Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-07-29 22:01:38 INFO
TEST-RUNNER
Test instance UtRULbCLnW created
baseUrl
https://www.certification.openid.net/test/a/openid4us
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code",
  "server_metadata": "discovery",
  "response_mode": "default",
  "client_registration": "dynamic_client"
}
alias
openid4us
description
planId
d6BE7uTcoAvAt
config
{
  "alias": "openid4us",
  "server": {
    "discoveryUrl": "https://connect.openid4.us:5443/.well-known/openid-configuration",
    "login_hint": "bob"
  },
  "client": {
    "client_name": "opend4Client1"
  },
  "client2": {
    "client_name": "openid4Client2"
  }
}
testName
oidcc-refresh-token
2020-07-29 22:01:38 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
2020-07-29 22:01:38
GetDynamicServerConfiguration
HTTP request
request_uri
https://connect.openid4.us:5443/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2020-07-29 22:01:38 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:01:38 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "access-control-allow-origin": "*",
  "content-length": "3644",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{
 "version":"3.0",
 "issuer":"https:\/\/connect.openid4.us:5443\/phpOp",
 "authorization_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/auth",
 "token_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/token",
 "userinfo_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/userinfo",
 "check_session_iframe":"https:\/\/connect.openid4.us:5443\/phpOp\/opframe.php",
 "aggregation_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/aggregation",
 "end_session_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/endsession",
 "jwks_uri":"https:\/\/connect.openid4.us:5443\/phpOp\/op.jwk",
 "registration_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/registration",
 "scopes_supported":[
  "openid",
  "profile",
  "email",
  "address",
  "phone",
  "offline_access"
 ],
 "response_types_supported":[
  "code",
  "code token",
  "code id_token",
  "token",
  "id_token token",
  "code id_token token",
  "id_token"
 ],
 "grant_types_supported":[
  "authorization_code",
  "implicit",
  "refresh_token"
 ],
 "acr_values_supported":[
  "acr1",
  "acr2",
  "acr3"
 ],
 "subject_types_supported":[
  "public",
  "pairwise"
 ],
 "userinfo_signing_alg_values_supported":[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
 ],
 "userinfo_encryption_alg_values_supported":[
  "RSA1_5",
  "RSA-OAEP"
 ],
 "userinfo_encryption_enc_values_supported":[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
 ],
 "id_token_signing_alg_values_supported":[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
 ],
 "id_token_encryption_alg_values_supported":[
  "RSA1_5",
  "RSA-OAEP"
 ],
 "id_token_encryption_enc_values_supported":[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
 ],
 "request_object_signing_alg_values_supported":[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
 ],
 "request_object_encryption_alg_values_supported":[
  "RSA1_5",
  "RSA-OAEP"
 ],
 "request_object_encryption_enc_values_supported":[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
 ],
 "aggregation_signing_alg_values_supported":[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
 ],
 "aggregation_encryption_alg_values_supported":[
  "RSA1_5",
  "RSA-OAEP"
 ],
 "aggregation_encryption_enc_values_supported":[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
 ],
 "token_endpoint_auth_methods_supported":[
  "client_secret_post",
  "client_secret_basic",
  "client_secret_jwt",
  "private_key_jwt"
 ],
 "token_endpoint_auth_signing_alg_values_supported":[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
 ],
 "display_values_supported":[
  "page"
 ],
 "claim_types_supported":[
  "normal"
 ],
 "claims_supported":[
  "name",
  "given_name",
  "family_name",
  "middle_name",
  "nickname",
  "preferred_username",
  "profile",
  "picture",
  "website",
  "email",
  "email_verified",
  "gender",
  "birthdate",
  "zoneinfo",
  "locale",
  "phone_number",
  "phone_number_verified",
  "address",
  "updated_at"
 ],
 "service_documentation":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/servicedocs",
 "claims_locales_supported":[
  "en-US"
 ],
 "ui_locales_supported":[
  "en-US"
 ],
 "require_request_uri_registration":false,
 "op_policy_uri":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/op_policy",
 "op_tos_uri":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/op_tos",
 "claims_parameter_supported":true,
 "request_parameter_supported":true,
 "request_uri_parameter_supported":true
}
2020-07-29 22:01:38
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{
 "version":"3.0",
 "issuer":"https:\/\/connect.openid4.us:5443\/phpOp",
 "authorization_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/auth",
 "token_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/token",
 "userinfo_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/userinfo",
 "check_session_iframe":"https:\/\/connect.openid4.us:5443\/phpOp\/opframe.php",
 "aggregation_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/aggregation",
 "end_session_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/endsession",
 "jwks_uri":"https:\/\/connect.openid4.us:5443\/phpOp\/op.jwk",
 "registration_endpoint":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/registration",
 "scopes_supported":[
  "openid",
  "profile",
  "email",
  "address",
  "phone",
  "offline_access"
 ],
 "response_types_supported":[
  "code",
  "code token",
  "code id_token",
  "token",
  "id_token token",
  "code id_token token",
  "id_token"
 ],
 "grant_types_supported":[
  "authorization_code",
  "implicit",
  "refresh_token"
 ],
 "acr_values_supported":[
  "acr1",
  "acr2",
  "acr3"
 ],
 "subject_types_supported":[
  "public",
  "pairwise"
 ],
 "userinfo_signing_alg_values_supported":[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
 ],
 "userinfo_encryption_alg_values_supported":[
  "RSA1_5",
  "RSA-OAEP"
 ],
 "userinfo_encryption_enc_values_supported":[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
 ],
 "id_token_signing_alg_values_supported":[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
 ],
 "id_token_encryption_alg_values_supported":[
  "RSA1_5",
  "RSA-OAEP"
 ],
 "id_token_encryption_enc_values_supported":[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
 ],
 "request_object_signing_alg_values_supported":[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
 ],
 "request_object_encryption_alg_values_supported":[
  "RSA1_5",
  "RSA-OAEP"
 ],
 "request_object_encryption_enc_values_supported":[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
 ],
 "aggregation_signing_alg_values_supported":[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
 ],
 "aggregation_encryption_alg_values_supported":[
  "RSA1_5",
  "RSA-OAEP"
 ],
 "aggregation_encryption_enc_values_supported":[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
 ],
 "token_endpoint_auth_methods_supported":[
  "client_secret_post",
  "client_secret_basic",
  "client_secret_jwt",
  "private_key_jwt"
 ],
 "token_endpoint_auth_signing_alg_values_supported":[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
 ],
 "display_values_supported":[
  "page"
 ],
 "claim_types_supported":[
  "normal"
 ],
 "claims_supported":[
  "name",
  "given_name",
  "family_name",
  "middle_name",
  "nickname",
  "preferred_username",
  "profile",
  "picture",
  "website",
  "email",
  "email_verified",
  "gender",
  "birthdate",
  "zoneinfo",
  "locale",
  "phone_number",
  "phone_number_verified",
  "address",
  "updated_at"
 ],
 "service_documentation":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/servicedocs",
 "claims_locales_supported":[
  "en-US"
 ],
 "ui_locales_supported":[
  "en-US"
 ],
 "require_request_uri_registration":false,
 "op_policy_uri":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/op_policy",
 "op_tos_uri":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/op_tos",
 "claims_parameter_supported":true,
 "request_parameter_supported":true,
 "request_uri_parameter_supported":true
}
2020-07-29 22:01:38 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
version
3.0
issuer
https://connect.openid4.us:5443/phpOp
authorization_endpoint
https://connect.openid4.us:5443/phpOp/index.php/auth
token_endpoint
https://connect.openid4.us:5443/phpOp/index.php/token
userinfo_endpoint
https://connect.openid4.us:5443/phpOp/index.php/userinfo
check_session_iframe
https://connect.openid4.us:5443/phpOp/opframe.php
aggregation_endpoint
https://connect.openid4.us:5443/phpOp/index.php/aggregation
end_session_endpoint
https://connect.openid4.us:5443/phpOp/index.php/endsession
jwks_uri
https://connect.openid4.us:5443/phpOp/op.jwk
registration_endpoint
https://connect.openid4.us:5443/phpOp/index.php/registration
scopes_supported
[
  "openid",
  "profile",
  "email",
  "address",
  "phone",
  "offline_access"
]
response_types_supported
[
  "code",
  "code token",
  "code id_token",
  "token",
  "id_token token",
  "code id_token token",
  "id_token"
]
grant_types_supported
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
acr_values_supported
[
  "acr1",
  "acr2",
  "acr3"
]
subject_types_supported
[
  "public",
  "pairwise"
]
userinfo_signing_alg_values_supported
[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
]
userinfo_encryption_alg_values_supported
[
  "RSA1_5",
  "RSA-OAEP"
]
userinfo_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
]
id_token_signing_alg_values_supported
[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
]
id_token_encryption_alg_values_supported
[
  "RSA1_5",
  "RSA-OAEP"
]
id_token_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
]
request_object_signing_alg_values_supported
[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
]
request_object_encryption_alg_values_supported
[
  "RSA1_5",
  "RSA-OAEP"
]
request_object_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
]
aggregation_signing_alg_values_supported
[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
]
aggregation_encryption_alg_values_supported
[
  "RSA1_5",
  "RSA-OAEP"
]
aggregation_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A256CBC-HS512",
  "A128GCM",
  "A256GCM"
]
token_endpoint_auth_methods_supported
[
  "client_secret_post",
  "client_secret_basic",
  "client_secret_jwt",
  "private_key_jwt"
]
token_endpoint_auth_signing_alg_values_supported
[
  "none",
  "HS256",
  "HS384",
  "HS512",
  "RS256",
  "RS384",
  "RS512"
]
display_values_supported
[
  "page"
]
claim_types_supported
[
  "normal"
]
claims_supported
[
  "name",
  "given_name",
  "family_name",
  "middle_name",
  "nickname",
  "preferred_username",
  "profile",
  "picture",
  "website",
  "email",
  "email_verified",
  "gender",
  "birthdate",
  "zoneinfo",
  "locale",
  "phone_number",
  "phone_number_verified",
  "address",
  "updated_at"
]
service_documentation
https://connect.openid4.us:5443/phpOp/index.php/servicedocs
claims_locales_supported
[
  "en-US"
]
ui_locales_supported
[
  "en-US"
]
require_request_uri_registration
false
op_policy_uri
https://connect.openid4.us:5443/phpOp/index.php/op_policy
op_tos_uri
https://connect.openid4.us:5443/phpOp/index.php/op_tos
claims_parameter_supported
true
request_parameter_supported
true
request_uri_parameter_supported
true
2020-07-29 22:01:38 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2020-07-29 22:01:38 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
{
  "testHost": "connect.openid4.us",
  "testPort": 5443
}
authorization_endpoint
{
  "testHost": "connect.openid4.us",
  "testPort": 5443
}
token_endpoint
{
  "testHost": "connect.openid4.us",
  "testPort": 5443
}
userinfo_endpoint
{
  "testHost": "connect.openid4.us",
  "testPort": 5443
}
2020-07-29 22:01:38
FetchServerKeys
Fetching server key
jwks_uri
https://connect.openid4.us:5443/phpOp/op.jwk
2020-07-29 22:01:38
FetchServerKeys
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/op.jwk
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2020-07-29 22:01:38 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:01:38 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "last-modified": "Sat, 04 Apr 2020 01:04:41 GMT",
  "etag": "\"3e7-5a26c9e6d9151\"",
  "accept-ranges": "bytes",
  "content-length": "999",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{
    "keys": [
        {
            "kty":"RSA",
            "n":"w9x1sXTkzuxJRHfLYdCv1DN2SsD90ufkSt_HOSjM7PSFsh-yGrqP85Hia2y_2bogz03L4GUrrGBXk8OlKxEK_U1QxhhRYyFKuyo2Y6jx2t8RXCE1duskyRikcEFMQtfacZiNeLlr_0SqlxQJBNgBi_e3g3UIFzyEXpRQS7X0AJ6xuRLT7-Nl1BT3QSB-cBsENgHb10zQNaOG3VnyNehrtofHzPyF4PO4q1dVK7qaqyjp50sX7ya7TXqG3e0dNV-vyIN5AVG-UKOGiON8XB9UQj0x4zWiIa7PYG298m6Jx_26ZLNU0RyF3kXbUzwDBdpOyhXjoyOwQ1V42BxDyqhaow",
            "e":"AQAB",
            "kid":"PHPOP-00S",
            "use":"sig"
        },
        {
            "kty":"RSA",
            "n":"1RuG1vnups95HRtpHE33XJdD23Uj4-nt4m5yDUicE843BqMOo27Zx-WNF2vRVU_xOjFoPcs5v59j0YF8D-GI8ocUHYsADy6CSUNLToYYUHYrh_QMp3EdB2gmD0rjav4RddZ7HymIoAGLPvrVztMLdRnJ71TZjdzkkT3dQ5_-t8tpukoMGOCiI-F4bMl6KynKV3h5Deb-o4_rZc5OnVQSywymy33HrlsCHBgrv8MWswzw8SxdOxnbLJFETuciqdM9fhIcJgBnzzcw3iaAsBFRpfP95Zw9_eZYUTu2XcWx6XRsQKfBaKMy8NzV55SaQDdJgycrpUX4_bUfWR861708Fw",
            "e":"AQAB",
            "kid":"PHPOP-00E",
            "use":"enc"
        }
    ]
}


2020-07-29 22:01:38
FetchServerKeys
Found JWK set string
jwk_string
{
    "keys": [
        {
            "kty":"RSA",
            "n":"w9x1sXTkzuxJRHfLYdCv1DN2SsD90ufkSt_HOSjM7PSFsh-yGrqP85Hia2y_2bogz03L4GUrrGBXk8OlKxEK_U1QxhhRYyFKuyo2Y6jx2t8RXCE1duskyRikcEFMQtfacZiNeLlr_0SqlxQJBNgBi_e3g3UIFzyEXpRQS7X0AJ6xuRLT7-Nl1BT3QSB-cBsENgHb10zQNaOG3VnyNehrtofHzPyF4PO4q1dVK7qaqyjp50sX7ya7TXqG3e0dNV-vyIN5AVG-UKOGiON8XB9UQj0x4zWiIa7PYG298m6Jx_26ZLNU0RyF3kXbUzwDBdpOyhXjoyOwQ1V42BxDyqhaow",
            "e":"AQAB",
            "kid":"PHPOP-00S",
            "use":"sig"
        },
        {
            "kty":"RSA",
            "n":"1RuG1vnups95HRtpHE33XJdD23Uj4-nt4m5yDUicE843BqMOo27Zx-WNF2vRVU_xOjFoPcs5v59j0YF8D-GI8ocUHYsADy6CSUNLToYYUHYrh_QMp3EdB2gmD0rjav4RddZ7HymIoAGLPvrVztMLdRnJ71TZjdzkkT3dQ5_-t8tpukoMGOCiI-F4bMl6KynKV3h5Deb-o4_rZc5OnVQSywymy33HrlsCHBgrv8MWswzw8SxdOxnbLJFETuciqdM9fhIcJgBnzzcw3iaAsBFRpfP95Zw9_eZYUTu2XcWx6XRsQKfBaKMy8NzV55SaQDdJgycrpUX4_bUfWR861708Fw",
            "e":"AQAB",
            "kid":"PHPOP-00E",
            "use":"enc"
        }
    ]
}


2020-07-29 22:01:38 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "n": "w9x1sXTkzuxJRHfLYdCv1DN2SsD90ufkSt_HOSjM7PSFsh-yGrqP85Hia2y_2bogz03L4GUrrGBXk8OlKxEK_U1QxhhRYyFKuyo2Y6jx2t8RXCE1duskyRikcEFMQtfacZiNeLlr_0SqlxQJBNgBi_e3g3UIFzyEXpRQS7X0AJ6xuRLT7-Nl1BT3QSB-cBsENgHb10zQNaOG3VnyNehrtofHzPyF4PO4q1dVK7qaqyjp50sX7ya7TXqG3e0dNV-vyIN5AVG-UKOGiON8XB9UQj0x4zWiIa7PYG298m6Jx_26ZLNU0RyF3kXbUzwDBdpOyhXjoyOwQ1V42BxDyqhaow",
      "e": "AQAB",
      "kid": "PHPOP-00S",
      "use": "sig"
    },
    {
      "kty": "RSA",
      "n": "1RuG1vnups95HRtpHE33XJdD23Uj4-nt4m5yDUicE843BqMOo27Zx-WNF2vRVU_xOjFoPcs5v59j0YF8D-GI8ocUHYsADy6CSUNLToYYUHYrh_QMp3EdB2gmD0rjav4RddZ7HymIoAGLPvrVztMLdRnJ71TZjdzkkT3dQ5_-t8tpukoMGOCiI-F4bMl6KynKV3h5Deb-o4_rZc5OnVQSywymy33HrlsCHBgrv8MWswzw8SxdOxnbLJFETuciqdM9fhIcJgBnzzcw3iaAsBFRpfP95Zw9_eZYUTu2XcWx6XRsQKfBaKMy8NzV55SaQDdJgycrpUX4_bUfWR861708Fw",
      "e": "AQAB",
      "kid": "PHPOP-00E",
      "use": "enc"
    }
  ]
}
2020-07-29 22:01:38 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "n": "w9x1sXTkzuxJRHfLYdCv1DN2SsD90ufkSt_HOSjM7PSFsh-yGrqP85Hia2y_2bogz03L4GUrrGBXk8OlKxEK_U1QxhhRYyFKuyo2Y6jx2t8RXCE1duskyRikcEFMQtfacZiNeLlr_0SqlxQJBNgBi_e3g3UIFzyEXpRQS7X0AJ6xuRLT7-Nl1BT3QSB-cBsENgHb10zQNaOG3VnyNehrtofHzPyF4PO4q1dVK7qaqyjp50sX7ya7TXqG3e0dNV-vyIN5AVG-UKOGiON8XB9UQj0x4zWiIa7PYG298m6Jx_26ZLNU0RyF3kXbUzwDBdpOyhXjoyOwQ1V42BxDyqhaow",
      "e": "AQAB",
      "kid": "PHPOP-00S",
      "use": "sig"
    },
    {
      "kty": "RSA",
      "n": "1RuG1vnups95HRtpHE33XJdD23Uj4-nt4m5yDUicE843BqMOo27Zx-WNF2vRVU_xOjFoPcs5v59j0YF8D-GI8ocUHYsADy6CSUNLToYYUHYrh_QMp3EdB2gmD0rjav4RddZ7HymIoAGLPvrVztMLdRnJ71TZjdzkkT3dQ5_-t8tpukoMGOCiI-F4bMl6KynKV3h5Deb-o4_rZc5OnVQSywymy33HrlsCHBgrv8MWswzw8SxdOxnbLJFETuciqdM9fhIcJgBnzzcw3iaAsBFRpfP95Zw9_eZYUTu2XcWx6XRsQKfBaKMy8NzV55SaQDdJgycrpUX4_bUfWR861708Fw",
      "e": "AQAB",
      "kid": "PHPOP-00E",
      "use": "enc"
    }
  ]
}
2020-07-29 22:01:38 SUCCESS
ValidateServerJWKs
Valid server JWKs
2020-07-29 22:01:38 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2020-07-29 22:01:38 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-07-29 22:01:38 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2020-07-29 22:01:38 SUCCESS
GetDynamicClientConfiguration
Created dynamic_client_registration_template object from the client configuration.
client_name
opend4Client1
2020-07-29 22:01:38 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "9MKX0TaWbAxWqEBdvUv-ogaIurT7fAwehu67GXD_1qD6rY1oJWE7ZJylx1JSiivgH_Llkpi9WjnIj0Pmz2aIr1SW-WRDUT-tgBgv3zPVy8Y6WKAXdA84UkjRGjwEOhYwUcR9vWZq-usDacMrbmKdc6e6p7memGoupaLHUBmLDvM",
      "kty": "RSA",
      "q": "pTNyV6Uw9kWpTZBK3ExI1VEVLQQifD4ane2KKrQqIpxpBB8cxlFPTWNp16eQshF4sx5I8oEwwCeas8V6-E5LeR6I9OtDwAzoJQePgzOqRaKMYE76MOIC538QZUD8dDFEelUadTe8H_ya1MknIdM_x915qKvsYnHxXkQWx44a_K0",
      "d": "YfOqF5OjAtYhrbnRCi_LVk-kkqPd0olxMQ_ACLGT1iCc-G3jEwb1_s32PjC_8EM8VK7H6xTFEVeSnoFUGEzh1kRecGTa437Era8zWbwegfcyfRfepNCpPaetdzHw-b9zRlePNZmkHqWLcObCaQ-FXnvRjJPrQ4FNfBXM4M59uvFJduWIP-XrxCqPST0tf-gjcmhB9b3qmXSFDVByVmh_ZmcQGIDda-nvw4zX3Y0wsLg4Wmml3scsAyiLtmjAkUaZYECIxTGUkrHM35KLsY3q5kwqnIfAl8OKxYrwhyTtkIygIU-IxLfqOXd3fIwZ-s-j2POAZI_mpvPq49mBH6uJyQ",
      "e": "AQAB",
      "use": "sig",
      "qi": "DSEfjrNpGCDP3kK-8RdThAa3CZwIg7Y0XQGmASzu6GX2nIOJcgpzPNb_7b6D_S2Sxf7kPDXRNm2yjIqWIQhxySzDmgjR238xtO9TFjsE2FARoXifQ0Tds0WXmOD3aZETwdesNztvnFta9C4cje6RM__Jo46BuS38qbFv94rWop0",
      "dp": "maQpTsAYbpzULOuyrCgvICA_5gvDrZuh8gub0R2Yy27jzNvuG0DM2pxmiBdKDsf5-bQsnfhZLHEHT79M_LYdaQoNd2GTzEXPsI_-RPsx4qd9arKb5lPDhAuHjxNLh_bzv_A7ChBnaTjrPJGyCqnGspoAVlbzkjNdMsZanRJbszc",
      "alg": "RS256",
      "dq": "ROLvCx0XDZp-vpksnjAxLsJg0iSnPKeo8bHbq3L1HvmZ0N4oYYoGR37s48A71gTzD73RLU4xxe6907jFTkVXs2nIMljoJ206YDaG4W7p0Z-2aXKFYVzdWSri61Xt74WbyGc0YSychboP1isK5k_wiKcR1APczjA1NdmupgfbuQE",
      "n": "nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"
    }
  ]
}
2020-07-29 22:01:38 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-07-29 22:01:38 SUCCESS
CreateDynamicRegistrationRequest
Created dynamic registration request
client_name
opend4Client1 UtRULbCLnW
2020-07-29 22:01:38
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2020-07-29 22:01:38
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "opend4Client1 UtRULbCLnW",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"
      }
    ]
  }
}
2020-07-29 22:01:38
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "opend4Client1 UtRULbCLnW",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic"
}
2020-07-29 22:01:38
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "opend4Client1 UtRULbCLnW",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ]
}
2020-07-29 22:01:38
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "opend4Client1 UtRULbCLnW",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/openid4us/callback"
  ]
}
2020-07-29 22:01:38
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "opend4Client1 UtRULbCLnW",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/openid4us/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2020-07-29 22:01:38
AddRefreshTokenGrantTypeToDynamicRegistrationRequest
Added 'refresh_token' to 'grant_types'
grant_types
[
  "authorization_code",
  "refresh_token"
]
2020-07-29 22:01:38
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/registration
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "711"
}
request_body
{"client_name":"opend4Client1 UtRULbCLnW","grant_types":["authorization_code","refresh_token"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"}]},"token_endpoint_auth_method":"client_secret_basic","response_types":["code"],"redirect_uris":["https://www.certification.openid.net/test/a/openid4us/callback"],"contacts":["certification@oidf.org"]}
2020-07-29 22:01:39 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:01:39 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "access-control-allow-origin": "*",
  "content-length": "1087",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{"client_id":"zygK58dOlVYUiqjbAjkjJw","client_secret":"KGEEr05b73EcXw","registration_access_token":"747MV-baKOwaLQ","registration_client_uri":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/client\/_KBMY1QnChPjMjOK6Oztqg","client_id_issued_at":1596060099,"client_secret_expires_at":0,"contacts":["certification@oidf.org"],"client_name":"opend4Client1 UtRULbCLnW","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/openid4us\/callback"],"token_endpoint_auth_method":"client_secret_basic","jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"}]},"response_types":["code"],"grant_types":["authorization_code","refresh_token"],"id_token_signed_response_alg":"RS256","aggregation_signed_response_alg":"RS256"}
2020-07-29 22:01:39
CallDynamicRegistrationEndpoint
Registration endpoint response
dynamic_registration_response
{"client_id":"zygK58dOlVYUiqjbAjkjJw","client_secret":"KGEEr05b73EcXw","registration_access_token":"747MV-baKOwaLQ","registration_client_uri":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/client\/_KBMY1QnChPjMjOK6Oztqg","client_id_issued_at":1596060099,"client_secret_expires_at":0,"contacts":["certification@oidf.org"],"client_name":"opend4Client1 UtRULbCLnW","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/openid4us\/callback"],"token_endpoint_auth_method":"client_secret_basic","jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"}]},"response_types":["code"],"grant_types":["authorization_code","refresh_token"],"id_token_signed_response_alg":"RS256","aggregation_signed_response_alg":"RS256"}
2020-07-29 22:01:39
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
client_id
zygK58dOlVYUiqjbAjkjJw
client_secret
KGEEr05b73EcXw
registration_access_token
747MV-baKOwaLQ
registration_client_uri
https://connect.openid4.us:5443/phpOp/index.php/client/_KBMY1QnChPjMjOK6Oztqg
client_id_issued_at
1596060099
client_secret_expires_at
0
contacts
[
  "certification@oidf.org"
]
client_name
opend4Client1 UtRULbCLnW
redirect_uris
[
  "https://www.certification.openid.net/test/a/openid4us/callback"
]
token_endpoint_auth_method
client_secret_basic
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"
    }
  ]
}
response_types
[
  "code"
]
grant_types
[
  "authorization_code",
  "refresh_token"
]
id_token_signed_response_alg
RS256
aggregation_signed_response_alg
RS256
2020-07-29 22:01:39 SUCCESS
CallDynamicRegistrationEndpoint
Extracted dynamic registration management credentials
registration_client_uri
https://connect.openid4.us:5443/phpOp/index.php/client/_KBMY1QnChPjMjOK6Oztqg
registration_access_token
747MV-baKOwaLQ
2020-07-29 22:01:39
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2020-07-29 22:01:39
SetScopeInClientConfigurationToOpenIdOfflineAccessIfServerSupportsOfflineAccess
Set scope in client configuration to "openid offline_access"as 'scope_supported' contains 'offline_access'
scope
openid offline_access
2020-07-29 22:01:39 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
token_endpoint_auth_methods_supported
actual
[
  "client_secret_post",
  "client_secret_basic",
  "client_secret_jwt",
  "private_key_jwt"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2020-07-29 22:01:39 SUCCESS
GetDynamicClient2Configuration
Found a dynamic_client_registration_template object
client_name
openid4Client2
2020-07-29 22:01:39 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "6k4thNqq1b0dmpZ0CzXJV3JP-GVDkzTGaQ4Xf6V3ft2Hv9ui0aYqM4NCpxiurooCJL-2pqKh_N6w1FM8S0mT3SZ5GgIlCRtOJOcWc_je9v6OD__oh-1OVjQNfkV90C5HTb4FT4I8tYU1YoSn163BCl3PRIV56fmRf3_7Q7c0PlE",
      "kty": "RSA",
      "q": "3zDZnRPAwbm6VyKfKyqFuHUbuGFBtFR3Nr96YXW6reVQj4UnYQbMADd8WFdV2onoVuG9PjQaUd50hcF5DOfUq-cNhjxV-zWYnhGMsO3kVqhQYTYkkuUn-tvNBBbUfNT-5jrNMA7whnjgsznT5FkiBR-VAhIIB1bP2pqFxarZndM",
      "d": "yPEC2eNJU-NLSHVXQ_5eH4kFwUgp_0m0V0EyViiLVPqXg6e8j9hslEPXi5qwngh_e-k89TU6CW9nRZXLtEztJfRwynl5tQg40ECJ8uL3_rjguRhMO4vZRMfU5tIYcWvMw5ZasPLm2EpPKgmMmW4cnpW8GwR5qDkIVhPKBqVXQc3X8NrMP1g0eZMxbkjD_61wF2zr8WlxlFfAHpLiwog672v3mHxUd8o-_SbLhMp9Ohkt608dJ_at7t08VzmL5WIswHgfxoP07uevYHM1tYUQmITC6HMfE-q4gauw6h2gLgLDiIZrJ744lWDlnHKzeAGSWDisD8_8EMcxDCqvDkZ64Q",
      "e": "AQAB",
      "use": "sig",
      "qi": "oG7sWd4tuognwB9TzbvCJErmM_lghIsPbMgtvy9a6-3oG56jxgTMksX3bxkmYYynrOHU9mxf-B91Ndgc-eYd8gWZsm01In_WA6BPTpF_l9RGakZB8Zk9AXqfYOkJmK3QlTgA5OYKefN9UPlyehfh9U3zDX-dWebA0cEe_pgoKLo",
      "dp": "qinUzSOx5kDOezLBXFLXwvZ2NcP1a7dsUWe2kTGusyhYKnJssS2ogHjXs1stof0AyYeiMyrx0iA49DrvEw6AoKAMW2MrWo3GFu7tU5Ru-Zqtudj1G6KwvdJX6li1ore5eTCD0taXGI2B0-bbrru18r1mhjEZ9V8W2C4uYWNwQcE",
      "alg": "RS256",
      "dq": "CP599n-CSAxE_xftFB89jkZh3JdGv46b0z_6HY1R_Yn9Khtyj81nUSbrQuAaHJlsHHwyVRxiZyQwy-cVCrkY7-h6ugsaZ-osAUqxwbuEdR2JR7GX3beQWeKbq2uEGpe2we5isGoZtUGPxIkzCcOxxEUWiyPQ4QLVk3igpWuSI3M",
      "n": "zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"
    }
  ]
}
2020-07-29 22:01:39 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-07-29 22:01:39 SUCCESS
CreateDynamicRegistrationRequest
Created dynamic registration request
client_name
openid4Client2 UtRULbCLnW
2020-07-29 22:01:39
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2020-07-29 22:01:39
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "openid4Client2 UtRULbCLnW",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"
      }
    ]
  }
}
2020-07-29 22:01:39
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "openid4Client2 UtRULbCLnW",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic"
}
2020-07-29 22:01:39
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "openid4Client2 UtRULbCLnW",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ]
}
2020-07-29 22:01:39
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "openid4Client2 UtRULbCLnW",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/openid4us/callback"
  ]
}
2020-07-29 22:01:39
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "openid4Client2 UtRULbCLnW",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/openid4us/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2020-07-29 22:01:39
AddRefreshTokenGrantTypeToDynamicRegistrationRequest
Added 'refresh_token' to 'grant_types'
grant_types
[
  "authorization_code",
  "refresh_token"
]
2020-07-29 22:01:39
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/registration
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "712"
}
request_body
{"client_name":"openid4Client2 UtRULbCLnW","grant_types":["authorization_code","refresh_token"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"}]},"token_endpoint_auth_method":"client_secret_basic","response_types":["code"],"redirect_uris":["https://www.certification.openid.net/test/a/openid4us/callback"],"contacts":["certification@oidf.org"]}
2020-07-29 22:01:39 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:01:39 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "access-control-allow-origin": "*",
  "content-length": "1088",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{"client_id":"W8jA-1BbIssj-iLyk7R5aw","client_secret":"lrDGkT9Sie6ATA","registration_access_token":"qbdIinMjacl0fw","registration_client_uri":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/client\/7VzAPqRv-3_UOIyF0eURWg","client_id_issued_at":1596060099,"client_secret_expires_at":0,"contacts":["certification@oidf.org"],"client_name":"openid4Client2 UtRULbCLnW","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/openid4us\/callback"],"token_endpoint_auth_method":"client_secret_basic","jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"}]},"response_types":["code"],"grant_types":["authorization_code","refresh_token"],"id_token_signed_response_alg":"RS256","aggregation_signed_response_alg":"RS256"}
2020-07-29 22:01:39
CallDynamicRegistrationEndpoint
Registration endpoint response
dynamic_registration_response
{"client_id":"W8jA-1BbIssj-iLyk7R5aw","client_secret":"lrDGkT9Sie6ATA","registration_access_token":"qbdIinMjacl0fw","registration_client_uri":"https:\/\/connect.openid4.us:5443\/phpOp\/index.php\/client\/7VzAPqRv-3_UOIyF0eURWg","client_id_issued_at":1596060099,"client_secret_expires_at":0,"contacts":["certification@oidf.org"],"client_name":"openid4Client2 UtRULbCLnW","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/openid4us\/callback"],"token_endpoint_auth_method":"client_secret_basic","jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"}]},"response_types":["code"],"grant_types":["authorization_code","refresh_token"],"id_token_signed_response_alg":"RS256","aggregation_signed_response_alg":"RS256"}
2020-07-29 22:01:39
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
client_id
W8jA-1BbIssj-iLyk7R5aw
client_secret
lrDGkT9Sie6ATA
registration_access_token
qbdIinMjacl0fw
registration_client_uri
https://connect.openid4.us:5443/phpOp/index.php/client/7VzAPqRv-3_UOIyF0eURWg
client_id_issued_at
1596060099
client_secret_expires_at
0
contacts
[
  "certification@oidf.org"
]
client_name
openid4Client2 UtRULbCLnW
redirect_uris
[
  "https://www.certification.openid.net/test/a/openid4us/callback"
]
token_endpoint_auth_method
client_secret_basic
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"
    }
  ]
}
response_types
[
  "code"
]
grant_types
[
  "authorization_code",
  "refresh_token"
]
id_token_signed_response_alg
RS256
aggregation_signed_response_alg
RS256
2020-07-29 22:01:39 SUCCESS
CallDynamicRegistrationEndpoint
Extracted dynamic registration management credentials
registration_client_uri
https://connect.openid4.us:5443/phpOp/index.php/client/7VzAPqRv-3_UOIyF0eURWg
registration_access_token
qbdIinMjacl0fw
2020-07-29 22:01:39
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2020-07-29 22:01:39
SetScopeInClientConfigurationToOpenIdOfflineAccessIfServerSupportsOfflineAccess
Set scope in client configuration to "openid offline_access"as 'scope_supported' contains 'offline_access'
scope
openid offline_access
2020-07-29 22:01:39 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
token_endpoint_auth_methods_supported
actual
[
  "client_secret_post",
  "client_secret_basic",
  "client_secret_jwt",
  "private_key_jwt"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2020-07-29 22:01:39 SUCCESS
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
protected_resource_url
https://connect.openid4.us:5443/phpOp/index.php/userinfo
2020-07-29 22:01:39
oidcc-refresh-token
Setup Done
Make request to authorization endpoint
2020-07-29 22:01:39 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
zygK58dOlVYUiqjbAjkjJw
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
scope
openid offline_access
2020-07-29 22:01:39
CreateRandomStateValue
Created state value
requested_state_length
10
state
M90gLDGKjk
2020-07-29 22:01:39 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
zygK58dOlVYUiqjbAjkjJw
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
scope
openid offline_access
state
M90gLDGKjk
2020-07-29 22:01:39
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
YfKZ4VZzAm
2020-07-29 22:01:39 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
zygK58dOlVYUiqjbAjkjJw
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
scope
openid offline_access
state
M90gLDGKjk
nonce
YfKZ4VZzAm
2020-07-29 22:01:39 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
zygK58dOlVYUiqjbAjkjJw
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
scope
openid offline_access
state
M90gLDGKjk
nonce
YfKZ4VZzAm
response_type
code
2020-07-29 22:01:39 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
client_id
zygK58dOlVYUiqjbAjkjJw
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
scope
openid offline_access
state
M90gLDGKjk
nonce
YfKZ4VZzAm
response_type
code
prompt
consent
2020-07-29 22:01:39 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://connect.openid4.us:5443/phpOp/index.php/auth?client_id=zygK58dOlVYUiqjbAjkjJw&redirect_uri=https://www.certification.openid.net/test/a/openid4us/callback&scope=openid%20offline_access&state=M90gLDGKjk&nonce=YfKZ4VZzAm&response_type=code&prompt=consent
2020-07-29 22:01:39 REDIRECT
oidcc-refresh-token
Redirecting to authorization endpoint
redirect_to
https://connect.openid4.us:5443/phpOp/index.php/auth?client_id=zygK58dOlVYUiqjbAjkjJw&redirect_uri=https://www.certification.openid.net/test/a/openid4us/callback&scope=openid%20offline_access&state=M90gLDGKjk&nonce=YfKZ4VZzAm&response_type=code&prompt=consent
2020-07-29 22:01:46 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance UtRULbCLnW
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,*/*;q\u003d0.8",
  "accept-language": "en-US,en;q\u003d0.5",
  "accept-encoding": "gzip, deflate, br",
  "referer": "https://connect.openid4.us:5443/phpOp/index.php/login",
  "cookie": "__utma\u003d201319536.397484237.1509572778.1595985480.1596056442.54; __utmz\u003d201319536.1575586493.42.8.utmcsr\u003dlists.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/pipermail/openid-specs-ab/Week-of-Mon-20191125/007613.html; __utmc\u003d201319536; JSESSIONID\u003d4BD79473D0D3373D109F806B1EF283FC; __utmb\u003d201319536.14.10.1596056442",
  "upgrade-insecure-requests": "1",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "state": "M90gLDGKjk",
  "session_state": "5f24824ebf6e1cd4d9a1498a30ef7c78ec184a83c1fe69a6c229440201bf56b3.2063d95c877561f1fe20ef636516a5b0",
  "code": "CqnHRT_bYbOVxgekDR7oxLUs86eUlm2eYG2ks6yU1OU"
}
incoming_body
2020-07-29 22:01:46 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/w62F0V0TVEL0p9bwMTTd",
  "fullUrl": "https://www.certification.openid.net/test/a/openid4us/implicit/w62F0V0TVEL0p9bwMTTd"
}
2020-07-29 22:01:46 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance UtRULbCLnW
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/openid4us/implicit/w62F0V0TVEL0p9bwMTTd, returnUrl=/log-detail.html?log=UtRULbCLnW}]
outgoing_path
callback
2020-07-29 22:01:47 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance UtRULbCLnW
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0",
  "accept": "*/*",
  "accept-language": "en-US,en;q\u003d0.5",
  "accept-encoding": "gzip, deflate, br",
  "content-type": "text/plain",
  "x-requested-with": "XMLHttpRequest",
  "origin": "https://www.certification.openid.net",
  "referer": "https://www.certification.openid.net/test/a/openid4us/callback?state\u003dM90gLDGKjk\u0026session_state\u003d5f24824ebf6e1cd4d9a1498a30ef7c78ec184a83c1fe69a6c229440201bf56b3.2063d95c877561f1fe20ef636516a5b0\u0026code\u003dCqnHRT_bYbOVxgekDR7oxLUs86eUlm2eYG2ks6yU1OU",
  "cookie": "__utma\u003d201319536.397484237.1509572778.1595985480.1596056442.54; __utmz\u003d201319536.1575586493.42.8.utmcsr\u003dlists.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/pipermail/openid-specs-ab/Week-of-Mon-20191125/007613.html; __utmc\u003d201319536; JSESSIONID\u003d4BD79473D0D3373D109F806B1EF283FC; __utmb\u003d201319536.14.10.1596056442",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/w62F0V0TVEL0p9bwMTTd
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-07-29 22:01:47 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance UtRULbCLnW
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [/log-detail.html?log=UtRULbCLnW]
outgoing_path
implicit/w62F0V0TVEL0p9bwMTTd
2020-07-29 22:01:47 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2020-07-29 22:01:47 REDIRECT-IN
oidcc-refresh-token
Authorization endpoint response captured
url_query
{
  "state": "M90gLDGKjk",
  "session_state": "5f24824ebf6e1cd4d9a1498a30ef7c78ec184a83c1fe69a6c229440201bf56b3.2063d95c877561f1fe20ef636516a5b0",
  "code": "CqnHRT_bYbOVxgekDR7oxLUs86eUlm2eYG2ks6yU1OU"
}
headers
{
  "host": "www.certification.openid.net",
  "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,*/*;q\u003d0.8",
  "accept-language": "en-US,en;q\u003d0.5",
  "accept-encoding": "gzip, deflate, br",
  "referer": "https://connect.openid4.us:5443/phpOp/index.php/login",
  "cookie": "__utma\u003d201319536.397484237.1509572778.1595985480.1596056442.54; __utmz\u003d201319536.1575586493.42.8.utmcsr\u003dlists.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/pipermail/openid-specs-ab/Week-of-Mon-20191125/007613.html; __utmc\u003d201319536; JSESSIONID\u003d4BD79473D0D3373D109F806B1EF283FC; __utmb\u003d201319536.14.10.1596056442",
  "upgrade-insecure-requests": "1",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{}
post_body
Verify authorization endpoint response
2020-07-29 22:01:47 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2020-07-29 22:01:47 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2020-07-29 22:01:47 SUCCESS
CheckMatchingStateParameter
State parameter correctly returned
state
M90gLDGKjk
2020-07-29 22:01:47 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
CqnHRT_bYbOVxgekDR7oxLUs86eUlm2eYG2ks6yU1OU
2020-07-29 22:01:47 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
CqnHRT_bYbOVxgekDR7oxLUs86eUlm2eYG2ks6yU1OU
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
2020-07-29 22:01:47 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic enlnSzU4ZE9sVllVaXFqYkFqa2pKdzpLR0VFcjA1YjczRWNYdw==
2020-07-29 22:01:47
CallTokenEndpoint
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic enlnSzU4ZE9sVllVaXFqYkFqa2pKdzpLR0VFcjA1YjczRWNYdw\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "168"
}
request_body
grant_type=authorization_code&code=CqnHRT_bYbOVxgekDR7oxLUs86eUlm2eYG2ks6yU1OU&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2Fopenid4us%2Fcallback
2020-07-29 22:01:47 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:01:47 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "set-cookie": "PHPSESSID\u003d9hu7qnvkot49ijiqho7q4jrfjm; path\u003d/",
  "expires": "Thu, 19 Nov 1981 08:52:00 GMT",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-length": "970",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{"access_token":"VSrnU-_aNwVlN8VQXwhUS3hps2BwtlUp4DWyBC9-JOs","token_type":"Bearer","expires_in":3600,"refresh_token":"U90bnPWcm25R6tpy-erblU9rGEiB9c2LXgoJOe1nQzI","id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNzIyZDZiZDNkYWZjOWYwNzBkNjgwYTI5MmQwYTYxYjBjZGE5ZDIzMGRiNjYwODQ4N2Q2N2Y4NTViZTNlMWY4YyIsImF1ZCI6WyJ6eWdLNThkT2xWWVVpcWpiQWprakp3Il0sImV4cCI6MTU5NjA2MDQwNywiaWF0IjoxNTk2MDYwMTA3LCJub25jZSI6IllmS1o0Vlp6QW0iLCJhdF9oYXNoIjoiQ21DR0N0YXVySWc5cWlLTzc1Z3dWdyJ9.aqyHWCM4o938TcL1SU911w1IwJjBXtgE40MPfn3ARs8RE6T3gl6UzgAMoP7-lDv8iyyMz4csDRyck985LjiuwnL6Ir65K0e5OfPp-9VAB3yaUZxjvLIPNnaqGUtSkrRi8TA_D30y7Novdl70_v_GLGKJiquRPdVW5dgGrPQnaDnzG-LSjJH-37cWksnV0AqUOs83SuK0JpSuBU24hO1UBwYct9ixTNyjHVuHIOHmA3WeWfXVmgaCiEnUVmBM0jdfoVLpDyV3GzFRBZVSpy3W-aazHgx6ZE_6k3KXmaQlNBNXEFsPJg5Y5rXOxx5dDhWeIOY6pnw2-ebmoYld8R01ng"}
2020-07-29 22:01:47
CallTokenEndpoint
Token endpoint response
token_endpoint_response
{"access_token":"VSrnU-_aNwVlN8VQXwhUS3hps2BwtlUp4DWyBC9-JOs","token_type":"Bearer","expires_in":3600,"refresh_token":"U90bnPWcm25R6tpy-erblU9rGEiB9c2LXgoJOe1nQzI","id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNzIyZDZiZDNkYWZjOWYwNzBkNjgwYTI5MmQwYTYxYjBjZGE5ZDIzMGRiNjYwODQ4N2Q2N2Y4NTViZTNlMWY4YyIsImF1ZCI6WyJ6eWdLNThkT2xWWVVpcWpiQWprakp3Il0sImV4cCI6MTU5NjA2MDQwNywiaWF0IjoxNTk2MDYwMTA3LCJub25jZSI6IllmS1o0Vlp6QW0iLCJhdF9oYXNoIjoiQ21DR0N0YXVySWc5cWlLTzc1Z3dWdyJ9.aqyHWCM4o938TcL1SU911w1IwJjBXtgE40MPfn3ARs8RE6T3gl6UzgAMoP7-lDv8iyyMz4csDRyck985LjiuwnL6Ir65K0e5OfPp-9VAB3yaUZxjvLIPNnaqGUtSkrRi8TA_D30y7Novdl70_v_GLGKJiquRPdVW5dgGrPQnaDnzG-LSjJH-37cWksnV0AqUOs83SuK0JpSuBU24hO1UBwYct9ixTNyjHVuHIOHmA3WeWfXVmgaCiEnUVmBM0jdfoVLpDyV3GzFRBZVSpy3W-aazHgx6ZE_6k3KXmaQlNBNXEFsPJg5Y5rXOxx5dDhWeIOY6pnw2-ebmoYld8R01ng"}
2020-07-29 22:01:47 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
VSrnU-_aNwVlN8VQXwhUS3hps2BwtlUp4DWyBC9-JOs
token_type
Bearer
expires_in
3600
refresh_token
U90bnPWcm25R6tpy-erblU9rGEiB9c2LXgoJOe1nQzI
id_token
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNzIyZDZiZDNkYWZjOWYwNzBkNjgwYTI5MmQwYTYxYjBjZGE5ZDIzMGRiNjYwODQ4N2Q2N2Y4NTViZTNlMWY4YyIsImF1ZCI6WyJ6eWdLNThkT2xWWVVpcWpiQWprakp3Il0sImV4cCI6MTU5NjA2MDQwNywiaWF0IjoxNTk2MDYwMTA3LCJub25jZSI6IllmS1o0Vlp6QW0iLCJhdF9oYXNoIjoiQ21DR0N0YXVySWc5cWlLTzc1Z3dWdyJ9.aqyHWCM4o938TcL1SU911w1IwJjBXtgE40MPfn3ARs8RE6T3gl6UzgAMoP7-lDv8iyyMz4csDRyck985LjiuwnL6Ir65K0e5OfPp-9VAB3yaUZxjvLIPNnaqGUtSkrRi8TA_D30y7Novdl70_v_GLGKJiquRPdVW5dgGrPQnaDnzG-LSjJH-37cWksnV0AqUOs83SuK0JpSuBU24hO1UBwYct9ixTNyjHVuHIOHmA3WeWfXVmgaCiEnUVmBM0jdfoVLpDyV3GzFRBZVSpy3W-aazHgx6ZE_6k3KXmaQlNBNXEFsPJg5Y5rXOxx5dDhWeIOY6pnw2-ebmoYld8R01ng
2020-07-29 22:01:47 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2020-07-29 22:01:47 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
VSrnU-_aNwVlN8VQXwhUS3hps2BwtlUp4DWyBC9-JOs
2020-07-29 22:01:47 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
VSrnU-_aNwVlN8VQXwhUS3hps2BwtlUp4DWyBC9-JOs
type
Bearer
2020-07-29 22:01:47 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
3600
2020-07-29 22:01:47 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
3600
2020-07-29 22:01:47 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
U90bnPWcm25R6tpy-erblU9rGEiB9c2LXgoJOe1nQzI
2020-07-29 22:01:47 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNzIyZDZiZDNkYWZjOWYwNzBkNjgwYTI5MmQwYTYxYjBjZGE5ZDIzMGRiNjYwODQ4N2Q2N2Y4NTViZTNlMWY4YyIsImF1ZCI6WyJ6eWdLNThkT2xWWVVpcWpiQWprakp3Il0sImV4cCI6MTU5NjA2MDQwNywiaWF0IjoxNTk2MDYwMTA3LCJub25jZSI6IllmS1o0Vlp6QW0iLCJhdF9oYXNoIjoiQ21DR0N0YXVySWc5cWlLTzc1Z3dWdyJ9.aqyHWCM4o938TcL1SU911w1IwJjBXtgE40MPfn3ARs8RE6T3gl6UzgAMoP7-lDv8iyyMz4csDRyck985LjiuwnL6Ir65K0e5OfPp-9VAB3yaUZxjvLIPNnaqGUtSkrRi8TA_D30y7Novdl70_v_GLGKJiquRPdVW5dgGrPQnaDnzG-LSjJH-37cWksnV0AqUOs83SuK0JpSuBU24hO1UBwYct9ixTNyjHVuHIOHmA3WeWfXVmgaCiEnUVmBM0jdfoVLpDyV3GzFRBZVSpy3W-aazHgx6ZE_6k3KXmaQlNBNXEFsPJg5Y5rXOxx5dDhWeIOY6pnw2-ebmoYld8R01ng
header
{
  "jku": "https://connect.openid4.us:5443/phpOp/op.jwk",
  "kid": "PHPOP-00S",
  "alg": "RS256"
}
claims
{
  "at_hash": "CmCGCtaurIg9qiKO75gwVw",
  "sub": "722d6bd3dafc9f070d680a292d0a61b0cda9d230db6608487d67f855be3e1f8c",
  "aud": "zygK58dOlVYUiqjbAjkjJw",
  "iss": "https://connect.openid4.us:5443/phpOp",
  "exp": 1596060407,
  "iat": 1596060107,
  "nonce": "YfKZ4VZzAm"
}
2020-07-29 22:01:47 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2020-07-29 22:01:47 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
YfKZ4VZzAm
2020-07-29 22:01:47 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2020-07-29 22:01:47 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNzIyZDZiZDNkYWZjOWYwNzBkNjgwYTI5MmQwYTYxYjBjZGE5ZDIzMGRiNjYwODQ4N2Q2N2Y4NTViZTNlMWY4YyIsImF1ZCI6WyJ6eWdLNThkT2xWWVVpcWpiQWprakp3Il0sImV4cCI6MTU5NjA2MDQwNywiaWF0IjoxNTk2MDYwMTA3LCJub25jZSI6IllmS1o0Vlp6QW0iLCJhdF9oYXNoIjoiQ21DR0N0YXVySWc5cWlLTzc1Z3dWdyJ9.aqyHWCM4o938TcL1SU911w1IwJjBXtgE40MPfn3ARs8RE6T3gl6UzgAMoP7-lDv8iyyMz4csDRyck985LjiuwnL6Ir65K0e5OfPp-9VAB3yaUZxjvLIPNnaqGUtSkrRi8TA_D30y7Novdl70_v_GLGKJiquRPdVW5dgGrPQnaDnzG-LSjJH-37cWksnV0AqUOs83SuK0JpSuBU24hO1UBwYct9ixTNyjHVuHIOHmA3WeWfXVmgaCiEnUVmBM0jdfoVLpDyV3GzFRBZVSpy3W-aazHgx6ZE_6k3KXmaQlNBNXEFsPJg5Y5rXOxx5dDhWeIOY6pnw2-ebmoYld8R01ng
2020-07-29 22:01:47 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNzIyZDZiZDNkYWZjOWYwNzBkNjgwYTI5MmQwYTYxYjBjZGE5ZDIzMGRiNjYwODQ4N2Q2N2Y4NTViZTNlMWY4YyIsImF1ZCI6WyJ6eWdLNThkT2xWWVVpcWpiQWprakp3Il0sImV4cCI6MTU5NjA2MDQwNywiaWF0IjoxNTk2MDYwMTA3LCJub25jZSI6IllmS1o0Vlp6QW0iLCJhdF9oYXNoIjoiQ21DR0N0YXVySWc5cWlLTzc1Z3dWdyJ9.aqyHWCM4o938TcL1SU911w1IwJjBXtgE40MPfn3ARs8RE6T3gl6UzgAMoP7-lDv8iyyMz4csDRyck985LjiuwnL6Ir65K0e5OfPp-9VAB3yaUZxjvLIPNnaqGUtSkrRi8TA_D30y7Novdl70_v_GLGKJiquRPdVW5dgGrPQnaDnzG-LSjJH-37cWksnV0AqUOs83SuK0JpSuBU24hO1UBwYct9ixTNyjHVuHIOHmA3WeWfXVmgaCiEnUVmBM0jdfoVLpDyV3GzFRBZVSpy3W-aazHgx6ZE_6k3KXmaQlNBNXEFsPJg5Y5rXOxx5dDhWeIOY6pnw2-ebmoYld8R01ng
2020-07-29 22:01:47 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
722d6bd3dafc9f070d680a292d0a61b0cda9d230db6608487d67f855be3e1f8c
2020-07-29 22:01:47 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
U90bnPWcm25R6tpy-erblU9rGEiB9c2LXgoJOe1nQzI
2020-07-29 22:01:47 SUCCESS
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
supported_grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2020-07-29 22:01:47 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Refresh Token Request
2020-07-29 22:01:47 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
U90bnPWcm25R6tpy-erblU9rGEiB9c2LXgoJOe1nQzI
2020-07-29 22:01:47 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid offline_access' to token endpoint request
grant_type
refresh_token
refresh_token
U90bnPWcm25R6tpy-erblU9rGEiB9c2LXgoJOe1nQzI
scope
openid offline_access
2020-07-29 22:01:47 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic enlnSzU4ZE9sVllVaXFqYkFqa2pKdzpLR0VFcjA1YjczRWNYdw==
2020-07-29 22:01:47 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2020-07-29 22:01:48 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2020-07-29 22:01:48
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic enlnSzU4ZE9sVllVaXFqYkFqa2pKdzpLR0VFcjA1YjczRWNYdw\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "110"
}
request_body
grant_type=refresh_token&refresh_token=U90bnPWcm25R6tpy-erblU9rGEiB9c2LXgoJOe1nQzI&scope=openid+offline_access
2020-07-29 22:01:48 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:01:48 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "set-cookie": "PHPSESSID\u003d9hu7qnvkot49ijiqho7q4jrfjm; path\u003d/",
  "expires": "Thu, 19 Nov 1981 08:52:00 GMT",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-length": "970",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{"access_token":"mHhpFfPp3IL2rL4xyox5ldAeRQK0ux3qX2IAf4zd3lI","token_type":"Bearer","expires_in":3600,"refresh_token":"M1rZkgXH22twYZJDBqZWk03x1Q93FQ2IENq3IrPKTWw","id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNzIyZDZiZDNkYWZjOWYwNzBkNjgwYTI5MmQwYTYxYjBjZGE5ZDIzMGRiNjYwODQ4N2Q2N2Y4NTViZTNlMWY4YyIsImF1ZCI6WyJ6eWdLNThkT2xWWVVpcWpiQWprakp3Il0sImV4cCI6MTU5NjA2MDQwOCwiaWF0IjoxNTk2MDYwMTA4LCJub25jZSI6IllmS1o0Vlp6QW0iLCJhdF9oYXNoIjoiaGE1TFl1alp6YzVTa3hUR3RJZlQzdyJ9.a_7HX9D8x51I06qHQvn4ACaZWvmsLgl4xyySaO-SZ6dxdsK_NQhETX71ugq5Vj2_IiPt8Lo_gD9iX3eNYWxMigYwPxTVmbUA21qENTO2FC_ucCH01N4VK4GoiM2a8SCQssqx44jBbLhvsllQpIRKB2sZ_B9gdrCydZPsA47M7C-9hRpJ9s_LOuYLucSczpBXJTNyhl4JhKRPdrYH4ig3AFpMXk13MDcShwwNqRDqpQdoYMfhwLz6olspwiXn0qRh6J3GioGPXAR5hwVLJ9BNQ_erELHPH6YwdEXTn5b5wnYDF123-0oIcQ51J78TrcleVSNtsWksBSkXAayrZk6jfQ"}
2020-07-29 22:01:48 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
access_token
mHhpFfPp3IL2rL4xyox5ldAeRQK0ux3qX2IAf4zd3lI
token_type
Bearer
expires_in
3600
refresh_token
M1rZkgXH22twYZJDBqZWk03x1Q93FQ2IENq3IrPKTWw
id_token
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNzIyZDZiZDNkYWZjOWYwNzBkNjgwYTI5MmQwYTYxYjBjZGE5ZDIzMGRiNjYwODQ4N2Q2N2Y4NTViZTNlMWY4YyIsImF1ZCI6WyJ6eWdLNThkT2xWWVVpcWpiQWprakp3Il0sImV4cCI6MTU5NjA2MDQwOCwiaWF0IjoxNTk2MDYwMTA4LCJub25jZSI6IllmS1o0Vlp6QW0iLCJhdF9oYXNoIjoiaGE1TFl1alp6YzVTa3hUR3RJZlQzdyJ9.a_7HX9D8x51I06qHQvn4ACaZWvmsLgl4xyySaO-SZ6dxdsK_NQhETX71ugq5Vj2_IiPt8Lo_gD9iX3eNYWxMigYwPxTVmbUA21qENTO2FC_ucCH01N4VK4GoiM2a8SCQssqx44jBbLhvsllQpIRKB2sZ_B9gdrCydZPsA47M7C-9hRpJ9s_LOuYLucSczpBXJTNyhl4JhKRPdrYH4ig3AFpMXk13MDcShwwNqRDqpQdoYMfhwLz6olspwiXn0qRh6J3GioGPXAR5hwVLJ9BNQ_erELHPH6YwdEXTn5b5wnYDF123-0oIcQ51J78TrcleVSNtsWksBSkXAayrZk6jfQ
2020-07-29 22:01:48 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2020-07-29 22:01:48 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2020-07-29 22:01:48 SUCCESS
CheckTokenEndpointCacheHeaders
Checked 'pragma' and 'cache-control' in the headers of token_endpoint_response.
2020-07-29 22:01:48 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2020-07-29 22:01:48 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
mHhpFfPp3IL2rL4xyox5ldAeRQK0ux3qX2IAf4zd3lI
type
Bearer
2020-07-29 22:01:48 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2020-07-29 22:01:48 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
203.06472194569977
expected
96.0
2020-07-29 22:01:48 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2020-07-29 22:01:48 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
3600
2020-07-29 22:01:48 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
3600
2020-07-29 22:01:48 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
VSrnU-_aNwVlN8VQXwhUS3hps2BwtlUp4DWyBC9-JOs
second_access_token
mHhpFfPp3IL2rL4xyox5ldAeRQK0ux3qX2IAf4zd3lI
2020-07-29 22:01:48 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNzIyZDZiZDNkYWZjOWYwNzBkNjgwYTI5MmQwYTYxYjBjZGE5ZDIzMGRiNjYwODQ4N2Q2N2Y4NTViZTNlMWY4YyIsImF1ZCI6WyJ6eWdLNThkT2xWWVVpcWpiQWprakp3Il0sImV4cCI6MTU5NjA2MDQwOCwiaWF0IjoxNTk2MDYwMTA4LCJub25jZSI6IllmS1o0Vlp6QW0iLCJhdF9oYXNoIjoiaGE1TFl1alp6YzVTa3hUR3RJZlQzdyJ9.a_7HX9D8x51I06qHQvn4ACaZWvmsLgl4xyySaO-SZ6dxdsK_NQhETX71ugq5Vj2_IiPt8Lo_gD9iX3eNYWxMigYwPxTVmbUA21qENTO2FC_ucCH01N4VK4GoiM2a8SCQssqx44jBbLhvsllQpIRKB2sZ_B9gdrCydZPsA47M7C-9hRpJ9s_LOuYLucSczpBXJTNyhl4JhKRPdrYH4ig3AFpMXk13MDcShwwNqRDqpQdoYMfhwLz6olspwiXn0qRh6J3GioGPXAR5hwVLJ9BNQ_erELHPH6YwdEXTn5b5wnYDF123-0oIcQ51J78TrcleVSNtsWksBSkXAayrZk6jfQ
header
{
  "jku": "https://connect.openid4.us:5443/phpOp/op.jwk",
  "kid": "PHPOP-00S",
  "alg": "RS256"
}
claims
{
  "at_hash": "ha5LYujZzc5SkxTGtIfT3w",
  "sub": "722d6bd3dafc9f070d680a292d0a61b0cda9d230db6608487d67f855be3e1f8c",
  "aud": "zygK58dOlVYUiqjbAjkjJw",
  "iss": "https://connect.openid4.us:5443/phpOp",
  "exp": 1596060408,
  "iat": 1596060108,
  "nonce": "YfKZ4VZzAm"
}
2020-07-29 22:01:48 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
M1rZkgXH22twYZJDBqZWk03x1Q93FQ2IENq3IrPKTWw
2020-07-29 22:01:48 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
344
required
128
2020-07-29 22:01:48 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
203.06472194569977
expected
96.0
2020-07-29 22:01:48 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://connect.openid4.us:5443/phpOp",
  "second": "https://connect.openid4.us:5443/phpOp",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "722d6bd3dafc9f070d680a292d0a61b0cda9d230db6608487d67f855be3e1f8c",
  "second": "722d6bd3dafc9f070d680a292d0a61b0cda9d230db6608487d67f855be3e1f8c",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1596060107,
  "second": 1596060108,
  "note": "Values are expected to be different"
}
aud
{
  "first": "zygK58dOlVYUiqjbAjkjJw",
  "second": "zygK58dOlVYUiqjbAjkjJw",
  "note": "Values are expected to be equal"
}
azp
Id tokens do not contain azp claims
Userinfo endpoint tests
2020-07-29 22:01:48
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/userinfo
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer mHhpFfPp3IL2rL4xyox5ldAeRQK0ux3qX2IAf4zd3lI",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2020-07-29 22:01:49 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:01:49 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "access-control-allow-origin": "*",
  "content-length": "74",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{"sub":"722d6bd3dafc9f070d680a292d0a61b0cda9d230db6608487d67f855be3e1f8c"}
2020-07-29 22:01:49 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "date": "Wed, 29 Jul 2020 22:01:49 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "access-control-allow-origin": "*",
  "content-length": "74",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
status_code
{
  "code": 200
}
body
{"sub":"722d6bd3dafc9f070d680a292d0a61b0cda9d230db6608487d67f855be3e1f8c"}
Second client: Make request to authorization endpoint
2020-07-29 22:01:49 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
W8jA-1BbIssj-iLyk7R5aw
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
scope
openid offline_access
2020-07-29 22:01:49
CreateRandomStateValue
Created state value
requested_state_length
10
state
tfDRCveX7G
2020-07-29 22:01:49 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
W8jA-1BbIssj-iLyk7R5aw
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
scope
openid offline_access
state
tfDRCveX7G
2020-07-29 22:01:49
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
ZR4F9ARDAt
2020-07-29 22:01:49 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
W8jA-1BbIssj-iLyk7R5aw
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
scope
openid offline_access
state
tfDRCveX7G
nonce
ZR4F9ARDAt
2020-07-29 22:01:49 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
W8jA-1BbIssj-iLyk7R5aw
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
scope
openid offline_access
state
tfDRCveX7G
nonce
ZR4F9ARDAt
response_type
code
2020-07-29 22:01:49 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
client_id
W8jA-1BbIssj-iLyk7R5aw
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
scope
openid offline_access
state
tfDRCveX7G
nonce
ZR4F9ARDAt
response_type
code
prompt
consent
2020-07-29 22:01:49 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://connect.openid4.us:5443/phpOp/index.php/auth?client_id=W8jA-1BbIssj-iLyk7R5aw&redirect_uri=https://www.certification.openid.net/test/a/openid4us/callback&scope=openid%20offline_access&state=tfDRCveX7G&nonce=ZR4F9ARDAt&response_type=code&prompt=consent
2020-07-29 22:01:49 REDIRECT
oidcc-refresh-token
Redirecting to authorization endpoint
redirect_to
https://connect.openid4.us:5443/phpOp/index.php/auth?client_id=W8jA-1BbIssj-iLyk7R5aw&redirect_uri=https://www.certification.openid.net/test/a/openid4us/callback&scope=openid%20offline_access&state=tfDRCveX7G&nonce=ZR4F9ARDAt&response_type=code&prompt=consent
2020-07-29 22:01:58 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance UtRULbCLnW
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,*/*;q\u003d0.8",
  "accept-language": "en-US,en;q\u003d0.5",
  "accept-encoding": "gzip, deflate, br",
  "referer": "https://connect.openid4.us:5443/phpOp/index.php/auth?client_id\u003dW8jA-1BbIssj-iLyk7R5aw\u0026redirect_uri\u003dhttps://www.certification.openid.net/test/a/openid4us/callback\u0026scope\u003dopenid%20offline_access\u0026state\u003dtfDRCveX7G\u0026nonce\u003dZR4F9ARDAt\u0026response_type\u003dcode\u0026prompt\u003dconsent",
  "cookie": "__utma\u003d201319536.397484237.1509572778.1595985480.1596056442.54; __utmz\u003d201319536.1575586493.42.8.utmcsr\u003dlists.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/pipermail/openid-specs-ab/Week-of-Mon-20191125/007613.html; __utmc\u003d201319536; JSESSIONID\u003d4BD79473D0D3373D109F806B1EF283FC; __utmb\u003d201319536.14.10.1596056442",
  "upgrade-insecure-requests": "1",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "state": "tfDRCveX7G",
  "session_state": "e888685bab6835d23e86a22ead032c3573641723fdde975b9f73f64eb34240ab.41e338c2b3739c38243415493ff4e803",
  "code": "KKYUDmJ_z549BGaJhP7Ae--JbtYxw8e31lNamnuqcSA"
}
incoming_body
2020-07-29 22:01:58 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/4G9Wd7zqeunU7FVgGnHV",
  "fullUrl": "https://www.certification.openid.net/test/a/openid4us/implicit/4G9Wd7zqeunU7FVgGnHV"
}
2020-07-29 22:01:58 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance UtRULbCLnW
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/openid4us/implicit/4G9Wd7zqeunU7FVgGnHV, returnUrl=/log-detail.html?log=UtRULbCLnW}]
outgoing_path
callback
2020-07-29 22:01:58 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance UtRULbCLnW
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0",
  "accept": "*/*",
  "accept-language": "en-US,en;q\u003d0.5",
  "accept-encoding": "gzip, deflate, br",
  "content-type": "text/plain",
  "x-requested-with": "XMLHttpRequest",
  "origin": "https://www.certification.openid.net",
  "referer": "https://www.certification.openid.net/test/a/openid4us/callback?state\u003dtfDRCveX7G\u0026session_state\u003de888685bab6835d23e86a22ead032c3573641723fdde975b9f73f64eb34240ab.41e338c2b3739c38243415493ff4e803\u0026code\u003dKKYUDmJ_z549BGaJhP7Ae--JbtYxw8e31lNamnuqcSA",
  "cookie": "__utma\u003d201319536.397484237.1509572778.1595985480.1596056442.54; __utmz\u003d201319536.1575586493.42.8.utmcsr\u003dlists.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/pipermail/openid-specs-ab/Week-of-Mon-20191125/007613.html; __utmc\u003d201319536; JSESSIONID\u003d4BD79473D0D3373D109F806B1EF283FC; __utmb\u003d201319536.14.10.1596056442",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/4G9Wd7zqeunU7FVgGnHV
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-07-29 22:01:58 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance UtRULbCLnW
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [/log-detail.html?log=UtRULbCLnW]
outgoing_path
implicit/4G9Wd7zqeunU7FVgGnHV
2020-07-29 22:01:58 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2020-07-29 22:01:58 REDIRECT-IN
oidcc-refresh-token
Authorization endpoint response captured
url_query
{
  "state": "tfDRCveX7G",
  "session_state": "e888685bab6835d23e86a22ead032c3573641723fdde975b9f73f64eb34240ab.41e338c2b3739c38243415493ff4e803",
  "code": "KKYUDmJ_z549BGaJhP7Ae--JbtYxw8e31lNamnuqcSA"
}
headers
{
  "host": "www.certification.openid.net",
  "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,*/*;q\u003d0.8",
  "accept-language": "en-US,en;q\u003d0.5",
  "accept-encoding": "gzip, deflate, br",
  "referer": "https://connect.openid4.us:5443/phpOp/index.php/auth?client_id\u003dW8jA-1BbIssj-iLyk7R5aw\u0026redirect_uri\u003dhttps://www.certification.openid.net/test/a/openid4us/callback\u0026scope\u003dopenid%20offline_access\u0026state\u003dtfDRCveX7G\u0026nonce\u003dZR4F9ARDAt\u0026response_type\u003dcode\u0026prompt\u003dconsent",
  "cookie": "__utma\u003d201319536.397484237.1509572778.1595985480.1596056442.54; __utmz\u003d201319536.1575586493.42.8.utmcsr\u003dlists.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/pipermail/openid-specs-ab/Week-of-Mon-20191125/007613.html; __utmc\u003d201319536; JSESSIONID\u003d4BD79473D0D3373D109F806B1EF283FC; __utmb\u003d201319536.14.10.1596056442",
  "upgrade-insecure-requests": "1",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{}
post_body
Second client: Verify authorization endpoint response
2020-07-29 22:01:58 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2020-07-29 22:01:58 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2020-07-29 22:01:58 SUCCESS
CheckMatchingStateParameter
State parameter correctly returned
state
tfDRCveX7G
2020-07-29 22:01:58 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
KKYUDmJ_z549BGaJhP7Ae--JbtYxw8e31lNamnuqcSA
2020-07-29 22:01:58 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
KKYUDmJ_z549BGaJhP7Ae--JbtYxw8e31lNamnuqcSA
redirect_uri
https://www.certification.openid.net/test/a/openid4us/callback
2020-07-29 22:01:58 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic VzhqQS0xQmJJc3NqLWlMeWs3UjVhdzpsckRHa1Q5U2llNkFUQQ==
2020-07-29 22:01:58
CallTokenEndpoint
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic VzhqQS0xQmJJc3NqLWlMeWs3UjVhdzpsckRHa1Q5U2llNkFUQQ\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "168"
}
request_body
grant_type=authorization_code&code=KKYUDmJ_z549BGaJhP7Ae--JbtYxw8e31lNamnuqcSA&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2Fopenid4us%2Fcallback
2020-07-29 22:01:58 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:01:58 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "set-cookie": "PHPSESSID\u003d9hu7qnvkot49ijiqho7q4jrfjm; path\u003d/",
  "expires": "Thu, 19 Nov 1981 08:52:00 GMT",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-length": "970",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{"access_token":"F8r4HQNcBGkmLoCziR4Yk9p2PBqOq4fzmQNoeqiFmyc","token_type":"Bearer","expires_in":3600,"refresh_token":"YQCrLdYCNYG1J-ymlUvMrpERCZkXlNZ_OYWQSuFwI7E","id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNTk4NWQ4NWI2YjE0NmEwZGJkZDBmZGRiMzZlYzBkNzQ0MWM0NjFjYTZmOWVlY2UxZjhhNTNjODQzNDhkYmZmOCIsImF1ZCI6WyJXOGpBLTFCYklzc2otaUx5azdSNWF3Il0sImV4cCI6MTU5NjA2MDQxOCwiaWF0IjoxNTk2MDYwMTE4LCJub25jZSI6IlpSNEY5QVJEQXQiLCJhdF9oYXNoIjoic1llTVlvUWFQSzg2azJxMXl1aVJVZyJ9.KPcD-xzuDlRc1YEDH5olZ1oCE6k-f9vl34Qb3TCAWXd7fImimVUsLCzpoOV9NxLVp8xQ4rfk1n9gI5P4x5zR2ANgpaaDCttDKIFBBvxPtTqmhuSzuS3S7NEFHbGR_0kWqgqn_NwtBYH_wiZO7APSawyys1agBKx7idIBl2Toqp2FL004eEnZ9yZ9Ct1QJ0fn1j3N9vmDIH-87QSOb62EwAntA22vLXYXSPTKsTLbv1MWuVMiSJlK_RWrtyVR7YS40ebKch4ZNjBn-Uln6sWW5dP5ZK9aDbPnYAAkE8Jnbb0sqhbCf4vlzqCwDwYsuxbjgR6AvGDxXBnmRzYdwSRnQw"}
2020-07-29 22:01:58
CallTokenEndpoint
Token endpoint response
token_endpoint_response
{"access_token":"F8r4HQNcBGkmLoCziR4Yk9p2PBqOq4fzmQNoeqiFmyc","token_type":"Bearer","expires_in":3600,"refresh_token":"YQCrLdYCNYG1J-ymlUvMrpERCZkXlNZ_OYWQSuFwI7E","id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNTk4NWQ4NWI2YjE0NmEwZGJkZDBmZGRiMzZlYzBkNzQ0MWM0NjFjYTZmOWVlY2UxZjhhNTNjODQzNDhkYmZmOCIsImF1ZCI6WyJXOGpBLTFCYklzc2otaUx5azdSNWF3Il0sImV4cCI6MTU5NjA2MDQxOCwiaWF0IjoxNTk2MDYwMTE4LCJub25jZSI6IlpSNEY5QVJEQXQiLCJhdF9oYXNoIjoic1llTVlvUWFQSzg2azJxMXl1aVJVZyJ9.KPcD-xzuDlRc1YEDH5olZ1oCE6k-f9vl34Qb3TCAWXd7fImimVUsLCzpoOV9NxLVp8xQ4rfk1n9gI5P4x5zR2ANgpaaDCttDKIFBBvxPtTqmhuSzuS3S7NEFHbGR_0kWqgqn_NwtBYH_wiZO7APSawyys1agBKx7idIBl2Toqp2FL004eEnZ9yZ9Ct1QJ0fn1j3N9vmDIH-87QSOb62EwAntA22vLXYXSPTKsTLbv1MWuVMiSJlK_RWrtyVR7YS40ebKch4ZNjBn-Uln6sWW5dP5ZK9aDbPnYAAkE8Jnbb0sqhbCf4vlzqCwDwYsuxbjgR6AvGDxXBnmRzYdwSRnQw"}
2020-07-29 22:01:58 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
F8r4HQNcBGkmLoCziR4Yk9p2PBqOq4fzmQNoeqiFmyc
token_type
Bearer
expires_in
3600
refresh_token
YQCrLdYCNYG1J-ymlUvMrpERCZkXlNZ_OYWQSuFwI7E
id_token
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNTk4NWQ4NWI2YjE0NmEwZGJkZDBmZGRiMzZlYzBkNzQ0MWM0NjFjYTZmOWVlY2UxZjhhNTNjODQzNDhkYmZmOCIsImF1ZCI6WyJXOGpBLTFCYklzc2otaUx5azdSNWF3Il0sImV4cCI6MTU5NjA2MDQxOCwiaWF0IjoxNTk2MDYwMTE4LCJub25jZSI6IlpSNEY5QVJEQXQiLCJhdF9oYXNoIjoic1llTVlvUWFQSzg2azJxMXl1aVJVZyJ9.KPcD-xzuDlRc1YEDH5olZ1oCE6k-f9vl34Qb3TCAWXd7fImimVUsLCzpoOV9NxLVp8xQ4rfk1n9gI5P4x5zR2ANgpaaDCttDKIFBBvxPtTqmhuSzuS3S7NEFHbGR_0kWqgqn_NwtBYH_wiZO7APSawyys1agBKx7idIBl2Toqp2FL004eEnZ9yZ9Ct1QJ0fn1j3N9vmDIH-87QSOb62EwAntA22vLXYXSPTKsTLbv1MWuVMiSJlK_RWrtyVR7YS40ebKch4ZNjBn-Uln6sWW5dP5ZK9aDbPnYAAkE8Jnbb0sqhbCf4vlzqCwDwYsuxbjgR6AvGDxXBnmRzYdwSRnQw
2020-07-29 22:01:58 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2020-07-29 22:01:58 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
F8r4HQNcBGkmLoCziR4Yk9p2PBqOq4fzmQNoeqiFmyc
2020-07-29 22:01:58 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
F8r4HQNcBGkmLoCziR4Yk9p2PBqOq4fzmQNoeqiFmyc
type
Bearer
2020-07-29 22:01:58 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
3600
2020-07-29 22:01:58 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
3600
2020-07-29 22:01:58 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
YQCrLdYCNYG1J-ymlUvMrpERCZkXlNZ_OYWQSuFwI7E
2020-07-29 22:01:58 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNTk4NWQ4NWI2YjE0NmEwZGJkZDBmZGRiMzZlYzBkNzQ0MWM0NjFjYTZmOWVlY2UxZjhhNTNjODQzNDhkYmZmOCIsImF1ZCI6WyJXOGpBLTFCYklzc2otaUx5azdSNWF3Il0sImV4cCI6MTU5NjA2MDQxOCwiaWF0IjoxNTk2MDYwMTE4LCJub25jZSI6IlpSNEY5QVJEQXQiLCJhdF9oYXNoIjoic1llTVlvUWFQSzg2azJxMXl1aVJVZyJ9.KPcD-xzuDlRc1YEDH5olZ1oCE6k-f9vl34Qb3TCAWXd7fImimVUsLCzpoOV9NxLVp8xQ4rfk1n9gI5P4x5zR2ANgpaaDCttDKIFBBvxPtTqmhuSzuS3S7NEFHbGR_0kWqgqn_NwtBYH_wiZO7APSawyys1agBKx7idIBl2Toqp2FL004eEnZ9yZ9Ct1QJ0fn1j3N9vmDIH-87QSOb62EwAntA22vLXYXSPTKsTLbv1MWuVMiSJlK_RWrtyVR7YS40ebKch4ZNjBn-Uln6sWW5dP5ZK9aDbPnYAAkE8Jnbb0sqhbCf4vlzqCwDwYsuxbjgR6AvGDxXBnmRzYdwSRnQw
header
{
  "jku": "https://connect.openid4.us:5443/phpOp/op.jwk",
  "kid": "PHPOP-00S",
  "alg": "RS256"
}
claims
{
  "at_hash": "sYeMYoQaPK86k2q1yuiRUg",
  "sub": "5985d85b6b146a0dbdd0fddb36ec0d7441c461ca6f9eece1f8a53c84348dbff8",
  "aud": "W8jA-1BbIssj-iLyk7R5aw",
  "iss": "https://connect.openid4.us:5443/phpOp",
  "exp": 1596060418,
  "iat": 1596060118,
  "nonce": "ZR4F9ARDAt"
}
2020-07-29 22:01:58 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2020-07-29 22:01:58 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
ZR4F9ARDAt
2020-07-29 22:01:58 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2020-07-29 22:01:58 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNTk4NWQ4NWI2YjE0NmEwZGJkZDBmZGRiMzZlYzBkNzQ0MWM0NjFjYTZmOWVlY2UxZjhhNTNjODQzNDhkYmZmOCIsImF1ZCI6WyJXOGpBLTFCYklzc2otaUx5azdSNWF3Il0sImV4cCI6MTU5NjA2MDQxOCwiaWF0IjoxNTk2MDYwMTE4LCJub25jZSI6IlpSNEY5QVJEQXQiLCJhdF9oYXNoIjoic1llTVlvUWFQSzg2azJxMXl1aVJVZyJ9.KPcD-xzuDlRc1YEDH5olZ1oCE6k-f9vl34Qb3TCAWXd7fImimVUsLCzpoOV9NxLVp8xQ4rfk1n9gI5P4x5zR2ANgpaaDCttDKIFBBvxPtTqmhuSzuS3S7NEFHbGR_0kWqgqn_NwtBYH_wiZO7APSawyys1agBKx7idIBl2Toqp2FL004eEnZ9yZ9Ct1QJ0fn1j3N9vmDIH-87QSOb62EwAntA22vLXYXSPTKsTLbv1MWuVMiSJlK_RWrtyVR7YS40ebKch4ZNjBn-Uln6sWW5dP5ZK9aDbPnYAAkE8Jnbb0sqhbCf4vlzqCwDwYsuxbjgR6AvGDxXBnmRzYdwSRnQw
2020-07-29 22:01:58 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNTk4NWQ4NWI2YjE0NmEwZGJkZDBmZGRiMzZlYzBkNzQ0MWM0NjFjYTZmOWVlY2UxZjhhNTNjODQzNDhkYmZmOCIsImF1ZCI6WyJXOGpBLTFCYklzc2otaUx5azdSNWF3Il0sImV4cCI6MTU5NjA2MDQxOCwiaWF0IjoxNTk2MDYwMTE4LCJub25jZSI6IlpSNEY5QVJEQXQiLCJhdF9oYXNoIjoic1llTVlvUWFQSzg2azJxMXl1aVJVZyJ9.KPcD-xzuDlRc1YEDH5olZ1oCE6k-f9vl34Qb3TCAWXd7fImimVUsLCzpoOV9NxLVp8xQ4rfk1n9gI5P4x5zR2ANgpaaDCttDKIFBBvxPtTqmhuSzuS3S7NEFHbGR_0kWqgqn_NwtBYH_wiZO7APSawyys1agBKx7idIBl2Toqp2FL004eEnZ9yZ9Ct1QJ0fn1j3N9vmDIH-87QSOb62EwAntA22vLXYXSPTKsTLbv1MWuVMiSJlK_RWrtyVR7YS40ebKch4ZNjBn-Uln6sWW5dP5ZK9aDbPnYAAkE8Jnbb0sqhbCf4vlzqCwDwYsuxbjgR6AvGDxXBnmRzYdwSRnQw
2020-07-29 22:01:58 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
5985d85b6b146a0dbdd0fddb36ec0d7441c461ca6f9eece1f8a53c84348dbff8
2020-07-29 22:01:58 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
YQCrLdYCNYG1J-ymlUvMrpERCZkXlNZ_OYWQSuFwI7E
2020-07-29 22:01:58 SUCCESS
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
supported_grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2020-07-29 22:01:58 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Second client: Refresh Token Request
2020-07-29 22:01:58 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
YQCrLdYCNYG1J-ymlUvMrpERCZkXlNZ_OYWQSuFwI7E
2020-07-29 22:01:58 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic VzhqQS0xQmJJc3NqLWlMeWs3UjVhdzpsckRHa1Q5U2llNkFUQQ==
2020-07-29 22:01:58 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2020-07-29 22:01:59 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2020-07-29 22:01:59
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic VzhqQS0xQmJJc3NqLWlMeWs3UjVhdzpsckRHa1Q5U2llNkFUQQ\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "82"
}
request_body
grant_type=refresh_token&refresh_token=YQCrLdYCNYG1J-ymlUvMrpERCZkXlNZ_OYWQSuFwI7E
2020-07-29 22:02:00 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:02:00 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "set-cookie": "PHPSESSID\u003d9hu7qnvkot49ijiqho7q4jrfjm; path\u003d/",
  "expires": "Thu, 19 Nov 1981 08:52:00 GMT",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-length": "970",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{"access_token":"VPNmTH5aJAvzZmKmH25Ud6xNyvqzv0PnuuPAdOgBq3s","token_type":"Bearer","expires_in":3600,"refresh_token":"PdTAV-VOfRnW1gLJI9EKOE-bCiTW4imKP1T51HeD35w","id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNTk4NWQ4NWI2YjE0NmEwZGJkZDBmZGRiMzZlYzBkNzQ0MWM0NjFjYTZmOWVlY2UxZjhhNTNjODQzNDhkYmZmOCIsImF1ZCI6WyJXOGpBLTFCYklzc2otaUx5azdSNWF3Il0sImV4cCI6MTU5NjA2MDQyMCwiaWF0IjoxNTk2MDYwMTIwLCJub25jZSI6IlpSNEY5QVJEQXQiLCJhdF9oYXNoIjoiQjgzZHNrbzRoc191Zms0bjVFbE83ZyJ9.fCB2nE6be2WfnZa_M3nk893hDJUWXYoUFyHs_gG4ZiIbGKGyBfKadeCduCgLBz4OSEXLxJbVf8x1j85-AygIEe72rZxck98Hv_vt_SDc8tK5HWpndHdfgbsfVS3lAEHHQ-5urSqwa2Gbt5oa7wbpGGfe-8a75xTDDR1AQ9sTTi95ZQnehd6l_Y_Zc7tshVDenJl7-JlGGBi_NsJg651VjiV5SNttRqynOvCSDJKfZZRqle5yulQw9BACBeKm1S9gbuDQDagmuDyXULkI09zqu0qehCCyp_oQQAKOmxEbwz5z2oes8p_pzjF2T65eoIgpPR8g2FV_vmAcA1hI_yQW4g"}
2020-07-29 22:02:00 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
access_token
VPNmTH5aJAvzZmKmH25Ud6xNyvqzv0PnuuPAdOgBq3s
token_type
Bearer
expires_in
3600
refresh_token
PdTAV-VOfRnW1gLJI9EKOE-bCiTW4imKP1T51HeD35w
id_token
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNTk4NWQ4NWI2YjE0NmEwZGJkZDBmZGRiMzZlYzBkNzQ0MWM0NjFjYTZmOWVlY2UxZjhhNTNjODQzNDhkYmZmOCIsImF1ZCI6WyJXOGpBLTFCYklzc2otaUx5azdSNWF3Il0sImV4cCI6MTU5NjA2MDQyMCwiaWF0IjoxNTk2MDYwMTIwLCJub25jZSI6IlpSNEY5QVJEQXQiLCJhdF9oYXNoIjoiQjgzZHNrbzRoc191Zms0bjVFbE83ZyJ9.fCB2nE6be2WfnZa_M3nk893hDJUWXYoUFyHs_gG4ZiIbGKGyBfKadeCduCgLBz4OSEXLxJbVf8x1j85-AygIEe72rZxck98Hv_vt_SDc8tK5HWpndHdfgbsfVS3lAEHHQ-5urSqwa2Gbt5oa7wbpGGfe-8a75xTDDR1AQ9sTTi95ZQnehd6l_Y_Zc7tshVDenJl7-JlGGBi_NsJg651VjiV5SNttRqynOvCSDJKfZZRqle5yulQw9BACBeKm1S9gbuDQDagmuDyXULkI09zqu0qehCCyp_oQQAKOmxEbwz5z2oes8p_pzjF2T65eoIgpPR8g2FV_vmAcA1hI_yQW4g
2020-07-29 22:02:00 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2020-07-29 22:02:00 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2020-07-29 22:02:00 SUCCESS
CheckTokenEndpointCacheHeaders
Checked 'pragma' and 'cache-control' in the headers of token_endpoint_response.
2020-07-29 22:02:00 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2020-07-29 22:02:00 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
VPNmTH5aJAvzZmKmH25Ud6xNyvqzv0PnuuPAdOgBq3s
type
Bearer
2020-07-29 22:02:00 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2020-07-29 22:02:00 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
203.0647219456998
expected
96.0
2020-07-29 22:02:00 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2020-07-29 22:02:00 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
3600
2020-07-29 22:02:00 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
3600
2020-07-29 22:02:00 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
F8r4HQNcBGkmLoCziR4Yk9p2PBqOq4fzmQNoeqiFmyc
second_access_token
VPNmTH5aJAvzZmKmH25Ud6xNyvqzv0PnuuPAdOgBq3s
2020-07-29 22:02:00 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXM6NTQ0M1wvcGhwT3BcL29wLmp3ayIsImtpZCI6IlBIUE9QLTAwUyJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzOjU0NDNcL3BocE9wIiwic3ViIjoiNTk4NWQ4NWI2YjE0NmEwZGJkZDBmZGRiMzZlYzBkNzQ0MWM0NjFjYTZmOWVlY2UxZjhhNTNjODQzNDhkYmZmOCIsImF1ZCI6WyJXOGpBLTFCYklzc2otaUx5azdSNWF3Il0sImV4cCI6MTU5NjA2MDQyMCwiaWF0IjoxNTk2MDYwMTIwLCJub25jZSI6IlpSNEY5QVJEQXQiLCJhdF9oYXNoIjoiQjgzZHNrbzRoc191Zms0bjVFbE83ZyJ9.fCB2nE6be2WfnZa_M3nk893hDJUWXYoUFyHs_gG4ZiIbGKGyBfKadeCduCgLBz4OSEXLxJbVf8x1j85-AygIEe72rZxck98Hv_vt_SDc8tK5HWpndHdfgbsfVS3lAEHHQ-5urSqwa2Gbt5oa7wbpGGfe-8a75xTDDR1AQ9sTTi95ZQnehd6l_Y_Zc7tshVDenJl7-JlGGBi_NsJg651VjiV5SNttRqynOvCSDJKfZZRqle5yulQw9BACBeKm1S9gbuDQDagmuDyXULkI09zqu0qehCCyp_oQQAKOmxEbwz5z2oes8p_pzjF2T65eoIgpPR8g2FV_vmAcA1hI_yQW4g
header
{
  "jku": "https://connect.openid4.us:5443/phpOp/op.jwk",
  "kid": "PHPOP-00S",
  "alg": "RS256"
}
claims
{
  "at_hash": "B83dsko4hs_ufk4n5ElO7g",
  "sub": "5985d85b6b146a0dbdd0fddb36ec0d7441c461ca6f9eece1f8a53c84348dbff8",
  "aud": "W8jA-1BbIssj-iLyk7R5aw",
  "iss": "https://connect.openid4.us:5443/phpOp",
  "exp": 1596060420,
  "iat": 1596060120,
  "nonce": "ZR4F9ARDAt"
}
2020-07-29 22:02:00 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
PdTAV-VOfRnW1gLJI9EKOE-bCiTW4imKP1T51HeD35w
2020-07-29 22:02:00 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
344
required
128
2020-07-29 22:02:00 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
205.8196094478633
expected
96.0
2020-07-29 22:02:00 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://connect.openid4.us:5443/phpOp",
  "second": "https://connect.openid4.us:5443/phpOp",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "5985d85b6b146a0dbdd0fddb36ec0d7441c461ca6f9eece1f8a53c84348dbff8",
  "second": "5985d85b6b146a0dbdd0fddb36ec0d7441c461ca6f9eece1f8a53c84348dbff8",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1596060118,
  "second": 1596060120,
  "note": "Values are expected to be different"
}
aud
{
  "first": "W8jA-1BbIssj-iLyk7R5aw",
  "second": "W8jA-1BbIssj-iLyk7R5aw",
  "note": "Values are expected to be equal"
}
azp
Id tokens do not contain azp claims
Second client: Userinfo endpoint tests
2020-07-29 22:02:00
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/userinfo
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer VPNmTH5aJAvzZmKmH25Ud6xNyvqzv0PnuuPAdOgBq3s",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2020-07-29 22:02:00 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:02:00 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "access-control-allow-origin": "*",
  "content-length": "74",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{"sub":"5985d85b6b146a0dbdd0fddb36ec0d7441c461ca6f9eece1f8a53c84348dbff8"}
2020-07-29 22:02:00 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "date": "Wed, 29 Jul 2020 22:02:00 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "access-control-allow-origin": "*",
  "content-length": "74",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
status_code
{
  "code": 200
}
body
{"sub":"5985d85b6b146a0dbdd0fddb36ec0d7441c461ca6f9eece1f8a53c84348dbff8"}
Attempting to use refresh_token issued to client 2 with client 1
2020-07-29 22:02:00 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
PdTAV-VOfRnW1gLJI9EKOE-bCiTW4imKP1T51HeD35w
2020-07-29 22:02:00 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid offline_access' to token endpoint request
grant_type
refresh_token
refresh_token
PdTAV-VOfRnW1gLJI9EKOE-bCiTW4imKP1T51HeD35w
scope
openid offline_access
2020-07-29 22:02:00 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic enlnSzU4ZE9sVllVaXFqYkFqa2pKdzpLR0VFcjA1YjczRWNYdw==
2020-07-29 22:02:00
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic enlnSzU4ZE9sVllVaXFqYkFqa2pKdzpLR0VFcjA1YjczRWNYdw\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "110"
}
request_body
grant_type=refresh_token&refresh_token=PdTAV-VOfRnW1gLJI9EKOE-bCiTW4imKP1T51HeD35w&scope=openid+offline_access
2020-07-29 22:02:00 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
400 BAD_REQUEST
response_status_text
Bad Request
response_headers
{
  "date": "Wed, 29 Jul 2020 22:02:00 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-length": "71",
  "connection": "close",
  "content-type": "application/json"
}
response_body
{"error":"invalid_grant","error_description":"invalid code for client"}
2020-07-29 22:02:00 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
error
invalid_grant
error_description
invalid code for client
2020-07-29 22:02:00 SUCCESS
ValidateErrorFromTokenEndpointResponseError
Token endpoint response error returned valid 'error' field
error
invalid_grant
2020-07-29 22:02:00 SUCCESS
CheckTokenEndpointHttpStatus400
Token endpoint http status code was 400
2020-07-29 22:02:00 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2020-07-29 22:02:00 SUCCESS
CheckErrorFromTokenEndpointResponseErrorInvalidGrant
Token Endpoint response error returned expected 'error' of 'invalid_grant'
error
invalid_grant
2020-07-29 22:02:00 FINISHED
oidcc-refresh-token
Test has run to completion
testmodule_result
PASSED
Unregister dynamically registered client
2020-07-29 22:02:00
UnregisterDynamicallyRegisteredClient
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/client/_KBMY1QnChPjMjOK6Oztqg
request_method
DELETE
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "authorization": "Bearer 747MV-baKOwaLQ",
  "content-length": "0"
}
request_body

                                
2020-07-29 22:02:01 RESPONSE
UnregisterDynamicallyRegisteredClient
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:02:01 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "set-cookie": "PHPSESSID\u003djkbsv0vqn3pu9osrlv18ro00ah; path\u003d/",
  "expires": "Thu, 19 Nov 1981 08:52:00 GMT",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-length": "990",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{
 "client_id_issued_at":1596060099,
 "client_id":"zygK58dOlVYUiqjbAjkjJw",
 "client_secret":"KGEEr05b73EcXw",
 "contacts":[
  "certification@oidf.org"
 ],
 "client_name":"opend4Client1 UtRULbCLnW",
 "redirect_uris":[
  "https:\/\/www.certification.openid.net\/test\/a\/openid4us\/callback"
 ],
 "token_endpoint_auth_method":"client_secret_basic",
 "jwks":{
  "keys":[
   {
    "kty":"RSA",
    "e":"AQAB",
    "use":"sig",
    "alg":"RS256",
    "n":"nfKb8IqJ0c_rKbAv5Uxuq27RxnhSU8GQqqBcRFBTMSbm1JnJfxPUHxchGdMnWsqPEbmyeWGWYiA8m2cB19uhw--6fehTJUrv8oUZW7zoQrOuUdXo_RrASkfWhZ4ueF8q_NZEmcU34_5gHyelcrTAZs2UJ8RWVvBalbEISWOXxwJNmj999RHDjF9VGE9NDZDchcDXIDurrjxIsWXsShE5f75MYYnnDCzawzM2J6RgFdJfMwf8aJbQTYzaB6pSmAtlVRxSZWLvvbzTqVisIbuehX-8JPHEYfLDEZ5UHzeZBH7V4A9FDkmQr_xUE8y334GG4dxy3SH8yU7YbsWVdF5ONw"
   }
  ]
 },
 "id_token_signed_response_alg":"RS256",
 "aggregation_signed_response_alg":"RS256",
 "grant_types":[
  "authorization_code",
  "refresh_token"
 ],
 "response_types":[
  "code"
 ]
}
2020-07-29 22:02:01 INFO
UnregisterDynamicallyRegisteredClient
registration_client_uri returned a http status code other than 204 No Content
code
OK
Second client: Unregister dynamically registered client
2020-07-29 22:02:01
UnregisterDynamicallyRegisteredClient
HTTP request
request_uri
https://connect.openid4.us:5443/phpOp/index.php/client/7VzAPqRv-3_UOIyF0eURWg
request_method
DELETE
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "authorization": "Bearer qbdIinMjacl0fw",
  "content-length": "0"
}
request_body

                                
2020-07-29 22:02:01 RESPONSE
UnregisterDynamicallyRegisteredClient
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Wed, 29 Jul 2020 22:02:01 GMT",
  "server": "Apache/2.4.38 (Debian)",
  "set-cookie": "PHPSESSID\u003dtoka4eqlgik5vt7snjk885toco; path\u003d/",
  "expires": "Thu, 19 Nov 1981 08:52:00 GMT",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-length": "991",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive",
  "content-type": "application/json"
}
response_body
{
 "client_id_issued_at":1596060099,
 "client_id":"W8jA-1BbIssj-iLyk7R5aw",
 "client_secret":"lrDGkT9Sie6ATA",
 "contacts":[
  "certification@oidf.org"
 ],
 "client_name":"openid4Client2 UtRULbCLnW",
 "redirect_uris":[
  "https:\/\/www.certification.openid.net\/test\/a\/openid4us\/callback"
 ],
 "token_endpoint_auth_method":"client_secret_basic",
 "jwks":{
  "keys":[
   {
    "kty":"RSA",
    "e":"AQAB",
    "use":"sig",
    "alg":"RS256",
    "n":"zEbPe0v_kV6nbOJMs5-0AI1z946qA2PbnQQ0JRnOP8Y7Q7kL7meCqU1j-ezeVSKfFrqiNczXnwyYTPZyZcu1Fg6yHKv-Y8iahbnC5kiHwI_4ozqhJscB00A87RDu-WvFNeUsQRlu_7LlfKInwwQN-xPMXSF5dN-6zisJ0nMoyHPnxijnDK9siV32W-lg-J6DccFb4FV01CjMTLPC7JSB18ehwDaXQRNod1xlXj5SZi1lDq4JFzFNLSpJ5pq2GXimew3eOvYNiUO9gvllOhoVI3cWC5LBckmCYS9UIhewj5of9IaB7TDXYY3sJiLg5pIoAIrzX30Q07wd8aYqpvAJww"
   }
  ]
 },
 "id_token_signed_response_alg":"RS256",
 "aggregation_signed_response_alg":"RS256",
 "grant_types":[
  "authorization_code",
  "refresh_token"
 ],
 "response_types":[
  "code"
 ]
}
2020-07-29 22:02:01 INFO
UnregisterDynamicallyRegisteredClient
registration_client_uri returned a http status code other than 204 No Content
code
OK
Test Results