUr16u7MtQ_0VZyigrZRSpdKt7RCNIubfEhwOQ_qEhTV0vUXPoz6N4YOjVk8WFpOhJlHwT4XNsJ92z4QTaMzFmnZCyJ54QEQStGCDyhoRNtElSg8-8IdFMhSMe0RcVzN5FzQbaW0Svkk2uP48wItIQrrjj5ZXyFONIbx6vCVhf-Mu60kvqt3z06nCTjTq9XkQDvQjag0gNoQrqTGjZp_SjRmYSDmp4bXmGuS3FdQLXfVCxBIxvNqL7Xd1YVksmV-mmvB7iM8MjTYD50ueF0bbZhRLaPeZgpyMmBeopA_V7NYHPnuM7AgbkwFwL9e5qHWBxf-kqxbIKvwj-tU3BtccXHLu9kbjn2jwIU7y0Yx7_pyUaio4pNqF1cafIQmKP5SZM-XxAPmU
2021-05-14 12:31:30 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Fri, 14 May 2021 12:31:30 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1886",
  "set-cookie": "JSESSIONID\u003dnode0c3ng2u1tzntpcxwyczk8lqzi51.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQxZZ3XDaC4WcYDkEhVFKF_lNdm0wJJACQBG2EQlUwFQll0PAIzx2k6jTEPJIwe1vWh_G_jPFLapEuPIBjBpx5DpcIcYAz5pDbPCxw2a5-uORa7a2qzFg8qDbrKDs66SjgT2eY_V7bl6oPacSdkmwKMA9ymgpUcTzAkn3bTzzjfGxf7QZxq8Yg-Za_yzNOuGO0j2Ie86vWllerFR1iQf4EZgA2AAn6hW7uZfcLZg9hl4mNHWlCs6jj7xYHoyn-S2WnWdOh4fLyaFDCv_00jXEP7SHEuJ3mC9xb241w3jUMzFPB2ssKWdsOmcD0aQbOjGUsb0YSU-OORjJgPFra5KxbZuMFOHag3qBuqhl3I3YvmXnIRMpmBt5kP2_N3qR0yzJF4DwEKd4GXYsb3N4hwYtmsjtrwZPNbky0zN75wFkP6u8Q_M63rb3UgbEEqbVVtD8w6","refresh_token":"AAdzZWNyZXQxJYAq2EFZT-9yA63Yko9Ykfl3XMhfLOUedwFrrUNQb_lWrfkfon1vboQpFVj7wYlRzhlcIseIcI0gZResR9NQxesAYdspOq3CjKD9ZqPXjyiD9LKrmgbJrI9KOqC2V1GUMewPveu5W7h3FWJAhHLdKN13MQe-mi7uu0NNMeIkbgEgtXgFrQtJR19pXTF40OBog9X6f-2Je7L9e8yRpPbe_mZDRG7oBWA1j-EIxYfW9Vl4pUuAu5F8lf8C5-1JZYpHadi9vg4P47as1lmtT5ArLwQDqa1te6dFvvIYsrWZb-tVf0T2w6I0lGn7pIECvSEIe0cr9vEF1bU7XeHgqE9r2aUe8Lo5JY0wBLyB_tP-2QJWHS5IOcZovbSA6Jblle5kbNfiL2FRVZP_AO58OJmkEFaK7yI-mQA45FIGF19wIQcoDcUz3nYZINIj2nl29xLrUyA","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiX0N3MWlTdlRQMG1YeXBFa1NLcU1KQSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiXzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwOTAsImlhdCI6MTYyMDk5NTQ5MCwibm9uY2UiOiIxdVp4TnE5WkFJIn0.d8F8RIIYkcA-i_zWiRipo_I7Yi006WP1KZl6GyxcuxdqW14cjFEeCe_UDjPyWiY2tOBLVgUkpS3WpD8sUW6wvDIqBP3EsZv8bTTb2qTUwPXQGvRaTK3fVsABccvpeMk-53xMoAAMYWK4Hp5A4BmgZa5xOWUvWO-RK2znPv1U9g9AR56XmYE3IxSxIDF6GhGhEN-ub2KHCX5LWsNSei2SAj7aSud94Fhk0Dt1WSRd6B3BTUezHgh6aJpxyLVavxktOJ_uU4DlA09KJM4eYYNHVATINVGQjoA_3VPdjc14u29tzRW5-N0N02leb1AJttK_zPO6HXK_LtIBjH8TOzCQ0V6PyOvmFWRBCpS5IwNhjIHWMlYHfmxtXwkDZVSQMDu-9P-juMEppfVR4108iGXRZqdmtzyQ2OIPlVaSPVxtFKPBXlUYJxdWrqgI73kB8kNde0zdhV043QeEp0JFirOdlxnl0Rqq2lgDGikYEwiVNiRJuZTU2pwcc9USEmB4ZVeu","token_type":"Bearer","expires_in":600}
2021-05-14 12:31:30 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
access_token
AAdzZWNyZXQxZZ3XDaC4WcYDkEhVFKF_lNdm0wJJACQBG2EQlUwFQll0PAIzx2k6jTEPJIwe1vWh_G_jPFLapEuPIBjBpx5DpcIcYAz5pDbPCxw2a5-uORa7a2qzFg8qDbrKDs66SjgT2eY_V7bl6oPacSdkmwKMA9ymgpUcTzAkn3bTzzjfGxf7QZxq8Yg-Za_yzNOuGO0j2Ie86vWllerFR1iQf4EZgA2AAn6hW7uZfcLZg9hl4mNHWlCs6jj7xYHoyn-S2WnWdOh4fLyaFDCv_00jXEP7SHEuJ3mC9xb241w3jUMzFPB2ssKWdsOmcD0aQbOjGUsb0YSU-OORjJgPFra5KxbZuMFOHag3qBuqhl3I3YvmXnIRMpmBt5kP2_N3qR0yzJF4DwEKd4GXYsb3N4hwYtmsjtrwZPNbky0zN75wFkP6u8Q_M63rb3UgbEEqbVVtD8w6
refresh_token
AAdzZWNyZXQxJYAq2EFZT-9yA63Yko9Ykfl3XMhfLOUedwFrrUNQb_lWrfkfon1vboQpFVj7wYlRzhlcIseIcI0gZResR9NQxesAYdspOq3CjKD9ZqPXjyiD9LKrmgbJrI9KOqC2V1GUMewPveu5W7h3FWJAhHLdKN13MQe-mi7uu0NNMeIkbgEgtXgFrQtJR19pXTF40OBog9X6f-2Je7L9e8yRpPbe_mZDRG7oBWA1j-EIxYfW9Vl4pUuAu5F8lf8C5-1JZYpHadi9vg4P47as1lmtT5ArLwQDqa1te6dFvvIYsrWZb-tVf0T2w6I0lGn7pIECvSEIe0cr9vEF1bU7XeHgqE9r2aUe8Lo5JY0wBLyB_tP-2QJWHS5IOcZovbSA6Jblle5kbNfiL2FRVZP_AO58OJmkEFaK7yI-mQA45FIGF19wIQcoDcUz3nYZINIj2nl29xLrUyA
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiX0N3MWlTdlRQMG1YeXBFa1NLcU1KQSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiXzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwOTAsImlhdCI6MTYyMDk5NTQ5MCwibm9uY2UiOiIxdVp4TnE5WkFJIn0.d8F8RIIYkcA-i_zWiRipo_I7Yi006WP1KZl6GyxcuxdqW14cjFEeCe_UDjPyWiY2tOBLVgUkpS3WpD8sUW6wvDIqBP3EsZv8bTTb2qTUwPXQGvRaTK3fVsABccvpeMk-53xMoAAMYWK4Hp5A4BmgZa5xOWUvWO-RK2znPv1U9g9AR56XmYE3IxSxIDF6GhGhEN-ub2KHCX5LWsNSei2SAj7aSud94Fhk0Dt1WSRd6B3BTUezHgh6aJpxyLVavxktOJ_uU4DlA09KJM4eYYNHVATINVGQjoA_3VPdjc14u29tzRW5-N0N02leb1AJttK_zPO6HXK_LtIBjH8TOzCQ0V6PyOvmFWRBCpS5IwNhjIHWMlYHfmxtXwkDZVSQMDu-9P-juMEppfVR4108iGXRZqdmtzyQ2OIPlVaSPVxtFKPBXlUYJxdWrqgI73kB8kNde0zdhV043QeEp0JFirOdlxnl0Rqq2lgDGikYEwiVNiRJuZTU2pwcc9USEmB4ZVeu
token_type
Bearer
expires_in
600
2021-05-14 12:31:30 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2021-05-14 12:31:30 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2021-05-14 12:31:30 SUCCESS
CheckTokenEndpointCacheHeaders
'pragma' and 'cache-control' headers in token endpoint response contain expected values.
cache_control_header
[
  "no-store",
  "no-store"
]
pragma_header
no-cache
2021-05-14 12:31:30 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-14 12:31:30 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQxZZ3XDaC4WcYDkEhVFKF_lNdm0wJJACQBG2EQlUwFQll0PAIzx2k6jTEPJIwe1vWh_G_jPFLapEuPIBjBpx5DpcIcYAz5pDbPCxw2a5-uORa7a2qzFg8qDbrKDs66SjgT2eY_V7bl6oPacSdkmwKMA9ymgpUcTzAkn3bTzzjfGxf7QZxq8Yg-Za_yzNOuGO0j2Ie86vWllerFR1iQf4EZgA2AAn6hW7uZfcLZg9hl4mNHWlCs6jj7xYHoyn-S2WnWdOh4fLyaFDCv_00jXEP7SHEuJ3mC9xb241w3jUMzFPB2ssKWdsOmcD0aQbOjGUsb0YSU-OORjJgPFra5KxbZuMFOHag3qBuqhl3I3YvmXnIRMpmBt5kP2_N3qR0yzJF4DwEKd4GXYsb3N4hwYtmsjtrwZPNbky0zN75wFkP6u8Q_M63rb3UgbEEqbVVtD8w6
type
Bearer
2021-05-14 12:31:30 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2021-05-14 12:31:30 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
2706.260571558393
expected
96.0
2021-05-14 12:31:30 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2021-05-14 12:31:30 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-14 12:31:30 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-14 12:31:30 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
AAdzZWNyZXQxDFLnB0GTv6DU0FN0hJdPQycARr91mCk-HWwhXmuQHZXXOLtTxKKXqeRspeya7Vhf_QFse0JCDNONXgCesWEjHTLXjxP87gPz8RFJziaTn8OF2Zs6ReVrhMlf1-mlNoph_VYsDv7HGGUu7S_faBCISZ0s0bpztJe9mMpFAUmN4DOUxazMe1viakEz1bMPlkQE-0JCdzsbcyErrrA2cMB5qqO2UodvKzAjQbtRmtElk883hXWlWur5fuOTZdvIzGq_va-FS0yaFWL8qCTOp0IQVPjd5AcVNvKxq7UNnhImyh52o7mZxFJfwCbDUXsrPKChoM9rsa4FZBvcSr2q5CGMip8bA_gVmDABREI4pMkQSVLs3UX-lMP5efgVFDqtShaL2LlAPjlMMgQxWcopU7i_5aJF84ctCNFjY-zbwnvz8TEajEXhQxMPeTxli16SwSqU
second_access_token
AAdzZWNyZXQxZZ3XDaC4WcYDkEhVFKF_lNdm0wJJACQBG2EQlUwFQll0PAIzx2k6jTEPJIwe1vWh_G_jPFLapEuPIBjBpx5DpcIcYAz5pDbPCxw2a5-uORa7a2qzFg8qDbrKDs66SjgT2eY_V7bl6oPacSdkmwKMA9ymgpUcTzAkn3bTzzjfGxf7QZxq8Yg-Za_yzNOuGO0j2Ie86vWllerFR1iQf4EZgA2AAn6hW7uZfcLZg9hl4mNHWlCs6jj7xYHoyn-S2WnWdOh4fLyaFDCv_00jXEP7SHEuJ3mC9xb241w3jUMzFPB2ssKWdsOmcD0aQbOjGUsb0YSU-OORjJgPFra5KxbZuMFOHag3qBuqhl3I3YvmXnIRMpmBt5kP2_N3qR0yzJF4DwEKd4GXYsb3N4hwYtmsjtrwZPNbky0zN75wFkP6u8Q_M63rb3UgbEEqbVVtD8w6
2021-05-14 12:31:30 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiX0N3MWlTdlRQMG1YeXBFa1NLcU1KQSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiXzIxZTNiOTFmYzJmNjE5YjQ0NzJiOTdhYWM5N2I1ZGI0IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjA5OTQ2ODAsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjA5OTkwOTAsImlhdCI6MTYyMDk5NTQ5MCwibm9uY2UiOiIxdVp4TnE5WkFJIn0.d8F8RIIYkcA-i_zWiRipo_I7Yi006WP1KZl6GyxcuxdqW14cjFEeCe_UDjPyWiY2tOBLVgUkpS3WpD8sUW6wvDIqBP3EsZv8bTTb2qTUwPXQGvRaTK3fVsABccvpeMk-53xMoAAMYWK4Hp5A4BmgZa5xOWUvWO-RK2znPv1U9g9AR56XmYE3IxSxIDF6GhGhEN-ub2KHCX5LWsNSei2SAj7aSud94Fhk0Dt1WSRd6B3BTUezHgh6aJpxyLVavxktOJ_uU4DlA09KJM4eYYNHVATINVGQjoA_3VPdjc14u29tzRW5-N0N02leb1AJttK_zPO6HXK_LtIBjH8TOzCQ0V6PyOvmFWRBCpS5IwNhjIHWMlYHfmxtXwkDZVSQMDu-9P-juMEppfVR4108iGXRZqdmtzyQ2OIPlVaSPVxtFKPBXlUYJxdWrqgI73kB8kNde0zdhV043QeEp0JFirOdlxnl0Rqq2lgDGikYEwiVNiRJuZTU2pwcc9USEmB4ZVeu
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "_Cw1iSvTP0mXypEkSKqMJA",
  "sub": "teppo@funet.fi",
  "aud": "_21e3b91fc2f619b4472b97aac97b5db4",
  "acr": "password",
  "auth_time": 1620994680,
  "iss": "https://testop.funet.fi",
  "exp": 1620999090,
  "iat": 1620995490,
  "nonce": "1uZxNq9ZAI"
}
2021-05-14 12:31:30 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxJYAq2EFZT-9yA63Yko9Ykfl3XMhfLOUedwFrrUNQb_lWrfkfon1vboQpFVj7wYlRzhlcIseIcI0gZResR9NQxesAYdspOq3CjKD9ZqPXjyiD9LKrmgbJrI9KOqC2V1GUMewPveu5W7h3FWJAhHLdKN13MQe-mi7uu0NNMeIkbgEgtXgFrQtJR19pXTF40OBog9X6f-2Je7L9e8yRpPbe_mZDRG7oBWA1j-EIxYfW9Vl4pUuAu5F8lf8C5-1JZYpHadi9vg4P47as1lmtT5ArLwQDqa1te6dFvvIYsrWZb-tVf0T2w6I0lGn7pIECvSEIe0cr9vEF1bU7XeHgqE9r2aUe8Lo5JY0wBLyB_tP-2QJWHS5IOcZovbSA6Jblle5kbNfiL2FRVZP_AO58OJmkEFaK7yI-mQA45FIGF19wIQcoDcUz3nYZINIj2nl29xLrUyA
2021-05-14 12:31:30 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
3704
required
128
2021-05-14 12:31:30 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
2722.9400911253683
expected
96.0
2021-05-14 12:31:30 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://testop.funet.fi",
  "second": "https://testop.funet.fi",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "teppo@funet.fi",
  "second": "teppo@funet.fi",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1620995489,
  "second": 1620995490,
  "note": "Values are expected to be different"
}
aud
{
  "first": "_21e3b91fc2f619b4472b97aac97b5db4",
  "second": "_21e3b91fc2f619b4472b97aac97b5db4",
  "note": "Values are expected to be equal"
}
auth_time
{
  "first": 1620994680,
  "second": 1620994680,
  "note": "Values are expected to be equal"
}
azp
Id tokens do not contain azp claims
Second client: Userinfo endpoint tests
2021-05-14 12:31:30
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/userinfo
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer AAdzZWNyZXQxZZ3XDaC4WcYDkEhVFKF_lNdm0wJJACQBG2EQlUwFQll0PAIzx2k6jTEPJIwe1vWh_G_jPFLapEuPIBjBpx5DpcIcYAz5pDbPCxw2a5-uORa7a2qzFg8qDbrKDs66SjgT2eY_V7bl6oPacSdkmwKMA9ymgpUcTzAkn3bTzzjfGxf7QZxq8Yg-Za_yzNOuGO0j2Ie86vWllerFR1iQf4EZgA2AAn6hW7uZfcLZg9hl4mNHWlCs6jj7xYHoyn-S2WnWdOh4fLyaFDCv_00jXEP7SHEuJ3mC9xb241w3jUMzFPB2ssKWdsOmcD0aQbOjGUsb0YSU-OORjJgPFra5KxbZuMFOHag3qBuqhl3I3YvmXnIRMpmBt5kP2_N3qR0yzJF4DwEKd4GXYsb3N4hwYtmsjtrwZPNbky0zN75wFkP6u8Q_M63rb3UgbEEqbVVtD8w6",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2021-05-14 12:31:31 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Fri, 14 May 2021 12:31:31 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode07u6h7n7kru4is8bcdgdygbxg52.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"sub":"teppo@funet.fi"}
2021-05-14 12:31:31 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "date": "Fri, 14 May 2021 12:31:31 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode07u6h7n7kru4is8bcdgdygbxg52.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
status_code
{
  "code": 200
}
body
{"sub":"teppo@funet.fi"}
Attempting to use refresh_token issued to client 2 with client 1
2021-05-14 12:31:31 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxJYAq2EFZT-9yA63Yko9Ykfl3XMhfLOUedwFrrUNQb_lWrfkfon1vboQpFVj7wYlRzhlcIseIcI0gZResR9NQxesAYdspOq3CjKD9ZqPXjyiD9LKrmgbJrI9KOqC2V1GUMewPveu5W7h3FWJAhHLdKN13MQe-mi7uu0NNMeIkbgEgtXgFrQtJR19pXTF40OBog9X6f-2Je7L9e8yRpPbe_mZDRG7oBWA1j-EIxYfW9Vl4pUuAu5F8lf8C5-1JZYpHadi9vg4P47as1lmtT5ArLwQDqa1te6dFvvIYsrWZb-tVf0T2w6I0lGn7pIECvSEIe0cr9vEF1bU7XeHgqE9r2aUe8Lo5JY0wBLyB_tP-2QJWHS5IOcZovbSA6Jblle5kbNfiL2FRVZP_AO58OJmkEFaK7yI-mQA45FIGF19wIQcoDcUz3nYZINIj2nl29xLrUyA
2021-05-14 12:31:31 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid offline_access' to token endpoint request
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxJYAq2EFZT-9yA63Yko9Ykfl3XMhfLOUedwFrrUNQb_lWrfkfon1vboQpFVj7wYlRzhlcIseIcI0gZResR9NQxesAYdspOq3CjKD9ZqPXjyiD9LKrmgbJrI9KOqC2V1GUMewPveu5W7h3FWJAhHLdKN13MQe-mi7uu0NNMeIkbgEgtXgFrQtJR19pXTF40OBog9X6f-2Je7L9e8yRpPbe_mZDRG7oBWA1j-EIxYfW9Vl4pUuAu5F8lf8C5-1JZYpHadi9vg4P47as1lmtT5ArLwQDqa1te6dFvvIYsrWZb-tVf0T2w6I0lGn7pIECvSEIe0cr9vEF1bU7XeHgqE9r2aUe8Lo5JY0wBLyB_tP-2QJWHS5IOcZovbSA6Jblle5kbNfiL2FRVZP_AO58OJmkEFaK7yI-mQA45FIGF19wIQcoDcUz3nYZINIj2nl29xLrUyA
scope
openid offline_access
2021-05-14 12:31:31 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3Ol80ZGMzYzA1ZDJiNGQwZTkxMjFjZmM2NDFhMDBlZjlkYQ==
2021-05-14 12:31:31
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2MwZjA3ODAzMGQ5MWRkMzI0ZGU3YjIyZDIzMzFiN2I3Ol80ZGMzYzA1ZDJiNGQwZTkxMjFjZmM2NDFhMDBlZjlkYQ\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "530"
}
request_body
grant_type=refresh_token&refresh_token=AAdzZWNyZXQxJYAq2EFZT-9yA63Yko9Ykfl3XMhfLOUedwFrrUNQb_lWrfkfon1vboQpFVj7wYlRzhlcIseIcI0gZResR9NQxesAYdspOq3CjKD9ZqPXjyiD9LKrmgbJrI9KOqC2V1GUMewPveu5W7h3FWJAhHLdKN13MQe-mi7uu0NNMeIkbgEgtXgFrQtJR19pXTF40OBog9X6f-2Je7L9e8yRpPbe_mZDRG7oBWA1j-EIxYfW9Vl4pUuAu5F8lf8C5-1JZYpHadi9vg4P47as1lmtT5ArLwQDqa1te6dFvvIYsrWZb-tVf0T2w6I0lGn7pIECvSEIe0cr9vEF1bU7XeHgqE9r2aUe8Lo5JY0wBLyB_tP-2QJWHS5IOcZovbSA6Jblle5kbNfiL2FRVZP_AO58OJmkEFaK7yI-mQA45FIGF19wIQcoDcUz3nYZINIj2nl29xLrUyA&scope=openid+offline_access
2021-05-14 12:31:31 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
400 BAD_REQUEST
response_status_text
Bad Request
response_headers
{
  "date": "Fri, 14 May 2021 12:31:31 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "61",
  "set-cookie": "JSESSIONID\u003dnode016408cyatxjuwyt8cr4603ox953.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "connection": "close"
}
response_body
{"error_description":"Invalid grant","error":"invalid_grant"}
2021-05-14 12:31:31 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
error_description
Invalid grant
error
invalid_grant
2021-05-14 12:31:31 SUCCESS
ValidateErrorFromTokenEndpointResponseError
Token endpoint response error returned valid 'error' field
error
invalid_grant
2021-05-14 12:31:31 SUCCESS
CheckTokenEndpointHttpStatus400
Token endpoint http status code was 400
2021-05-14 12:31:31 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2021-05-14 12:31:31 SUCCESS
CheckErrorFromTokenEndpointResponseErrorInvalidGrant
Token Endpoint response error returned expected 'error' of 'invalid_grant'
error
invalid_grant
2021-05-14 12:31:31 FINISHED
oidcc-refresh-token
Test has run to completion
testmodule_result
PASSED
Unregister dynamically registered client
2021-05-14 12:31:31 INFO
UnregisterDynamicallyRegisteredClient
Skipped evaluation due to missing required string: registration_client_uri
expected
registration_client_uri
Second client: Unregister dynamically registered client
2021-05-14 12:31:31 INFO
UnregisterDynamicallyRegisteredClient
Skipped evaluation due to missing required string: registration_client_uri
expected
registration_client_uri
2021-05-14 12:31:39
TEST-RUNNER
Alias has now been claimed by another test
alias
3_0_1
new_test_id
3zITFOnCFx3RJZI
Test Results