Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-07-31 12:30:44 INFO
TEST-RUNNER
Test instance sdR5WdFTixMgzqR created
baseUrl
https://www.certification.openid.net/test/a/oidf-authlete-core
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code id_token token",
  "server_metadata": "static",
  "response_mode": "form_post",
  "client_registration": "static_client"
}
alias
oidf-authlete-core
description
Authlete plain OIDC client secret basic - static server config
planId
f4s0MatdN55iD
config
{
  "alias": "oidf-authlete-core",
  "description": "Authlete plain OIDC client secret basic - static server config",
  "publish": "everything",
  "server": {
    "issuer": "https://fapidev-as.authlete.net/",
    "jwks_uri": "https://fapidev-as.authlete.net/api/jwks",
    "authorization_endpoint": "https://fapidev-www.authlete.net/api/authorization",
    "token_endpoint": "https://fapidev-as.authlete.net/api/token",
    "userinfo_endpoint": "https://fapidev-rs.authlete.net/api/userinfo",
    "acr_values": "urn:mace:incommon:iap:silver urn:openbanking:psd2:sca urn:openbanking:psd2:ca",
    "login_hint": "john"
  },
  "client": {
    "client_id": "470519824180317",
    "client_secret": "Ek2CiuOrmfdhvsjGl037_pscCmYseks4bzSSxc3UZUcr-9Ki2rlCRdg_Mt-Ukc9b-LpajnMUcwmzqgXs-eDKzw"
  },
  "client_secret_post": {
    "client_id": "469894541303688",
    "client_secret": "SGMsD1U1t0iZXChy0YtbnICAfU9ULEgh5MElWNX6iOq0sWYI0TGiTn-4mRDlhsSOQGfWoZwYWqKAubsbrY7nfA"
  },
  "client2": {
    "client_id": "470553331604632",
    "client_secret": "3NLezSFOjyxuERp_cH3zFMbym9oNur3NMdYIJWimiTHEKROvsDTT1-BVfo8AbLNiUgyIbbGcr79n7fkTL7D8qA"
  },
  "browser": [
    {
      "comment": "expect an immediate error page",
      "match": "https://fapidev-www.authlete.net/api/authorization*",
      "tasks": [
        {
          "task": "Expect redirect uri mismatch error page",
          "match": "https://fapidev-www.authlete.net/api/authorization*",
          "commands": [
            [
              "wait",
              "xpath",
              "//*",
              10,
              ".*The value of \u0027redirect_uri\u0027 .* is not registered.*",
              "update-image-placeholder"
            ]
          ]
        }
      ]
    }
  ]
}
testName
oidcc-ensure-registered-redirect-uri
2020-07-31 12:30:44 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/oidf-authlete-core/callback
2020-07-31 12:30:44 SUCCESS
GetStaticServerConfiguration
Found a static server object
issuer
https://fapidev-as.authlete.net/
jwks_uri
https://fapidev-as.authlete.net/api/jwks
authorization_endpoint
https://fapidev-www.authlete.net/api/authorization
token_endpoint
https://fapidev-as.authlete.net/api/token
userinfo_endpoint
https://fapidev-rs.authlete.net/api/userinfo
acr_values
urn:mace:incommon:iap:silver urn:openbanking:psd2:sca urn:openbanking:psd2:ca
login_hint
john
2020-07-31 12:30:44 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2020-07-31 12:30:44 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
authorization_endpoint
{
  "testHost": "fapidev-www.authlete.net",
  "testPort": 443
}
token_endpoint
{
  "testHost": "fapidev-as.authlete.net",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "fapidev-rs.authlete.net",
  "testPort": 443
}
2020-07-31 12:30:44
FetchServerKeys
Fetching server key
jwks_uri
https://fapidev-as.authlete.net/api/jwks
2020-07-31 12:30:44
FetchServerKeys
HTTP request
request_uri
https://fapidev-as.authlete.net/api/jwks
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2020-07-31 12:30:44 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Fri, 31 Jul 2020 12:30:44 GMT",
  "server": "Jetty(9.4.21-SNAPSHOT)",
  "cache-control": "no-store, no-transform",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "472",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "authlete-fapidev-api-20180524",
      "n": "nJclr5TJ3Y21Ggt0lz2EO7wWKn6jTaIlMv1sNMy2VmkcSf8EVsFqJ1vSXjFxWvBj7RolFCyaChFwI_jog9c2rAkIwF8Voi5eB3PRjl3OaNRUYILRgLsaclTj02NWMvwbiJ18yJ63D4Ojzif8_RyAHuM3HO2rs6nPEyZMW3Xd0z3Lw099TpIcxA4Ktfo2DliUfMZh9s3lB_f6DSxX5Z9CXqrzNsoCCxqJZ55WuUUNA4LmYl5OgrH8sD7_TvY1QTjjmRzUptgj1S-gwagIjrkn9ooALa8gRN4etKztA2topBn0KO2VwEo_P4iejBn2Z3I2FlQnDNu0t7xNwBhsM2Vg8Q"
    }
  ]
}
2020-07-31 12:30:44
FetchServerKeys
Found JWK set string
jwk_string
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "authlete-fapidev-api-20180524",
      "n": "nJclr5TJ3Y21Ggt0lz2EO7wWKn6jTaIlMv1sNMy2VmkcSf8EVsFqJ1vSXjFxWvBj7RolFCyaChFwI_jog9c2rAkIwF8Voi5eB3PRjl3OaNRUYILRgLsaclTj02NWMvwbiJ18yJ63D4Ojzif8_RyAHuM3HO2rs6nPEyZMW3Xd0z3Lw099TpIcxA4Ktfo2DliUfMZh9s3lB_f6DSxX5Z9CXqrzNsoCCxqJZ55WuUUNA4LmYl5OgrH8sD7_TvY1QTjjmRzUptgj1S-gwagIjrkn9ooALa8gRN4etKztA2topBn0KO2VwEo_P4iejBn2Z3I2FlQnDNu0t7xNwBhsM2Vg8Q"
    }
  ]
}
2020-07-31 12:30:44 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "authlete-fapidev-api-20180524",
      "n": "nJclr5TJ3Y21Ggt0lz2EO7wWKn6jTaIlMv1sNMy2VmkcSf8EVsFqJ1vSXjFxWvBj7RolFCyaChFwI_jog9c2rAkIwF8Voi5eB3PRjl3OaNRUYILRgLsaclTj02NWMvwbiJ18yJ63D4Ojzif8_RyAHuM3HO2rs6nPEyZMW3Xd0z3Lw099TpIcxA4Ktfo2DliUfMZh9s3lB_f6DSxX5Z9CXqrzNsoCCxqJZ55WuUUNA4LmYl5OgrH8sD7_TvY1QTjjmRzUptgj1S-gwagIjrkn9ooALa8gRN4etKztA2topBn0KO2VwEo_P4iejBn2Z3I2FlQnDNu0t7xNwBhsM2Vg8Q"
    }
  ]
}
2020-07-31 12:30:44 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "authlete-fapidev-api-20180524",
      "n": "nJclr5TJ3Y21Ggt0lz2EO7wWKn6jTaIlMv1sNMy2VmkcSf8EVsFqJ1vSXjFxWvBj7RolFCyaChFwI_jog9c2rAkIwF8Voi5eB3PRjl3OaNRUYILRgLsaclTj02NWMvwbiJ18yJ63D4Ojzif8_RyAHuM3HO2rs6nPEyZMW3Xd0z3Lw099TpIcxA4Ktfo2DliUfMZh9s3lB_f6DSxX5Z9CXqrzNsoCCxqJZ55WuUUNA4LmYl5OgrH8sD7_TvY1QTjjmRzUptgj1S-gwagIjrkn9ooALa8gRN4etKztA2topBn0KO2VwEo_P4iejBn2Z3I2FlQnDNu0t7xNwBhsM2Vg8Q"
    }
  ]
}
2020-07-31 12:30:44 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2020-07-31 12:30:44 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2020-07-31 12:30:44 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-07-31 12:30:44 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2020-07-31 12:30:44 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
470519824180317
client_secret
Ek2CiuOrmfdhvsjGl037_pscCmYseks4bzSSxc3UZUcr-9Ki2rlCRdg_Mt-Ukc9b-LpajnMUcwmzqgXs-eDKzw
2020-07-31 12:30:44
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2020-07-31 12:30:44 SUCCESS
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
protected_resource_url
https://fapidev-rs.authlete.net/api/userinfo
2020-07-31 12:30:44 SUCCESS
CreateBadRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2
2020-07-31 12:30:44
oidcc-ensure-registered-redirect-uri
Setup Done
Make request to authorization endpoint
2020-07-31 12:30:44 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
470519824180317
redirect_uri
https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2
scope
openid
2020-07-31 12:30:44
CreateRandomStateValue
Created state value
requested_state_length
10
state
eDQJZ2924Q
2020-07-31 12:30:44 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
470519824180317
redirect_uri
https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2
scope
openid
state
eDQJZ2924Q
2020-07-31 12:30:44
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
g5kpVpkuj2
2020-07-31 12:30:44 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
470519824180317
redirect_uri
https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2
scope
openid
state
eDQJZ2924Q
nonce
g5kpVpkuj2
2020-07-31 12:30:44 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
470519824180317
redirect_uri
https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2
scope
openid
state
eDQJZ2924Q
nonce
g5kpVpkuj2
response_type
code id_token token
2020-07-31 12:30:44
SetAuthorizationEndpointRequestResponseModeToFormPost
Added response_mode parameter to request
client_id
470519824180317
redirect_uri
https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2
scope
openid
state
eDQJZ2924Q
nonce
g5kpVpkuj2
response_type
code id_token token
response_mode
form_post
2020-07-31 12:30:44 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://fapidev-www.authlete.net/api/authorization?client_id=470519824180317&redirect_uri=https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2&scope=openid&state=eDQJZ2924Q&nonce=g5kpVpkuj2&response_type=code%20id_token%20token&response_mode=form_post
2020-07-31 12:30:44 REDIRECT
oidcc-ensure-registered-redirect-uri
Redirecting to authorization endpoint
redirect_to
https://fapidev-www.authlete.net/api/authorization?client_id=470519824180317&redirect_uri=https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2&scope=openid&state=eDQJZ2924Q&nonce=g5kpVpkuj2&response_type=code%20id_token%20token&response_mode=form_post
2020-07-31 12:30:44 REVIEW
ExpectRedirectUriErrorPage
Show redirect URI error page
content_type
application/json
page_source
<?xml version="1.0" encoding="UTF-8"?>
<html>
  <head/>
  <body>
    {"error_description":"[A011304] The value of 'redirect_uri' (https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2) is not registered.","error":"invalid_request","error_uri":"https://docs.authlete.com/#A011304"}
  </body>
</html>
2020-07-31 12:30:44
WebRunner
Scripted browser HTTP request
browser
goToUrl
request_method
GET
request_uri
https://fapidev-www.authlete.net/api/authorization?client_id=470519824180317&redirect_uri=https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2&scope=openid&state=eDQJZ2924Q&nonce=g5kpVpkuj2&response_type=code%20id_token%20token&response_mode=form_post
2020-07-31 12:30:45 RESPONSE
WebRunner
Scripted browser HTTP response
response_content
{"error_description":"[A011304] The value of 'redirect_uri' (https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2) is not registered.","error":"invalid_request","error_uri":"https://docs.authlete.com/#A011304"}
response_content_type
application/json
response_status_text
400-Bad Request
response_status_code
400
2020-07-31 12:30:45 INFO
WebRunner
Waiting
regexp
.*The value of 'redirect_uri' .* is not registered.*
seconds
10
task
Expect redirect uri mismatch error page
browser
wait
action
update-image-placeholder
element_type
xpath
url
https://fapidev-www.authlete.net/api/authorization?client_id=470519824180317&redirect_uri=https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2&scope=openid&state=eDQJZ2924Q&nonce=g5kpVpkuj2&response_type=code%20id_token%20token&response_mode=form_post
target
//*
2020-07-31 12:30:45
BROWSER
Updated placeholder from scripted browser
placeholder
CSoHmeyViz
2020-07-31 12:30:45
BROWSER
All placeholders filled by scripted browser
2020-07-31 12:30:45 INFO
WebRunner
Completed processing of webpage
task
Expect redirect uri mismatch error page
browser
complete
response_status_text
400-Bad Request
match
https://fapidev-www.authlete.net/api/authorization*
url
https://fapidev-www.authlete.net/api/authorization?client_id=470519824180317&redirect_uri=https://www.certification.openid.net/test/a/oidf-authlete-core/oseYc6M4u2&scope=openid&state=eDQJZ2924Q&nonce=g5kpVpkuj2&response_type=code%20id_token%20token&response_mode=form_post
response_status_code
400
2020-07-31 12:30:45 FINISHED
oidcc-ensure-registered-redirect-uri
Test has run to completion
testmodule_result
REVIEW
Unregister dynamically registered client
2020-07-31 12:30:45 INFO
UnregisterDynamicallyRegisteredClient
Skipped evaluation due to missing required string: registration_client_uri
expected
registration_client_uri
2020-07-31 12:30:46
TEST-RUNNER
Alias has now been claimed by another test
alias
oidf-authlete-core
new_test_id
CWx6yHpRqc8BTkK
Test Results