Test Info

Issuerhttps://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest
Profile[]
Test IDOP-OAuth-2nd
Test descriptionTrying to use authorization code twice should result in an error
Timestamp2020-07-09T07:17:50Z

Conditions


check-http-error-response: status=OK [Checks that an error code is either 400 or 401 which are the only ones accepted by OAuth2/OIDC.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK

Trace Output

0phase<--<-- 0 --- Webfinger -->-->
0not expected to doWebFinger
0phase<--<-- 1 --- Discovery -->-->
0provider_config
kwargs:{'issuer': 'https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest'}
0http response
url:https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/.well-known/openid-configuration status_code:200
0ProviderConfigurationResponse
{
    "acr_values_supported": [
        "loginradius:nist:level:1:re-auth"
    ],
    "authorization_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize",
    "backchannel_logout_session_supported": false,
    "backchannel_logout_supported": false,
    "claims_parameter_supported": false,
    "claims_supported": [
        "middle_name",
        "profile",
        "Country",
        "Favicon",
        "phone_number_verified",
        "name",
        "given_name",
        "nickname",
        "picture",
        "birthdate",
        "address",
        "preferred_username",
        "LastName",
        "email_verified",
        "auth_time",
        "UserName",
        "email",
        "phone_number",
        "website",
        "FirstName",
        "gender",
        "zoneinfo",
        "family_name",
        "locale",
        "updated_at",
        "acr",
        "CustomFields.customerid",
        "Uid"
    ],
    "frontchannel_logout_session_supported": false,
    "frontchannel_logout_supported": false,
    "grant_types_supported": [
        "authorization_code",
        "refresh_token"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "issuer": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest",
    "jwks_uri": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/jwks",
    "request_parameter_supported": false,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": false,
    "response_modes_supported": [
        "query",
        "form_post",
        "fragment"
    ],
    "response_types_supported": [
        "code",
        "token",
        "id_token",
        "code token",
        "code id_token",
        "token id_token",
        "code token id_token"
    ],
    "revocation_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/revoke",
    "scopes_supported": [
        "openid",
        "email",
        "phone",
        "profile",
        "address"
    ],
    "subject_types_supported": [
        "public"
    ],
    "token_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token",
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic"
    ],
    "userinfo_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/userinfo",
    "version": "3.0"
}
0phase<--<-- 2 --- Registration -->-->
0not expected to doDynamic registration
0phase<--<-- 3 --- Note -->-->
3phase<--<-- 4 --- AsyncAuthn -->-->
3AuthorizationRequest
{
    "client_id": "112563f6-1480-40b8-8e28-e072ca212c82",
    "nonce": "HPSVvFSCM9tAC8dQ",
    "redirect_uri": "https://op.certification.openid.net:61949/authz_cb",
    "response_type": "code",
    "scope": "openid",
    "state": "bhik7Kao5pFTcz8O"
}
3redirect urlhttps://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize?state=bhik7Kao5pFTcz8O&nonce=HPSVvFSCM9tAC8dQ&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&client_id=112563f6-1480-40b8-8e28-e072ca212c82
3redirecthttps://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize?state=bhik7Kao5pFTcz8O&nonce=HPSVvFSCM9tAC8dQ&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&client_id=112563f6-1480-40b8-8e28-e072ca212c82
10responseResponse URL with query part
10response{'state': 'bhik7Kao5pFTcz8O', 'code': '51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a'}
10response{'state': 'bhik7Kao5pFTcz8O', 'code': '51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a'}
10AuthorizationResponse
{
    "code": "51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a",
    "state": "bhik7Kao5pFTcz8O"
}
10phase<--<-- 5 --- AccessToken -->-->
10requestop_args: {'state': 'bhik7Kao5pFTcz8O'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb'}
10do_access_token_request
kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb', 'code': '51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a', 'state': 'bhik7Kao5pFTcz8O', 'grant_type': 'authorization_code', 'client_id': '112563f6-1480-40b8-8e28-e072ca212c82'}, 'state': 'bhik7Kao5pFTcz8O', 'authn_method': 'client_secret_basic'}
10AccessTokenRequest
{
    "code": "51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61949/authz_cb",
    "state": "bhik7Kao5pFTcz8O"
}
10request_urlhttps://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token
10request_http_args{'headers': {'Authorization': 'Basic MTEyNTYzZjYtMTQ4MC00MGI4LThlMjgtZTA3MmNhMjEyYzgyOjc4ZDNkYmUzLTEwZDEtNDk3Yi05MzU3LThlZWQ0NTkzMzYzZA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
10requestgrant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&code=51e0bf4aa141a055b3b7b62cdf899e59%3Aab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a&state=bhik7Kao5pFTcz8O
10http response
url:https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token status_code:200
10response{'access_token': '236d0abb-83b2-4f19-80ee-6ea4f05649f3', 'token_type': 'Bearer', 'refresh_token': '132e1e7d-18c5-4972-9c53-840c1d921835', 'expires_in': 843, 'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMSIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjp7ImNvdW50cnkiOm51bGwsImxvY2FsaXR5IjpudWxsLCJwb3N0YWxfY29kZSI6bnVsbCwicmVnaW9uIjpudWxsLCJzdHJlZXRfYWRkcmVzcyI6bnVsbH0sImFzZGZnaCI6IiIsImF1ZCI6IjExMjU2M2Y2LTE0ODAtNDBiOC04ZTI4LWUwNzJjYTIxMmM4MiIsImF1dGhfdGltZSI6MTU5NDI3OTAxNCwiYmlydGhkYXRlIjoiMTk4Ny0wNy0wOCIsImNfaGFzaCI6IlB3Nkc2ZTdzMF9aaW5HT3hIRDdSQUEiLCJjb3VudHJ5IjpudWxsLCJlbWFpbCI6W3siVHlwZSI6IlByaW1hcnkiLCJWYWx1ZSI6ImNsb3Vkc3NvdGVzdEBtYWlsYXp5LmNvbSJ9XSwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTU5NDI3OTY3MCwiZmFtaWx5X25hbWUiOiJ0ZXNydCIsImZhdmljb24xIjpudWxsLCJmbmFtZSI6ImNsb3Vkc3NvdCIsImdlbmRlciI6bnVsbCwiZ2l2ZW5fbmFtZSI6ImNsb3Vkc3NvdCIsImlhdCI6MTU5NDI3OTA3MCwiaXNzIjoiaHR0cHM6Ly9jbG91ZC1hcGkubG9naW5yYWRpdXMuY29tL3Nzby9vaWRjL3YyL2ludGVybmFsLW1heWFuay9vaWRjdGVzdCIsImp0aSI6IjM5MzYyYTRiLWJhODAtNDBiYS1hMjBjLWQ3ZWJmMTcyZTExNyIsImxuYW1lIjoidGVzcnQiLCJsb2NhbGUiOm51bGwsIm1pZGRsZV9uYW1lIjpudWxsLCJuYW1lIjoiY2xvdWRzc290IHRlc3J0IiwibmJmIjoxNTk0Mjc5MDcwLCJuaWNrbmFtZSI6bnVsbCwibm9uY2UiOiJIUFNWdkZTQ005dEFDOGRRIiwicGhvbmVfbnVtYmVyIjoiKzE5MDI5MDk1NzE0IiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIjp0cnVlLCJwaWN0dXJlIjpudWxsLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJjbG91ZHNzb3Rlc3QiLCJwcm9maWxlIjpudWxsLCJzdWIiOiIwYjdmOTQ1YjhjNWY0YTM2YTM1YmY0OWY3MjM5YmZhNCIsInVpZCI6IjBiN2Y5NDViOGM1ZjRhMzZhMzViZjQ5ZjcyMzliZmE0IiwidXBkYXRlZF9hdCI6MTU2Mzg4NTEwOSwidXNlcm5hbWUiOiJjbG91ZHNzb3Rlc3QiLCJ3ZWJzaXRlIjpudWxsLCJ6b25laW5mbyI6bnVsbH0.Dp66_HT_PXgGQOLkpfZyo56CDwuGMwS3zysYVC74bQKg9oTutvTLuP0RTYvW7-vBjklQsCC9VoxacUXGb-LJMlcOi004HRfgpVazWOuqvyWyCIglNoHQG8Sj02C7KiqBBxtb4n-pFBbhC_uaSFcUBtQS0SsLG723NKET93A-nGoSW0843i9u92E4DDDYIwkzA4Fpmppg8NVCP7bGynK4TBPAgZFzG2nCMqK5uwSFT52gqULAkKRn0MenX4URo_NvkgqlGSjdCWBVZ9wbclOJqUBdqJL2mV5lHk6I9LA4rbLtkscS90baTm1nYOnKSLTxmYj7L4Wh0vQlCIjz38CWiQ'}
10AccessTokenResponse
{
    "access_token": "236d0abb-83b2-4f19-80ee-6ea4f05649f3",
    "expires_in": 843,
    "id_token": {
        "address": {
            "country": null,
            "locality": null,
            "postal_code": null,
            "region": null,
            "street_address": null
        },
        "aud": [
            "112563f6-1480-40b8-8e28-e072ca212c82"
        ],
        "auth_time": 1594279014,
        "birthdate": "1987-07-08",
        "c_hash": "Pw6G6e7s0_ZinGOxHD7RAA",
        "country": null,
        "email": {
            "Type": "Primary",
            "Value": "cloudssotest@mailazy.com"
        },
        "email_verified": true,
        "exp": 1594279670,
        "family_name": "tesrt",
        "favicon1": null,
        "fname": "cloudssot",
        "gender": null,
        "given_name": "cloudssot",
        "iat": 1594279070,
        "iss": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest",
        "jti": "39362a4b-ba80-40ba-a20c-d7ebf172e117",
        "lname": "tesrt",
        "locale": null,
        "middle_name": null,
        "name": "cloudssot tesrt",
        "nbf": 1594279070,
        "nickname": null,
        "nonce": "HPSVvFSCM9tAC8dQ",
        "phone_number": "+19029095714",
        "phone_number_verified": true,
        "picture": null,
        "preferred_username": "cloudssotest",
        "profile": null,
        "sub": "0b7f945b8c5f4a36a35bf49f7239bfa4",
        "uid": "0b7f945b8c5f4a36a35bf49f7239bfa4",
        "updated_at": 1563885109,
        "username": "cloudssotest",
        "website": null,
        "zoneinfo": null
    },
    "refresh_token": "132e1e7d-18c5-4972-9c53-840c1d921835",
    "token_type": "Bearer"
}
10jws header{'alg': 'RS256', 'kid': '201', 'typ': 'JWT'}
10phase<--<-- 6 --- AccessToken -->-->
10requestop_args: {'state': 'bhik7Kao5pFTcz8O'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb'}
10do_access_token_request
kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb', 'code': '51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a', 'state': 'bhik7Kao5pFTcz8O', 'grant_type': 'authorization_code', 'client_id': '112563f6-1480-40b8-8e28-e072ca212c82'}, 'state': 'bhik7Kao5pFTcz8O', 'authn_method': 'client_secret_basic'}
10AccessTokenRequest
{
    "code": "51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:61949/authz_cb",
    "state": "bhik7Kao5pFTcz8O"
}
10request_urlhttps://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token
10request_http_args{'headers': {'Authorization': 'Basic MTEyNTYzZjYtMTQ4MC00MGI4LThlMjgtZTA3MmNhMjEyYzgyOjc4ZDNkYmUzLTEwZDEtNDk3Yi05MzU3LThlZWQ0NTkzMzYzZA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
10requestgrant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&code=51e0bf4aa141a055b3b7b62cdf899e59%3Aab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a&state=bhik7Kao5pFTcz8O
10http response
url:https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token status_code:400 message:{"error":"invalid_grant","error_description":"The code is already used"}
10response{'error': 'invalid_grant', 'error_description': 'The code is already used'}
10eventGot expected error
10TokenErrorResponse
{
    "error": "invalid_grant",
    "error_description": "The code is already used"
}
10phase<--<-- 7 --- Done -->-->
10end
10assertionCheckHTTPErrorResponse
10conditioncheck-http-error-response: status=OK [Checks that an error code is either 400 or 401 which are the only ones accepted by OAuth2/OIDC.]
10assertionVerifyResponse
10conditionverify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
10conditionDone: status=OK

Result

PASSED