Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-08-10 19:26:39 INFO
TEST-RUNNER
Test instance 8SO1uqSnGAPOPtk created
baseUrl
https://www.certification.openid.net/test/a/morph_oidc_client_basic
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code",
  "request_type": "plain_http_request",
  "response_mode": "default",
  "client_registration": "dynamic_client"
}
alias
morph_oidc_client_basic
description
Testing morph oidc basic client
planId
8XtXosP8NfqAM
config
{
  "alias": "morph_oidc_client_basic",
  "description": "Testing morph oidc basic client",
  "publish": "everything"
}
testName
oidcc-client-test-userinfo-invalid-sub
2020-08-10 19:26:39 SUCCESS
OIDCCGenerateServerConfiguration
Generated default server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2020-08-10 19:26:39
SetTokenEndpointAuthMethodsSupportedToClientSecretBasicOnly
Changed token_endpoint_auth_methods_supported to client_secret_basic only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2020-08-10 19:26:39
OIDCCGenerateServerJWKs
Generated server public private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "zPQ2NWOiogeI7fysR6apYkBBBi7F55eQZd_u5DBAowKL1e6qKE51kmaA1xv-z6S-fvMkLJBLhCaRmodBEcodL3ZMDLmY7JrBt2I0KrVJOwJZHRQcY6sBnenObQyHs85WhpX6WTf21sJxaGEPs7Z-c-fDKC6iEwBmOHgToATUJus",
      "kty": "RSA",
      "q": "qwlkKpOm81OQ1oSpWob4x3hrMG4cuDXw4YS5eAZGs-uYgSeaOci_qs21dSqXJP2tb4JcI4jSAcxS8g_rgeBUI04et7MNHuchwSaP1Z1J4iTFnSOKkJ0ZVw-Vx1S2a7z04DP6afnaD7b8McpFJ-06DbEdT6TLQe6_N-0O7Svfu-E",
      "d": "Hiw_zMbO5U8gKDKrhDfHMmlxthCU0RKYx5ME8ruJnY23NGobUWan2ZoS1snQYK2tzZqBDlg1x3SwtqwGl-yJbijU3IzTxOcPGdE6jVp3WStMUa6LROSLzxWyTImB5wmKKN1k8Uod0j9t_SvDpRsov9J759gJYCPiKQEGk8cnu_ChXPR_0xAPuZoWFslh4utAc951OKgkuKZFXYoZ2DZyyA0iZr6s-_pH9iouOii3PvvWSEl2pyAxWE2qktkFuZw33crjHZtVkgjEkmWkmoh7V01mQRhx7NDyrm5zjY5sXhdfmf-J_55sm5gureJxKnS8Wl52YmJvV2JcGgSUCQPYwQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "267b8ab7-a47f-447f-9493-b39e8da6f3f2",
      "qi": "AQ6E_xxvVaLAmhErT7yVImi0_eoUgmiRzllSyPfDP2Nv7nP0-KlEFrfMdxeBlo_llEAVNYmX1jyK3hbMb7-TWmI1NgdLlurd0CfQgV-L8DrFc4DYANzCDF-kIukvtaCW-1IkYJLhYwgC6CkV9FeM-RRv3eqTWyglvGFZeygZEqg",
      "dp": "wYYO8Zak6A3pU550JivOYMF_JJFhuW45oJg0AC83uTQcSeLTtL9w8M3s9jCvB-3tGf4HuDR_ucaZUapI3L1VlY1D_ff519_A7qHB1FndTeTHtFda_xlnq24rxnhAYp2AwhA3larsXpi3cPHFW9ID0PmUIwr1aq_D1ao8DarBkAU",
      "dq": "lWF7abBR1R18V8-_9gACUn066S6SyNTb0KvSLSEWKVgwd0U2bxeFR1GpFW8gWT9ydfzeKm76NHXXT_FVmLZr5fX54Cly4TWvhnn-j-xzNh81tTvwbsO2-RH0mAbF2K1NFnBvWpXMvYLtGzN1WRzZYlH5rrDYkXpK6jaSndR-8SE",
      "n": "iO6k_QzhxusgIKsZUAa52z60Ittoo11L0p1SRJz_yfSPxU93fbQvTQ8qJzBc720Ml2WJNOcqjq17fqy4ydz1mz4d6ah33gOCk77FI1AoV0Pne5ejdBfEW9qnxn07xLXC9E9O_L09rgQCtIfOPLZpUU0ylPGb_FXFICkes0D2QG7nnLQBMCMKXioEn2QBKp9MOInFUdWVaS-gjuRx4Z69UHTCXtgVDzMuf4m2PONOmF8nobnxeu6N4bcYHQ-xBASKDxSBLP9yZzcHxhaTNtCyQNsAUeamF1XSBc2KO7s0qp01JCw_tsc-MHn_myhPZaNRl-8bQE4S3H3oKtwRlpjdiw"
    },
    {
      "kty": "EC",
      "d": "peL4naVUcBjP_D-KpcDrdd2ZWW6WHeggnmaEXul6ufg",
      "use": "sig",
      "crv": "P-256",
      "kid": "64d6a702-aa81-4017-8762-69aad1cb4813",
      "x": "yMq6ZepDqLa7C0KO8pNuAiKvkGOpDzK5NPdtPQctcZI",
      "y": "1DlRjprfNNc0pyYk95H2XehKQkPscEzDbSgLnxBGgg4"
    },
    {
      "kty": "EC",
      "d": "Eev5rp0FvHgtwOI4Fou8Stmo6mhhzG9n8Tj43REKu3U",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "f6b89142-08ea-4bde-b79a-f0b345a4558f",
      "x": "WTZgCeUOrLIPOAz9QLimSorqms0htBqZ3dCSxT99xT0",
      "y": "2YheHVYU-XmnsX15yCVHnBWb8TBgsGq7JlVSoV_OeVw"
    },
    {
      "kty": "OKP",
      "d": "Zs3spgXGz75qsTWhdiI82gsVNrJdRzI-R4f1FsOHFoA",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "56556ee2-bc50-4754-ae4d-b6a956e20573",
      "x": "0KH4aVvw4KfQPmEmAAPs0LPhDBb9IrVvOvwfggGohBU"
    }
  ]
}
server_encryption_keys
{
  "keys": [
    {
      "p": "2jZv0smGh3uuWRcjXQFC9LXvsflv498co7BL8IjFD7d8GRK_qVv31XKj1Dz59aQxrnZ09o06CF9ktnnrH-Naf_rqOyD8wkOqHnPTng4aPiK7tYIlKFjwhE6CuRkzlyfA5NH0UmADgLC-_RnjJRVo-zfcqQw1hZnxVKpp4IK6cLk",
      "kty": "RSA",
      "q": "tmIUeuV_E2mguQy1tlV0aeWDHz8UVwo3fyJ4VG8wv2bDay6YCLE0574sNi2LJ036_b96YPzHgAJq12G-rZHlND_cpQHl4KH6UZJa3Sv-drrcA0JXVvCQ6m9_raYeyj7_CwW3lpwakIEEb6ICd-Y1euhHbMQGuhwtF7JxQWisxA0",
      "d": "mPztRhf6TKCoPUZtFeUrE5C-HnytF-6EokcLsr4kN5KjUnnmUP2_zZv7aZ1nTB25eyCmDuM_QjShFe7B7Ai2T_w-YpqMSUGkmsfPmiEKqvK5RCKRriS6CK1aoco5WVQ1kfQoLPemL70r99sCHWajdmzt1tk8lxsxhmBTfQM_6QIdkKuJ5RzX6P5_FicmtwrObtVpXSBkD_BhzbhJrRYqR_jAWXhur5oAaps-jmg5U_PUB9N2U9rcx8p13ZSnNGba4Jj3ttvthXFbVDBZWbab3LwfxQBOd7qTAfrDDbZ5tDI4Gz1Rf_kBAoSfFOJaujPdaN7jkx3r51Njv4L9e0WkwQ",
      "e": "AQAB",
      "use": "enc",
      "kid": "851630e8-258c-4936-b434-0ea7b92df968",
      "qi": "GpS2Iedz7rt44lLACiLKi9ReztsaEU46RFnMnzN6w83WChkKgNKFtX7V9sYK3YBcs2N-uDj_5F9r4ESaxley_8ILn9f05pACXY5KcfUXbMDlODuwIYjPcmmsvrT9wu6ngJUJd8FhnjGMVzqHh5umTf757c6s1m9rMqhwe_ZRk8c",
      "dp": "ninC15e2aNEex_hba3gUneaZO_i-Pv5idcq84DViEEhALLRIM2szsYSMdrNTwdYnJHs7v9ERdSwfhZvM7qoN2KF30S_RxMTis3vksLUsFEl8oM0aPappepylZ6B6ol7wE2qSmnp5T3fMlwuCdkiUdTJCQE1XJeU05Nc4MsDOfhE",
      "alg": "RSA-OAEP",
      "dq": "EwBs-dDnSHJ82ErGs9R7aH0NCDheOiNKXOiOeN2MyqQ-P_B-zokH5g0eNhbQpKuvNri4W1p6vo-B6ia44wSMSMFOj7J-7MRzfAQvi1OGE4CsY3qJ9vjhYEt1lfX0x0WA9PkHg52H9v46JBdRAoTtlXyV1HMn8EP3PrzMp-_r8BE",
      "n": "m3ZNy6xDj5lzdeSGh-ds8i2PH8owjj6XVMKuY5tE9GGQAUJY2IVfqsDNyz4TlTptajRqiSuhvcplGhP9N3ZiNGvtrEALkunp9rquOx1B4ifqsByqfq4IjDIG718shsox5UDcIR6h1hzdMVnZsHkNll5wqlx_8RspLzP7ctAPzJI8BQ0tXiMeCvS2bzohP4Z_J5D8NgnmLMEFxJq3OmgbuC0VjPZFqgnpc5Ny86odSb5CyHdC7W1mEMj-0XznfkaBMHrO1ERGs8A99_xg1LgG7PIzjWJKFPqs-d_XGyGaRuxQx7JPx9GzV0W6ts5T0Fr0-S_UDpeOYZOaZR-FRhFdZQ"
    },
    {
      "kty": "EC",
      "d": "SNnQYWTjVdUNmkecIwN_JkB_ObROIqKTvYt1q7Vihyc",
      "use": "enc",
      "crv": "P-256",
      "kid": "d24c0630-8ff2-4e69-93d7-1652adf42716",
      "x": "zGs-MxS388IvvStGWmPJBPUfzznWAJYD4M4iU5NZxl0",
      "y": "_lGty-AeYFSJDU2XnRETBAEAACi3MGHfYbyPyLKdloM",
      "alg": "ECDH-ES"
    }
  ]
}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "267b8ab7-a47f-447f-9493-b39e8da6f3f2",
      "n": "iO6k_QzhxusgIKsZUAa52z60Ittoo11L0p1SRJz_yfSPxU93fbQvTQ8qJzBc720Ml2WJNOcqjq17fqy4ydz1mz4d6ah33gOCk77FI1AoV0Pne5ejdBfEW9qnxn07xLXC9E9O_L09rgQCtIfOPLZpUU0ylPGb_FXFICkes0D2QG7nnLQBMCMKXioEn2QBKp9MOInFUdWVaS-gjuRx4Z69UHTCXtgVDzMuf4m2PONOmF8nobnxeu6N4bcYHQ-xBASKDxSBLP9yZzcHxhaTNtCyQNsAUeamF1XSBc2KO7s0qp01JCw_tsc-MHn_myhPZaNRl-8bQE4S3H3oKtwRlpjdiw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "f92581ce-267b-4b9f-a4be-af51afbb61ef",
      "n": "liJAJ4br0jf10qNWgIqYCpqe13brkT2SzaLIc-qmEk_7_pQ7ZJhsEX5N2GPHrx0qVAaHDcp8eh0sFcy8mKH3eI48CJHoaEaad4aN1W2Fc8HIxU0ljD70HelXA4h5IHz8xRnaXW71aaxTTpHuywrK-wvJWA3iPI79V6J6Rml7Uq4uktAvhYVDkERObrpIXjwv3MlBaInpFkbQQX9PgEMkhCn7VHSBebhoLm9ZqZRMUbexdBes9-125I1UPydgcF5l2OHdisC9FL3MAk4qtzwPaHfxnKkuGZEwFH68olJ-Bw_t3x9vg97jhH2woAKEadFzpCR67IoYSjVJrpsYwrNDzQ"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "64d6a702-aa81-4017-8762-69aad1cb4813",
      "x": "yMq6ZepDqLa7C0KO8pNuAiKvkGOpDzK5NPdtPQctcZI",
      "y": "1DlRjprfNNc0pyYk95H2XehKQkPscEzDbSgLnxBGgg4"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "636a6f82-9d17-42b3-8d3d-6f7cf6acefc8",
      "x": "fYwIq_HH03nerJRsBS-yYsK2H4KwVmFMsA-051e-a6o",
      "y": "-F-43Mf_FY7A3dBW1KhcOq9yF4BNmtU1iwBWZA4tABc"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "f6b89142-08ea-4bde-b79a-f0b345a4558f",
      "x": "WTZgCeUOrLIPOAz9QLimSorqms0htBqZ3dCSxT99xT0",
      "y": "2YheHVYU-XmnsX15yCVHnBWb8TBgsGq7JlVSoV_OeVw"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "56556ee2-bc50-4754-ae4d-b6a956e20573",
      "x": "0KH4aVvw4KfQPmEmAAPs0LPhDBb9IrVvOvwfggGohBU"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "851630e8-258c-4936-b434-0ea7b92df968",
      "alg": "RSA-OAEP",
      "n": "m3ZNy6xDj5lzdeSGh-ds8i2PH8owjj6XVMKuY5tE9GGQAUJY2IVfqsDNyz4TlTptajRqiSuhvcplGhP9N3ZiNGvtrEALkunp9rquOx1B4ifqsByqfq4IjDIG718shsox5UDcIR6h1hzdMVnZsHkNll5wqlx_8RspLzP7ctAPzJI8BQ0tXiMeCvS2bzohP4Z_J5D8NgnmLMEFxJq3OmgbuC0VjPZFqgnpc5Ny86odSb5CyHdC7W1mEMj-0XznfkaBMHrO1ERGs8A99_xg1LgG7PIzjWJKFPqs-d_XGyGaRuxQx7JPx9GzV0W6ts5T0Fr0-S_UDpeOYZOaZR-FRhFdZQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "d24c0630-8ff2-4e69-93d7-1652adf42716",
      "x": "zGs-MxS388IvvStGWmPJBPUfzznWAJYD4M4iU5NZxl0",
      "y": "_lGty-AeYFSJDU2XnRETBAEAACi3MGHfYbyPyLKdloM",
      "alg": "ECDH-ES"
    }
  ]
}
2020-08-10 19:26:39 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2020-08-10 19:26:39 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-08-10 19:26:39 SUCCESS
OIDCCLoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "given_name": "Demo",
  "family_name": "User",
  "middle_name": "Theresa",
  "nickname": "Dee",
  "preferred_username": "d.tu",
  "gender": "female",
  "birthdate": "2000-02-03",
  "address": {
    "street_address": "100 Universal City Plaza",
    "locality": "Hollywood",
    "region": "CA",
    "postal_code": "91608",
    "country": "USA"
  },
  "zoneinfo": "America/Los_Angeles",
  "locale": "en-US",
  "phone_number": "+1 555 5550000",
  "phone_number_verified": false,
  "email": "user@example.com",
  "email_verified": false,
  "website": "https://openid.net/",
  "updated_at": "1580000000"
}
2020-08-10 19:26:39 SUCCESS
GetDynamicClientConfiguration
No client details on configuration, created an empty dynamic_client_registration_template object.
2020-08-10 19:26:39
oidcc-client-test-userinfo-invalid-sub
Setup Done
2020-08-10 19:27:07 INCOMING
oidcc-client-test-userinfo-invalid-sub
Incoming HTTP request to test instance 8SO1uqSnGAPOPtk
incoming_headers
{
  "host": "www.certification.openid.net",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-08-10 19:27:07 OUTGOING
oidcc-client-test-userinfo-invalid-sub
Response to HTTP request to test instance 8SO1uqSnGAPOPtk
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
outgoing_path
.well-known/openid-configuration
2020-08-10 19:27:07 INCOMING
oidcc-client-test-userinfo-invalid-sub
Incoming HTTP request to test instance 8SO1uqSnGAPOPtk
incoming_headers
{
  "host": "www.certification.openid.net",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "339",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
register
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
{"redirect_uris":["https://morph-oidc-client.strid.ninja/auth/cb","https://www.certification.openid.net/test/a/morph_oidc_client_basic/callback"],"response_types":["code"],"grant_types":["authorization_code"],"contacts":["ulrik.strid@outlook.com"],"client_name":"basic_morph_oidc_client","token_endpoint_auth_method":"client_secret_basic"}
Registration endpoint
2020-08-10 19:27:07 SUCCESS
OIDCCExtractDynamicRegistrationRequest
Extracted dynamic client registration request
request
{
  "redirect_uris": [
    "https://morph-oidc-client.strid.ninja/auth/cb",
    "https://www.certification.openid.net/test/a/morph_oidc_client_basic/callback"
  ],
  "response_types": [
    "code"
  ],
  "grant_types": [
    "authorization_code"
  ],
  "contacts": [
    "ulrik.strid@outlook.com"
  ],
  "client_name": "basic_morph_oidc_client",
  "token_endpoint_auth_method": "client_secret_basic"
}
2020-08-10 19:27:07 SUCCESS
EnsureRegistrationRequestContainsAtLeastOneContact
Registration request contains valid contacts
contacts
[
  "ulrik.strid@outlook.com"
]
2020-08-10 19:27:07 SUCCESS
ValidateClientGrantTypes
grant_types match response_types
grant_types
[
  "authorization_code"
]
response_types
[
  "code"
]
2020-08-10 19:27:07 SUCCESS
OIDCCValidateClientRedirectUris
Valid redirect_uri(s) provided in registration request
redirect_uris
[
  "https://morph-oidc-client.strid.ninja/auth/cb",
  "https://www.certification.openid.net/test/a/morph_oidc_client_basic/callback"
]
2020-08-10 19:27:07 SUCCESS
ValidateClientLogoUris
Client does not contain any logo_uri
2020-08-10 19:27:07 SUCCESS
ValidateClientUris
Client does not contain any client_uri
2020-08-10 19:27:07 SUCCESS
ValidateClientPolicyUris
Client does not contain any policy_uri
2020-08-10 19:27:07 SUCCESS
ValidateClientTosUris
Client does not contain any tos_uri
2020-08-10 19:27:07 SUCCESS
ValidateClientSubjectType
A subject_type was not provided
2020-08-10 19:27:07 INFO
ValidateIdTokenSignedResponseAlg
Skipped evaluation due to missing required element: client id_token_signed_response_alg
path
id_token_signed_response_alg
mapped
object
client
2020-08-10 19:27:07 SUCCESS
EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet
id_token_encrypted_response_enc is not set
2020-08-10 19:27:07 INFO
ValidateUserinfoSignedResponseAlg
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2020-08-10 19:27:07 SUCCESS
EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet
userinfo_encrypted_response_enc is not set
2020-08-10 19:27:07 INFO
ValidateRequestObjectSigningAlg
Skipped evaluation due to missing required element: client request_object_signing_alg
path
request_object_signing_alg
mapped
object
client
2020-08-10 19:27:07 SUCCESS
EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet
request_object_encryption_enc is not set
2020-08-10 19:27:07 INFO
ValidateTokenEndpointAuthSigningAlg
Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg
path
token_endpoint_auth_signing_alg
mapped
object
client
2020-08-10 19:27:07 SUCCESS
ValidateDefaultMaxAge
default_max_age is not set
2020-08-10 19:27:07 INFO
ValidateRequireAuthTime
Skipped evaluation due to missing required element: client require_auth_time
path
require_auth_time
mapped
object
client
2020-08-10 19:27:07 INFO
ValidateDefaultAcrValues
Skipped evaluation due to missing required element: client default_acr_values
path
default_acr_values
mapped
object
client
2020-08-10 19:27:07 INFO
ValidateInitiateLoginUri
Skipped evaluation due to missing required element: client initiate_login_uri
path
initiate_login_uri
mapped
object
client
2020-08-10 19:27:07 INFO
ValidateRequestUris
Skipped evaluation due to missing required element: client request_uris
path
request_uris
mapped
object
client
2020-08-10 19:27:07 SUCCESS
ValidateClientRegistrationRequestSectorIdentifierUri
A sector_identifier_uri was not provided
2020-08-10 19:27:07 SUCCESS
OIDCCRegisterClient
Registered client
client
{
  "redirect_uris": [
    "https://morph-oidc-client.strid.ninja/auth/cb",
    "https://www.certification.openid.net/test/a/morph_oidc_client_basic/callback"
  ],
  "response_types": [
    "code"
  ],
  "grant_types": [
    "authorization_code"
  ],
  "contacts": [
    "ulrik.strid@outlook.com"
  ],
  "client_name": "basic_morph_oidc_client",
  "token_endpoint_auth_method": "client_secret_basic",
  "client_id": "client_mQSTsbVKMpjoBYA77933*:\\?("
}
2020-08-10 19:27:07
OIDCCCreateClientSecretForDynamicClient
Set the secret for registered client
client_secret
secret_LWFxeOrVeyjReoPNyWPstaBfEBKHWHRwxNZtDAIHsliyTtjdYo2463224003>,!><
2020-08-10 19:27:07 SUCCESS
EnsureTokenEndPointAuthMethodIsClientSecretBasic
token_endpoint_auth_method is 'client_secret_basic' as expected
2020-08-10 19:27:07 SUCCESS
EnsureClientDoesNotHaveBothJwksAndJwksUri
Client does not have both jwks and jwks_uri set
client
{
  "redirect_uris": [
    "https://morph-oidc-client.strid.ninja/auth/cb",
    "https://www.certification.openid.net/test/a/morph_oidc_client_basic/callback"
  ],
  "response_types": [
    "code"
  ],
  "grant_types": [
    "authorization_code"
  ],
  "contacts": [
    "ulrik.strid@outlook.com"
  ],
  "client_name": "basic_morph_oidc_client",
  "token_endpoint_auth_method": "client_secret_basic",
  "client_id": "client_mQSTsbVKMpjoBYA77933*:\\?(",
  "client_secret": "secret_LWFxeOrVeyjReoPNyWPstaBfEBKHWHRwxNZtDAIHsliyTtjdYo2463224003\u003e,!\u003e\u003c"
}
2020-08-10 19:27:07 INFO
FetchClientKeys
Skipped evaluation due to missing required element: client jwks_uri
path
jwks_uri
mapped
object
client
2020-08-10 19:27:07 SUCCESS
OIDCCExtractServerSigningAlg
Using the default algorithm for the first key in server jwks
signing_algorithm
RS256
2020-08-10 19:27:07
SetClientIdTokenSignedResponseAlgToServerSigningAlg
Set id_token_signed_response_alg for the registered client
id_token_signed_response_alg
RS256
2020-08-10 19:27:07 OUTGOING
oidcc-client-test-userinfo-invalid-sub
Response to HTTP request to test instance 8SO1uqSnGAPOPtk
outgoing_status_code
201
outgoing_headers
{}
outgoing_body
{
  "redirect_uris": [
    "https://morph-oidc-client.strid.ninja/auth/cb",
    "https://www.certification.openid.net/test/a/morph_oidc_client_basic/callback"
  ],
  "response_types": [
    "code"
  ],
  "grant_types": [
    "authorization_code"
  ],
  "contacts": [
    "ulrik.strid@outlook.com"
  ],
  "client_name": "basic_morph_oidc_client",
  "token_endpoint_auth_method": "client_secret_basic",
  "client_id": "client_mQSTsbVKMpjoBYA77933*:\\?(",
  "client_secret": "secret_LWFxeOrVeyjReoPNyWPstaBfEBKHWHRwxNZtDAIHsliyTtjdYo2463224003\u003e,!\u003e\u003c",
  "id_token_signed_response_alg": "RS256"
}
outgoing_path
register
2020-08-10 19:27:07 INCOMING
oidcc-client-test-userinfo-invalid-sub
Incoming HTTP request to test instance 8SO1uqSnGAPOPtk
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,*/*;q\u003d0.8",
  "accept-language": "en-US,en;q\u003d0.5",
  "accept-encoding": "gzip, deflate, br",
  "referer": "https://morph-oidc-client.strid.ninja/",
  "dnt": "1",
  "cookie": "expected_tab\u003dmicrosoftonline; welcome_info_name\u003dUlrik%20Strid; JSESSIONID\u003dCB87DB255579AE321C16855066F1AF5F",
  "upgrade-insecure-requests": "1",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "response_type": "code",
  "client_id": "client_mQSTsbVKMpjoBYA77933*:\\?(",
  "redirect_uri": "https://morph-oidc-client.strid.ninja/auth/cb",
  "scope": "openid profile email",
  "state": "32cbacbf-b170-483c-b2d7-4cba9e54cf8a",
  "nonce": "314d9cc9-aedc-49d4-b100-31990b75991d"
}
incoming_body
Authorization endpoint
2020-08-10 19:27:07 SUCCESS
EnsureRequestDoesNotContainRequestObject
Request does not contain a request parameter
2020-08-10 19:27:07 SUCCESS
OIDCCEnsureAuthorizationHttpRequestContainsOpenIDScope
Found 'openid' in scope http request parameter
actual
[
  "openid",
  "profile",
  "email"
]
expected
openid
2020-08-10 19:27:07 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "response_type": "code",
  "client_id": "client_mQSTsbVKMpjoBYA77933*:\\?(",
  "redirect_uri": "https://morph-oidc-client.strid.ninja/auth/cb",
  "scope": "openid profile email",
  "state": "32cbacbf-b170-483c-b2d7-4cba9e54cf8a",
  "nonce": "314d9cc9-aedc-49d4-b100-31990b75991d"
}
2020-08-10 19:27:07 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid profile email
2020-08-10 19:27:07 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
314d9cc9-aedc-49d4-b100-31990b75991d
2020-08-10 19:27:07 SUCCESS
EnsureResponseTypeIsCode
Response type is expected value
expected
code
2020-08-10 19:27:07 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client_mQSTsbVKMpjoBYA77933*:\?(
2020-08-10 19:27:07 SUCCESS
EnsureValidRedirectUriForAuthorizationEndpointRequest
redirect_uri is one of the allowed redirect uris
actual
https://morph-oidc-client.strid.ninja/auth/cb
expected
[
  "https://morph-oidc-client.strid.ninja/auth/cb",
  "https://www.certification.openid.net/test/a/morph_oidc_client_basic/callback"
]
2020-08-10 19:27:07 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid",
  "profile",
  "email"
]
expected
openid
2020-08-10 19:27:07 SUCCESS
DisallowMaxAgeEqualsZeroAndPromptNone
The client did not send max_age=0 and prompt=none parameters as expected
2020-08-10 19:27:07 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
Ml8xQynBBL
2020-08-10 19:27:07 SUCCESS
CalculateCHash
Successful c_hash encoding
c_hash
30ZDAst4thF79qaA-wt5kg
2020-08-10 19:27:07 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://morph-oidc-client.strid.ninja/auth/cb",
  "state": "32cbacbf-b170-483c-b2d7-4cba9e54cf8a"
}
2020-08-10 19:27:07 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://morph-oidc-client.strid.ninja/auth/cb",
  "state": "32cbacbf-b170-483c-b2d7-4cba9e54cf8a",
  "code": "Ml8xQynBBL"
}
2020-08-10 19:27:07
SendAuthorizationResponseWithResponseModeQuery
Redirecting back to client
uri
https://morph-oidc-client.strid.ninja/auth/cb?state=32cbacbf-b170-483c-b2d7-4cba9e54cf8a&code=Ml8xQynBBL
2020-08-10 19:27:07 OUTGOING
oidcc-client-test-userinfo-invalid-sub
Response to HTTP request to test instance 8SO1uqSnGAPOPtk
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://morph-oidc-client.strid.ninja/auth/cb?state=32cbacbf-b170-483c-b2d7-4cba9e54cf8a&code=Ml8xQynBBL]
outgoing_path
authorize
2020-08-10 19:27:07 INCOMING
oidcc-client-test-userinfo-invalid-sub
Incoming HTTP request to test instance 8SO1uqSnGAPOPtk
incoming_headers
{
  "host": "www.certification.openid.net",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-08-10 19:27:07 OUTGOING
oidcc-client-test-userinfo-invalid-sub
Response to HTTP request to test instance 8SO1uqSnGAPOPtk
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "267b8ab7-a47f-447f-9493-b39e8da6f3f2",
      "n": "iO6k_QzhxusgIKsZUAa52z60Ittoo11L0p1SRJz_yfSPxU93fbQvTQ8qJzBc720Ml2WJNOcqjq17fqy4ydz1mz4d6ah33gOCk77FI1AoV0Pne5ejdBfEW9qnxn07xLXC9E9O_L09rgQCtIfOPLZpUU0ylPGb_FXFICkes0D2QG7nnLQBMCMKXioEn2QBKp9MOInFUdWVaS-gjuRx4Z69UHTCXtgVDzMuf4m2PONOmF8nobnxeu6N4bcYHQ-xBASKDxSBLP9yZzcHxhaTNtCyQNsAUeamF1XSBc2KO7s0qp01JCw_tsc-MHn_myhPZaNRl-8bQE4S3H3oKtwRlpjdiw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "f92581ce-267b-4b9f-a4be-af51afbb61ef",
      "n": "liJAJ4br0jf10qNWgIqYCpqe13brkT2SzaLIc-qmEk_7_pQ7ZJhsEX5N2GPHrx0qVAaHDcp8eh0sFcy8mKH3eI48CJHoaEaad4aN1W2Fc8HIxU0ljD70HelXA4h5IHz8xRnaXW71aaxTTpHuywrK-wvJWA3iPI79V6J6Rml7Uq4uktAvhYVDkERObrpIXjwv3MlBaInpFkbQQX9PgEMkhCn7VHSBebhoLm9ZqZRMUbexdBes9-125I1UPydgcF5l2OHdisC9FL3MAk4qtzwPaHfxnKkuGZEwFH68olJ-Bw_t3x9vg97jhH2woAKEadFzpCR67IoYSjVJrpsYwrNDzQ"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "64d6a702-aa81-4017-8762-69aad1cb4813",
      "x": "yMq6ZepDqLa7C0KO8pNuAiKvkGOpDzK5NPdtPQctcZI",
      "y": "1DlRjprfNNc0pyYk95H2XehKQkPscEzDbSgLnxBGgg4"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "636a6f82-9d17-42b3-8d3d-6f7cf6acefc8",
      "x": "fYwIq_HH03nerJRsBS-yYsK2H4KwVmFMsA-051e-a6o",
      "y": "-F-43Mf_FY7A3dBW1KhcOq9yF4BNmtU1iwBWZA4tABc"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "f6b89142-08ea-4bde-b79a-f0b345a4558f",
      "x": "WTZgCeUOrLIPOAz9QLimSorqms0htBqZ3dCSxT99xT0",
      "y": "2YheHVYU-XmnsX15yCVHnBWb8TBgsGq7JlVSoV_OeVw"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "56556ee2-bc50-4754-ae4d-b6a956e20573",
      "x": "0KH4aVvw4KfQPmEmAAPs0LPhDBb9IrVvOvwfggGohBU"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "851630e8-258c-4936-b434-0ea7b92df968",
      "alg": "RSA-OAEP",
      "n": "m3ZNy6xDj5lzdeSGh-ds8i2PH8owjj6XVMKuY5tE9GGQAUJY2IVfqsDNyz4TlTptajRqiSuhvcplGhP9N3ZiNGvtrEALkunp9rquOx1B4ifqsByqfq4IjDIG718shsox5UDcIR6h1hzdMVnZsHkNll5wqlx_8RspLzP7ctAPzJI8BQ0tXiMeCvS2bzohP4Z_J5D8NgnmLMEFxJq3OmgbuC0VjPZFqgnpc5Ny86odSb5CyHdC7W1mEMj-0XznfkaBMHrO1ERGs8A99_xg1LgG7PIzjWJKFPqs-d_XGyGaRuxQx7JPx9GzV0W6ts5T0Fr0-S_UDpeOYZOaZR-FRhFdZQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "d24c0630-8ff2-4e69-93d7-1652adf42716",
      "x": "zGs-MxS388IvvStGWmPJBPUfzznWAJYD4M4iU5NZxl0",
      "y": "_lGty-AeYFSJDU2XnRETBAEAACi3MGHfYbyPyLKdloM",
      "alg": "ECDH-ES"
    }
  ]
}
outgoing_path
jwks
2020-08-10 19:27:07 INCOMING
oidcc-client-test-userinfo-invalid-sub
Incoming HTTP request to test instance 8SO1uqSnGAPOPtk
incoming_headers
{
  "host": "www.certification.openid.net",
  "authorization": "Basic Y2xpZW50X21RU1RzYlZLTXBqb0JZQTc3OTMzJTJBJTNBJTVDJTNGJTI4OnNlY3JldF9MV0Z4ZU9yVmV5alJlb1BOeVdQc3RhQmZFQktIV0hSd3hOWnREQUlIc2xpeVR0amRZbzI0NjMyMjQwMDMlM0UlMkMlMjElM0UlM0M\u003d",
  "content-type": "application/x-www-form-urlencoded",
  "accept": "application/json",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "257",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "scope": "openid",
  "code": "Ml8xQynBBL",
  "client_id": "client_mQSTsbVKMpjoBYA77933*:\\?(",
  "client_secret": "secret_LWFxeOrVeyjReoPNyWPstaBfEBKHWHRwxNZtDAIHsliyTtjdYo2463224003\u003e,!\u003e\u003c",
  "redirect_uri": "https://morph-oidc-client.strid.ninja/auth/cb"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&scope=openid&code=Ml8xQynBBL&client_id=client_mQSTsbVKMpjoBYA77933*%3A%5C%3F%28&client_secret=secret_LWFxeOrVeyjReoPNyWPstaBfEBKHWHRwxNZtDAIHsliyTtjdYo2463224003%3E%2C%21%3E%3C&redirect_uri=https%3A%2F%2Fmorph-oidc-client.strid.ninja%2Fauth%2Fcb
Token endpoint
2020-08-10 19:27:07 SUCCESS
ExtractClientCredentialsFromBasicAuthorizationHeader
Extracted client authentication
client_id
client_mQSTsbVKMpjoBYA77933*:\?(
client_secret
secret_LWFxeOrVeyjReoPNyWPstaBfEBKHWHRwxNZtDAIHsliyTtjdYo2463224003>,!><
method
client_secret_basic
2020-08-10 19:27:07 SUCCESS
ValidateClientIdAndSecret
Client id and secret match
2020-08-10 19:27:07 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
Ml8xQynBBL
2020-08-10 19:27:07 SUCCESS
ValidateRedirectUriForTokenEndpointRequest
redirect_uri is the same as the one used in the authorization request
actual
https://morph-oidc-client.strid.ninja/auth/cb
2020-08-10 19:27:07 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
fqIAxT8g2uiEShiHcBPMKjVVXjZvHmsaDfzgy1STpul2Qgf86E
2020-08-10 19:27:07 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
KO5zWBwJKjdtAw3S0k0PCA
2020-08-10 19:27:07 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/morph_oidc_client_basic/
sub
user-subject-1234531
aud
client_mQSTsbVKMpjoBYA77933*:\?(
nonce
314d9cc9-aedc-49d4-b100-31990b75991d
iat
1597087627
exp
1597087927
2020-08-10 19:27:07 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
KO5zWBwJKjdtAw3S0k0PCA
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/morph_oidc_client_basic/",
  "sub": "user-subject-1234531",
  "aud": "client_mQSTsbVKMpjoBYA77933*:\\?(",
  "nonce": "314d9cc9-aedc-49d4-b100-31990b75991d",
  "iat": 1597087627,
  "exp": 1597087927,
  "at_hash": "KO5zWBwJKjdtAw3S0k0PCA"
}
2020-08-10 19:27:07 SUCCESS
OIDCCSignIdToken
Signed the ID token
id_token
eyJraWQiOiIyNjdiOGFiNy1hNDdmLTQ0N2YtOTQ5My1iMzllOGRhNmYzZjIiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiS081eldCd0pLamR0QXczUzBrMFBDQSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X21RU1RzYlZLTXBqb0JZQTc3OTMzKjpcXD8oIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL21vcnBoX29pZGNfY2xpZW50X2Jhc2ljXC8iLCJleHAiOjE1OTcwODc5MjcsIm5vbmNlIjoiMzE0ZDljYzktYWVkYy00OWQ0LWIxMDAtMzE5OTBiNzU5OTFkIiwiaWF0IjoxNTk3MDg3NjI3fQ.Z6oRwnwa7fNrqGA9yHZmg-DENlaUYocxCW3kMSsRZEINNxA0HiRBAbHvMkHY8XBfyYN7fpI2HjPNvGoalfz-apiAkh6PPZs_DMyxtqMm3oEkgjACdRLoEWCGuRUHCnP4YF0JxWctJEU35-UOCIGfN_5xWB8O30ApEQWMEr6taNkEIrJQhZ6BS140dYy-9jBoZGuwDVp4aPjQsAI7RQQTKQaD5AvdxepaJb7cY4RhivrFVGmIwqnjX4__6aZO3cjbCoTvOxAilJcxzIwwDMJavbtq7tfw0DqZxDEMW0VQnDDa5ccxPsyEUOfvdN8S01nUnK_m2ELxl6Fq8HGPDeOoPw
key
{"p":"zPQ2NWOiogeI7fysR6apYkBBBi7F55eQZd_u5DBAowKL1e6qKE51kmaA1xv-z6S-fvMkLJBLhCaRmodBEcodL3ZMDLmY7JrBt2I0KrVJOwJZHRQcY6sBnenObQyHs85WhpX6WTf21sJxaGEPs7Z-c-fDKC6iEwBmOHgToATUJus","kty":"RSA","q":"qwlkKpOm81OQ1oSpWob4x3hrMG4cuDXw4YS5eAZGs-uYgSeaOci_qs21dSqXJP2tb4JcI4jSAcxS8g_rgeBUI04et7MNHuchwSaP1Z1J4iTFnSOKkJ0ZVw-Vx1S2a7z04DP6afnaD7b8McpFJ-06DbEdT6TLQe6_N-0O7Svfu-E","d":"Hiw_zMbO5U8gKDKrhDfHMmlxthCU0RKYx5ME8ruJnY23NGobUWan2ZoS1snQYK2tzZqBDlg1x3SwtqwGl-yJbijU3IzTxOcPGdE6jVp3WStMUa6LROSLzxWyTImB5wmKKN1k8Uod0j9t_SvDpRsov9J759gJYCPiKQEGk8cnu_ChXPR_0xAPuZoWFslh4utAc951OKgkuKZFXYoZ2DZyyA0iZr6s-_pH9iouOii3PvvWSEl2pyAxWE2qktkFuZw33crjHZtVkgjEkmWkmoh7V01mQRhx7NDyrm5zjY5sXhdfmf-J_55sm5gureJxKnS8Wl52YmJvV2JcGgSUCQPYwQ","e":"AQAB","use":"sig","kid":"267b8ab7-a47f-447f-9493-b39e8da6f3f2","qi":"AQ6E_xxvVaLAmhErT7yVImi0_eoUgmiRzllSyPfDP2Nv7nP0-KlEFrfMdxeBlo_llEAVNYmX1jyK3hbMb7-TWmI1NgdLlurd0CfQgV-L8DrFc4DYANzCDF-kIukvtaCW-1IkYJLhYwgC6CkV9FeM-RRv3eqTWyglvGFZeygZEqg","dp":"wYYO8Zak6A3pU550JivOYMF_JJFhuW45oJg0AC83uTQcSeLTtL9w8M3s9jCvB-3tGf4HuDR_ucaZUapI3L1VlY1D_ff519_A7qHB1FndTeTHtFda_xlnq24rxnhAYp2AwhA3larsXpi3cPHFW9ID0PmUIwr1aq_D1ao8DarBkAU","dq":"lWF7abBR1R18V8-_9gACUn066S6SyNTb0KvSLSEWKVgwd0U2bxeFR1GpFW8gWT9ydfzeKm76NHXXT_FVmLZr5fX54Cly4TWvhnn-j-xzNh81tTvwbsO2-RH0mAbF2K1NFnBvWpXMvYLtGzN1WRzZYlH5rrDYkXpK6jaSndR-8SE","n":"iO6k_QzhxusgIKsZUAa52z60Ittoo11L0p1SRJz_yfSPxU93fbQvTQ8qJzBc720Ml2WJNOcqjq17fqy4ydz1mz4d6ah33gOCk77FI1AoV0Pne5ejdBfEW9qnxn07xLXC9E9O_L09rgQCtIfOPLZpUU0ylPGb_FXFICkes0D2QG7nnLQBMCMKXioEn2QBKp9MOInFUdWVaS-gjuRx4Z69UHTCXtgVDzMuf4m2PONOmF8nobnxeu6N4bcYHQ-xBASKDxSBLP9yZzcHxhaTNtCyQNsAUeamF1XSBc2KO7s0qp01JCw_tsc-MHn_myhPZaNRl-8bQE4S3H3oKtwRlpjdiw"}
algorithm
RS256
2020-08-10 19:27:07 INFO
EncryptIdToken
Skipped evaluation due to missing required element: client id_token_encrypted_response_alg
path
id_token_encrypted_response_alg
mapped
object
client
2020-08-10 19:27:07 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
fqIAxT8g2uiEShiHcBPMKjVVXjZvHmsaDfzgy1STpul2Qgf86E
token_type
Bearer
id_token
eyJraWQiOiIyNjdiOGFiNy1hNDdmLTQ0N2YtOTQ5My1iMzllOGRhNmYzZjIiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiS081eldCd0pLamR0QXczUzBrMFBDQSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X21RU1RzYlZLTXBqb0JZQTc3OTMzKjpcXD8oIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL21vcnBoX29pZGNfY2xpZW50X2Jhc2ljXC8iLCJleHAiOjE1OTcwODc5MjcsIm5vbmNlIjoiMzE0ZDljYzktYWVkYy00OWQ0LWIxMDAtMzE5OTBiNzU5OTFkIiwiaWF0IjoxNTk3MDg3NjI3fQ.Z6oRwnwa7fNrqGA9yHZmg-DENlaUYocxCW3kMSsRZEINNxA0HiRBAbHvMkHY8XBfyYN7fpI2HjPNvGoalfz-apiAkh6PPZs_DMyxtqMm3oEkgjACdRLoEWCGuRUHCnP4YF0JxWctJEU35-UOCIGfN_5xWB8O30ApEQWMEr6taNkEIrJQhZ6BS140dYy-9jBoZGuwDVp4aPjQsAI7RQQTKQaD5AvdxepaJb7cY4RhivrFVGmIwqnjX4__6aZO3cjbCoTvOxAilJcxzIwwDMJavbtq7tfw0DqZxDEMW0VQnDDa5ccxPsyEUOfvdN8S01nUnK_m2ELxl6Fq8HGPDeOoPw
scope
openid profile email
2020-08-10 19:27:07 OUTGOING
oidcc-client-test-userinfo-invalid-sub
Response to HTTP request to test instance 8SO1uqSnGAPOPtk
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "fqIAxT8g2uiEShiHcBPMKjVVXjZvHmsaDfzgy1STpul2Qgf86E",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiIyNjdiOGFiNy1hNDdmLTQ0N2YtOTQ5My1iMzllOGRhNmYzZjIiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiS081eldCd0pLamR0QXczUzBrMFBDQSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X21RU1RzYlZLTXBqb0JZQTc3OTMzKjpcXD8oIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL21vcnBoX29pZGNfY2xpZW50X2Jhc2ljXC8iLCJleHAiOjE1OTcwODc5MjcsIm5vbmNlIjoiMzE0ZDljYzktYWVkYy00OWQ0LWIxMDAtMzE5OTBiNzU5OTFkIiwiaWF0IjoxNTk3MDg3NjI3fQ.Z6oRwnwa7fNrqGA9yHZmg-DENlaUYocxCW3kMSsRZEINNxA0HiRBAbHvMkHY8XBfyYN7fpI2HjPNvGoalfz-apiAkh6PPZs_DMyxtqMm3oEkgjACdRLoEWCGuRUHCnP4YF0JxWctJEU35-UOCIGfN_5xWB8O30ApEQWMEr6taNkEIrJQhZ6BS140dYy-9jBoZGuwDVp4aPjQsAI7RQQTKQaD5AvdxepaJb7cY4RhivrFVGmIwqnjX4__6aZO3cjbCoTvOxAilJcxzIwwDMJavbtq7tfw0DqZxDEMW0VQnDDa5ccxPsyEUOfvdN8S01nUnK_m2ELxl6Fq8HGPDeOoPw",
  "scope": "openid profile email"
}
outgoing_path
token
2020-08-10 19:27:08 INCOMING
oidcc-client-test-userinfo-invalid-sub
Incoming HTTP request to test instance 8SO1uqSnGAPOPtk
incoming_headers
{
  "host": "www.certification.openid.net",
  "authorization": "Bearer fqIAxT8g2uiEShiHcBPMKjVVXjZvHmsaDfzgy1STpul2Qgf86E",
  "accept": "application/json",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
userinfo
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Userinfo endpoint
2020-08-10 19:27:08 SUCCESS
OIDCCExtractBearerAccessTokenFromRequest
Found access token on incoming request
access_token
fqIAxT8g2uiEShiHcBPMKjVVXjZvHmsaDfzgy1STpul2Qgf86E
2020-08-10 19:27:08 SUCCESS
RequireBearerAccessToken
Found access token in request
actual
fqIAxT8g2uiEShiHcBPMKjVVXjZvHmsaDfzgy1STpul2Qgf86E
2020-08-10 19:27:08 SUCCESS
FilterUserInfoForScopes
User info endpoint output
sub
user-subject-1234531
website
https://openid.net/
zoneinfo
America/Los_Angeles
birthdate
2000-02-03
gender
female
preferred_username
d.tu
given_name
Demo
middle_name
Theresa
locale
en-US
updated_at
1580000000
name
Demo T. User
nickname
Dee
family_name
User
email
user@example.com
email_verified
false
2020-08-10 19:27:08
ChangeSubInUserInfoResponseToBeInvalid
Added invalid sub to userinfo endpoint output
sub
user-subject-1234531invalid
website
https://openid.net/
zoneinfo
America/Los_Angeles
birthdate
2000-02-03
gender
female
preferred_username
d.tu
given_name
Demo
middle_name
Theresa
locale
en-US
updated_at
1580000000
name
Demo T. User
nickname
Dee
family_name
User
email
user@example.com
email_verified
false
2020-08-10 19:27:08
ClearAccessTokenFromRequest
Condition ran but did not log anything
2020-08-10 19:27:08 INFO
AddIssAndAudToUserInfoResponse
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2020-08-10 19:27:08 INFO
SignUserInfoResponse
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2020-08-10 19:27:08 INFO
EncryptUserInfoResponse
Skipped evaluation due to missing required element: client userinfo_encrypted_response_alg
path
userinfo_encrypted_response_alg
mapped
object
client
2020-08-10 19:27:08 OUTGOING
oidcc-client-test-userinfo-invalid-sub
Response to HTTP request to test instance 8SO1uqSnGAPOPtk
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "sub": "user-subject-1234531invalid",
  "website": "https://openid.net/",
  "zoneinfo": "America/Los_Angeles",
  "birthdate": "2000-02-03",
  "gender": "female",
  "preferred_username": "d.tu",
  "given_name": "Demo",
  "middle_name": "Theresa",
  "locale": "en-US",
  "updated_at": "1580000000",
  "name": "Demo T. User",
  "nickname": "Dee",
  "family_name": "User",
  "email": "user@example.com",
  "email_verified": false
}
outgoing_path
userinfo
2020-08-10 19:27:08 FINISHED
oidcc-client-test-userinfo-invalid-sub
Test has run to completion
testmodule_result
PASSED
2020-08-10 19:27:28
TEST-RUNNER
Alias has now been claimed by another test
alias
morph_oidc_client_basic
new_test_id
LnZJvlnB3DWbkIj
Test Results