Test Info
Profile | [] |
---|---|
Test description | Request with nonce, verifies it was returned in ID Token [Implicit, Hybrid] |
Timestamp | 2017-10-13T14:34:18Z |
Issuer | https://ofis.theoptimalcloud.com/odn/ |
Test ID | OP-nonce-noncode |
Conditions
check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.]
verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses]
Done: status=OK
Trace Output
0.0 | phase | <--<-- 0 --- Webfinger -->--> |
0.0 | not expected to do | WebFinger |
0.0 | phase | <--<-- 1 --- Discovery -->--> |
0.0 | not expected to do | Dynamic discovery |
0.0 | phase | <--<-- 2 --- Registration -->--> |
0.001 | not expected to do | Dynamic registration |
0.001 | phase | <--<-- 3 --- AsyncAuthn -->--> |
0.001 | AuthorizationRequest |
|
0.001 | redirect url | https://ofis.theoptimalcloud.com/odn/?nonce=sUrVaOeCAHGFqYZu&response_type=id_token+token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60044%2Fauthz_cb&client_id=https%3A%2F%2Fop.certification.openid.net%2F&state=9UOPTssapysYzc6x&scope=openid |
0.001 | redirect | https://ofis.theoptimalcloud.com/odn/?nonce=sUrVaOeCAHGFqYZu&response_type=id_token+token&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60044%2Fauthz_cb&client_id=https%3A%2F%2Fop.certification.openid.net%2F&state=9UOPTssapysYzc6x&scope=openid |
0.165 | http args | {} |
0.284 | response | access_token=4dkMLtb0kQYtXECYpR8N5Fv24nCWY7hP0h3kGFzL4HDjGRifpybXnh84j1oVa1RStAi8tu6Uh6oUnn6WlQRYVMA3rd4PUt7Ac8k4ZcH0e3qNF-SsSs91DeeLxv_CDwGNR4vRlqgg1t2iz74X-zl9jPD4Rc0XTKeWz5YCGA6-M6LYmt5EggnAV1LIqpT0oOLOKqdnJA2lrGvcG1petm1Ux7Vjl24m2u1ZMZd5bi5hp_skFEyh4qSDSTlD875I_Qjn&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Il9zZnJweWVzUFVyQTl5TkhXYXBOZXYwOVlYQSJ9.eyJzdWIiOiJqQnJEYWJVVTdFR1V5QXhEQjZLekNnPT0iLCJlbWFpbCI6ImplZmYuYm9ocmVuQG9wdGltYWxpZG0uY29tIiwiZ2l2ZW5fbmFtZSI6IkplZmZyZXkiLCJmYW1pbHlfbmFtZSI6IkJvaHJlbiIsIm5hbWUiOiJKZWZmcmV5IEJvaHJlbiIsIm1pZGRsZV9uYW1lIjoiU2NvdHQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqZWZmLmJvaHJlbkBvcHRpbWFsaWRtLmNvbSIsInBob25lX251bWJlciI6IjU1NS0xMjEyIiwibmlja25hbWUiOiJKZWZmcmV5IiwicHJvZmlsZSI6Imh0dHBzOi8vb3B0aW1hbGlkbS5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9vcHRpbWFsaWRtLmNvbSIsIndlYnNpdGUiOiJodHRwOi8vb3B0aW1hbGlkbS5jb20iLCJnZW5kZXIiOiJtYWxlIiwiYmlydGhkYXRlIjoiMTk3Mi0wMS0wMSIsInpvbmVpbmZvIjoiRWFzdCBVUyIsImxvY2FsZSI6ImVuLVVTIiwibm9uY2UiOiJzVXJWYU9lQ0FIR0ZxWVp1IiwiYXRfaGFzaCI6IjhVOVFhU0hueDFrRXc5STVELUt4bXciLCJjX2hhc2giOiJza3J5UHBqOWtfZUJXYWlVWUNabllnIiwiaWF0IjoxNTA3OTA1MjU4LCJpc3MiOiJodHRwczovL29maXMudGhlb3B0aW1hbGNsb3VkLmNvbS9vZG4vIiwiYXVkIjoiaHR0cHM6Ly9vcC5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvIiwiZXhwIjoxNTA3OTA1ODU4LCJuYmYiOjE1MDc5MDUyNTd9.pv3IVWAxoz5aNtxYIZeXfInjdCB1DT-ojrmTudzEwypOBvRu20Gg_Wl8gkFI2LwJCaEbGYYtFBmkOiSYmSe0ev4IWmPTV78qwFG_8_yIvRaohyEpKkEcdtLtF-o8dOBMxRT9anNJS8iXVgNdW3YVNaauync95EesbwBevQAos-6ElIKs1-a91_jWKQP_jfTcHR7w32ItxItVaiPY8L5oV81Rpe4AJijGj2NqIfrI_b4cuKKlaHOGe_m_R41VIcqXDljQyZ5YFYmhmYJK3Cyq4U3nXuMAyjPu2cR6RrgbJQ_4D_Iq_TLRG789tIZTupK3LnW0EknIrzAbHMzHXJjpyw&token_type=Bearer&state=9UOPTssapysYzc6x&expires_in=36000 |
0.285 | response | {'access_token': '4dkMLtb0kQYtXECYpR8N5Fv24nCWY7hP0h3kGFzL4HDjGRifpybXnh84j1oVa1RStAi8tu6Uh6oUnn6WlQRYVMA3rd4PUt7Ac8k4ZcH0e3qNF-SsSs91DeeLxv_CDwGNR4vRlqgg1t2iz74X-zl9jPD4Rc0XTKeWz5YCGA6-M6LYmt5EggnAV1LIqpT0oOLOKqdnJA2lrGvcG1petm1Ux7Vjl24m2u1ZMZd5bi5hp_skFEyh4qSDSTlD875I_Qjn', 'id_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Il9zZnJweWVzUFVyQTl5TkhXYXBOZXYwOVlYQSJ9.eyJzdWIiOiJqQnJEYWJVVTdFR1V5QXhEQjZLekNnPT0iLCJlbWFpbCI6ImplZmYuYm9ocmVuQG9wdGltYWxpZG0uY29tIiwiZ2l2ZW5fbmFtZSI6IkplZmZyZXkiLCJmYW1pbHlfbmFtZSI6IkJvaHJlbiIsIm5hbWUiOiJKZWZmcmV5IEJvaHJlbiIsIm1pZGRsZV9uYW1lIjoiU2NvdHQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqZWZmLmJvaHJlbkBvcHRpbWFsaWRtLmNvbSIsInBob25lX251bWJlciI6IjU1NS0xMjEyIiwibmlja25hbWUiOiJKZWZmcmV5IiwicHJvZmlsZSI6Imh0dHBzOi8vb3B0aW1hbGlkbS5jb20iLCJwaWN0dXJlIjoiaHR0cHM6Ly9vcHRpbWFsaWRtLmNvbSIsIndlYnNpdGUiOiJodHRwOi8vb3B0aW1hbGlkbS5jb20iLCJnZW5kZXIiOiJtYWxlIiwiYmlydGhkYXRlIjoiMTk3Mi0wMS0wMSIsInpvbmVpbmZvIjoiRWFzdCBVUyIsImxvY2FsZSI6ImVuLVVTIiwibm9uY2UiOiJzVXJWYU9lQ0FIR0ZxWVp1IiwiYXRfaGFzaCI6IjhVOVFhU0hueDFrRXc5STVELUt4bXciLCJjX2hhc2giOiJza3J5UHBqOWtfZUJXYWlVWUNabllnIiwiaWF0IjoxNTA3OTA1MjU4LCJpc3MiOiJodHRwczovL29maXMudGhlb3B0aW1hbGNsb3VkLmNvbS9vZG4vIiwiYXVkIjoiaHR0cHM6Ly9vcC5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvIiwiZXhwIjoxNTA3OTA1ODU4LCJuYmYiOjE1MDc5MDUyNTd9.pv3IVWAxoz5aNtxYIZeXfInjdCB1DT-ojrmTudzEwypOBvRu20Gg_Wl8gkFI2LwJCaEbGYYtFBmkOiSYmSe0ev4IWmPTV78qwFG_8_yIvRaohyEpKkEcdtLtF-o8dOBMxRT9anNJS8iXVgNdW3YVNaauync95EesbwBevQAos-6ElIKs1-a91_jWKQP_jfTcHR7w32ItxItVaiPY8L5oV81Rpe4AJijGj2NqIfrI_b4cuKKlaHOGe_m_R41VIcqXDljQyZ5YFYmhmYJK3Cyq4U3nXuMAyjPu2cR6RrgbJQ_4D_Iq_TLRG789tIZTupK3LnW0EknIrzAbHMzHXJjpyw', 'state': '9UOPTssapysYzc6x', 'expires_in': 36000, 'token_type': 'Bearer'} |
0.438 | AuthorizationResponse |
|
0.438 | phase | <--<-- 4 --- AccessToken -->--> |
0.438 | phase | <--<-- 5 --- Done -->--> |
0.438 | end | |
0.438 | assertion | CheckIdTokenNonce |
0.439 | condition | check-idtoken-nonce: status=OK [Verify that the nonce in the IDToken is the same that's included in the Authorization Request.] |
0.439 | assertion | VerifyResponse |
0.439 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
0.439 | condition | Done: status=OK |
Result
PASSED