Test detail

Test Name	oidcc-client-test-signing-key-rotation
Variant	client_auth_type=client_secret_basic, request_type=plain_http_request, response_type=code, client_registration=dynamic_client, response_mode=default
Test ID	sVztAwKMubkoUKz https://www.certification.openid.net/log-detail.html?public=true&log=sVztAwKMubkoUKz
Created	2021-09-30T07:59:49.973834Z
Description	oidcop
Test Version	4.1.29
Test Owner	107897730635650910136 https://accounts.google.com
Plan ID	Q5bxP9ys6sz13 https://www.certification.openid.net/plan-detail.html?public=true&plan=Q5bxP9ys6sz13
Exported From	https://www.certification.openid.net
Exported By	107897730635650910136 https://accounts.google.com
Suite Version	4.1.29
Exported	2021-09-30 08:02:29 (UTC)

2021-09-30 07:59:50

(7) More

INFO

TEST-RUNNER

Test instance sVztAwKMubkoUKz created

baseUrl	https://www.certification.openid.net/test/a/idpy
variant	{ "client_auth_type": "client_secret_basic", "response_type": "code", "request_type": "plain_http_request", "client_registration": "dynamic_client", "response_mode": "default" }
alias	idpy
description	oidcop
planId	Q5bxP9ys6sz13
config	{ "alias": "idpy", "description": "oidcop", "server": { "discoveryUrl": "https://89.45.234.133:4000/.well-known/openid-configuration", "login_hint": "roland@89.45.234.133:4000" }, "client2": { "client_name": "Anything" } }
testName	oidcc-client-test-signing-key-rotation

2021-09-30 07:59:50

(1) More

SUCCESS

OIDCCGenerateServerConfiguration

Generated default server configuration

server_configuration

{
  "issuer": "https://www.certification.openid.net/test/a/idpy/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/idpy/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/idpy/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/idpy/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/idpy/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/idpy/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}

2021-09-30 07:59:50

(1) More

SetTokenEndpointAuthMethodsSupportedToClientSecretBasicOnly

Changed token_endpoint_auth_methods_supported to client_secret_basic only in server configuration

server_configuration

{
  "issuer": "https://www.certification.openid.net/test/a/idpy/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/idpy/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/idpy/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/idpy/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/idpy/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/idpy/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}

2021-09-30 07:59:50

(3) More

OIDCCGenerateServerJWKs

Generated server public private JWK sets

server_jwks

{
  "keys": [
    {
      "p": "8efdmWHc-7giz9-nORBG2k0nPoGVeu3UfyfL4JeAIgAOzeqn4xn-kJfLf3wqORORLnYjxTPeS7w4X85xLdYyTa731pXmpjD2sRoBaW5jXrEcpTcTQLPAiVx-sKoVB-W-a22N5cLSogjpq3PV4-li2I_04SahOVs7OVZPKiVKTXc",
      "kty": "RSA",
      "q": "nykvvZwxfJCypSPMNEEaSFBxRTSsa30ofdG5VwzyegbiJgjt9-HDvk64lKOi5DOURtz1BrjiSocN4r1ZbWkWyHhgJg3aXn2P-4eEqjVBdIrIM6wbYu0rskqENH6NVyaRPzmGGsJrUi00WYKPmtqdKuHOAMPCop4r3Tqwo_0o6RE",
      "d": "Y0xtIQLecXLa60JDBjdXmahia8k8GvZT2UmHXQ1inMjX2iV5AmQiB0_2c7hhRVHNTVsWvIjd1O9uDmaSSypJs-zMpePPFZcCmOsa-oe390kOUzM3Czb8tHir5q6c0I9ox9tNMnKvl32PRxCejt_2FkWxIYP0qGpeuh4YgDmMDifN6jSfKcR6iNRcfTL20U1JtZjy2xWKPeU3HlQ-OFCm6D9oE4rWkhqVaMin5RODKSQlbkFcSskl1HsrhuXDevKDN_xB-gGRqnO3SZAlbmh8GpVrsQ7Ju3KL76A3cdQxv7OKIA1vdTmw6fYxInRreC4cee-c5wXaedAo8ksMxsLQQQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "7d054d71-fda6-4a5e-ab66-bd2fb4a8c3d7",
      "qi": "hO0IbeCrDXy3pOFWAFR7I0qUc44fmh-DUN-jnvp9rDyd-KiRJaTxwa8yf2E7IyFHikwn1uSJUvj1sEuL2FcF3UM7ZofqJQNNPsoTJ_hnEKRe-OCorVYBPcoaV01zC8IB6-m-cBNzG24_uPVL8PTKaMniQETeZvxe0RV9dmlfs-k",
      "dp": "32FDSm4KSA_DZb2bh6A2LUPtp1S2Giwge8LeC2kbE0qGYTP9EENixVbGvdSEkOw2tna1lVbOQZVvYVkbPj57eSzHA8qskG7KfsQK5bbf4AMg9pejGa5jbvSQsMZ-YSqP6lfiHncHVkVwsbhnnOxZMK3ObVLksjhCujGvLLX-pQU",
      "dq": "C8EW7YHjhbeJ-fgy1IkaT8zhEKNbOHT90Iz0iyFBpxFrEjQGnw_lTOCzcQbEuOW2RaV70wtEawyeUeh5-kKQlC2PrD_JqMDNKV5QxeE4_Epjjq1fOGcbmwc1zEqsVYtbnre417EUC_WasCGcSWtrwAb9F8FdVnUn-CaldPb1VoE",
      "n": "lmXt4X7OvhBtCe9CKMoW183mobodlTZvY_uB5w-nFBOrcA0tNjxlf1feOkfmtje_V1zsLZO-t8rpop7GZZ9bFtcM7OSW5gonTse8KT2y0kXShEZYwmxEvqHxudjawfZsaBq5c7wXraCxO8o33vRTq5WY1ohrg4_SNd4CJMOwxEMYsV1KG-J0PtcrNeDnLyjyo6t5HzQrkJPTSRRcSp6BDc5YIfB7iOfx8G6ePti_ToCMtVYg63iWuNmQpGMq2lE0aayyYRwRnW-fa-ICu85BHlhM38n-vdr3KnYgy7LBzZHzxrRL4v_GKBQTGDMljP_Q8VqC6i56pgJ9wAKs0Ahz5w"
    },
    {
      "kty": "EC",
      "d": "Sal-eGxnxX9UxvGEBHvRA6RFg80smg0JeEiwaPc1CZU",
      "use": "sig",
      "crv": "P-256",
      "kid": "e90fb698-afd0-47a0-94f7-313516cb592d",
      "x": "DO1G6h3NpguHsWk9YdMkOrcGOjNdXDJUWL-7DzUUAKo",
      "y": "Fu4DNMAlkoAuhVMsKcmcqVYtB62Zrta95MVgb--hzyI"
    },
    {
      "kty": "EC",
      "d": "J25zZN9rW5Y4UfDi5usghgD5-1rbjzMwk0N2BYIpq0c",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "e24becdd-cff1-4821-9381-3915f4be8e49",
      "x": "n1fAgtp5Rv9Vi4pFFqqw0QwNC44eV6tgCpXaKOPjWV4",
      "y": "sT9R_eLHonPjtKN5IY4YejppEHBp9PRcBfCGOjojV7Y"
    },
    {
      "kty": "OKP",
      "d": "Il9O01YnnXLFY5KgGwLjjl9Z9Gj1sKAjcwtzkwYtbNY",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "d8bc67a1-f23d-4130-8904-ca727257adf7",
      "x": "oWvHKA7DBZuA6WpSZPPYmEtvoLEflIUCgARpflxf5sA"
    }
  ]
}

server_encryption_keys

{
  "keys": [
    {
      "p": "9Ttdi3HqVSuEJPv4guotZklduopPwA7LXRQ2dpETh_ClyPzPOWTEXl1AVGau5luxtxQF3ypoZBCQMaM0CMIq-ybKRNh_VTaZEiybFMgCVZcyjpfLg5A0mXZNzepOrj_LlG-9n0tajyeYexDKCdk_uBkBKYqUaN6ADyi_8Pps7Es",
      "kty": "RSA",
      "q": "6dYrhfgLOwc2YBnv8RdPdJcn_8mSn3CqUeCeeFgEvFLHF56iCaq4ye5xlcPwffDh2PxMaFpLzNd2U7L8Br9eyynKCLI7RmmD0cutHHL489DqRpegS0_0ZeRQJzb3f20mN2AvhbjpVplv1TkQ87ZMOf_wbUnqv24svuFOUXm6yxc",
      "d": "iU_VAbOcoOB3Z1TGk6A6YfoiG5vGECHzRZs3WfSePHPktWWOznzFh7VbWoHaFp8p6xV0yydIZsLcis04VvxDcEvLsBEI6USlkcPkcl-rm7uE2U_3aPT7l8MCBholFno9f5atK5ep6HS5lEWImpwAKyIe1aF94ABPbkhTtuACGiHQI7o71Xdxi8ccoKn1c6J7xovYxrubfjXpzUTLquw1I4K2QczjryQgC9bZ_BR9epyxRbXmqaeOq6SxVdT9JDflC_II-dD1xH0GOQOuUM1hvxntBXrPI_oZfqljrOqoyIjc5SozIyQSs68_PTFdQm3yLDGk3AqMnAlkD1JmUk2tiQ",
      "e": "AQAB",
      "use": "enc",
      "kid": "998b09f3-183e-440f-9ef8-4dd966a59017",
      "qi": "7pu_btPgzx2-53Q0kBTSXfF2CB9ddlAbnDK8pEQ2FgQb5X-RnYi5COjr6OqbeV-8F5GC_uh3TQrR0k2WwBRW1mhG6yHDHBQUdaaU_9vR8-EAG4upNeeRvd9AdR_C9UNUDhRLkgLS3UYBGYhJshtkILYmVCXUZjA2EmJK4ChPkWQ",
      "dp": "QAFDlA6iW6Jk9gYxwXF_ce_6H6LT18vEtkF9SYrp7xQXIRMivtcXDY4HKUA3q_YIt0Dpm2qFHoDYMaxn-1U6RJzGNBvReBss7npn64-cVFyHHIJv4qGzqM4g1nquGHqcFtznP_k55J0wBgbGxLVIFTOpgv8hZxGTmOFI34ts_Gs",
      "alg": "RSA-OAEP",
      "dq": "YM6l3iS-oYVu4YJbb7hy0JXznVXaOd_u407WzIPEEiNDAWhPNSlUr2Tj6VjhK4KaPbbV-y3Gy9s3xZcH99Mqb3mxhsAjAheU1zo3RNvkbSxEkU0cs5E6YSSQemurMzoA5FQR2I6hK5UCU4f4mK0UCb8HzncXlIEMTUoBnoGC76k",
      "n": "4AAxdWtpy7QLUN2Jwi5nKyTEwvpw95n2l3jjZVt4DD-TyApTCzmrVASOe7tckReRcUhMkr3KBu2n-J6P9sBUtDQF8CZ-q409lZecU5RfP8FnBQOI67NOhiPs8PMitRiPAXD1usbgLXbBCRTKvcu9UJ-6NY4CblSyXSlEUYm2EdliNQTG1LC5PlFNqHYimoyqz6VrU-zJarHtUrMDYGISH931WIpxId2GzyKm6BlavCf48PotuHX_6UH0ePuCGZzmSjOARu1uOc33zPZugmMvFFpw1K3D4c_lmiD5SWImnCUaI_VNlBHfwzYi3qOoDmAe-NBBkSNPv2bMsWHJAKazvQ"
    },
    {
      "kty": "EC",
      "d": "xD87guBf961fM-hoYEX--UU5gXJz54KiYm1Q3h0NHdg",
      "use": "enc",
      "crv": "P-256",
      "kid": "a230a63b-f781-4e86-bd4c-9da703b27cba",
      "x": "Kwm_vqk2Nv8JdximrnFJ19E88pzmBzpZ6bcLoWQrJFQ",
      "y": "1HEFnXLmiljYWX9ircQLlbVWbXEaVRjDgsPEm-PMf2k",
      "alg": "ECDH-ES"
    }
  ]
}

server_public_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "7d054d71-fda6-4a5e-ab66-bd2fb4a8c3d7",
      "n": "lmXt4X7OvhBtCe9CKMoW183mobodlTZvY_uB5w-nFBOrcA0tNjxlf1feOkfmtje_V1zsLZO-t8rpop7GZZ9bFtcM7OSW5gonTse8KT2y0kXShEZYwmxEvqHxudjawfZsaBq5c7wXraCxO8o33vRTq5WY1ohrg4_SNd4CJMOwxEMYsV1KG-J0PtcrNeDnLyjyo6t5HzQrkJPTSRRcSp6BDc5YIfB7iOfx8G6ePti_ToCMtVYg63iWuNmQpGMq2lE0aayyYRwRnW-fa-ICu85BHlhM38n-vdr3KnYgy7LBzZHzxrRL4v_GKBQTGDMljP_Q8VqC6i56pgJ9wAKs0Ahz5w"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "8f7180f7-38ed-419d-b083-69f618c2fe17",
      "n": "viU9i6gUxRilH_xYveW_9nth81DFr6fNPvLHd-638PrsCBh_qSc2sn-tpavBlptNnjEzLrLSGIjCSS7-dDDP9N5dnvSR0UDia392vCmhleEwXnj7KpdEaECTRYcXDs9ueDxXJYEfvQGO_B2Ej9-AWP5dJ6JqO4341djqUnbAGRe_Kx-B_nxVIh-CCPkVuNREXZ0df8MgSLT1cdZHFP51iKJMkxX-xjpqX__f05gRoSp6i7RN5Qqf5rZeWQSyyWkaABtUQDlA6C89kC4DK0M168USshLo6VvkUljdifmCLmh1_ni0k1Waj_BsGD8sKxKiHWnihRD11VxgFQpl7Sb-ow"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "e90fb698-afd0-47a0-94f7-313516cb592d",
      "x": "DO1G6h3NpguHsWk9YdMkOrcGOjNdXDJUWL-7DzUUAKo",
      "y": "Fu4DNMAlkoAuhVMsKcmcqVYtB62Zrta95MVgb--hzyI"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "d84e10b6-1985-4a69-ae8e-ebdd0d3cb3c4",
      "x": "3Vb1X0vUhJZ9xW4LKGh4GHwntljoc4Yo96BDO-eGCsY",
      "y": "VDcWV5-VJ9GdHstIr-Y6Bu_wqXQm5oNNlAiiKRMT5sE"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "e24becdd-cff1-4821-9381-3915f4be8e49",
      "x": "n1fAgtp5Rv9Vi4pFFqqw0QwNC44eV6tgCpXaKOPjWV4",
      "y": "sT9R_eLHonPjtKN5IY4YejppEHBp9PRcBfCGOjojV7Y"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "d8bc67a1-f23d-4130-8904-ca727257adf7",
      "x": "oWvHKA7DBZuA6WpSZPPYmEtvoLEflIUCgARpflxf5sA"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "998b09f3-183e-440f-9ef8-4dd966a59017",
      "alg": "RSA-OAEP",
      "n": "4AAxdWtpy7QLUN2Jwi5nKyTEwvpw95n2l3jjZVt4DD-TyApTCzmrVASOe7tckReRcUhMkr3KBu2n-J6P9sBUtDQF8CZ-q409lZecU5RfP8FnBQOI67NOhiPs8PMitRiPAXD1usbgLXbBCRTKvcu9UJ-6NY4CblSyXSlEUYm2EdliNQTG1LC5PlFNqHYimoyqz6VrU-zJarHtUrMDYGISH931WIpxId2GzyKm6BlavCf48PotuHX_6UH0ePuCGZzmSjOARu1uOc33zPZugmMvFFpw1K3D4c_lmiD5SWImnCUaI_VNlBHfwzYi3qOoDmAe-NBBkSNPv2bMsWHJAKazvQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "a230a63b-f781-4e86-bd4c-9da703b27cba",
      "x": "Kwm_vqk2Nv8JdximrnFJ19E88pzmBzpZ6bcLoWQrJFQ",
      "y": "1HEFnXLmiljYWX9ircQLlbVWbXEaVRjDgsPEm-PMf2k",
      "alg": "ECDH-ES"
    }
  ]
}

2021-09-30 07:59:50	SUCCESS RFC7517-1.1	ValidateServerJWKs Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url

2021-09-30 07:59:50

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInServerJWKs

Distinct 'kid' value in all keys of server_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2021-09-30 07:59:50

(1) More

SUCCESS

OIDCCLoadUserInfo

Added user information

user_info

{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "given_name": "Demo",
  "family_name": "User",
  "middle_name": "Theresa",
  "nickname": "Dee",
  "preferred_username": "d.tu",
  "gender": "female",
  "birthdate": "2000-02-03",
  "address": {
    "street_address": "100 Universal City Plaza",
    "locality": "Hollywood",
    "region": "CA",
    "postal_code": "91608",
    "country": "USA"
  },
  "zoneinfo": "America/Los_Angeles",
  "locale": "en-US",
  "phone_number": "+1 555 5550000",
  "phone_number_verified": false,
  "email": "user@example.com",
  "email_verified": false,
  "website": "https://openid.net/",
  "updated_at": 1580000000
}

2021-09-30 07:59:50		StoreOriginalClientConfiguration No client details on configuration, created an empty original_client_config object.

2021-09-30 07:59:50

(1) More

ExtractClientNameFromStoredConfig

Extracted client_name from stored client configuration.

client_name

2021-09-30 07:59:50		oidcc-client-test-signing-key-rotation Setup Done

2021-09-30 07:59:55

(7) More

INCOMING

oidcc-client-test-signing-key-rotation

Incoming HTTP request to test instance sVztAwKMubkoUKz

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "python-requests/2.25.1", "accept-encoding": "gzip, deflate", "accept": "/", "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384", "x-ssl-protocol": "TLSv1.2", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
incoming_path	.well-known/openid-configuration
incoming_body_form_params
incoming_method	GET
incoming_body_json
incoming_query_string_params	{}
incoming_body

Discovery endpoint

2021-09-30 07:59:55

(4) More

OUTGOING

oidcc-client-test-signing-key-rotation

Response to HTTP request to test instance sVztAwKMubkoUKz

outgoing_status_code	200
outgoing_headers	{}
outgoing_body	{ "issuer": "https://www.certification.openid.net/test/a/idpy/", "authorization_endpoint": "https://www.certification.openid.net/test/a/idpy/authorize", "token_endpoint": "https://www.certification.openid.net/test/a/idpy/token", "jwks_uri": "https://www.certification.openid.net/test/a/idpy/jwks", "userinfo_endpoint": "https://www.certification.openid.net/test/a/idpy/userinfo", "registration_endpoint": "https://www.certification.openid.net/test/a/idpy/register", "scopes_supported": [ "openid", "phone", "profile", "email", "address", "offline_access" ], "response_types_supported": [ "code", "id_token code", "token code id_token", "id_token", "token id_token", "token code", "token" ], "response_modes_supported": [ "query", "fragment", "form_post" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic" ], "token_endpoint_auth_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES256K", "ES384", "ES512", "EdDSA" ], "grant_types_supported": [ "authorization_code", "implicit" ], "claims_parameter_supported": true, "acr_values_supported": [ "PASSWORD" ], "subject_types_supported": [ "public", "pairwise" ], "claim_types_supported": [ "normal", "aggregated", "distributed" ], "claims_supported": [ "sub", "name", "given_name", "family_name", "middle_name", "nickname", "gender", "birthdate", "preferred_username", "profile", "website", "locale", "updated_at", "address", "zoneinfo", "phone_number", "phone_number_verified", "email", "email_verified" ], "id_token_signing_alg_values_supported": [ "none", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES256K", "ES384", "ES512", "EdDSA" ], "id_token_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "dir" ], "id_token_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "request_object_signing_alg_values_supported": [ "none", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES256K", "ES384", "ES512", "EdDSA" ], "request_object_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "dir" ], "request_object_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "userinfo_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES256K", "ES384", "ES512", "EdDSA" ], "userinfo_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "dir" ], "userinfo_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ] }
outgoing_path	.well-known/openid-configuration

2021-09-30 07:59:55

(7) More

INCOMING

oidcc-client-test-signing-key-rotation

Incoming HTTP request to test instance sVztAwKMubkoUKz

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "python-requests/2.25.1", "accept-encoding": "gzip, deflate", "accept": "/", "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384", "x-ssl-protocol": "TLSv1.2", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
incoming_path	jwks
incoming_body_form_params
incoming_method	GET
incoming_body_json
incoming_query_string_params	{}
incoming_body

Jwks endpoint

2021-09-30 07:59:55

(4) More

OUTGOING

oidcc-client-test-signing-key-rotation

Response to HTTP request to test instance sVztAwKMubkoUKz

outgoing_status_code	200
outgoing_headers	{}
outgoing_body	{ "keys": [ { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "7d054d71-fda6-4a5e-ab66-bd2fb4a8c3d7", "n": "lmXt4X7OvhBtCe9CKMoW183mobodlTZvY_uB5w-nFBOrcA0tNjxlf1feOkfmtje_V1zsLZO-t8rpop7GZZ9bFtcM7OSW5gonTse8KT2y0kXShEZYwmxEvqHxudjawfZsaBq5c7wXraCxO8o33vRTq5WY1ohrg4_SNd4CJMOwxEMYsV1KG-J0PtcrNeDnLyjyo6t5HzQrkJPTSRRcSp6BDc5YIfB7iOfx8G6ePti_ToCMtVYg63iWuNmQpGMq2lE0aayyYRwRnW-fa-ICu85BHlhM38n-vdr3KnYgy7LBzZHzxrRL4v_GKBQTGDMljP_Q8VqC6i56pgJ9wAKs0Ahz5w" }, { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "8f7180f7-38ed-419d-b083-69f618c2fe17", "n": "viU9i6gUxRilH_xYveW_9nth81DFr6fNPvLHd-638PrsCBh_qSc2sn-tpavBlptNnjEzLrLSGIjCSS7-dDDP9N5dnvSR0UDia392vCmhleEwXnj7KpdEaECTRYcXDs9ueDxXJYEfvQGO_B2Ej9-AWP5dJ6JqO4341djqUnbAGRe_Kx-B_nxVIh-CCPkVuNREXZ0df8MgSLT1cdZHFP51iKJMkxX-xjpqX__f05gRoSp6i7RN5Qqf5rZeWQSyyWkaABtUQDlA6C89kC4DK0M168USshLo6VvkUljdifmCLmh1_ni0k1Waj_BsGD8sKxKiHWnihRD11VxgFQpl7Sb-ow" }, { "kty": "EC", "use": "sig", "crv": "P-256", "kid": "e90fb698-afd0-47a0-94f7-313516cb592d", "x": "DO1G6h3NpguHsWk9YdMkOrcGOjNdXDJUWL-7DzUUAKo", "y": "Fu4DNMAlkoAuhVMsKcmcqVYtB62Zrta95MVgb--hzyI" }, { "kty": "EC", "use": "sig", "crv": "P-256", "kid": "d84e10b6-1985-4a69-ae8e-ebdd0d3cb3c4", "x": "3Vb1X0vUhJZ9xW4LKGh4GHwntljoc4Yo96BDO-eGCsY", "y": "VDcWV5-VJ9GdHstIr-Y6Bu_wqXQm5oNNlAiiKRMT5sE" }, { "kty": "EC", "use": "sig", "crv": "secp256k1", "kid": "e24becdd-cff1-4821-9381-3915f4be8e49", "x": "n1fAgtp5Rv9Vi4pFFqqw0QwNC44eV6tgCpXaKOPjWV4", "y": "sT9R_eLHonPjtKN5IY4YejppEHBp9PRcBfCGOjojV7Y" }, { "kty": "OKP", "use": "sig", "crv": "Ed25519", "kid": "d8bc67a1-f23d-4130-8904-ca727257adf7", "x": "oWvHKA7DBZuA6WpSZPPYmEtvoLEflIUCgARpflxf5sA" }, { "kty": "RSA", "e": "AQAB", "use": "enc", "kid": "998b09f3-183e-440f-9ef8-4dd966a59017", "alg": "RSA-OAEP", "n": "4AAxdWtpy7QLUN2Jwi5nKyTEwvpw95n2l3jjZVt4DD-TyApTCzmrVASOe7tckReRcUhMkr3KBu2n-J6P9sBUtDQF8CZ-q409lZecU5RfP8FnBQOI67NOhiPs8PMitRiPAXD1usbgLXbBCRTKvcu9UJ-6NY4CblSyXSlEUYm2EdliNQTG1LC5PlFNqHYimoyqz6VrU-zJarHtUrMDYGISH931WIpxId2GzyKm6BlavCf48PotuHX_6UH0ePuCGZzmSjOARu1uOc33zPZugmMvFFpw1K3D4c_lmiD5SWImnCUaI_VNlBHfwzYi3qOoDmAe-NBBkSNPv2bMsWHJAKazvQ" }, { "kty": "EC", "use": "enc", "crv": "P-256", "kid": "a230a63b-f781-4e86-bd4c-9da703b27cba", "x": "Kwm_vqk2Nv8JdximrnFJ19E88pzmBzpZ6bcLoWQrJFQ", "y": "1HEFnXLmiljYWX9ircQLlbVWbXEaVRjDgsPEm-PMf2k", "alg": "ECDH-ES" } ] }
outgoing_path	jwks

2021-09-30 07:59:56

(7) More

INCOMING

oidcc-client-test-signing-key-rotation

Incoming HTTP request to test instance sVztAwKMubkoUKz

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "python-requests/2.25.1", "accept-encoding": "gzip, deflate", "accept": "/", "content-type": "application/json", "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384", "x-ssl-protocol": "TLSv1.2", "content-length": "703", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net", "connection": "close" }
incoming_path	register
incoming_body_form_params
incoming_method	POST
incoming_body_json	{ "application_type": "web", "response_types": [ "code", "id_token" ], "contacts": [ "ops@example.com" ], "token_endpoint_auth_method": "client_secret_basic", "redirect_uris": [ "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "https://89.45.234.133:8090/authz_im_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "https://89.45.234.133:8090/authz_fp_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "https://89.45.234.133:8090/req_uri/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7" ], "jwks_uri": "https://89.45.234.133:8090/static/jwks.json", "grant_types": [ "implicit", "authorization_code" ] }
incoming_query_string_params	{}
incoming_body	{"application_type": "web", "response_types": ["code", "id_token"], "contacts": ["ops@example.com"], "token_endpoint_auth_method": "client_secret_basic", "redirect_uris": ["https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "https://89.45.234.133:8090/authz_im_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "https://89.45.234.133:8090/authz_fp_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "https://89.45.234.133:8090/req_uri/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7"], "jwks_uri": "https://89.45.234.133:8090/static/jwks.json", "grant_types": ["implicit", "authorization_code"]}

Registration endpoint

2021-09-30 07:59:56

(1) More

SUCCESS

OIDCCExtractDynamicRegistrationRequest

Extracted dynamic client registration request

request

{
  "application_type": "web",
  "response_types": [
    "code",
    "id_token"
  ],
  "contacts": [
    "ops@example.com"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "redirect_uris": [
    "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/authz_im_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/authz_fp_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/req_uri/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7"
  ],
  "jwks_uri": "https://89.45.234.133:8090/static/jwks.json",
  "grant_types": [
    "implicit",
    "authorization_code"
  ]
}

2021-09-30 07:59:56

(1) More

SUCCESS

EnsureRegistrationRequestContainsAtLeastOneContact

Registration request contains valid contacts

contacts

[
  "ops@example.com"
]

2021-09-30 07:59:56

(2) More

SUCCESS

OIDCR-2

ValidateClientGrantTypes

grant_types match response_types

grant_types	[ "implicit", "authorization_code" ]
response_types	[ "code", "id_token" ]

2021-09-30 07:59:56

(1) More

SUCCESS

OIDCR-2

OIDCCValidateClientRedirectUris

Valid redirect_uri(s) provided in registration request

redirect_uris

[
  "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "https://89.45.234.133:8090/authz_im_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "https://89.45.234.133:8090/authz_fp_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "https://89.45.234.133:8090/req_uri/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7"
]

2021-09-30 07:59:56	SUCCESS OIDCR-2	ValidateClientLogoUris Client does not contain any logo_uri

2021-09-30 07:59:56	SUCCESS OIDCR-2	ValidateClientUris Client does not contain any client_uri

2021-09-30 07:59:56	SUCCESS OIDCR-2	ValidateClientPolicyUris Client does not contain any policy_uri

2021-09-30 07:59:56	SUCCESS OIDCR-2	ValidateClientTosUris Client does not contain any tos_uri

2021-09-30 07:59:56	SUCCESS OIDCR-2	ValidateClientSubjectType A subject_type was not provided

2021-09-30 07:59:56

(3) More

INFO

OIDCR-2

ValidateIdTokenSignedResponseAlg

Skipped evaluation due to missing required element: client id_token_signed_response_alg

path	id_token_signed_response_alg
mapped
object	client

2021-09-30 07:59:56	SUCCESS OIDCR-2	EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet id_token_encrypted_response_enc is not set

2021-09-30 07:59:56

(3) More

INFO

OIDCR-2

ValidateUserinfoSignedResponseAlg

Skipped evaluation due to missing required element: client userinfo_signed_response_alg

path	userinfo_signed_response_alg
mapped
object	client

2021-09-30 07:59:56	SUCCESS OIDCR-2	EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet userinfo_encrypted_response_enc is not set

2021-09-30 07:59:56

(3) More

INFO

OIDCR-2

ValidateRequestObjectSigningAlg

Skipped evaluation due to missing required element: client request_object_signing_alg

path	request_object_signing_alg
mapped
object	client

2021-09-30 07:59:56	SUCCESS OIDCR-2	EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet request_object_encryption_enc is not set

2021-09-30 07:59:56

(3) More

INFO

OIDCR-2

ValidateTokenEndpointAuthSigningAlg

Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg

path	token_endpoint_auth_signing_alg
mapped
object	client

2021-09-30 07:59:56	SUCCESS OIDCR-2	ValidateDefaultMaxAge default_max_age is not set

2021-09-30 07:59:56

(3) More

INFO

OIDCR-2

ValidateRequireAuthTime

Skipped evaluation due to missing required element: client require_auth_time

path	require_auth_time
mapped
object	client

2021-09-30 07:59:56

(3) More

INFO

OIDCR-2

ValidateDefaultAcrValues

Skipped evaluation due to missing required element: client default_acr_values

path	default_acr_values
mapped
object	client

2021-09-30 07:59:56

(3) More

INFO

OIDCR-2

ValidateInitiateLoginUri

Skipped evaluation due to missing required element: client initiate_login_uri

path	initiate_login_uri
mapped
object	client

2021-09-30 07:59:56

(3) More

INFO

OIDCR-2

ValidateRequestUris

Skipped evaluation due to missing required element: client request_uris

path	request_uris
mapped
object	client

2021-09-30 07:59:56	SUCCESS OIDCR-2 OIDCR-5	ValidateClientRegistrationRequestSectorIdentifierUri A sector_identifier_uri was not provided

2021-09-30 07:59:56

(1) More

SUCCESS

OIDCCRegisterClient

Registered client

client

{
  "application_type": "web",
  "response_types": [
    "code",
    "id_token"
  ],
  "contacts": [
    "ops@example.com"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "redirect_uris": [
    "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/authz_im_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/authz_fp_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/req_uri/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7"
  ],
  "jwks_uri": "https://89.45.234.133:8090/static/jwks.json",
  "grant_types": [
    "implicit",
    "authorization_code"
  ],
  "client_id": "client_JCXPwICAnLpEONR15069?-#|;"
}

2021-09-30 07:59:56

(1) More

OIDCCCreateClientSecretForDynamicClient

Set the secret for registered client

client_secret

secret_KbKoBBVevaRtDxcIEFUitZvloiSAejYNxvrsTSRFQysnmhwOWe5913043480(~(?^

2021-09-30 07:59:56	SUCCESS	EnsureTokenEndPointAuthMethodIsClientSecretBasic token_endpoint_auth_method is 'client_secret_basic' as expected

2021-09-30 07:59:56

(1) More

SUCCESS

OIDCR-2

EnsureClientDoesNotHaveBothJwksAndJwksUri

Client does not have both jwks and jwks_uri set

client

{
  "application_type": "web",
  "response_types": [
    "code",
    "id_token"
  ],
  "contacts": [
    "ops@example.com"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "redirect_uris": [
    "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/authz_im_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/authz_fp_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/req_uri/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7"
  ],
  "jwks_uri": "https://89.45.234.133:8090/static/jwks.json",
  "grant_types": [
    "implicit",
    "authorization_code"
  ],
  "client_id": "client_JCXPwICAnLpEONR15069?-#|;",
  "client_secret": "secret_KbKoBBVevaRtDxcIEFUitZvloiSAejYNxvrsTSRFQysnmhwOWe5913043480(~(?^"
}

2021-09-30 07:59:56

(1) More

FetchClientKeys

Fetching client keys

jwks_uri

https://89.45.234.133:8090/static/jwks.json

2021-09-30 07:59:56

(4) More

FetchClientKeys

HTTP request

request_uri	https://89.45.234.133:8090/static/jwks.json
request_method	GET
request_headers	{ "accept": "text/plain, application/json, application/cbor, application/+json, /*", "content-length": "0" }
request_body

2021-09-30 07:59:56

(4) More

RESPONSE

FetchClientKeys

HTTP response

response_status_code	200 OK
response_status_text	OK
response_headers	{ "content-length": "691", "content-type": "application/json", "last-modified": "Thu, 30 Sep 2021 07:59:54 GMT", "cache-control": "public, max-age\u003d43200", "expires": "Thu, 30 Sep 2021 19:59:56 GMT", "etag": "\"1632988794.9414282-691-625874018\"", "date": "Thu, 30 Sep 2021 07:59:56 GMT", "server": "Werkzeug/1.0.1 Python/3.8.10" }
response_body	{"keys": [{"kty": "RSA", "use": "sig", "kid": "ZnM1b012dmhUSjh5X05VOUhpN0pXZVlSSEVjQ2J5dEkyQXEwTWQ2UjdhRQ", "e": "AQAB", "n": "tkih6m_RcAr9RozD7IrHS0KjdLHSjMYuT2uRdtbTEJx1jBV6sDADoP3IskBFlwKssFAfZmtjSLETX7JUyIBkhUfTU0OKdVVrfTslfbUw4_m4OyaJmB6POycCH-zk-we9GnP1rjvfPIaaWLVtNM6r2wC-MTWv4MEL1sp-G0nj63oC53hc83q0pxaJqaDr7fMSZCUswL209DnSSn5aF80teBDUS-wOjLvihFIKSDZf0r3t9ObxYsT4tPbq7hQQc2K9XlYADfr-cmBQtwXg9h1jI31s5p-xI1SWzABQm2ZdCovcGjl9GopHsqtCINU7LCK7noRgwxHPERcJwDOX06IRmw"}, {"kty": "EC", "use": "sig", "kid": "S0p4OFlHMzdtNzFjZlpoWkpKNnVmMHM1RHAyVlFtbXlrUjRhdjVpNXBLWQ", "crv": "P-256", "x": "MEFzjCvTrLMkOcRgdLWYpK4b_xrKOn5XAKJvOhYqZTM", "y": "-T_OakJ08j_rRP4Imn1p3L4rG60cQk72Nh4HX_tDDd0"}]}

2021-09-30 07:59:56

(1) More

FetchClientKeys

Found JWK set string

jwk_string

{"keys": [{"kty": "RSA", "use": "sig", "kid": "ZnM1b012dmhUSjh5X05VOUhpN0pXZVlSSEVjQ2J5dEkyQXEwTWQ2UjdhRQ", "e": "AQAB", "n": "tkih6m_RcAr9RozD7IrHS0KjdLHSjMYuT2uRdtbTEJx1jBV6sDADoP3IskBFlwKssFAfZmtjSLETX7JUyIBkhUfTU0OKdVVrfTslfbUw4_m4OyaJmB6POycCH-zk-we9GnP1rjvfPIaaWLVtNM6r2wC-MTWv4MEL1sp-G0nj63oC53hc83q0pxaJqaDr7fMSZCUswL209DnSSn5aF80teBDUS-wOjLvihFIKSDZf0r3t9ObxYsT4tPbq7hQQc2K9XlYADfr-cmBQtwXg9h1jI31s5p-xI1SWzABQm2ZdCovcGjl9GopHsqtCINU7LCK7noRgwxHPERcJwDOX06IRmw"}, {"kty": "EC", "use": "sig", "kid": "S0p4OFlHMzdtNzFjZlpoWkpKNnVmMHM1RHAyVlFtbXlrUjRhdjVpNXBLWQ", "crv": "P-256", "x": "MEFzjCvTrLMkOcRgdLWYpK4b_xrKOn5XAKJvOhYqZTM", "y": "-T_OakJ08j_rRP4Imn1p3L4rG60cQk72Nh4HX_tDDd0"}]}

2021-09-30 07:59:56

(1) More

SUCCESS

OIDCC-10.1.1 OIDCC-10.2.1

FetchClientKeys

Downloaded and added client JWK set to client

client

{
  "application_type": "web",
  "response_types": [
    "code",
    "id_token"
  ],
  "contacts": [
    "ops@example.com"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "redirect_uris": [
    "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/authz_im_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/authz_fp_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
    "https://89.45.234.133:8090/req_uri/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7"
  ],
  "jwks_uri": "https://89.45.234.133:8090/static/jwks.json",
  "grant_types": [
    "implicit",
    "authorization_code"
  ],
  "client_id": "client_JCXPwICAnLpEONR15069?-#|;",
  "client_secret": "secret_KbKoBBVevaRtDxcIEFUitZvloiSAejYNxvrsTSRFQysnmhwOWe5913043480(~(?^",
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "use": "sig",
        "kid": "ZnM1b012dmhUSjh5X05VOUhpN0pXZVlSSEVjQ2J5dEkyQXEwTWQ2UjdhRQ",
        "e": "AQAB",
        "n": "tkih6m_RcAr9RozD7IrHS0KjdLHSjMYuT2uRdtbTEJx1jBV6sDADoP3IskBFlwKssFAfZmtjSLETX7JUyIBkhUfTU0OKdVVrfTslfbUw4_m4OyaJmB6POycCH-zk-we9GnP1rjvfPIaaWLVtNM6r2wC-MTWv4MEL1sp-G0nj63oC53hc83q0pxaJqaDr7fMSZCUswL209DnSSn5aF80teBDUS-wOjLvihFIKSDZf0r3t9ObxYsT4tPbq7hQQc2K9XlYADfr-cmBQtwXg9h1jI31s5p-xI1SWzABQm2ZdCovcGjl9GopHsqtCINU7LCK7noRgwxHPERcJwDOX06IRmw"
      },
      {
        "kty": "EC",
        "use": "sig",
        "kid": "S0p4OFlHMzdtNzFjZlpoWkpKNnVmMHM1RHAyVlFtbXlrUjRhdjVpNXBLWQ",
        "crv": "P-256",
        "x": "MEFzjCvTrLMkOcRgdLWYpK4b_xrKOn5XAKJvOhYqZTM",
        "y": "-T_OakJ08j_rRP4Imn1p3L4rG60cQk72Nh4HX_tDDd0"
      }
    ]
  }
}

2021-09-30 07:59:56

(1) More

SUCCESS

OIDCCExtractServerSigningAlg

Using the default algorithm for the first key in server jwks

signing_algorithm

RS256

2021-09-30 07:59:56

(1) More

SetClientIdTokenSignedResponseAlgToServerSigningAlg

Set id_token_signed_response_alg for the registered client

id_token_signed_response_alg

RS256

2021-09-30 07:59:56

(4) More

OUTGOING

oidcc-client-test-signing-key-rotation

Response to HTTP request to test instance sVztAwKMubkoUKz

outgoing_status_code	201
outgoing_headers	{}
outgoing_body	{ "application_type": "web", "response_types": [ "code", "id_token" ], "contacts": [ "ops@example.com" ], "token_endpoint_auth_method": "client_secret_basic", "redirect_uris": [ "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "https://89.45.234.133:8090/authz_im_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "https://89.45.234.133:8090/authz_fp_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "https://89.45.234.133:8090/req_uri/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7" ], "jwks_uri": "https://89.45.234.133:8090/static/jwks.json", "grant_types": [ "implicit", "authorization_code" ], "client_id": "client_JCXPwICAnLpEONR15069?-#\|;", "client_secret": "secret_KbKoBBVevaRtDxcIEFUitZvloiSAejYNxvrsTSRFQysnmhwOWe5913043480(~(?^", "jwks": { "keys": [ { "kty": "RSA", "use": "sig", "kid": "ZnM1b012dmhUSjh5X05VOUhpN0pXZVlSSEVjQ2J5dEkyQXEwTWQ2UjdhRQ", "e": "AQAB", "n": "tkih6m_RcAr9RozD7IrHS0KjdLHSjMYuT2uRdtbTEJx1jBV6sDADoP3IskBFlwKssFAfZmtjSLETX7JUyIBkhUfTU0OKdVVrfTslfbUw4_m4OyaJmB6POycCH-zk-we9GnP1rjvfPIaaWLVtNM6r2wC-MTWv4MEL1sp-G0nj63oC53hc83q0pxaJqaDr7fMSZCUswL209DnSSn5aF80teBDUS-wOjLvihFIKSDZf0r3t9ObxYsT4tPbq7hQQc2K9XlYADfr-cmBQtwXg9h1jI31s5p-xI1SWzABQm2ZdCovcGjl9GopHsqtCINU7LCK7noRgwxHPERcJwDOX06IRmw" }, { "kty": "EC", "use": "sig", "kid": "S0p4OFlHMzdtNzFjZlpoWkpKNnVmMHM1RHAyVlFtbXlrUjRhdjVpNXBLWQ", "crv": "P-256", "x": "MEFzjCvTrLMkOcRgdLWYpK4b_xrKOn5XAKJvOhYqZTM", "y": "-T_OakJ08j_rRP4Imn1p3L4rG60cQk72Nh4HX_tDDd0" } ] }, "id_token_signed_response_alg": "RS256" }
outgoing_path	register

2021-09-30 07:59:57

(7) More

INCOMING

oidcc-client-test-signing-key-rotation

Incoming HTTP request to test instance sVztAwKMubkoUKz

incoming_headers	{ "host": "www.certification.openid.net", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,/;q\u003d0.8", "cookie": "JSESSIONID\u003dBBC2813D48CA0797C34642834E670B38; __utma\u003d201319536.1325286560.1632909994.1632909994.1632985063.2; __utmc\u003d201319536; __utmz\u003d201319536.1632985063.2.2.utmcsr\u003dt.co\|utmccn\u003d(referral)\|utmcmd\u003dreferral\|utmcct\u003d/", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15", "accept-language": "en-us", "referer": "https://89.45.234.133:8090/authz_cb/0da4719ef30005651d99509763112192dcbdbc497721cd368a1690688d51ac98?state\u003dkp06BvvOoEudHvvOmxe1RtNqFT8uWqW4\u0026code\u003dwpqUX2N5Qh5tNdtaFaslFuBwbkFXhd0T", "accept-encoding": "gzip, deflate, br", "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384", "x-ssl-protocol": "TLSv1.2", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
incoming_path	authorize
incoming_body_form_params
incoming_method	GET
incoming_body_json
incoming_query_string_params	{ "redirect_uri": "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "scope": "openid profile email address phone", "response_type": "code", "nonce": "dpAwUGiHVZu0zrcncmWmKD5r", "state": "vadw6ZUywQ3B8rKsE6hjxEeo7Jg0hoRd", "client_id": "client_JCXPwICAnLpEONR15069?-#\|;" }
incoming_body

Authorization endpoint

2021-09-30 07:59:57	SUCCESS OIDCC-6.1	EnsureRequestDoesNotContainRequestObject Request does not contain a request parameter

2021-09-30 07:59:57

(2) More

SUCCESS

OIDCC-6.2 OIDCC-6.1

EnsureAuthorizationHttpRequestContainsOpenIDScope

Found 'openid' in scope http request parameter

actual	[ "openid", "profile", "email", "address", "phone" ]
expected	openid

2021-09-30 07:59:57

(1) More

SUCCESS

OIDCC-6.2 OIDCC-6.1

CreateEffectiveAuthorizationRequestParameters

Merged http request parameters with request object claims

effective_authorization_endpoint_request

{
  "redirect_uri": "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "scope": "openid profile email address phone",
  "response_type": "code",
  "nonce": "dpAwUGiHVZu0zrcncmWmKD5r",
  "state": "vadw6ZUywQ3B8rKsE6hjxEeo7Jg0hoRd",
  "client_id": "client_JCXPwICAnLpEONR15069?-#|;"
}

2021-09-30 07:59:57

(1) More

SUCCESS

ExtractRequestedScopes

Requested scopes

scope

openid profile email address phone

2021-09-30 07:59:57

(1) More

SUCCESS

OIDCC-3.1.2.1

ExtractNonceFromAuthorizationRequest

Extracted nonce

nonce

dpAwUGiHVZu0zrcncmWmKD5r

2021-09-30 07:59:57

(1) More

SUCCESS

EnsureResponseTypeIsCode

Response type is expected value

expected

code

2021-09-30 07:59:57

(1) More

SUCCESS

OIDCC-3.1.2.1

EnsureMatchingClientId

Client ID matched

client_id

client_JCXPwICAnLpEONR15069?-#|;

2021-09-30 07:59:57

(2) More

SUCCESS

OIDCC-3.1.2.1

EnsureValidRedirectUriForAuthorizationEndpointRequest

redirect_uri is one of the allowed redirect uris

actual

https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7

expected

[
  "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "https://89.45.234.133:8090/authz_im_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "https://89.45.234.133:8090/authz_fp_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "https://89.45.234.133:8090/req_uri/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7"
]

2021-09-30 07:59:57

(2) More

SUCCESS

OIDCC-3.1.2.1

EnsureOpenIDInScopeRequest

Found 'openid' scope in request

actual	[ "openid", "profile", "email", "address", "phone" ]
expected	openid

2021-09-30 07:59:57	SUCCESS OIDCC-3.1.2.3	DisallowMaxAgeEqualsZeroAndPromptNone The client did not send max_age=0 and prompt=none parameters as expected

2021-09-30 07:59:57

(1) More

SUCCESS

CreateAuthorizationCode

Created authorization code

authorization_code

FOY4CwaXalwG1Z6jdayHTO3crFKjHDiQ

2021-09-30 07:59:57

(1) More

SUCCESS

OIDCC-3.3.2.11

CalculateCHash

Successful c_hash encoding

c_hash

uEMk3A-gnXUweouY3VI1qQ

2021-09-30 07:59:57

(1) More

SUCCESS

CreateAuthorizationEndpointResponseParams

Added authorization_endpoint_response_params to environment

params

{
  "redirect_uri": "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "state": "vadw6ZUywQ3B8rKsE6hjxEeo7Jg0hoRd"
}

2021-09-30 07:59:57

(1) More

SUCCESS

OIDCC-3.3.2.5

AddCodeToAuthorizationEndpointResponseParams

Added code to authorization endpoint response params

authorization_endpoint_response_params

{
  "redirect_uri": "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "state": "vadw6ZUywQ3B8rKsE6hjxEeo7Jg0hoRd",
  "code": "FOY4CwaXalwG1Z6jdayHTO3crFKjHDiQ"
}

2021-09-30 07:59:57

(1) More

SendAuthorizationResponseWithResponseModeQuery

Redirecting back to client

uri	https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7?state=vadw6ZUywQ3B8rKsE6hjxEeo7Jg0hoRd&code=FOY4CwaXalwG1Z6jdayHTO3crFKjHDiQ

2021-09-30 07:59:57

(2) More

OUTGOING

oidcc-client-test-signing-key-rotation

Response to HTTP request to test instance sVztAwKMubkoUKz

outgoing

org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7?state=vadw6ZUywQ3B8rKsE6hjxEeo7Jg0hoRd&code=FOY4CwaXalwG1Z6jdayHTO3crFKjHDiQ]

outgoing_path

authorize

2021-09-30 07:59:57

(7) More

INCOMING

oidcc-client-test-signing-key-rotation

Incoming HTTP request to test instance sVztAwKMubkoUKz

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "python-requests/2.25.1", "accept-encoding": "gzip, deflate", "accept": "/", "authorization": "Basic Y2xpZW50X0pDWFB3SUNBbkxwRU9OUjE1MDY5JTNGLSUyMyU3QyUzQjpzZWNyZXRfS2JLb0JCVmV2YVJ0RHhjSUVGVWl0WnZsb2lTQWVqWU54dnJzVFNSRlF5c25taHdPV2U1OTEzMDQzNDgwJTI4fiUyOCUzRiU1RQ\u003d\u003d", "content-type": "application/x-www-form-urlencoded", "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384", "x-ssl-protocol": "TLSv1.2", "content-length": "283", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net", "connection": "close" }
incoming_path	token
incoming_body_form_params	{ "grant_type": "authorization_code", "redirect_uri": "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "client_id": "client_JCXPwICAnLpEONR15069?-#\|;", "state": "vadw6ZUywQ3B8rKsE6hjxEeo7Jg0hoRd", "code": "FOY4CwaXalwG1Z6jdayHTO3crFKjHDiQ" }
incoming_method	POST
incoming_body_json
incoming_query_string_params	{}
incoming_body	grant_type=authorization_code&redirect_uri=https%3A%2F%2F89.45.234.133%3A8090%2Fauthz_cb%2Fd0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7&client_id=client_JCXPwICAnLpEONR15069%3F-%23%7C%3B&state=vadw6ZUywQ3B8rKsE6hjxEeo7Jg0hoRd&code=FOY4CwaXalwG1Z6jdayHTO3crFKjHDiQ

Token endpoint

2021-09-30 07:59:57

(3) More

SUCCESS

OIDCC-9

ExtractClientCredentialsFromBasicAuthorizationHeader

Extracted client authentication

client_id	client_JCXPwICAnLpEONR15069?-#\|;
client_secret	secret_KbKoBBVevaRtDxcIEFUitZvloiSAejYNxvrsTSRFQysnmhwOWe5913043480(~(?^
method	client_secret_basic

2021-09-30 07:59:57	SUCCESS RFC6749-2.3.1	ValidateClientIdAndSecret Client id and secret match

2021-09-30 07:59:57

(1) More

SUCCESS

OIDCC-3.1.3.2

ValidateAuthorizationCode

Found authorization code

authorization_code

FOY4CwaXalwG1Z6jdayHTO3crFKjHDiQ

2021-09-30 07:59:57

(1) More

SUCCESS

OIDCC-3.1.3.2

ValidateRedirectUriForTokenEndpointRequest

redirect_uri is the same as the one used in the authorization request

actual

https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7

2021-09-30 07:59:57

(1) More

SUCCESS

GenerateBearerAccessToken

Generated access token

access_token

36zkzZIoLAEOinAfafVQ05Sdbw8EnMY1iFfaWolJQAEWIzabep

2021-09-30 07:59:57

(1) More

SUCCESS

OIDCC-3.3.2.11

CalculateAtHash

Successful at_hash encoding

at_hash

Nlbm2VpMwxAaoXOufgYhCw

2021-09-30 07:59:57

(6) More

SUCCESS

GenerateIdTokenClaims

Created ID Token Claims

iss	https://www.certification.openid.net/test/a/idpy/
sub	user-subject-1234531
aud	client_JCXPwICAnLpEONR15069?-#\|;
nonce	dpAwUGiHVZu0zrcncmWmKD5r
iat	1632988797
exp	1632989097

2021-09-30 07:59:57

(2) More

SUCCESS

OIDCC-3.3.2.11

AddAtHashToIdTokenClaims

Added at_hash to ID token claims

at_hash

Nlbm2VpMwxAaoXOufgYhCw

id_token_claims

{
  "iss": "https://www.certification.openid.net/test/a/idpy/",
  "sub": "user-subject-1234531",
  "aud": "client_JCXPwICAnLpEONR15069?-#|;",
  "nonce": "dpAwUGiHVZu0zrcncmWmKD5r",
  "iat": 1632988797,
  "exp": 1632989097,
  "at_hash": "Nlbm2VpMwxAaoXOufgYhCw"
}

2021-09-30 07:59:57

(3) More

SUCCESS

OIDCC-2

OIDCCSignIdToken

Signed the ID token

id_token

eyJraWQiOiI3ZDA1NGQ3MS1mZGE2LTRhNWUtYWI2Ni1iZDJmYjRhOGMzZDciLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiTmxibTJWcE13eEFhb1hPdWZnWWhDdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0pDWFB3SUNBbkxwRU9OUjE1MDY5Py0jfDsiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvaWRweVwvIiwiZXhwIjoxNjMyOTg5MDk3LCJub25jZSI6ImRwQXdVR2lIVlp1MHpyY25jbVdtS0Q1ciIsImlhdCI6MTYzMjk4ODc5N30.dPngIzK2AxiOnjxc5qM5d7OLrFh-f9Px0pFnuuqa4W7kUVAukpo1tDNj_2a-wZrk4xsQjvQWYovwh-XqJH9AbnSWFpJQrKilI-zkXz_HMO7wmccFgbFibhOP2LVT_YOyZhqEYRih5TLYWgDgD2yLyTEtCRrV5r5G4oO-oMxhZpPA0N6cUVRXXa8ECdlKpx3jN5UC8Ya8Nq-VnHLNRWVOaN-et-m0PesnmgpcbV1yPjEP_c_zmWa7o3dEUOm7U48IhY20Foc1jzlCSxZcMGFYdrL22dv7HxHrCGRept9UGb4rtcXz0owISpKZiXKIh4JTU9VVrSgVkdUC40cRhro_4w

key

{"p":"8efdmWHc-7giz9-nORBG2k0nPoGVeu3UfyfL4JeAIgAOzeqn4xn-kJfLf3wqORORLnYjxTPeS7w4X85xLdYyTa731pXmpjD2sRoBaW5jXrEcpTcTQLPAiVx-sKoVB-W-a22N5cLSogjpq3PV4-li2I_04SahOVs7OVZPKiVKTXc","kty":"RSA","q":"nykvvZwxfJCypSPMNEEaSFBxRTSsa30ofdG5VwzyegbiJgjt9-HDvk64lKOi5DOURtz1BrjiSocN4r1ZbWkWyHhgJg3aXn2P-4eEqjVBdIrIM6wbYu0rskqENH6NVyaRPzmGGsJrUi00WYKPmtqdKuHOAMPCop4r3Tqwo_0o6RE","d":"Y0xtIQLecXLa60JDBjdXmahia8k8GvZT2UmHXQ1inMjX2iV5AmQiB0_2c7hhRVHNTVsWvIjd1O9uDmaSSypJs-zMpePPFZcCmOsa-oe390kOUzM3Czb8tHir5q6c0I9ox9tNMnKvl32PRxCejt_2FkWxIYP0qGpeuh4YgDmMDifN6jSfKcR6iNRcfTL20U1JtZjy2xWKPeU3HlQ-OFCm6D9oE4rWkhqVaMin5RODKSQlbkFcSskl1HsrhuXDevKDN_xB-gGRqnO3SZAlbmh8GpVrsQ7Ju3KL76A3cdQxv7OKIA1vdTmw6fYxInRreC4cee-c5wXaedAo8ksMxsLQQQ","e":"AQAB","use":"sig","kid":"7d054d71-fda6-4a5e-ab66-bd2fb4a8c3d7","qi":"hO0IbeCrDXy3pOFWAFR7I0qUc44fmh-DUN-jnvp9rDyd-KiRJaTxwa8yf2E7IyFHikwn1uSJUvj1sEuL2FcF3UM7ZofqJQNNPsoTJ_hnEKRe-OCorVYBPcoaV01zC8IB6-m-cBNzG24_uPVL8PTKaMniQETeZvxe0RV9dmlfs-k","dp":"32FDSm4KSA_DZb2bh6A2LUPtp1S2Giwge8LeC2kbE0qGYTP9EENixVbGvdSEkOw2tna1lVbOQZVvYVkbPj57eSzHA8qskG7KfsQK5bbf4AMg9pejGa5jbvSQsMZ-YSqP6lfiHncHVkVwsbhnnOxZMK3ObVLksjhCujGvLLX-pQU","dq":"C8EW7YHjhbeJ-fgy1IkaT8zhEKNbOHT90Iz0iyFBpxFrEjQGnw_lTOCzcQbEuOW2RaV70wtEawyeUeh5-kKQlC2PrD_JqMDNKV5QxeE4_Epjjq1fOGcbmwc1zEqsVYtbnre417EUC_WasCGcSWtrwAb9F8FdVnUn-CaldPb1VoE","n":"lmXt4X7OvhBtCe9CKMoW183mobodlTZvY_uB5w-nFBOrcA0tNjxlf1feOkfmtje_V1zsLZO-t8rpop7GZZ9bFtcM7OSW5gonTse8KT2y0kXShEZYwmxEvqHxudjawfZsaBq5c7wXraCxO8o33vRTq5WY1ohrg4_SNd4CJMOwxEMYsV1KG-J0PtcrNeDnLyjyo6t5HzQrkJPTSRRcSp6BDc5YIfB7iOfx8G6ePti_ToCMtVYg63iWuNmQpGMq2lE0aayyYRwRnW-fa-ICu85BHlhM38n-vdr3KnYgy7LBzZHzxrRL4v_GKBQTGDMljP_Q8VqC6i56pgJ9wAKs0Ahz5w"}

algorithm

RS256

2021-09-30 07:59:57

(3) More

INFO

OIDCC-10.2

EncryptIdToken

Skipped evaluation due to missing required element: client id_token_encrypted_response_alg

path	id_token_encrypted_response_alg
mapped
object	client

2021-09-30 07:59:57

(4) More

SUCCESS

OIDCC-3.1.3.3

CreateTokenEndpointResponse

Created token endpoint response

access_token	36zkzZIoLAEOinAfafVQ05Sdbw8EnMY1iFfaWolJQAEWIzabep
token_type	Bearer
id_token	eyJraWQiOiI3ZDA1NGQ3MS1mZGE2LTRhNWUtYWI2Ni1iZDJmYjRhOGMzZDciLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiTmxibTJWcE13eEFhb1hPdWZnWWhDdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0pDWFB3SUNBbkxwRU9OUjE1MDY5Py0jfDsiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvaWRweVwvIiwiZXhwIjoxNjMyOTg5MDk3LCJub25jZSI6ImRwQXdVR2lIVlp1MHpyY25jbVdtS0Q1ciIsImlhdCI6MTYzMjk4ODc5N30.dPngIzK2AxiOnjxc5qM5d7OLrFh-f9Px0pFnuuqa4W7kUVAukpo1tDNj_2a-wZrk4xsQjvQWYovwh-XqJH9AbnSWFpJQrKilI-zkXz_HMO7wmccFgbFibhOP2LVT_YOyZhqEYRih5TLYWgDgD2yLyTEtCRrV5r5G4oO-oMxhZpPA0N6cUVRXXa8ECdlKpx3jN5UC8Ya8Nq-VnHLNRWVOaN-et-m0PesnmgpcbV1yPjEP_c_zmWa7o3dEUOm7U48IhY20Foc1jzlCSxZcMGFYdrL22dv7HxHrCGRept9UGb4rtcXz0owISpKZiXKIh4JTU9VVrSgVkdUC40cRhro_4w
scope	openid profile email address phone

2021-09-30 07:59:57

(4) More

OUTGOING

oidcc-client-test-signing-key-rotation

Response to HTTP request to test instance sVztAwKMubkoUKz

outgoing_status_code	200
outgoing_headers	{}
outgoing_body	{ "access_token": "36zkzZIoLAEOinAfafVQ05Sdbw8EnMY1iFfaWolJQAEWIzabep", "token_type": "Bearer", "id_token": "eyJraWQiOiI3ZDA1NGQ3MS1mZGE2LTRhNWUtYWI2Ni1iZDJmYjRhOGMzZDciLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiTmxibTJWcE13eEFhb1hPdWZnWWhDdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0pDWFB3SUNBbkxwRU9OUjE1MDY5Py0jfDsiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvaWRweVwvIiwiZXhwIjoxNjMyOTg5MDk3LCJub25jZSI6ImRwQXdVR2lIVlp1MHpyY25jbVdtS0Q1ciIsImlhdCI6MTYzMjk4ODc5N30.dPngIzK2AxiOnjxc5qM5d7OLrFh-f9Px0pFnuuqa4W7kUVAukpo1tDNj_2a-wZrk4xsQjvQWYovwh-XqJH9AbnSWFpJQrKilI-zkXz_HMO7wmccFgbFibhOP2LVT_YOyZhqEYRih5TLYWgDgD2yLyTEtCRrV5r5G4oO-oMxhZpPA0N6cUVRXXa8ECdlKpx3jN5UC8Ya8Nq-VnHLNRWVOaN-et-m0PesnmgpcbV1yPjEP_c_zmWa7o3dEUOm7U48IhY20Foc1jzlCSxZcMGFYdrL22dv7HxHrCGRept9UGb4rtcXz0owISpKZiXKIh4JTU9VVrSgVkdUC40cRhro_4w", "scope": "openid profile email address phone" }
outgoing_path	token

2021-09-30 07:59:58

(7) More

INCOMING

oidcc-client-test-signing-key-rotation

Incoming HTTP request to test instance sVztAwKMubkoUKz

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "python-requests/2.25.1", "accept-encoding": "gzip, deflate", "accept": "/", "authorization": "Bearer 36zkzZIoLAEOinAfafVQ05Sdbw8EnMY1iFfaWolJQAEWIzabep", "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384", "x-ssl-protocol": "TLSv1.2", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
incoming_path	userinfo
incoming_body_form_params
incoming_method	GET
incoming_body_json
incoming_query_string_params	{}
incoming_body

Userinfo endpoint

2021-09-30 07:59:58

(1) More

SUCCESS

RFC6750-2 OIDCC-5.3.1

OIDCCExtractBearerAccessTokenFromRequest

Found access token on incoming request

access_token

36zkzZIoLAEOinAfafVQ05Sdbw8EnMY1iFfaWolJQAEWIzabep

2021-09-30 07:59:58

(1) More

SUCCESS

OIDCC-5.3.1

RequireBearerAccessToken

Found access token in request

actual

36zkzZIoLAEOinAfafVQ05Sdbw8EnMY1iFfaWolJQAEWIzabep

2021-09-30 07:59:58

(18) More

SUCCESS

OIDCC-5.4

FilterUserInfoForScopes

User info endpoint output

sub	user-subject-1234531
website	https://openid.net/
zoneinfo	America/Los_Angeles
birthdate	2000-02-03
gender	female
preferred_username	d.tu
given_name	Demo
middle_name	Theresa
locale	en-US
updated_at	1580000000
name	Demo T. User
nickname	Dee
family_name	User
email	user@example.com
email_verified	false
address	{ "street_address": "100 Universal City Plaza", "locality": "Hollywood", "region": "CA", "postal_code": "91608", "country": "USA" }
phone_number_verified	false
phone_number	+1 555 5550000

2021-09-30 07:59:58		ClearAccessTokenFromRequest Condition ran but did not log anything

2021-09-30 07:59:58

(3) More

INFO

OIDCC-5.3.2

AddIssAndAudToUserInfoResponse

Skipped evaluation due to missing required element: client userinfo_signed_response_alg

path	userinfo_signed_response_alg
mapped
object	client

2021-09-30 07:59:58

(3) More

INFO

OIDCC-5.3.2

SignUserInfoResponse

Skipped evaluation due to missing required element: client userinfo_signed_response_alg

path	userinfo_signed_response_alg
mapped
object	client

2021-09-30 07:59:58

(3) More

INFO

OIDCC-5.3.2

EncryptUserInfoResponse

Skipped evaluation due to missing required element: client userinfo_encrypted_response_alg

path	userinfo_encrypted_response_alg
mapped
object	client

2021-09-30 07:59:58

(4) More

OUTGOING

oidcc-client-test-signing-key-rotation

Response to HTTP request to test instance sVztAwKMubkoUKz

outgoing_status_code	200
outgoing_headers	{}
outgoing_body	{ "sub": "user-subject-1234531", "website": "https://openid.net/", "zoneinfo": "America/Los_Angeles", "birthdate": "2000-02-03", "gender": "female", "preferred_username": "d.tu", "given_name": "Demo", "middle_name": "Theresa", "locale": "en-US", "updated_at": 1580000000, "name": "Demo T. User", "nickname": "Dee", "family_name": "User", "email": "user@example.com", "email_verified": false, "address": { "street_address": "100 Universal City Plaza", "locality": "Hollywood", "region": "CA", "postal_code": "91608", "country": "USA" }, "phone_number_verified": false, "phone_number": "+1 555 5550000" }
outgoing_path	userinfo

2021-09-30 07:59:58

(7) More

INCOMING

oidcc-client-test-signing-key-rotation

Incoming HTTP request to test instance sVztAwKMubkoUKz

incoming_headers	{ "host": "www.certification.openid.net", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,/;q\u003d0.8", "cookie": "JSESSIONID\u003dBBC2813D48CA0797C34642834E670B38; __utma\u003d201319536.1325286560.1632909994.1632909994.1632985063.2; __utmc\u003d201319536; __utmz\u003d201319536.1632985063.2.2.utmcsr\u003dt.co\|utmccn\u003d(referral)\|utmcmd\u003dreferral\|utmcct\u003d/", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15", "accept-language": "en-us", "referer": "https://89.45.234.133:8090/authz_cb/0da4719ef30005651d99509763112192dcbdbc497721cd368a1690688d51ac98?state\u003dkp06BvvOoEudHvvOmxe1RtNqFT8uWqW4\u0026code\u003dwpqUX2N5Qh5tNdtaFaslFuBwbkFXhd0T", "accept-encoding": "gzip, deflate, br", "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384", "x-ssl-protocol": "TLSv1.2", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
incoming_path	authorize
incoming_body_form_params
incoming_method	GET
incoming_body_json
incoming_query_string_params	{ "redirect_uri": "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "scope": "openid profile email address phone", "response_type": "code", "nonce": "e3UGhusel9lj1eqN11PFsg4l", "state": "Q3ZBAu4X55w7WN0C2QoftNEdRx0GP1Za", "client_id": "client_JCXPwICAnLpEONR15069?-#\|;" }
incoming_body

2021-09-30 07:59:58

(3) More

OIDCCGenerateServerJWKs

Generated server public private JWK sets

server_jwks

{
  "keys": [
    {
      "p": "8DxNyTcvqDAxSjo6y737WkhoibK3WN3YgbmxNMr2TuHqrGhqjfZIriYbWJAMoWdCDERbv8SaxF9TQmxEqpKINmvKCQoZG_BSGKToRFhAr_CseamgoZ4F30aXxOKxGa68XVnpY5InzSAXQxuaynKlu2lXT_hF2JXVpOS9HO3Zkoc",
      "kty": "RSA",
      "q": "0CyXiVW2r3K5378nt9LaasNEJ8-ssEIrT-4GcQyccZphfoDZWcuG9ZDG7KV71efSFMf6RsOj4VC4eI-a4vqidzOdhheUswGVWW3ZdyDei3vT-WGNDfexi7-fLx5reqsbT8Uy58qZ_vTfBeaAOk9bv4B7-hcaa7R4CAw52CUNtxc",
      "d": "JW4pe493-J1cSHVyN-XJEWWY9t9t7rpip2oMhEmK3VEV2-fEKadiN-QfZ4rT7TfQZbpJv3ZMOk__3LiMrM3NN42C8-SrPwNPzsbXJmaTIifzlVbIzdyzzUaE5vJaikuiCjC3gkmcvIvY6sisO5bBX4Jv-61LNwGlXT_0J9jnZGe-jONAqSOZITVBof5ymccs_J6O0ksWpjI82NclIQ3r4_ki71oT4hlOuTCsyONua3bJKZLDjgr3SfhM4M97jBmLSxOK3v3-tGjooT37jwXLqTtMY9ZFAHiErsay-_Rv0EYnlKaBvYTCh1Co7ptxlckWGsUDhL-6ytqQ9FRo1yA3tQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "2808dbdb-a4ec-463a-bb01-b4e71968bf25",
      "qi": "E4Sdz5I82VovoNlYBvKy_vDWZn2ZVxkPVEqgbERUUAFceQ5wepep4ll8nK3EL1X99z1VgWe-T8vui0g4PS47YM4tEbs8-nBljkEUraXdknfdgfQ8mdkUYHIUI88TpCWE9uI58ZHUAgyzXJ2yL88KyE1Ip1sa9I8jA5aQ5tAFNo8",
      "dp": "chURE2bDmOkZ3xf759kWTe9oxUs7SlY_hIs8HcfsY9Vg7fK_9x5nsVujTNFLTjKM6Oplb5HbtTlXfomPqjjfuohBbz1-Ywgi1FUrf5kxTtvJ7BSjlVxHiZoqZHMKixmxldsmvAQiJoUAxvuK7Gy5S2Bg-Db8ZDfzNtTxAZXp5m0",
      "dq": "tON6jbB4PL4Q-3ZL2fSTLCAesgVIBiSJJDwtRsBxlFlUjCsEMn2i-PDjmbA2CeoVZ09Zj3Hijh-pG8GVEdQ9phyorWMCKAWhNAM66sQZ_NQNnm4AtnlbwpYwiS4CsKXL5qXxFO68n4lB3gursn9Qtve7QtYedCZuAng1LzcLUuM",
      "n": "w1rXxU4C-muz3wIdGWw2s77kI_iDlMVLCmQuNDEn_xoZV0TuEWa6SC1Tj0Oxy9g8yOhmyU1xq4_Aptsbh5qYZnrnQiXxb-pyftIRBzDmJMziZ2kZHBAZUfuZmvzJ7Sp5GGswW67W9tE92MRZDk-7oJW2SGZm4Qy1bA7J8y2CPRwMyt8yeBw7EfmDYFyDClEbQhlDapOt0TyzHfEOnXiijiMBG3qRVwxOxZIWbq6teaFsjHeQlto6Oe9zU2G7QCqvrI0CTw7IiAGFfBvrpdaGh7zuFQnxsdc-z5CXDYP6Ui0iwDC1s52xVetCxnXy3NlLh-3hPteVLXFUHOLB2iWrIQ"
    },
    {
      "kty": "EC",
      "d": "C17zzAnCCNTuE3n-0mHIvXYzf3DCNxqSGHNCbdNudJM",
      "use": "sig",
      "crv": "P-256",
      "kid": "93737726-6243-4628-b297-e961f1441b1c",
      "x": "DuL4jMQHhh4NV0augMwYa7jTefm_jFAmfKsQSJ2uq00",
      "y": "v7wQtjbPv5-5m6rGLeVZFtQa7IFe_EwSwbPYVcgqxhw"
    },
    {
      "kty": "EC",
      "d": "gw6T7uNMTs6kziNZunEG7qzqkBNC22DdtN9eEBLaX1o",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "6a4c2a1d-d5f2-4d2e-8706-fa12780ad29c",
      "x": "exfHdLkS_4yg5FtuDBxszRqgRjYYa10PhxVxUudNfN8",
      "y": "AAJe4dexsN0Yy0vv-1LJ1Me_6QRI4VEydlz7B-yHKLA"
    },
    {
      "kty": "OKP",
      "d": "xJesp_safGrgKOUSM3GWqj-w70Pgic4cXqvdeP7hjLk",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "4e2dc987-ea0b-4a3d-b637-6a9aa7756642",
      "x": "qOXTTMu-LxYz62PPLh_QR5M0slpjiQh1kMtVAMkGdPA"
    }
  ]
}

server_encryption_keys

{
  "keys": [
    {
      "p": "-ntI72zQ0GlmGc11Y-ZmEy3cRe8BL-M5ShErb4PgtI46P4CoUZfFd0TGKXz-O8yBndCdfaTlJV5F_LRrH4iONYXI9VrmpjmcVFAYQka6VV6Uzbu2bIsk--lN23bAg9P-p7T-M7hfp1U4_dNJr13gAeDF7o-Foo1kUrAWgB-fuAE",
      "kty": "RSA",
      "q": "wvUAafD0ZB3If99ZWS76da2NVPOeF1KDNDiXJzsZZoXy4ITNpb473DDQJdv4-9DpatM8NCu7aGo7yKkipKEunAg_5mR5LlZSYJUChdWzsYBmFdg7dykWxW6Q-U7eRKkESphI-rO5IgAX70gy_DTUAYA3hyUAyFDkX3jx3ld0T3U",
      "d": "jyanuy6fgwQlLQ7HfWRqUqOLk22innOo7arKvzZKZFvSnveB4IyOE2dgcD4LP-MDcYt0BS9-gxBnhXlnW1Mwprc7uEFiQUNzeuzdvPHZnfcOGWCxmILOLUbn0jX9hub0J-Xn58zs74-cEkoVrGYZFMC14fZq62NmazZKxkcNhqM46Fq3LzIyoWnWDTTHdslSrpDL3OkO0CSJKXkKQljtaboh7doaHvQG183Wss_9g3e05gVzWjZ5mLvemytwqPyXY188qy9FxSUwnYZLjLkOkD0PS6T6axNFMZuWD4qCUvm-WYOsG0yx2960raXh1TPa-5nnwwmCBlN4EBWREJxAAQ",
      "e": "AQAB",
      "use": "enc",
      "kid": "040bb202-d86f-4fb6-a7e6-08481c09d23c",
      "qi": "QoP414AGxNqFqBjtudibOaxy40uIyLZaMDd09xaGOTfjMfhfUxYHuNyKlaJfG__NJe2ofycM2xM3_lrOUTvea9heTBKij6cgDcR-DFC5KD2xldyao9P2W5V6RQJKe-V6w5LGhBm4_jtQnB1QKgpMhDDVwwUOtizcfJi8MkSz9sM",
      "dp": "ugQgkB5BnOUJPBRHH5-VIp0mPpFWUlfuzcCefzxy_eO6AjrrxVxu-zoJ5_m5XHNttuOcchipS-0NELRz8YEaC0mFiiCttbiHDl5FBcM80fVhkL_cpBNZrfL_LQKtybkAH0_ckFBWSRCTOH1W9XNDzmE83QOc_LEAViALNa9GkAE",
      "alg": "RSA-OAEP",
      "dq": "GeRwKaHW03UhK9p-A1o56WcjXiT82hwbUNQzPwKaXQNtPmRk655YVOYmvuB4MPmOBqIHXOZx_WwehIfyEetWRWLTGcY-UeklB67CpwO62dgztrMBMtJCM_Z7SqEu4--OolmXV7SG4f0hMKZmHxjlD034EfrYH8Kekg9-EAmNaQ",
      "n": "vsElqeXs_9I8vXJW3VKgCxDDACmW5d8e-kMwuGSSbKdPKgRFyoDvWovJ8pq8enU3dWmERC9dh3a45Z1bMA6NsbwTMacL6asY7Jt97BKQg9b2f2Um04ol_4GFOgFaGxxno5vaDYmozkXUmVBAvodCLCDTt9EDLz5gqbZuJOIBwfxtqYU8uiCeA4PLpmOEEF-y8gVgc1yOmYQI2XRn8CQBi7SCaLvUYjTzHxS8Q3t-DFtTlRx2jBsHubteJxECGKEpCvuAji9wEDFHgdDXw1dsHjiBVDw1gjB-IOB2vdDDKn1Dn5UEa_SLNRwLbzhVjuwwLpkvMMyxTblGa_AWdTtndQ"
    },
    {
      "kty": "EC",
      "d": "1j7_lfXmr4F-1Ca63CV8vrIaovMvY0gJa0GK-j2zSvA",
      "use": "enc",
      "crv": "P-256",
      "kid": "656e3915-28c9-43b8-a69a-12c9214e8bcb",
      "x": "ZuNuI_d1h_G91wLbC_JCiq6XEMZiZKB5LPEE_UEX5jU",
      "y": "WiLwwoQ74hLn27ZNSjo6T2woPgmctLObVZGE-VxyEeQ",
      "alg": "ECDH-ES"
    }
  ]
}

server_public_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "2808dbdb-a4ec-463a-bb01-b4e71968bf25",
      "n": "w1rXxU4C-muz3wIdGWw2s77kI_iDlMVLCmQuNDEn_xoZV0TuEWa6SC1Tj0Oxy9g8yOhmyU1xq4_Aptsbh5qYZnrnQiXxb-pyftIRBzDmJMziZ2kZHBAZUfuZmvzJ7Sp5GGswW67W9tE92MRZDk-7oJW2SGZm4Qy1bA7J8y2CPRwMyt8yeBw7EfmDYFyDClEbQhlDapOt0TyzHfEOnXiijiMBG3qRVwxOxZIWbq6teaFsjHeQlto6Oe9zU2G7QCqvrI0CTw7IiAGFfBvrpdaGh7zuFQnxsdc-z5CXDYP6Ui0iwDC1s52xVetCxnXy3NlLh-3hPteVLXFUHOLB2iWrIQ"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "dfdd6d25-9934-4654-944f-5ae387c03642",
      "n": "lTuaVPeFepy0uRerKNbQFekz5OZkfyn7QgFj554O1niIrs5nPOEY5JLnIelOJxRMDwrE9xrjhZHqPicO4awX537n9rM-mdzzrZypFO3PImvjFYKqtYkoofi8vyqG2m36KMbc1St9hwLN5tN2GSSbem8RDGVkAmaNxQVXvz4OuOQSTyucakSkHZeGllafRYteTlAUHodigR-7g8R4E_ZecEWLPC_JRjMQ8kJsbj5SK7kD1q0BPkN3TS6n9PzSnuzrugHIFAn0P2lZTwbgzxdsqUYrpAEkrx7bbqGUMzaAUWY4YtQUYJeBXgMSg--bwRww-zD2eh_D_b15X7l2-YUwAw"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "93737726-6243-4628-b297-e961f1441b1c",
      "x": "DuL4jMQHhh4NV0augMwYa7jTefm_jFAmfKsQSJ2uq00",
      "y": "v7wQtjbPv5-5m6rGLeVZFtQa7IFe_EwSwbPYVcgqxhw"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "edbe2b8e-ece8-461a-9e7f-7e6e6525dbf9",
      "x": "0Hd8IU_oqHoWDI7SfYCvR_74EBBIWHuuT4b1ackrlMI",
      "y": "PFsMyQY7vhtaKOO-XTSFtP1AqJ2BX5SNO2AGDw8I1Yo"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "6a4c2a1d-d5f2-4d2e-8706-fa12780ad29c",
      "x": "exfHdLkS_4yg5FtuDBxszRqgRjYYa10PhxVxUudNfN8",
      "y": "AAJe4dexsN0Yy0vv-1LJ1Me_6QRI4VEydlz7B-yHKLA"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "4e2dc987-ea0b-4a3d-b637-6a9aa7756642",
      "x": "qOXTTMu-LxYz62PPLh_QR5M0slpjiQh1kMtVAMkGdPA"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "040bb202-d86f-4fb6-a7e6-08481c09d23c",
      "alg": "RSA-OAEP",
      "n": "vsElqeXs_9I8vXJW3VKgCxDDACmW5d8e-kMwuGSSbKdPKgRFyoDvWovJ8pq8enU3dWmERC9dh3a45Z1bMA6NsbwTMacL6asY7Jt97BKQg9b2f2Um04ol_4GFOgFaGxxno5vaDYmozkXUmVBAvodCLCDTt9EDLz5gqbZuJOIBwfxtqYU8uiCeA4PLpmOEEF-y8gVgc1yOmYQI2XRn8CQBi7SCaLvUYjTzHxS8Q3t-DFtTlRx2jBsHubteJxECGKEpCvuAji9wEDFHgdDXw1dsHjiBVDw1gjB-IOB2vdDDKn1Dn5UEa_SLNRwLbzhVjuwwLpkvMMyxTblGa_AWdTtndQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "656e3915-28c9-43b8-a69a-12c9214e8bcb",
      "x": "ZuNuI_d1h_G91wLbC_JCiq6XEMZiZKB5LPEE_UEX5jU",
      "y": "WiLwwoQ74hLn27ZNSjo6T2woPgmctLObVZGE-VxyEeQ",
      "alg": "ECDH-ES"
    }
  ]
}

Second Authorization Request

2021-09-30 07:59:58	SUCCESS OIDCC-6.1	EnsureRequestDoesNotContainRequestObject Request does not contain a request parameter

2021-09-30 07:59:58

(2) More

SUCCESS

OIDCC-6.2 OIDCC-6.1

EnsureAuthorizationHttpRequestContainsOpenIDScope

Found 'openid' in scope http request parameter

actual	[ "openid", "profile", "email", "address", "phone" ]
expected	openid

2021-09-30 07:59:58

(1) More

SUCCESS

OIDCC-6.2 OIDCC-6.1

CreateEffectiveAuthorizationRequestParameters

Merged http request parameters with request object claims

effective_authorization_endpoint_request

{
  "redirect_uri": "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "scope": "openid profile email address phone",
  "response_type": "code",
  "nonce": "e3UGhusel9lj1eqN11PFsg4l",
  "state": "Q3ZBAu4X55w7WN0C2QoftNEdRx0GP1Za",
  "client_id": "client_JCXPwICAnLpEONR15069?-#|;"
}

2021-09-30 07:59:58

(1) More

SUCCESS

ExtractRequestedScopes

Requested scopes

scope

openid profile email address phone

2021-09-30 07:59:58

(1) More

SUCCESS

OIDCC-3.1.2.1

ExtractNonceFromAuthorizationRequest

Extracted nonce

nonce

e3UGhusel9lj1eqN11PFsg4l

2021-09-30 07:59:58

(1) More

SUCCESS

EnsureResponseTypeIsCode

Response type is expected value

expected

code

2021-09-30 07:59:58

(1) More

SUCCESS

OIDCC-3.1.2.1

EnsureMatchingClientId

Client ID matched

client_id

client_JCXPwICAnLpEONR15069?-#|;

2021-09-30 07:59:58

(2) More

SUCCESS

OIDCC-3.1.2.1

EnsureValidRedirectUriForAuthorizationEndpointRequest

redirect_uri is one of the allowed redirect uris

actual

https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7

expected

[
  "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "https://89.45.234.133:8090/authz_im_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "https://89.45.234.133:8090/authz_fp_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "https://89.45.234.133:8090/req_uri/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7"
]

2021-09-30 07:59:58

(2) More

SUCCESS

OIDCC-3.1.2.1

EnsureOpenIDInScopeRequest

Found 'openid' scope in request

actual	[ "openid", "profile", "email", "address", "phone" ]
expected	openid

2021-09-30 07:59:58	SUCCESS OIDCC-3.1.2.3	DisallowMaxAgeEqualsZeroAndPromptNone The client did not send max_age=0 and prompt=none parameters as expected

2021-09-30 07:59:58

(1) More

SUCCESS

CreateAuthorizationCode

Created authorization code

authorization_code

48n0HBh2NfzkAR19Fpqqs1jdYxP1XJ3P

2021-09-30 07:59:58

(1) More

SUCCESS

OIDCC-3.3.2.11

CalculateCHash

Successful c_hash encoding

c_hash

FvVWLh52JMU45lzKD-lolQ

2021-09-30 07:59:58

(1) More

SUCCESS

CreateAuthorizationEndpointResponseParams

Added authorization_endpoint_response_params to environment

params

{
  "redirect_uri": "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "state": "Q3ZBAu4X55w7WN0C2QoftNEdRx0GP1Za"
}

2021-09-30 07:59:58

(1) More

SUCCESS

OIDCC-3.3.2.5

AddCodeToAuthorizationEndpointResponseParams

Added code to authorization endpoint response params

authorization_endpoint_response_params

{
  "redirect_uri": "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7",
  "state": "Q3ZBAu4X55w7WN0C2QoftNEdRx0GP1Za",
  "code": "48n0HBh2NfzkAR19Fpqqs1jdYxP1XJ3P"
}

2021-09-30 07:59:58

(1) More

SendAuthorizationResponseWithResponseModeQuery

Redirecting back to client

uri	https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7?state=Q3ZBAu4X55w7WN0C2QoftNEdRx0GP1Za&code=48n0HBh2NfzkAR19Fpqqs1jdYxP1XJ3P

2021-09-30 07:59:58

(2) More

OUTGOING

oidcc-client-test-signing-key-rotation

Response to HTTP request to test instance sVztAwKMubkoUKz

outgoing

org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7?state=Q3ZBAu4X55w7WN0C2QoftNEdRx0GP1Za&code=48n0HBh2NfzkAR19Fpqqs1jdYxP1XJ3P]

outgoing_path

authorize

2021-09-30 07:59:59

(7) More

INCOMING

oidcc-client-test-signing-key-rotation

Incoming HTTP request to test instance sVztAwKMubkoUKz

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "python-requests/2.25.1", "accept-encoding": "gzip, deflate", "accept": "/", "authorization": "Basic Y2xpZW50X0pDWFB3SUNBbkxwRU9OUjE1MDY5JTNGLSUyMyU3QyUzQjpzZWNyZXRfS2JLb0JCVmV2YVJ0RHhjSUVGVWl0WnZsb2lTQWVqWU54dnJzVFNSRlF5c25taHdPV2U1OTEzMDQzNDgwJTI4fiUyOCUzRiU1RQ\u003d\u003d", "content-type": "application/x-www-form-urlencoded", "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384", "x-ssl-protocol": "TLSv1.2", "content-length": "283", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net", "connection": "close" }
incoming_path	token
incoming_body_form_params	{ "grant_type": "authorization_code", "redirect_uri": "https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7", "client_id": "client_JCXPwICAnLpEONR15069?-#\|;", "state": "Q3ZBAu4X55w7WN0C2QoftNEdRx0GP1Za", "code": "48n0HBh2NfzkAR19Fpqqs1jdYxP1XJ3P" }
incoming_method	POST
incoming_body_json
incoming_query_string_params	{}
incoming_body	grant_type=authorization_code&redirect_uri=https%3A%2F%2F89.45.234.133%3A8090%2Fauthz_cb%2Fd0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7&client_id=client_JCXPwICAnLpEONR15069%3F-%23%7C%3B&state=Q3ZBAu4X55w7WN0C2QoftNEdRx0GP1Za&code=48n0HBh2NfzkAR19Fpqqs1jdYxP1XJ3P

Token endpoint

2021-09-30 07:59:59

(3) More

SUCCESS

OIDCC-9

ExtractClientCredentialsFromBasicAuthorizationHeader

Extracted client authentication

client_id	client_JCXPwICAnLpEONR15069?-#\|;
client_secret	secret_KbKoBBVevaRtDxcIEFUitZvloiSAejYNxvrsTSRFQysnmhwOWe5913043480(~(?^
method	client_secret_basic

2021-09-30 07:59:59	SUCCESS RFC6749-2.3.1	ValidateClientIdAndSecret Client id and secret match

2021-09-30 07:59:59

(1) More

SUCCESS

OIDCC-3.1.3.2

ValidateAuthorizationCode

Found authorization code

authorization_code

48n0HBh2NfzkAR19Fpqqs1jdYxP1XJ3P

2021-09-30 07:59:59

(1) More

SUCCESS

OIDCC-3.1.3.2

ValidateRedirectUriForTokenEndpointRequest

redirect_uri is the same as the one used in the authorization request

actual

https://89.45.234.133:8090/authz_cb/d0a3b4818d6c5d71cfb81bcca6109b15b1cf22828b48c55fe78505953ac068f7

2021-09-30 07:59:59

(1) More

SUCCESS

GenerateBearerAccessToken

Generated access token

access_token

TJBDRbVHlg0E5mjQ0V102wUoFaeomTT0jgw9EY18k89UlL2J9C

2021-09-30 07:59:59

(1) More

SUCCESS

OIDCC-3.3.2.11

CalculateAtHash

Successful at_hash encoding

at_hash

JeBZdDxYjNEqgJGBUOBjOg

2021-09-30 07:59:59

(6) More

SUCCESS

GenerateIdTokenClaims

Created ID Token Claims

iss	https://www.certification.openid.net/test/a/idpy/
sub	user-subject-1234531
aud	client_JCXPwICAnLpEONR15069?-#\|;
nonce	e3UGhusel9lj1eqN11PFsg4l
iat	1632988799
exp	1632989099

2021-09-30 07:59:59

(2) More

SUCCESS

OIDCC-3.3.2.11

AddAtHashToIdTokenClaims

Added at_hash to ID token claims

at_hash

JeBZdDxYjNEqgJGBUOBjOg

id_token_claims

{
  "iss": "https://www.certification.openid.net/test/a/idpy/",
  "sub": "user-subject-1234531",
  "aud": "client_JCXPwICAnLpEONR15069?-#|;",
  "nonce": "e3UGhusel9lj1eqN11PFsg4l",
  "iat": 1632988799,
  "exp": 1632989099,
  "at_hash": "JeBZdDxYjNEqgJGBUOBjOg"
}

2021-09-30 07:59:59

(3) More

SUCCESS

OIDCC-2

OIDCCSignIdToken

Signed the ID token

id_token

eyJraWQiOiIyODA4ZGJkYi1hNGVjLTQ2M2EtYmIwMS1iNGU3MTk2OGJmMjUiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiSmVCWmREeFlqTkVxZ0pHQlVPQmpPZyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0pDWFB3SUNBbkxwRU9OUjE1MDY5Py0jfDsiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvaWRweVwvIiwiZXhwIjoxNjMyOTg5MDk5LCJub25jZSI6ImUzVUdodXNlbDlsajFlcU4xMVBGc2c0bCIsImlhdCI6MTYzMjk4ODc5OX0.X3eKeZnQVzLbkkLI8R1oal2WQWz7pIctoL5xCgZ1hb05stleJ7Xa7G-o8phq_vO-KRy5WZ0pZpzD9ktaDxVpfnZ6k0g562iVn6FYl4_1T26fNCq_IEzJCI7vLigOGwjdSYns9fGAj-tH1qqKcqptZGZ5E3VbcvOrQTlt8oHParUrCkvs2RpSBo9uqLXnBuaQUnFK4LodB4we0dddQgpvyIsxn9b7vyFFmq4Xdt4EWEtLozdHfg5mUYDdxmIy-ZuY7SHWbYOtPdEtZv-iSzKhZgqbttuQU8a6QDNYUdAlfxf9OIx7C2m5ymQmeuX4Q5-jJmQ7_Rcc8sX_Lz2pMGO9Gg

key

{"p":"8DxNyTcvqDAxSjo6y737WkhoibK3WN3YgbmxNMr2TuHqrGhqjfZIriYbWJAMoWdCDERbv8SaxF9TQmxEqpKINmvKCQoZG_BSGKToRFhAr_CseamgoZ4F30aXxOKxGa68XVnpY5InzSAXQxuaynKlu2lXT_hF2JXVpOS9HO3Zkoc","kty":"RSA","q":"0CyXiVW2r3K5378nt9LaasNEJ8-ssEIrT-4GcQyccZphfoDZWcuG9ZDG7KV71efSFMf6RsOj4VC4eI-a4vqidzOdhheUswGVWW3ZdyDei3vT-WGNDfexi7-fLx5reqsbT8Uy58qZ_vTfBeaAOk9bv4B7-hcaa7R4CAw52CUNtxc","d":"JW4pe493-J1cSHVyN-XJEWWY9t9t7rpip2oMhEmK3VEV2-fEKadiN-QfZ4rT7TfQZbpJv3ZMOk__3LiMrM3NN42C8-SrPwNPzsbXJmaTIifzlVbIzdyzzUaE5vJaikuiCjC3gkmcvIvY6sisO5bBX4Jv-61LNwGlXT_0J9jnZGe-jONAqSOZITVBof5ymccs_J6O0ksWpjI82NclIQ3r4_ki71oT4hlOuTCsyONua3bJKZLDjgr3SfhM4M97jBmLSxOK3v3-tGjooT37jwXLqTtMY9ZFAHiErsay-_Rv0EYnlKaBvYTCh1Co7ptxlckWGsUDhL-6ytqQ9FRo1yA3tQ","e":"AQAB","use":"sig","kid":"2808dbdb-a4ec-463a-bb01-b4e71968bf25","qi":"E4Sdz5I82VovoNlYBvKy_vDWZn2ZVxkPVEqgbERUUAFceQ5wepep4ll8nK3EL1X99z1VgWe-T8vui0g4PS47YM4tEbs8-nBljkEUraXdknfdgfQ8mdkUYHIUI88TpCWE9uI58ZHUAgyzXJ2yL88KyE1Ip1sa9I8jA5aQ5tAFNo8","dp":"chURE2bDmOkZ3xf759kWTe9oxUs7SlY_hIs8HcfsY9Vg7fK_9x5nsVujTNFLTjKM6Oplb5HbtTlXfomPqjjfuohBbz1-Ywgi1FUrf5kxTtvJ7BSjlVxHiZoqZHMKixmxldsmvAQiJoUAxvuK7Gy5S2Bg-Db8ZDfzNtTxAZXp5m0","dq":"tON6jbB4PL4Q-3ZL2fSTLCAesgVIBiSJJDwtRsBxlFlUjCsEMn2i-PDjmbA2CeoVZ09Zj3Hijh-pG8GVEdQ9phyorWMCKAWhNAM66sQZ_NQNnm4AtnlbwpYwiS4CsKXL5qXxFO68n4lB3gursn9Qtve7QtYedCZuAng1LzcLUuM","n":"w1rXxU4C-muz3wIdGWw2s77kI_iDlMVLCmQuNDEn_xoZV0TuEWa6SC1Tj0Oxy9g8yOhmyU1xq4_Aptsbh5qYZnrnQiXxb-pyftIRBzDmJMziZ2kZHBAZUfuZmvzJ7Sp5GGswW67W9tE92MRZDk-7oJW2SGZm4Qy1bA7J8y2CPRwMyt8yeBw7EfmDYFyDClEbQhlDapOt0TyzHfEOnXiijiMBG3qRVwxOxZIWbq6teaFsjHeQlto6Oe9zU2G7QCqvrI0CTw7IiAGFfBvrpdaGh7zuFQnxsdc-z5CXDYP6Ui0iwDC1s52xVetCxnXy3NlLh-3hPteVLXFUHOLB2iWrIQ"}

algorithm

RS256

2021-09-30 07:59:59

(3) More

INFO

OIDCC-10.2

EncryptIdToken

Skipped evaluation due to missing required element: client id_token_encrypted_response_alg

path	id_token_encrypted_response_alg
mapped
object	client

2021-09-30 07:59:59

(4) More

SUCCESS

OIDCC-3.1.3.3

CreateTokenEndpointResponse

Created token endpoint response

access_token	TJBDRbVHlg0E5mjQ0V102wUoFaeomTT0jgw9EY18k89UlL2J9C
token_type	Bearer
id_token	eyJraWQiOiIyODA4ZGJkYi1hNGVjLTQ2M2EtYmIwMS1iNGU3MTk2OGJmMjUiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiSmVCWmREeFlqTkVxZ0pHQlVPQmpPZyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0pDWFB3SUNBbkxwRU9OUjE1MDY5Py0jfDsiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvaWRweVwvIiwiZXhwIjoxNjMyOTg5MDk5LCJub25jZSI6ImUzVUdodXNlbDlsajFlcU4xMVBGc2c0bCIsImlhdCI6MTYzMjk4ODc5OX0.X3eKeZnQVzLbkkLI8R1oal2WQWz7pIctoL5xCgZ1hb05stleJ7Xa7G-o8phq_vO-KRy5WZ0pZpzD9ktaDxVpfnZ6k0g562iVn6FYl4_1T26fNCq_IEzJCI7vLigOGwjdSYns9fGAj-tH1qqKcqptZGZ5E3VbcvOrQTlt8oHParUrCkvs2RpSBo9uqLXnBuaQUnFK4LodB4we0dddQgpvyIsxn9b7vyFFmq4Xdt4EWEtLozdHfg5mUYDdxmIy-ZuY7SHWbYOtPdEtZv-iSzKhZgqbttuQU8a6QDNYUdAlfxf9OIx7C2m5ymQmeuX4Q5-jJmQ7_Rcc8sX_Lz2pMGO9Gg
scope	openid profile email address phone

2021-09-30 07:59:59

(4) More

OUTGOING

oidcc-client-test-signing-key-rotation

Response to HTTP request to test instance sVztAwKMubkoUKz

outgoing_status_code	200
outgoing_headers	{}
outgoing_body	{ "access_token": "TJBDRbVHlg0E5mjQ0V102wUoFaeomTT0jgw9EY18k89UlL2J9C", "token_type": "Bearer", "id_token": "eyJraWQiOiIyODA4ZGJkYi1hNGVjLTQ2M2EtYmIwMS1iNGU3MTk2OGJmMjUiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiSmVCWmREeFlqTkVxZ0pHQlVPQmpPZyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0pDWFB3SUNBbkxwRU9OUjE1MDY5Py0jfDsiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvaWRweVwvIiwiZXhwIjoxNjMyOTg5MDk5LCJub25jZSI6ImUzVUdodXNlbDlsajFlcU4xMVBGc2c0bCIsImlhdCI6MTYzMjk4ODc5OX0.X3eKeZnQVzLbkkLI8R1oal2WQWz7pIctoL5xCgZ1hb05stleJ7Xa7G-o8phq_vO-KRy5WZ0pZpzD9ktaDxVpfnZ6k0g562iVn6FYl4_1T26fNCq_IEzJCI7vLigOGwjdSYns9fGAj-tH1qqKcqptZGZ5E3VbcvOrQTlt8oHParUrCkvs2RpSBo9uqLXnBuaQUnFK4LodB4we0dddQgpvyIsxn9b7vyFFmq4Xdt4EWEtLozdHfg5mUYDdxmIy-ZuY7SHWbYOtPdEtZv-iSzKhZgqbttuQU8a6QDNYUdAlfxf9OIx7C2m5ymQmeuX4Q5-jJmQ7_Rcc8sX_Lz2pMGO9Gg", "scope": "openid profile email address phone" }
outgoing_path	token

2021-09-30 07:59:59

(7) More

INCOMING

oidcc-client-test-signing-key-rotation

Incoming HTTP request to test instance sVztAwKMubkoUKz

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "python-requests/2.25.1", "accept-encoding": "gzip, deflate", "accept": "/", "if-modified-since": "Thu, 30 Sep 2021 07:59:55 GMT", "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384", "x-ssl-protocol": "TLSv1.2", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
incoming_path	jwks
incoming_body_form_params
incoming_method	GET
incoming_body_json
incoming_query_string_params	{}
incoming_body

Jwks endpoint

2021-09-30 07:59:59

(4) More

OUTGOING

oidcc-client-test-signing-key-rotation

Response to HTTP request to test instance sVztAwKMubkoUKz

outgoing_status_code	200
outgoing_headers	{}
outgoing_body	{ "keys": [ { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "2808dbdb-a4ec-463a-bb01-b4e71968bf25", "n": "w1rXxU4C-muz3wIdGWw2s77kI_iDlMVLCmQuNDEn_xoZV0TuEWa6SC1Tj0Oxy9g8yOhmyU1xq4_Aptsbh5qYZnrnQiXxb-pyftIRBzDmJMziZ2kZHBAZUfuZmvzJ7Sp5GGswW67W9tE92MRZDk-7oJW2SGZm4Qy1bA7J8y2CPRwMyt8yeBw7EfmDYFyDClEbQhlDapOt0TyzHfEOnXiijiMBG3qRVwxOxZIWbq6teaFsjHeQlto6Oe9zU2G7QCqvrI0CTw7IiAGFfBvrpdaGh7zuFQnxsdc-z5CXDYP6Ui0iwDC1s52xVetCxnXy3NlLh-3hPteVLXFUHOLB2iWrIQ" }, { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "dfdd6d25-9934-4654-944f-5ae387c03642", "n": "lTuaVPeFepy0uRerKNbQFekz5OZkfyn7QgFj554O1niIrs5nPOEY5JLnIelOJxRMDwrE9xrjhZHqPicO4awX537n9rM-mdzzrZypFO3PImvjFYKqtYkoofi8vyqG2m36KMbc1St9hwLN5tN2GSSbem8RDGVkAmaNxQVXvz4OuOQSTyucakSkHZeGllafRYteTlAUHodigR-7g8R4E_ZecEWLPC_JRjMQ8kJsbj5SK7kD1q0BPkN3TS6n9PzSnuzrugHIFAn0P2lZTwbgzxdsqUYrpAEkrx7bbqGUMzaAUWY4YtQUYJeBXgMSg--bwRww-zD2eh_D_b15X7l2-YUwAw" }, { "kty": "EC", "use": "sig", "crv": "P-256", "kid": "93737726-6243-4628-b297-e961f1441b1c", "x": "DuL4jMQHhh4NV0augMwYa7jTefm_jFAmfKsQSJ2uq00", "y": "v7wQtjbPv5-5m6rGLeVZFtQa7IFe_EwSwbPYVcgqxhw" }, { "kty": "EC", "use": "sig", "crv": "P-256", "kid": "edbe2b8e-ece8-461a-9e7f-7e6e6525dbf9", "x": "0Hd8IU_oqHoWDI7SfYCvR_74EBBIWHuuT4b1ackrlMI", "y": "PFsMyQY7vhtaKOO-XTSFtP1AqJ2BX5SNO2AGDw8I1Yo" }, { "kty": "EC", "use": "sig", "crv": "secp256k1", "kid": "6a4c2a1d-d5f2-4d2e-8706-fa12780ad29c", "x": "exfHdLkS_4yg5FtuDBxszRqgRjYYa10PhxVxUudNfN8", "y": "AAJe4dexsN0Yy0vv-1LJ1Me_6QRI4VEydlz7B-yHKLA" }, { "kty": "OKP", "use": "sig", "crv": "Ed25519", "kid": "4e2dc987-ea0b-4a3d-b637-6a9aa7756642", "x": "qOXTTMu-LxYz62PPLh_QR5M0slpjiQh1kMtVAMkGdPA" }, { "kty": "RSA", "e": "AQAB", "use": "enc", "kid": "040bb202-d86f-4fb6-a7e6-08481c09d23c", "alg": "RSA-OAEP", "n": "vsElqeXs_9I8vXJW3VKgCxDDACmW5d8e-kMwuGSSbKdPKgRFyoDvWovJ8pq8enU3dWmERC9dh3a45Z1bMA6NsbwTMacL6asY7Jt97BKQg9b2f2Um04ol_4GFOgFaGxxno5vaDYmozkXUmVBAvodCLCDTt9EDLz5gqbZuJOIBwfxtqYU8uiCeA4PLpmOEEF-y8gVgc1yOmYQI2XRn8CQBi7SCaLvUYjTzHxS8Q3t-DFtTlRx2jBsHubteJxECGKEpCvuAji9wEDFHgdDXw1dsHjiBVDw1gjB-IOB2vdDDKn1Dn5UEa_SLNRwLbzhVjuwwLpkvMMyxTblGa_AWdTtndQ" }, { "kty": "EC", "use": "enc", "crv": "P-256", "kid": "656e3915-28c9-43b8-a69a-12c9214e8bcb", "x": "ZuNuI_d1h_G91wLbC_JCiq6XEMZiZKB5LPEE_UEX5jU", "y": "WiLwwoQ74hLn27ZNSjo6T2woPgmctLObVZGE-VxyEeQ", "alg": "ECDH-ES" } ] }
outgoing_path	jwks

2021-09-30 08:00:00

(7) More

INCOMING

oidcc-client-test-signing-key-rotation

Incoming HTTP request to test instance sVztAwKMubkoUKz

incoming_headers	{ "host": "www.certification.openid.net", "user-agent": "python-requests/2.25.1", "accept-encoding": "gzip, deflate", "accept": "/", "authorization": "Bearer TJBDRbVHlg0E5mjQ0V102wUoFaeomTT0jgw9EY18k89UlL2J9C", "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384", "x-ssl-protocol": "TLSv1.2", "connection": "close", "x-forwarded-host": "www.certification.openid.net", "x-forwarded-server": "www.certification.openid.net" }
incoming_path	userinfo
incoming_body_form_params
incoming_method	GET
incoming_body_json
incoming_query_string_params	{}
incoming_body

Userinfo endpoint

2021-09-30 08:00:00

(1) More

SUCCESS

RFC6750-2 OIDCC-5.3.1

OIDCCExtractBearerAccessTokenFromRequest

Found access token on incoming request

access_token

TJBDRbVHlg0E5mjQ0V102wUoFaeomTT0jgw9EY18k89UlL2J9C

2021-09-30 08:00:00

(1) More

SUCCESS

OIDCC-5.3.1

RequireBearerAccessToken

Found access token in request

actual

TJBDRbVHlg0E5mjQ0V102wUoFaeomTT0jgw9EY18k89UlL2J9C

2021-09-30 08:00:00

(18) More

SUCCESS

OIDCC-5.4

FilterUserInfoForScopes

User info endpoint output

sub	user-subject-1234531
website	https://openid.net/
zoneinfo	America/Los_Angeles
birthdate	2000-02-03
gender	female
preferred_username	d.tu
given_name	Demo
middle_name	Theresa
locale	en-US
updated_at	1580000000
name	Demo T. User
nickname	Dee
family_name	User
email	user@example.com
email_verified	false
address	{ "street_address": "100 Universal City Plaza", "locality": "Hollywood", "region": "CA", "postal_code": "91608", "country": "USA" }
phone_number_verified	false
phone_number	+1 555 5550000

2021-09-30 08:00:00		ClearAccessTokenFromRequest Condition ran but did not log anything

2021-09-30 08:00:00

(3) More

INFO

OIDCC-5.3.2

AddIssAndAudToUserInfoResponse

Skipped evaluation due to missing required element: client userinfo_signed_response_alg

path	userinfo_signed_response_alg
mapped
object	client

2021-09-30 08:00:00

(3) More

INFO

OIDCC-5.3.2

SignUserInfoResponse

Skipped evaluation due to missing required element: client userinfo_signed_response_alg

path	userinfo_signed_response_alg
mapped
object	client

2021-09-30 08:00:00

(3) More

INFO

OIDCC-5.3.2

EncryptUserInfoResponse

Skipped evaluation due to missing required element: client userinfo_encrypted_response_alg

path	userinfo_encrypted_response_alg
mapped
object	client

2021-09-30 08:00:00

(4) More

OUTGOING

oidcc-client-test-signing-key-rotation

Response to HTTP request to test instance sVztAwKMubkoUKz

outgoing_status_code	200
outgoing_headers	{}
outgoing_body	{ "sub": "user-subject-1234531", "website": "https://openid.net/", "zoneinfo": "America/Los_Angeles", "birthdate": "2000-02-03", "gender": "female", "preferred_username": "d.tu", "given_name": "Demo", "middle_name": "Theresa", "locale": "en-US", "updated_at": 1580000000, "name": "Demo T. User", "nickname": "Dee", "family_name": "User", "email": "user@example.com", "email_verified": false, "address": { "street_address": "100 Universal City Plaza", "locality": "Hollywood", "region": "CA", "postal_code": "91608", "country": "USA" }, "phone_number_verified": false, "phone_number": "+1 555 5550000" }
outgoing_path	userinfo

2021-09-30 08:00:00

(1) More

FINISHED

oidcc-client-test-signing-key-rotation

Test has run to completion

testmodule_result

PASSED

Test Summary

Test Results