Test Info

Issuerhttps://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest
Profile[]
Test IDOP-nonce-noncode
Test descriptionRequest with nonce, verifies it was returned in ID Token [Implicit, Hybrid]
Timestamp2020-07-09T09:27:07Z

Conditions


check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK

Trace Output

0phase<--<-- 0 --- Webfinger -->-->
0not expected to doWebFinger
0phase<--<-- 1 --- Discovery -->-->
0provider_config
kwargs:{'issuer': 'https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest'}
0http response
url:https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/.well-known/openid-configuration status_code:200
0ProviderConfigurationResponse
{
    "acr_values_supported": [
        "loginradius:nist:level:1:re-auth"
    ],
    "authorization_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize",
    "backchannel_logout_session_supported": false,
    "backchannel_logout_supported": false,
    "claims_parameter_supported": false,
    "claims_supported": [
        "middle_name",
        "profile",
        "Country",
        "Favicon",
        "phone_number_verified",
        "name",
        "given_name",
        "nickname",
        "picture",
        "birthdate",
        "address",
        "preferred_username",
        "LastName",
        "email_verified",
        "auth_time",
        "UserName",
        "email",
        "phone_number",
        "website",
        "FirstName",
        "gender",
        "zoneinfo",
        "family_name",
        "locale",
        "updated_at",
        "acr",
        "CustomFields.customerid",
        "Uid"
    ],
    "frontchannel_logout_session_supported": false,
    "frontchannel_logout_supported": false,
    "grant_types_supported": [
        "authorization_code",
        "refresh_token"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "issuer": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest",
    "jwks_uri": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/jwks",
    "request_parameter_supported": false,
    "request_uri_parameter_supported": true,
    "require_request_uri_registration": false,
    "response_modes_supported": [
        "query",
        "form_post",
        "fragment"
    ],
    "response_types_supported": [
        "code",
        "token",
        "id_token",
        "code token",
        "code id_token",
        "token id_token",
        "code token id_token"
    ],
    "revocation_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/revoke",
    "scopes_supported": [
        "openid",
        "email",
        "phone",
        "profile",
        "address"
    ],
    "subject_types_supported": [
        "public"
    ],
    "token_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token",
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic"
    ],
    "userinfo_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/userinfo",
    "version": "3.0"
}
0phase<--<-- 2 --- Registration -->-->
0not expected to doDynamic registration
0phase<--<-- 3 --- AsyncAuthn -->-->
0AuthorizationRequest
{
    "client_id": "112563f6-1480-40b8-8e28-e072ca212c82",
    "nonce": "524seg31G31hg5GA",
    "redirect_uri": "https://op.certification.openid.net:62346/authz_cb",
    "response_type": "code token",
    "scope": "openid",
    "state": "bFi9twbG9Jo7jxSr"
}
0redirect urlhttps://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize?state=bFi9twbG9Jo7jxSr&nonce=524seg31G31hg5GA&response_type=code+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A62346%2Fauthz_cb&client_id=112563f6-1480-40b8-8e28-e072ca212c82
0redirecthttps://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize?state=bFi9twbG9Jo7jxSr&nonce=524seg31G31hg5GA&response_type=code+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A62346%2Fauthz_cb&client_id=112563f6-1480-40b8-8e28-e072ca212c82
12http args{}
12responseURL with fragment
12responsestate=bFi9twbG9Jo7jxSr&code=439b55dd2f807e73d45bf50b82f61ae1%3A23767c292aed7918b4c86411c746de5a3354bcaa887b3e9048062e8aa148e33568bbbc4447101691381021d957a766c40f8e43a7be541d93c1e3204caea6eb362f71f4093762ac8668822bc1c13a3a272e333ea20e2783dae48670074f7a0af9070795e5e112f1a1175f94aa1bf84074&access_token=77c20e4c-98f4-402e-be06-68649c49bd47&token_type=Bearer&expires_in=895
12response{'state': 'bFi9twbG9Jo7jxSr', 'code': '439b55dd2f807e73d45bf50b82f61ae1:23767c292aed7918b4c86411c746de5a3354bcaa887b3e9048062e8aa148e33568bbbc4447101691381021d957a766c40f8e43a7be541d93c1e3204caea6eb362f71f4093762ac8668822bc1c13a3a272e333ea20e2783dae48670074f7a0af9070795e5e112f1a1175f94aa1bf84074', 'access_token': '77c20e4c-98f4-402e-be06-68649c49bd47', 'token_type': 'Bearer', 'expires_in': 895}
12AuthorizationResponse
{
    "access_token": "77c20e4c-98f4-402e-be06-68649c49bd47",
    "code": "439b55dd2f807e73d45bf50b82f61ae1:23767c292aed7918b4c86411c746de5a3354bcaa887b3e9048062e8aa148e33568bbbc4447101691381021d957a766c40f8e43a7be541d93c1e3204caea6eb362f71f4093762ac8668822bc1c13a3a272e333ea20e2783dae48670074f7a0af9070795e5e112f1a1175f94aa1bf84074",
    "expires_in": 895,
    "state": "bFi9twbG9Jo7jxSr",
    "token_type": "Bearer"
}
12phase<--<-- 4 --- AccessToken -->-->
12requestop_args: {'state': 'bFi9twbG9Jo7jxSr'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:62346/authz_cb'}
12do_access_token_request
kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:62346/authz_cb', 'code': '439b55dd2f807e73d45bf50b82f61ae1:23767c292aed7918b4c86411c746de5a3354bcaa887b3e9048062e8aa148e33568bbbc4447101691381021d957a766c40f8e43a7be541d93c1e3204caea6eb362f71f4093762ac8668822bc1c13a3a272e333ea20e2783dae48670074f7a0af9070795e5e112f1a1175f94aa1bf84074', 'state': 'bFi9twbG9Jo7jxSr', 'grant_type': 'authorization_code', 'client_id': '112563f6-1480-40b8-8e28-e072ca212c82'}, 'state': 'bFi9twbG9Jo7jxSr', 'authn_method': 'client_secret_basic'}
12AccessTokenRequest
{
    "code": "439b55dd2f807e73d45bf50b82f61ae1:23767c292aed7918b4c86411c746de5a3354bcaa887b3e9048062e8aa148e33568bbbc4447101691381021d957a766c40f8e43a7be541d93c1e3204caea6eb362f71f4093762ac8668822bc1c13a3a272e333ea20e2783dae48670074f7a0af9070795e5e112f1a1175f94aa1bf84074",
    "grant_type": "authorization_code",
    "redirect_uri": "https://op.certification.openid.net:62346/authz_cb",
    "state": "bFi9twbG9Jo7jxSr"
}
12request_urlhttps://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token
12request_http_args{'headers': {'Authorization': 'Basic MTEyNTYzZjYtMTQ4MC00MGI4LThlMjgtZTA3MmNhMjEyYzgyOjc4ZDNkYmUzLTEwZDEtNDk3Yi05MzU3LThlZWQ0NTkzMzYzZA==', 'Content-Type': 'application/x-www-form-urlencoded'}}
12requestgrant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A62346%2Fauthz_cb&code=439b55dd2f807e73d45bf50b82f61ae1%3A23767c292aed7918b4c86411c746de5a3354bcaa887b3e9048062e8aa148e33568bbbc4447101691381021d957a766c40f8e43a7be541d93c1e3204caea6eb362f71f4093762ac8668822bc1c13a3a272e333ea20e2783dae48670074f7a0af9070795e5e112f1a1175f94aa1bf84074&state=bFi9twbG9Jo7jxSr
12http response
url:https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token status_code:200
12response{'access_token': '77c20e4c-98f4-402e-be06-68649c49bd47', 'token_type': 'Bearer', 'refresh_token': 'cd04913c-6004-4134-98cf-7342a87c1557', 'expires_in': 894, 'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMSIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjp7ImNvdW50cnkiOm51bGwsImxvY2FsaXR5IjpudWxsLCJwb3N0YWxfY29kZSI6bnVsbCwicmVnaW9uIjpudWxsLCJzdHJlZXRfYWRkcmVzcyI6bnVsbH0sImFzZGZnaCI6IiIsImF0X2hhc2giOiJJaS1lU0w4QkZvQktiYnFJeGtMLTlnIiwiYXVkIjoiMTEyNTYzZjYtMTQ4MC00MGI4LThlMjgtZTA3MmNhMjEyYzgyIiwiYXV0aF90aW1lIjoxNTk0Mjg2ODIyLCJiaXJ0aGRhdGUiOiIxOTg3LTA3LTA4IiwiY19oYXNoIjoib2V3SmFhdldDeWVib19SU3RYYW51QSIsImNvdW50cnkiOm51bGwsImVtYWlsIjpbeyJUeXBlIjoiUHJpbWFyeSIsIlZhbHVlIjoiY2xvdWRzc290ZXN0QG1haWxhenkuY29tIn1dLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZXhwIjoxNTk0Mjg3NDI3LCJmYW1pbHlfbmFtZSI6InRlc3J0IiwiZmF2aWNvbjEiOm51bGwsImZuYW1lIjoiY2xvdWRzc290IiwiZ2VuZGVyIjpudWxsLCJnaXZlbl9uYW1lIjoiY2xvdWRzc290IiwiaWF0IjoxNTk0Mjg2ODI3LCJpc3MiOiJodHRwczovL2Nsb3VkLWFwaS5sb2dpbnJhZGl1cy5jb20vc3NvL29pZGMvdjIvaW50ZXJuYWwtbWF5YW5rL29pZGN0ZXN0IiwianRpIjoiY2JlYzgwZTMtZTZlMS00ZTJlLTliNjgtMzZlZjU0NDc4ZGQ3IiwibG5hbWUiOiJ0ZXNydCIsImxvY2FsZSI6bnVsbCwibWlkZGxlX25hbWUiOm51bGwsIm5hbWUiOiJjbG91ZHNzb3QgdGVzcnQiLCJuYmYiOjE1OTQyODY4MjcsIm5pY2tuYW1lIjpudWxsLCJub25jZSI6IjUyNHNlZzMxRzMxaGc1R0EiLCJwaG9uZV9udW1iZXIiOiIrMTkwMjkwOTU3MTQiLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOnRydWUsInBpY3R1cmUiOm51bGwsInByZWZlcnJlZF91c2VybmFtZSI6ImNsb3Vkc3NvdGVzdCIsInByb2ZpbGUiOm51bGwsInN1YiI6IjBiN2Y5NDViOGM1ZjRhMzZhMzViZjQ5ZjcyMzliZmE0IiwidWlkIjoiMGI3Zjk0NWI4YzVmNGEzNmEzNWJmNDlmNzIzOWJmYTQiLCJ1cGRhdGVkX2F0IjoxNTYzODg1MTA5LCJ1c2VybmFtZSI6ImNsb3Vkc3NvdGVzdCIsIndlYnNpdGUiOm51bGwsInpvbmVpbmZvIjpudWxsfQ.dVkedzglR7AiTYD1t26fSfUHAAL93BgbN0lrTI2_LCjOW2OvODMK2q5CoA4NVefCUt3rHHuvJw8euZhvLmY6uBCX37mxmt3ZuViAHHqRsprXHdEd89DvA6TSVCPDTsHa7nCMdDhrAq_Q0nzvHxS91WYmq9ZGrK3EYvWhHks5blr_fl3zVK9OQxJ_kevHk_VpLbLpzm_0yKRe4Ltv4VMNZwVcP4ppiUw0liIGpTwen7m_NrYGQwOMT3vgLXYSUcKNTra8m0gPQFJKFaJUAW-TVWZFFgpAujiXMnZC0GtQNWkpkC9bWZr92UJ8awZ6NpkgfKmqk0x4pA_lYA0bvH4hgg'}
12AccessTokenResponse
{
    "access_token": "77c20e4c-98f4-402e-be06-68649c49bd47",
    "expires_in": 894,
    "id_token": {
        "address": {
            "country": null,
            "locality": null,
            "postal_code": null,
            "region": null,
            "street_address": null
        },
        "at_hash": "Ii-eSL8BFoBKbbqIxkL-9g",
        "aud": [
            "112563f6-1480-40b8-8e28-e072ca212c82"
        ],
        "auth_time": 1594286822,
        "birthdate": "1987-07-08",
        "c_hash": "oewJaavWCyebo_RStXanuA",
        "country": null,
        "email": {
            "Type": "Primary",
            "Value": "cloudssotest@mailazy.com"
        },
        "email_verified": true,
        "exp": 1594287427,
        "family_name": "tesrt",
        "favicon1": null,
        "fname": "cloudssot",
        "gender": null,
        "given_name": "cloudssot",
        "iat": 1594286827,
        "iss": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest",
        "jti": "cbec80e3-e6e1-4e2e-9b68-36ef54478dd7",
        "lname": "tesrt",
        "locale": null,
        "middle_name": null,
        "name": "cloudssot tesrt",
        "nbf": 1594286827,
        "nickname": null,
        "nonce": "524seg31G31hg5GA",
        "phone_number": "+19029095714",
        "phone_number_verified": true,
        "picture": null,
        "preferred_username": "cloudssotest",
        "profile": null,
        "sub": "0b7f945b8c5f4a36a35bf49f7239bfa4",
        "uid": "0b7f945b8c5f4a36a35bf49f7239bfa4",
        "updated_at": 1563885109,
        "username": "cloudssotest",
        "website": null,
        "zoneinfo": null
    },
    "refresh_token": "cd04913c-6004-4134-98cf-7342a87c1557",
    "token_type": "Bearer"
}
12jws header{'alg': 'RS256', 'kid': '201', 'typ': 'JWT'}
12phase<--<-- 5 --- Done -->-->
12end
12assertionCheckIdTokenNonce
12conditioncheck-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
12assertionVerifyResponse
12conditionverify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
12conditionDone: status=OK

Result

PASSED