Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-07-28 20:05:11 INFO
TEST-RUNNER
Test instance zPX2Il2NLM created
baseUrl
https://www.certification.openid.net/test/zPX2Il2NLM
variant
{
  "client_auth_type": "private_key_jwt",
  "response_type": "code",
  "server_metadata": "discovery",
  "client_registration": "dynamic_client",
  "response_mode": "default"
}
alias

                                
description
node oidc-provider
planId
0z7zLQPtQILkL
config
{
  "description": "node oidc-provider",
  "server": {
    "discoveryUrl": "https://op.panva.cz/.well-known/openid-configuration",
    "login_hint": "bob@example.com"
  },
  "client": {
    "client_name": "first-openid-client"
  },
  "client2": {
    "client_name": "second-openid-client"
  },
  "browser": [
    {
      "comment": "expect a login page with policy document link",
      "match": "https://op.panva.cz/auth*",
      "tasks": [
        {
          "task": "Expect a login page with policy document link",
          "match": "https://op.panva.cz/interaction*",
          "commands": [
            [
              "wait",
              "xpath",
              "//*",
              10,
              "Sign-in",
              "update-image-placeholder"
            ]
          ]
        }
      ]
    }
  ]
}
testName
oidcc-registration-policy-uri
2020-07-28 20:05:11 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/zPX2Il2NLM/callback
2020-07-28 20:05:11
GetDynamicServerConfiguration
HTTP request
request_uri
https://op.panva.cz/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2020-07-28 20:05:12 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-length": "5937",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Tue, 28 Jul 2020 20:05:12 GMT",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-xss-protection": "1; mode\u003dblock"
}
response_body
{"acr_values_supported":["urn:mace:incommon:iap:bronze"],"authorization_endpoint":"https://op.panva.cz/auth","device_authorization_endpoint":"https://op.panva.cz/device/auth","claims_parameter_supported":true,"claims_supported":["sub","address","email","email_verified","phone_number","phone_number_verified","birthdate","family_name","gender","given_name","locale","middle_name","name","nickname","picture","preferred_username","profile","updated_at","website","zoneinfo","acr","sid","auth_time","iss","amr"],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"https://op.panva.cz/session/end","check_session_iframe":"https://op.panva.cz/session/check","grant_types_supported":["implicit","authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:device_code"],"id_token_signing_alg_values_supported":["HS256","HS384","HS512","none","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"issuer":"https://op.panva.cz","jwks_uri":"https://op.panva.cz/jwks","registration_endpoint":"https://op.panva.cz/reg","response_modes_supported":["form_post","fragment","query","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["code id_token token","code id_token","code token","code","id_token token","id_token","none"],"scopes_supported":["openid","offline_access","address","email","phone","profile"],"subject_types_supported":["public","pairwise"],"token_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"token_endpoint":"https://op.panva.cz/token","pushed_authorization_request_endpoint":"https://op.panva.cz/request","request_object_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA","none"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"userinfo_endpoint":"https://op.panva.cz/me","userinfo_signing_alg_values_supported":["HS256","HS384","HS512","none","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"authorization_signing_alg_values_supported":["HS256","HS384","HS512","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"introspection_endpoint":"https://op.panva.cz/token/introspection","introspection_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"introspection_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"dpop_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"revocation_endpoint":"https://op.panva.cz/token/revocation","revocation_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"revocation_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"authorization_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"request_object_encryption_alg_values_supported":["A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir","RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"request_object_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"tls_client_certificate_bound_access_tokens":true,"claim_types_supported":["normal"],"service_documentation":"https://github.com/panva/node-oidc-provider","version":"6.28.0-a4eb4b2","mtls_endpoint_aliases":{"token_endpoint":"https://mtls.op.panva.cz/token","introspection_endpoint":"https://mtls.op.panva.cz/token/introspection","revocation_endpoint":"https://mtls.op.panva.cz/token/revocation","userinfo_endpoint":"https://mtls.op.panva.cz/me","device_authorization_endpoint":"https://mtls.op.panva.cz/device/auth","pushed_authorization_request_endpoint":"https://mtls.op.panva.cz/request"}}
2020-07-28 20:05:12
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{"acr_values_supported":["urn:mace:incommon:iap:bronze"],"authorization_endpoint":"https://op.panva.cz/auth","device_authorization_endpoint":"https://op.panva.cz/device/auth","claims_parameter_supported":true,"claims_supported":["sub","address","email","email_verified","phone_number","phone_number_verified","birthdate","family_name","gender","given_name","locale","middle_name","name","nickname","picture","preferred_username","profile","updated_at","website","zoneinfo","acr","sid","auth_time","iss","amr"],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"https://op.panva.cz/session/end","check_session_iframe":"https://op.panva.cz/session/check","grant_types_supported":["implicit","authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:device_code"],"id_token_signing_alg_values_supported":["HS256","HS384","HS512","none","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"issuer":"https://op.panva.cz","jwks_uri":"https://op.panva.cz/jwks","registration_endpoint":"https://op.panva.cz/reg","response_modes_supported":["form_post","fragment","query","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["code id_token token","code id_token","code token","code","id_token token","id_token","none"],"scopes_supported":["openid","offline_access","address","email","phone","profile"],"subject_types_supported":["public","pairwise"],"token_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"token_endpoint":"https://op.panva.cz/token","pushed_authorization_request_endpoint":"https://op.panva.cz/request","request_object_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA","none"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"userinfo_endpoint":"https://op.panva.cz/me","userinfo_signing_alg_values_supported":["HS256","HS384","HS512","none","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"authorization_signing_alg_values_supported":["HS256","HS384","HS512","PS256","PS384","PS512","RS256","RS384","RS512","ES256","ES256K","ES384","ES512","EdDSA"],"introspection_endpoint":"https://op.panva.cz/token/introspection","introspection_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"introspection_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"dpop_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"revocation_endpoint":"https://op.panva.cz/token/revocation","revocation_endpoint_auth_methods_supported":["none","client_secret_basic","client_secret_jwt","client_secret_post","private_key_jwt","self_signed_tls_client_auth"],"revocation_endpoint_auth_signing_alg_values_supported":["HS256","HS384","HS512","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES256K","ES384","ES512","EdDSA"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"authorization_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW","A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir"],"authorization_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"request_object_encryption_alg_values_supported":["A128GCMKW","A192GCMKW","A256GCMKW","A128KW","A192KW","A256KW","PBES2-HS256+A128KW","PBES2-HS384+A192KW","PBES2-HS512+A256KW","dir","RSA-OAEP","RSA-OAEP-256","RSA-OAEP-384","RSA-OAEP-512","RSA1_5","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"request_object_encryption_enc_values_supported":["A128CBC-HS256","A128GCM","A192CBC-HS384","A192GCM","A256CBC-HS512","A256GCM"],"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"tls_client_certificate_bound_access_tokens":true,"claim_types_supported":["normal"],"service_documentation":"https://github.com/panva/node-oidc-provider","version":"6.28.0-a4eb4b2","mtls_endpoint_aliases":{"token_endpoint":"https://mtls.op.panva.cz/token","introspection_endpoint":"https://mtls.op.panva.cz/token/introspection","revocation_endpoint":"https://mtls.op.panva.cz/token/revocation","userinfo_endpoint":"https://mtls.op.panva.cz/me","device_authorization_endpoint":"https://mtls.op.panva.cz/device/auth","pushed_authorization_request_endpoint":"https://mtls.op.panva.cz/request"}}
2020-07-28 20:05:12 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
acr_values_supported
[
  "urn:mace:incommon:iap:bronze"
]
authorization_endpoint
https://op.panva.cz/auth
device_authorization_endpoint
https://op.panva.cz/device/auth
claims_parameter_supported
true
claims_supported
[
  "sub",
  "address",
  "email",
  "email_verified",
  "phone_number",
  "phone_number_verified",
  "birthdate",
  "family_name",
  "gender",
  "given_name",
  "locale",
  "middle_name",
  "name",
  "nickname",
  "picture",
  "preferred_username",
  "profile",
  "updated_at",
  "website",
  "zoneinfo",
  "acr",
  "sid",
  "auth_time",
  "iss",
  "amr"
]
code_challenge_methods_supported
[
  "S256"
]
end_session_endpoint
https://op.panva.cz/session/end
check_session_iframe
https://op.panva.cz/session/check
grant_types_supported
[
  "implicit",
  "authorization_code",
  "refresh_token",
  "urn:ietf:params:oauth:grant-type:device_code"
]
id_token_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "none",
  "PS256",
  "PS384",
  "PS512",
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
issuer
https://op.panva.cz
jwks_uri
https://op.panva.cz/jwks
registration_endpoint
https://op.panva.cz/reg
response_modes_supported
[
  "form_post",
  "fragment",
  "query",
  "jwt",
  "query.jwt",
  "fragment.jwt",
  "form_post.jwt"
]
response_types_supported
[
  "code id_token token",
  "code id_token",
  "code token",
  "code",
  "id_token token",
  "id_token",
  "none"
]
scopes_supported
[
  "openid",
  "offline_access",
  "address",
  "email",
  "phone",
  "profile"
]
subject_types_supported
[
  "public",
  "pairwise"
]
token_endpoint_auth_methods_supported
[
  "none",
  "client_secret_basic",
  "client_secret_jwt",
  "client_secret_post",
  "private_key_jwt",
  "self_signed_tls_client_auth"
]
token_endpoint_auth_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
token_endpoint
https://op.panva.cz/token
pushed_authorization_request_endpoint
https://op.panva.cz/request
request_object_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA",
  "none"
]
request_parameter_supported
true
request_uri_parameter_supported
true
require_request_uri_registration
true
userinfo_endpoint
https://op.panva.cz/me
userinfo_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "none",
  "PS256",
  "PS384",
  "PS512",
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
authorization_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "PS256",
  "PS384",
  "PS512",
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
introspection_endpoint
https://op.panva.cz/token/introspection
introspection_endpoint_auth_methods_supported
[
  "none",
  "client_secret_basic",
  "client_secret_jwt",
  "client_secret_post",
  "private_key_jwt",
  "self_signed_tls_client_auth"
]
introspection_endpoint_auth_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
dpop_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
revocation_endpoint
https://op.panva.cz/token/revocation
revocation_endpoint_auth_methods_supported
[
  "none",
  "client_secret_basic",
  "client_secret_jwt",
  "client_secret_post",
  "private_key_jwt",
  "self_signed_tls_client_auth"
]
revocation_endpoint_auth_signing_alg_values_supported
[
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES256K",
  "ES384",
  "ES512",
  "EdDSA"
]
id_token_encryption_alg_values_supported
[
  "RSA-OAEP",
  "RSA-OAEP-256",
  "RSA-OAEP-384",
  "RSA-OAEP-512",
  "RSA1_5",
  "ECDH-ES",
  "ECDH-ES+A128KW",
  "ECDH-ES+A192KW",
  "ECDH-ES+A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW",
  "A128KW",
  "A192KW",
  "A256KW",
  "PBES2-HS256+A128KW",
  "PBES2-HS384+A192KW",
  "PBES2-HS512+A256KW",
  "dir"
]
id_token_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A128GCM",
  "A192CBC-HS384",
  "A192GCM",
  "A256CBC-HS512",
  "A256GCM"
]
userinfo_encryption_alg_values_supported
[
  "RSA-OAEP",
  "RSA-OAEP-256",
  "RSA-OAEP-384",
  "RSA-OAEP-512",
  "RSA1_5",
  "ECDH-ES",
  "ECDH-ES+A128KW",
  "ECDH-ES+A192KW",
  "ECDH-ES+A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW",
  "A128KW",
  "A192KW",
  "A256KW",
  "PBES2-HS256+A128KW",
  "PBES2-HS384+A192KW",
  "PBES2-HS512+A256KW",
  "dir"
]
userinfo_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A128GCM",
  "A192CBC-HS384",
  "A192GCM",
  "A256CBC-HS512",
  "A256GCM"
]
authorization_encryption_alg_values_supported
[
  "RSA-OAEP",
  "RSA-OAEP-256",
  "RSA-OAEP-384",
  "RSA-OAEP-512",
  "RSA1_5",
  "ECDH-ES",
  "ECDH-ES+A128KW",
  "ECDH-ES+A192KW",
  "ECDH-ES+A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW",
  "A128KW",
  "A192KW",
  "A256KW",
  "PBES2-HS256+A128KW",
  "PBES2-HS384+A192KW",
  "PBES2-HS512+A256KW",
  "dir"
]
authorization_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A128GCM",
  "A192CBC-HS384",
  "A192GCM",
  "A256CBC-HS512",
  "A256GCM"
]
request_object_encryption_alg_values_supported
[
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW",
  "A128KW",
  "A192KW",
  "A256KW",
  "PBES2-HS256+A128KW",
  "PBES2-HS384+A192KW",
  "PBES2-HS512+A256KW",
  "dir",
  "RSA-OAEP",
  "RSA-OAEP-256",
  "RSA-OAEP-384",
  "RSA-OAEP-512",
  "RSA1_5",
  "ECDH-ES",
  "ECDH-ES+A128KW",
  "ECDH-ES+A192KW",
  "ECDH-ES+A256KW"
]
request_object_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A128GCM",
  "A192CBC-HS384",
  "A192GCM",
  "A256CBC-HS512",
  "A256GCM"
]
backchannel_logout_supported
true
backchannel_logout_session_supported
true
frontchannel_logout_supported
true
frontchannel_logout_session_supported
true
tls_client_certificate_bound_access_tokens
true
claim_types_supported
[
  "normal"
]
service_documentation
https://github.com/panva/node-oidc-provider
version
6.28.0-a4eb4b2
mtls_endpoint_aliases
{
  "token_endpoint": "https://mtls.op.panva.cz/token",
  "introspection_endpoint": "https://mtls.op.panva.cz/token/introspection",
  "revocation_endpoint": "https://mtls.op.panva.cz/token/revocation",
  "userinfo_endpoint": "https://mtls.op.panva.cz/me",
  "device_authorization_endpoint": "https://mtls.op.panva.cz/device/auth",
  "pushed_authorization_request_endpoint": "https://mtls.op.panva.cz/request"
}
2020-07-28 20:05:12 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2020-07-28 20:05:12 SUCCESS
GetDynamicClientConfiguration
Created dynamic_client_registration_template object from the client configuration.
client_name
first-openid-client
2020-07-28 20:05:12
CreatePolicyUri
Generated policy URI
policy_uri
https://openid.net
2020-07-28 20:05:12
oidcc-registration-policy-uri
Setup Done
2020-07-28 20:05:14 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "1DmEdRbqlO1KUDdX9DtzUHBTmicAsNGX0NhpXvCaGgJM2t0-DYcMmnfP2lHXXQv2-IxJg-hTI08an6ri97mKHdoNJwiWPa-26yonsmo_6K8Je-TRIN6P6POH4es6JwCjRn_x1CJmtOb74M-ldNxl1EdA-GLxagB68Mst_67twVc",
      "kty": "RSA",
      "q": "xJqiN2v6eaAb5gBPKguaTSQEcq8PRUXrIGVrkJARmreFQRd3DH8585CS7JAGzB9IXpqhz84eME563f_Qxj-KCe7Hb857oTcDfhp_GUYW3fA1ZOavuWIHygXytz1owXk17sLietL-Te8a2JCaAovr_gqLkoYRv3EMTAj4Y4Rznl8",
      "d": "ft2AlfO8gkmhRXV24nLSNlrSnmAwfF3Xx1aAbnPuRlUcYVnnjWsdFSBP72vplk7lQVCKrZ4kUCUUrBA9NC4AC4RDjZdCz8ZaLVffztBeTbke-nH4b34ROCTVAE27GY4le-pqKlq1IY4sSXDCOplbYuzFRzOjUL6cf0HzaWLgXBxP2VPkAKhSob6zK1Z9B4OmGwNr2bt4R7m1ClETxcH3kJThNR5YeL2-11hpG9hzz-fCqFdkTT7GafyH0R8lD5ucr9oltE9VsUQosvpxWJxcEDx0BzvpzGOS3l1knN8DlYgP-9FE5h1JK53VeUyzPDpJ_F5Bo6zhF5FeZXyN9pPI5Q",
      "e": "AQAB",
      "use": "sig",
      "qi": "0e_TmsdCVZhQMFQGrXKwu02jifSzwljnMNaGnT5R1UC3ks-D-MroLZyQJUxBMM2QqygWKd923TzrWqH2hyEe78xCN6xG1D-4DCqrzWvwQYoufFliEmeyGIbSjxhnnhaAU3vMf29QzSfSjfc3RsuCde0eslfydZ0i6L6OXJtNixA",
      "dp": "p12E3GJqNXC9Pm2m63FHC5TKGbPQk6F3PLiuwLS2kvRlb-Uy3rA2fEsonGAWm8anynO4NlKt3hawRGMcA4lLJyejX7kh4xwEAYmJLOcl53bC3_YgBu_-RhRogP5lKgUSvrKAIG_Q17GhyjV3oqV9mN9omXpOMO6YBfX2HMHztpk",
      "alg": "RS256",
      "dq": "RcP5vGD8yRwfykZh0TG815LoYSnt6U8eWKikuu_kz1pAVxDUlgKvtdafzIJvZw_Sxn9o3CzwWYP_5bdZhoAVo-CvtOU4ycST4LPWVkmg47DRwbR6tvYqfW4O6ydHfSBeGxPc-mjVBSLMC_2EKVMts0BatuwMcDrVekXUnrvpq1E",
      "n": "ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"
    }
  ]
}
2020-07-28 20:05:14 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-07-28 20:05:14 SUCCESS
CreateDynamicRegistrationRequest
Created dynamic registration request
client_name
first-openid-client zPX2Il2NLM
2020-07-28 20:05:14
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2020-07-28 20:05:14
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client zPX2Il2NLM",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"
      }
    ]
  }
}
2020-07-28 20:05:14
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client zPX2Il2NLM",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"
      }
    ]
  },
  "token_endpoint_auth_method": "private_key_jwt"
}
2020-07-28 20:05:14
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client zPX2Il2NLM",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"
      }
    ]
  },
  "token_endpoint_auth_method": "private_key_jwt",
  "response_types": [
    "code"
  ]
}
2020-07-28 20:05:14
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client zPX2Il2NLM",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"
      }
    ]
  },
  "token_endpoint_auth_method": "private_key_jwt",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/zPX2Il2NLM/callback"
  ]
}
2020-07-28 20:05:14
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client zPX2Il2NLM",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"
      }
    ]
  },
  "token_endpoint_auth_method": "private_key_jwt",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/zPX2Il2NLM/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2020-07-28 20:05:14
AddPolicyUriToDynamicRegistrationRequest
Added policy_uri to dynamic registration request
dynamic_registration_request
{
  "client_name": "first-openid-client zPX2Il2NLM",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"
      }
    ]
  },
  "token_endpoint_auth_method": "private_key_jwt",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/zPX2Il2NLM/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ],
  "policy_uri": "https://openid.net"
}
2020-07-28 20:05:14
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://op.panva.cz/reg
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "730"
}
request_body
{"client_name":"first-openid-client zPX2Il2NLM","grant_types":["authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"}]},"token_endpoint_auth_method":"private_key_jwt","response_types":["code"],"redirect_uris":["https://www.certification.openid.net/test/zPX2Il2NLM/callback"],"contacts":["certification@oidf.org"],"policy_uri":"https://openid.net"}
2020-07-28 20:05:15 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "cache-control": "no-cache, no-store",
  "content-length": "1485",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Tue, 28 Jul 2020 20:05:15 GMT",
  "pragma": "no-cache",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-xss-protection": "1; mode\u003dblock"
}
response_body
{"application_type":"web","grant_types":["authorization_code"],"id_token_signed_response_alg":"RS256","post_logout_redirect_uris":[],"require_auth_time":false,"response_types":["code"],"subject_type":"public","token_endpoint_auth_method":"private_key_jwt","introspection_endpoint_auth_method":"private_key_jwt","revocation_endpoint_auth_method":"private_key_jwt","backchannel_logout_session_required":false,"frontchannel_logout_session_required":false,"require_signed_request_object":false,"request_uris":[],"require_pushed_authorization_requests":false,"authorization_signed_response_alg":"RS256","tls_client_certificate_bound_access_tokens":false,"client_id_issued_at":1595966715,"client_id":"JdruMCP2RFNGPLocbceuQ","client_name":"first-openid-client zPX2Il2NLM","contacts":["certification@oidf.org"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"}]},"policy_uri":"https://openid.net","redirect_uris":["https://www.certification.openid.net/test/zPX2Il2NLM/callback"],"registration_client_uri":"https://op.panva.cz/reg/JdruMCP2RFNGPLocbceuQ","registration_access_token":"jwqchpsCmfIP8pX09gt7h6c3B2SJ-t9tIgpDcbxfzNB"}
2020-07-28 20:05:15
CallDynamicRegistrationEndpoint
Registration endpoint response
dynamic_registration_response
{"application_type":"web","grant_types":["authorization_code"],"id_token_signed_response_alg":"RS256","post_logout_redirect_uris":[],"require_auth_time":false,"response_types":["code"],"subject_type":"public","token_endpoint_auth_method":"private_key_jwt","introspection_endpoint_auth_method":"private_key_jwt","revocation_endpoint_auth_method":"private_key_jwt","backchannel_logout_session_required":false,"frontchannel_logout_session_required":false,"require_signed_request_object":false,"request_uris":[],"require_pushed_authorization_requests":false,"authorization_signed_response_alg":"RS256","tls_client_certificate_bound_access_tokens":false,"client_id_issued_at":1595966715,"client_id":"JdruMCP2RFNGPLocbceuQ","client_name":"first-openid-client zPX2Il2NLM","contacts":["certification@oidf.org"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"}]},"policy_uri":"https://openid.net","redirect_uris":["https://www.certification.openid.net/test/zPX2Il2NLM/callback"],"registration_client_uri":"https://op.panva.cz/reg/JdruMCP2RFNGPLocbceuQ","registration_access_token":"jwqchpsCmfIP8pX09gt7h6c3B2SJ-t9tIgpDcbxfzNB"}
2020-07-28 20:05:15
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
application_type
web
grant_types
[
  "authorization_code"
]
id_token_signed_response_alg
RS256
post_logout_redirect_uris
[]
require_auth_time
false
response_types
[
  "code"
]
subject_type
public
token_endpoint_auth_method
private_key_jwt
introspection_endpoint_auth_method
private_key_jwt
revocation_endpoint_auth_method
private_key_jwt
backchannel_logout_session_required
false
frontchannel_logout_session_required
false
require_signed_request_object
false
request_uris
[]
require_pushed_authorization_requests
false
authorization_signed_response_alg
RS256
tls_client_certificate_bound_access_tokens
false
client_id_issued_at
1595966715
client_id
JdruMCP2RFNGPLocbceuQ
client_name
first-openid-client zPX2Il2NLM
contacts
[
  "certification@oidf.org"
]
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "ovw6fausoCfX45HhKCuVHZFze5cmv9J-mSkqCIXfYdbacKxGEpI3bwR3dHg5YXQOg5mBcETmu_GC29FBb6OF-1_pIC_GyUVbqxSBcjusbNrNenJsHLenggKVzYTwA1ai-b3b3KKcgL8q3A8X7d8o9LwRYiNU5aDZQ0sDJzg9N_LsVj_7o1cCbauHj0awGuznd7eO7Ayb7vvAnnr48PbtY_wFbwHCdIJhmI28bi7ft6sL8BWPOSPygnwVBJH1qP1VYiO4lKRzehh9WOGSa4BGm4O7HFkq8tSWeaIeFJ3KrMM9imrEO9ucVNd7zT80AYbcgUicXRV4_HkZzhj8XaNxSQ"
    }
  ]
}
policy_uri
https://openid.net
redirect_uris
[
  "https://www.certification.openid.net/test/zPX2Il2NLM/callback"
]
registration_client_uri
https://op.panva.cz/reg/JdruMCP2RFNGPLocbceuQ
registration_access_token
jwqchpsCmfIP8pX09gt7h6c3B2SJ-t9tIgpDcbxfzNB
2020-07-28 20:05:15 SUCCESS
CallDynamicRegistrationEndpoint
Extracted dynamic registration management credentials
registration_client_uri
https://op.panva.cz/reg/JdruMCP2RFNGPLocbceuQ
registration_access_token
jwqchpsCmfIP8pX09gt7h6c3B2SJ-t9tIgpDcbxfzNB
2020-07-28 20:05:15
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
Make request to authorization endpoint
2020-07-28 20:05:15 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
JdruMCP2RFNGPLocbceuQ
redirect_uri
https://www.certification.openid.net/test/zPX2Il2NLM/callback
scope
openid
2020-07-28 20:05:15
CreateRandomStateValue
Created state value
requested_state_length
10
state
Rxu4DUeZY0
2020-07-28 20:05:15 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
JdruMCP2RFNGPLocbceuQ
redirect_uri
https://www.certification.openid.net/test/zPX2Il2NLM/callback
scope
openid
state
Rxu4DUeZY0
2020-07-28 20:05:15
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
D3cNKuJ87Y
2020-07-28 20:05:15 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
JdruMCP2RFNGPLocbceuQ
redirect_uri
https://www.certification.openid.net/test/zPX2Il2NLM/callback
scope
openid
state
Rxu4DUeZY0
nonce
D3cNKuJ87Y
2020-07-28 20:05:15 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
JdruMCP2RFNGPLocbceuQ
redirect_uri
https://www.certification.openid.net/test/zPX2Il2NLM/callback
scope
openid
state
Rxu4DUeZY0
nonce
D3cNKuJ87Y
response_type
code
2020-07-28 20:05:15 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://op.panva.cz/auth?client_id=JdruMCP2RFNGPLocbceuQ&redirect_uri=https://www.certification.openid.net/test/zPX2Il2NLM/callback&scope=openid&state=Rxu4DUeZY0&nonce=D3cNKuJ87Y&response_type=code
2020-07-28 20:05:15 REDIRECT
oidcc-registration-policy-uri
Redirecting to authorization endpoint
redirect_to
https://op.panva.cz/auth?client_id=JdruMCP2RFNGPLocbceuQ&redirect_uri=https://www.certification.openid.net/test/zPX2Il2NLM/callback&scope=openid&state=Rxu4DUeZY0&nonce=D3cNKuJ87Y&response_type=code
2020-07-28 20:05:15 REVIEW
ExpectLoginPageWithPolicyLink
The login page should show a link to a policy document - upload a screenshot of the login page.
content_type
text/html
page_source
<?xml version="1.0" encoding="UTF-8"?>
<html>
  <head>
    <meta charset="utf-8"/>
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>
    <meta http-equiv="x-ua-compatible" content="ie=edge"/>
    <title>
      Sign-in
    </title>
    <style>
      
      @import url(https://fonts.googleapis.com/css?family=Roboto:400,100);

      body {
        font-family: 'Roboto', sans-serif;
        margin-top: 25px;
        margin-bottom: 25px;
      }

      .login-card {
        padding: 40px;
        padding-top: 0px;
        padding-bottom: 10px;
        width: 274px;
        background-color: #F7F7F7;
        margin: 0 auto 10px;
        border-radius: 2px;
        box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
        overflow: hidden;
      }

      .login-card + .login-card {
        padding-top: 10px;
      }

      .login-card h1 {
        font-weight: 100;
        text-align: center;
        font-size: 2.3em;
      }

      .login-card [type=submit] {
        width: 100%;
        display: block;
        margin-bottom: 10px;
        position: relative;
      }

      .login-card input[type=text], input[type=email], input[type=password] {
        height: 44px;
        font-size: 16px;
        width: 100%;
        margin-bottom: 10px;
        -webkit-appearance: none;
        background: #fff;
        border: 1px solid #d9d9d9;
        border-top: 1px solid #c0c0c0;
        padding: 0 8px;
        box-sizing: border-box;
        -moz-box-sizing: border-box;
      }

      .login {
        text-align: center;
        font-size: 14px;
        font-family: 'Arial', sans-serif;
        font-weight: 700;
        height: 36px;
        padding: 0 8px;
      }

      .login-submit {
        border: 0px;
        color: #fff;
        text-shadow: 0 1px rgba(0,0,0,0.1);
        background-color: #4d90fe;
      }

      .google-button {
        height: 40px;
        border-width: 0;
        background: white;
        color: #737373;
        border-radius: 5px;
        white-space: nowrap;
        box-shadow: 1px 1px 0px 1px rgba(0,0,0,0.05);
        transition-property: background-color, box-shadow;
        transition-duration: 150ms;
        transition-timing-function: ease-in-out;
        padding: 0;

        &amp;:focus,
        &amp;:hover {
          box-shadow: 1px 4px 5px 1px rgba(0,0,0,0.1);
        }

        &amp;:active {
          background-color: #e5e5e5;
          box-shadow: none;
          transition-duration: 10ms;
        }
      }

      .google-button__icon {
        display: inline-block;
        vertical-align: middle;
        margin: 8px 0 8px 8px;
        width: 18px;
        height: 18px;
        box-sizing: border-box;
      }

      .google-button__icon--plus {
        width: 27px;
      }

      .google-button__text {
        display: inline-block;
        vertical-align: middle;
        padding: 0 24px;
        font-size: 14px;
        font-weight: bold;
        font-family: 'Roboto',arial,sans-serif;
      }

      .login-card a {
        text-decoration: none;
        color: #666;
        font-weight: 400;
        text-align: center;
        display: inline-block;
        opacity: 0.6;
      }

      .login-help {
        color: #666;
        width: 100%;
        text-align: center;
        font-size: 12px;
      }

      .login-client-image img {
        margin-bottom: 20px;
        display: block;
        margin-left: auto;
        margin-right: auto;
        width: 20%;
      }

      .login-card input[type=checkbox] {
        margin-bottom: 10px;
      }

      .login-card label {
        color: #999;
      }

      .grant-debug {
        text-align: center;
        font-family: Fixed, monospace;
        width: 100%;
        font-size: 12px;
        color: #999;
      }

      .grant-debug div {
        padding-top: 10px;
      }

      .login-help + form {
        margin-top: 10px;
      }

      ul {
        font-weight: 100;
        padding-left: 1em;
        list-style-type: circle;
      }

      li + ul, ul + li, li + li {
        padding-top: 0.3em;
      }

      button {
        cursor: pointer;
      }
    
    </style>
  </head>
  <body>
    <div class="login-card">
      <h1>
        Sign-in
      </h1>
      <form autocomplete="off" action="/interaction/hbeeN2qUybaLC7-ujYLbw/federated" method="post">
        <input type="hidden" name="provider" value="google"/>
        <button type="submit" class="google-button">
          <span class="google-button__icon">
            <svg viewbox="0 0 366 372" xmlns="http://www.w3.org/2000/svg">
              <path d="M125.9 10.2c40.2-13.9 85.3-13.6 125.3 1.1 22.2 8.2 42.5 21 59.9 37.1-5.8 6.3-12.1 12.2-18.1 18.3l-34.2 34.2c-11.3-10.8-25.1-19-40.1-23.6-17.6-5.3-36.6-6.1-54.6-2.2-21 4.5-40.5 15.5-55.6 30.9-12.2 12.3-21.4 27.5-27 43.9-20.3-15.8-40.6-31.5-61-47.3 21.5-43 60.1-76.9 105.4-92.4z" id="Shape" fill="#EA4335"/>
              <path d="M20.6 102.4c20.3 15.8 40.6 31.5 61 47.3-8 23.3-8 49.2 0 72.4-20.3 15.8-40.6 31.6-60.9 47.3C1.9 232.7-3.8 189.6 4.4 149.2c3.3-16.2 8.7-32 16.2-46.8z" id="Shape" fill="#FBBC05"/>
              <path d="M361.7 151.1c5.8 32.7 4.5 66.8-4.7 98.8-8.5 29.3-24.6 56.5-47.1 77.2l-59.1-45.9c19.5-13.1 33.3-34.3 37.2-57.5H186.6c.1-24.2.1-48.4.1-72.6h175z" id="Shape" fill="#4285F4"/>
              <path d="M81.4 222.2c7.8 22.9 22.8 43.2 42.6 57.1 12.4 8.7 26.6 14.9 41.4 17.9 14.6 3 29.7 2.6 44.4.1 14.6-2.6 28.7-7.9 41-16.2l59.1 45.9c-21.3 19.7-48 33.1-76.2 39.6-31.2 7.1-64.2 7.3-95.2-1-24.6-6.5-47.7-18.2-67.6-34.1-20.9-16.6-38.3-38-50.4-62 20.3-15.7 40.6-31.5 60.9-47.3z" fill="#34A853"/>
            </svg>
          </span>
          <span class="google-button__text">
            Sign in with Google
          </span>
        </button>
      </form>
      <div class="login-help">
        
  - or -

      </div>
      <form autocomplete="off" action="/interaction/hbeeN2qUybaLC7-ujYLbw/login" method="post">
        <input required="" type="text" name="login" placeholder="Enter any login" autofocus="on"/>
        <input required="" type="password" name="password" placeholder="and password"/>
        <button type="submit" class="login login-submit">
          Sign-in
        </button>
      </form>
      <div class="login-help">
        <a href="/interaction/hbeeN2qUybaLC7-ujYLbw/abort">
          [ Cancel ]
        </a>
        <a href="https://openid.net">
          [ Privacy Policy ]
        </a>
      </div>
    </div>
    <div class="grant-debug">
      <details>
        <summary style="text-align: center;">
          (Click to expand) DEBUG information
        </summary>
        <div>
          <strong>
            uid
          </strong>
          : hbeeN2qUybaLC7-ujYLbw
        
        </div>
        <div>
          
          PARAMS 
          <br/>
          
         ======== 
          <br/>
          <strong>
            client_id
          </strong>
          : 'JdruMCP2RFNGPLocbceuQ'
          <br/>
          <strong>
            nonce
          </strong>
          : 'D3cNKuJ87Y'
          <br/>
          <strong>
            redirect_uri
          </strong>
          : 'https://www.certification.openid.net/test/zPX2Il2NLM/callback'
          <br/>
          <strong>
            response_type
          </strong>
          : 'code'
          <br/>
          <strong>
            scope
          </strong>
          : 'openid'
          <br/>
          <strong>
            state
          </strong>
          : 'Rxu4DUeZY0'
        
        </div>
        <div>
          
          PROMPT 
          <br/>
          
         ======== 
          <br/>
          <strong>
            name
          </strong>
          : 'login'
          <br/>
          <strong>
            reasons
          </strong>
          : [ 'no_session' ]
          <br/>
          <strong>
            details
          </strong>
          : { max_age: null, login_hint: null, id_token_hint: null }
        
        </div>
      </details>
    </div>
  </body>
</html>
2020-07-28 20:05:15
WebRunner
Scripted browser HTTP request
browser
goToUrl
request_method
GET
request_uri
https://op.panva.cz/auth?client_id=JdruMCP2RFNGPLocbceuQ&redirect_uri=https://www.certification.openid.net/test/zPX2Il2NLM/callback&scope=openid&state=Rxu4DUeZY0&nonce=D3cNKuJ87Y&response_type=code
2020-07-28 20:05:16 RESPONSE
WebRunner
Scripted browser HTTP response
response_content
<!DOCTYPE html>
<html >
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <title>Sign-in</title>
    <style>
      @import url(https://fonts.googleapis.com/css?family=Roboto:400,100);

      body {
        font-family: 'Roboto', sans-serif;
        margin-top: 25px;
        margin-bottom: 25px;
      }

      .login-card {
        padding: 40px;
        padding-top: 0px;
        padding-bottom: 10px;
        width: 274px;
        background-color: #F7F7F7;
        margin: 0 auto 10px;
        border-radius: 2px;
        box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
        overflow: hidden;
      }

      .login-card + .login-card {
        padding-top: 10px;
      }

      .login-card h1 {
        font-weight: 100;
        text-align: center;
        font-size: 2.3em;
      }

      .login-card [type=submit] {
        width: 100%;
        display: block;
        margin-bottom: 10px;
        position: relative;
      }

      .login-card input[type=text], input[type=email], input[type=password] {
        height: 44px;
        font-size: 16px;
        width: 100%;
        margin-bottom: 10px;
        -webkit-appearance: none;
        background: #fff;
        border: 1px solid #d9d9d9;
        border-top: 1px solid #c0c0c0;
        padding: 0 8px;
        box-sizing: border-box;
        -moz-box-sizing: border-box;
      }

      .login {
        text-align: center;
        font-size: 14px;
        font-family: 'Arial', sans-serif;
        font-weight: 700;
        height: 36px;
        padding: 0 8px;
      }

      .login-submit {
        border: 0px;
        color: #fff;
        text-shadow: 0 1px rgba(0,0,0,0.1);
        background-color: #4d90fe;
      }

      .google-button {
        height: 40px;
        border-width: 0;
        background: white;
        color: #737373;
        border-radius: 5px;
        white-space: nowrap;
        box-shadow: 1px 1px 0px 1px rgba(0,0,0,0.05);
        transition-property: background-color, box-shadow;
        transition-duration: 150ms;
        transition-timing-function: ease-in-out;
        padding: 0;

        &:focus,
        &:hover {
          box-shadow: 1px 4px 5px 1px rgba(0,0,0,0.1);
        }

        &:active {
          background-color: #e5e5e5;
          box-shadow: none;
          transition-duration: 10ms;
        }
      }

      .google-button__icon {
        display: inline-block;
        vertical-align: middle;
        margin: 8px 0 8px 8px;
        width: 18px;
        height: 18px;
        box-sizing: border-box;
      }

      .google-button__icon--plus {
        width: 27px;
      }

      .google-button__text {
        display: inline-block;
        vertical-align: middle;
        padding: 0 24px;
        font-size: 14px;
        font-weight: bold;
        font-family: 'Roboto',arial,sans-serif;
      }

      .login-card a {
        text-decoration: none;
        color: #666;
        font-weight: 400;
        text-align: center;
        display: inline-block;
        opacity: 0.6;
      }

      .login-help {
        color: #666;
        width: 100%;
        text-align: center;
        font-size: 12px;
      }

      .login-client-image img {
        margin-bottom: 20px;
        display: block;
        margin-left: auto;
        margin-right: auto;
        width: 20%;
      }

      .login-card input[type=checkbox] {
        margin-bottom: 10px;
      }

      .login-card label {
        color: #999;
      }

      .grant-debug {
        text-align: center;
        font-family: Fixed, monospace;
        width: 100%;
        font-size: 12px;
        color: #999;
      }

      .grant-debug div {
        padding-top: 10px;
      }

      .login-help + form {
        margin-top: 10px;
      }

      ul {
        font-weight: 100;
        padding-left: 1em;
        list-style-type: circle;
      }

      li + ul, ul + li, li + li {
        padding-top: 0.3em;
      }

      button {
        cursor: pointer;
      }
    </style>
  </head>
  <body>
    <div class="login-card">
      <h1>Sign-in</h1>
      
<form autocomplete="off" action="/interaction/hbeeN2qUybaLC7-ujYLbw/federated" method="post">
  <input type="hidden" name="provider" value="google">
  <button type="submit" class="google-button">
    <span class="google-button__icon">
      <svg viewBox="0 0 366 372" xmlns="http://www.w3.org/2000/svg"><path d="M125.9 10.2c40.2-13.9 85.3-13.6 125.3 1.1 22.2 8.2 42.5 21 59.9 37.1-5.8 6.3-12.1 12.2-18.1 18.3l-34.2 34.2c-11.3-10.8-25.1-19-40.1-23.6-17.6-5.3-36.6-6.1-54.6-2.2-21 4.5-40.5 15.5-55.6 30.9-12.2 12.3-21.4 27.5-27 43.9-20.3-15.8-40.6-31.5-61-47.3 21.5-43 60.1-76.9 105.4-92.4z" id="Shape" fill="#EA4335"/><path d="M20.6 102.4c20.3 15.8 40.6 31.5 61 47.3-8 23.3-8 49.2 0 72.4-20.3 15.8-40.6 31.6-60.9 47.3C1.9 232.7-3.8 189.6 4.4 149.2c3.3-16.2 8.7-32 16.2-46.8z" id="Shape" fill="#FBBC05"/><path d="M361.7 151.1c5.8 32.7 4.5 66.8-4.7 98.8-8.5 29.3-24.6 56.5-47.1 77.2l-59.1-45.9c19.5-13.1 33.3-34.3 37.2-57.5H186.6c.1-24.2.1-48.4.1-72.6h175z" id="Shape" fill="#4285F4"/><path d="M81.4 222.2c7.8 22.9 22.8 43.2 42.6 57.1 12.4 8.7 26.6 14.9 41.4 17.9 14.6 3 29.7 2.6 44.4.1 14.6-2.6 28.7-7.9 41-16.2l59.1 45.9c-21.3 19.7-48 33.1-76.2 39.6-31.2 7.1-64.2 7.3-95.2-1-24.6-6.5-47.7-18.2-67.6-34.1-20.9-16.6-38.3-38-50.4-62 20.3-15.7 40.6-31.5 60.9-47.3z" fill="#34A853"/></svg>
    </span>
    <span class="google-button__text">Sign in with Google</span>
  </button>
</form>
<div class="login-help">
  - or -
</div>

<form autocomplete="off" action="/interaction/hbeeN2qUybaLC7-ujYLbw/login" method="post">
  <input required type="text" name="login" placeholder="Enter any login" autofocus="on">
  <input required type="password" name="password" placeholder="and password" >

  <button type="submit" class="login login-submit">Sign-in</button>
</form>

      <div class="login-help">
        <a href="/interaction/hbeeN2qUybaLC7-ujYLbw/abort">[ Cancel ]</a>
        
        
          <a href="https://openid.net">[ Privacy Policy ]</a>
        
      </div>
    </div>
    <div class="grant-debug">
      <details>
        <summary style="text-align: center;">(Click to expand) DEBUG information</summary>
        <div>
          <strong>uid</strong>: hbeeN2qUybaLC7-ujYLbw
        </div>

        

        <div>
          PARAMS <br>
         ======== <br>
          <strong>client_id</strong>: 'JdruMCP2RFNGPLocbceuQ'<br/><strong>nonce</strong>: 'D3cNKuJ87Y'<br/><strong>redirect_uri</strong>: 'https://www.certification.openid.net/test/zPX2Il2NLM/callback'<br/><strong>response_type</strong>: 'code'<br/><strong>scope</strong>: 'openid'<br/><strong>state</strong>: 'Rxu4DUeZY0'
        </div>

        <div>
          PROMPT <br>
         ======== <br>
          <strong>name</strong>: 'login'<br/><strong>reasons</strong>: [ 'no_session' ]<br/><strong>details</strong>: { max_age: null, login_hint: null, id_token_hint: null }
        </div>
      </details>
    </div>
  </body>
</html>
response_content_type
text/html
response_status_text
200-OK
response_status_code
200
2020-07-28 20:05:16 INFO
WebRunner
Waiting
regexp
Sign-in
seconds
10
task
Expect a login page with policy document link
browser
wait
action
update-image-placeholder
element_type
xpath
url
https://op.panva.cz/interaction/hbeeN2qUybaLC7-ujYLbw
target
//*
2020-07-28 20:05:16
BROWSER
Updated placeholder from scripted browser
placeholder
SjU0NQFqwz
2020-07-28 20:05:16
BROWSER
All placeholders filled by scripted browser
2020-07-28 20:05:16 INFO
WebRunner
Completed processing of webpage
task
Expect a login page with policy document link
browser
complete
response_status_text
200-OK
match
https://op.panva.cz/interaction*
url
https://op.panva.cz/interaction/hbeeN2qUybaLC7-ujYLbw
response_status_code
200
2020-07-28 20:05:16 FINISHED
oidcc-registration-policy-uri
Test has run to completion
testmodule_result
REVIEW
Unregister dynamically registered client
2020-07-28 20:05:16
UnregisterDynamicallyRegisteredClient
HTTP request
request_uri
https://op.panva.cz/reg/JdruMCP2RFNGPLocbceuQ
request_method
DELETE
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "authorization": "Bearer jwqchpsCmfIP8pX09gt7h6c3B2SJ-t9tIgpDcbxfzNB",
  "content-length": "0"
}
request_body

                                
2020-07-28 20:05:17 RESPONSE
UnregisterDynamicallyRegisteredClient
HTTP response
response_status_code
204 NO_CONTENT
response_status_text
No Content
response_headers
{
  "cache-control": "no-cache, no-store",
  "date": "Tue, 28 Jul 2020 20:05:17 GMT",
  "pragma": "no-cache",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-xss-protection": "1; mode\u003dblock"
}
response_body

                                
2020-07-28 20:05:17 SUCCESS
UnregisterDynamicallyRegisteredClient
Client successfully unregistered
Test Results