Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-08-10 19:45:24 INFO
TEST-RUNNER
Test instance mBDaIKJ5fhU5Eta created
baseUrl
https://www.certification.openid.net/test/a/morph_oidc_client
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code",
  "request_type": "plain_http_request",
  "response_mode": "form_post",
  "client_registration": "dynamic_client"
}
alias
morph_oidc_client
description
Testing morph oidc client with Form Post
planId
rlvHwXvRR0jje
config
{
  "alias": "morph_oidc_client",
  "description": "Testing morph oidc client with Form Post",
  "publish": "everything"
}
testName
oidcc-client-test-nonce-invalid
2020-08-10 19:45:24 SUCCESS
OIDCCGenerateServerConfiguration
Generated default server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/morph_oidc_client/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/morph_oidc_client/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2020-08-10 19:45:24
SetTokenEndpointAuthMethodsSupportedToClientSecretBasicOnly
Changed token_endpoint_auth_methods_supported to client_secret_basic only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/morph_oidc_client/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/morph_oidc_client/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2020-08-10 19:45:24
OIDCCGenerateServerJWKs
Generated server public private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "07zvbvqgPnd7KZnsDQksfxfGJJK_91YCfTI1ldtE99aF5BZH-CcqcTcy62kUFh-2tooHhLH_vi5y9ly5QfeK90aBMVmaaiw2odLQdmHwluOA-FcB2qJXIDsOn-n7XB3f7sZpeUJ9dRrOEZlC94cdUiTJIRs30pqY36G9enPSx60",
      "kty": "RSA",
      "q": "vU0OnHRYaL1aTUBSzQVNjPsKDZB7De_0XfbnNbXdvDsUohIm8h7r85wsyqSFQyKVKJnJdWiDnBNGkyRM0K2hjmkeBcU33U0UCx3k_u5zTft4LoiEti_zrR-Qd3ceiFgSbxZQpl6FnLMeCCKa9ayxjpmc0E-SAYz4AMRBeQSL8q8",
      "d": "dmRK4Cy0Ko6y2GYx0YBuD-3B8zcCee2Zoes7tdPJNywufAYiHkXQlBdUy1ZiJOllSRNMQa1FukMcwZfCxo8G_M4xFEeNzGZaefOj40d5e_2mVhG4I_3HC2pkVYWoTmqP_GujHWRIHObQLhSc-uYH3sMqnbiKz5LDfslr1jy-tjn--Ne3vHNzLKqCNfXo2jKukgz0lVG6hMpi4zSPpD0K9AsdaXXmWm5zWvxKI3cedxp_eoe-uLGSt1BiHFh6fSdYaTU9i3H15Znpm5EjU-tTPVYQkOmYxKzfpFxOhdpJOn9k0fb1V8XBgXDODumnPzeDYMWgrZKETzesGrTo6amGIQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "e07b43e3-d8d3-4879-baab-ada2398ba5d5",
      "qi": "OsZvaWXV71BmnzOPatgS_T8eh0kvYHCkeHnFRbGtWAxbyaWh8xguUHFjEqhCeQxmjCEeaX-dO3uwBlmq8ZrFVRQ9MOk8RNsvvzxA8BeMq3r5TKCX7h__Liy0HCM4kZ3Os3OsjRv8gvt0tzNV3u0i8wbN-yFvDt9vmRSfmgZCwek",
      "dp": "FOP1M5vip4ceTbJ0Ca04CKoN0Jnx-rMvt652fvyNR26Q8zoHi8JBe74YdgV-B9jFLCleKIdvVhI7IXdwh8OmoFMCeB4BECygj0K_co6jMB_uH5JmCm4t7m4lOT3aoPIJoANPcLlQq3cjkbTvWICqMeqTNYL79Plvz9CjYyt-Rlk",
      "dq": "plOBZgh38beGE2BUIF3rcNbWU2rCJFHUhYc-SZv9Mrk6fNi0LYLr0IVFeduqV32YTy8oqqdlFAp_tSNs9uHIlKdZwLozRpfF56qhnTkISNmOFFzRNn7VfSTBu6YHRscTk1WpETT18uQSnBVD0F6nN-NSvFldsU0aTxohaOKM0HM",
      "n": "nJI4rq_eZbhzF0sKZGUVY3keUYBz9-Z6cwnC9yyQ8vKo8h4I_Z-UBb51wR3jFo_pcr9UhMqfhQ5647GVfd7iaLU_zQwOu5rIzzQqBiI-TDPWB-9glwoULHmqVCbrNoEjeVWGFzj_aCi7u4Eu7JzPEqzBAGivGl_vj1OjgimPJsD6inNVaN8R3zaJGc6aABJnLr9zjKBVNnNfZP4QB3qaCdL79qa_NnhTzm73c6mZoyFmnXVR941PL4lGShfGgjiD3ti3Il960f_ELHYOlKKABBIqHK4aiOIfX68Jq35vrLqXpPSD1yABSkQ1AhnCL3uopNJvEVT8hPGzwcSIjMcJQw"
    },
    {
      "kty": "EC",
      "d": "G5SXmcO65AWp3kew2e2ZvUFfab_4jA9lbny8v4SoAJQ",
      "use": "sig",
      "crv": "P-256",
      "kid": "23bde9d3-7349-48b9-bd2a-45eb4975da8c",
      "x": "bmxVMTsNcvK9zuHET3H6WOckV9SBMk1rR5UTUJ5h86g",
      "y": "a-ZkPfa29fXQUl8SAFwD32jPhv8fvFELTUK_wz4XhhI"
    },
    {
      "kty": "EC",
      "d": "ScjnQpWwokMYo8xSi_18STs1Vc1rGoVO7vFGFvl6v5c",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "60efb2fa-d6ba-4088-bcc6-28079f2a5c9b",
      "x": "tCMj_q7-SEbxCAEMr7hLMwp0iUYeEWAezaPkrZhc45Q",
      "y": "q-MBn5xmQA3tsYR4sr7IfVeVNYwxRSZPXeZT-zYme6A"
    },
    {
      "kty": "OKP",
      "d": "32lvEPah0W_Yg_2p_X5S61tiIzljowx9HuXIBlz7Jd8",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "9358b71e-8e1d-4b17-9ed0-a74a1c5295ae",
      "x": "m307JPM7ZYo6yrb5VvTddMwGqqc2jbmWDqkzRIR-0_0"
    }
  ]
}
server_encryption_keys
{
  "keys": [
    {
      "p": "whRLZe4nON0R8AHgrKgu6Dau6ockYlwdwhvFdN7StHEWmBq8GooY6FKq8H6L4-0vsWFDe0BLNy5DwWL3pWowyiDRKbV4dxXZkU3VuvWfkD6wFVrp20B7vmlKKeXi_P7mzUksE2x72aJ-DrUPzxjaq-0K_rckdlTqU5pvM_eta78",
      "kty": "RSA",
      "q": "rir-iN-q_6Rh38NTK8ASxIppMH_kplXQxwr93iUpDkkYEqO0S9JyFNnU4aSFx7xtsAtFajz3e-mtaPSu1K-YOro1-5pQ3XW_495_axub_BoutNNcMfZyLNYpGIJzZt1yfP0oOTdF_YZSpNsiwGKpZodHMtCW_n_xI4q8xut9Ybc",
      "d": "Aw3qd5Pz2nJeDDtHpQsOzo1w26-W7wIMN4JrVDIOIs0LM-J5eW1OFKILbGGkLp1cMu1qugyIAW2n6On4YfYhLrTzzUGSw-67TQ4faJIbTNC37EGPO4ZP9tZ26iFjnqnwcpbE4pt3B329GIOiOTU_d10c3lymzMqluQcAd-ta-aihI5gis8ssj_rCoQv1Y10H4z9jPggnRUcHTL3WPcvg3UG-EzDfmZ7YjQE-axKzO6bWsz-bwOn3R7yQ0FKA8dbQv_8lQhROVVSWGuEYVnYhM3Ul60cGmbLTlWg7NvscX1Zn9ziH6IUGlHrzlFN7Iu69RumAUzD3Tn-qp78HWVGqcQ",
      "e": "AQAB",
      "use": "enc",
      "kid": "49e7e5ee-fd96-4dde-a061-82f656300eb7",
      "qi": "b64sWXS71geyfWUkaygZ1gX6nmmh5WeKmDsxC8M6UpH0Y4Er2kIdzHdPTrXyzCP5e8zUACNoPkkuFntwzHhh9FjoHXrqM0Pf7mbJ9bhQ2ctuzMfBiI99MWI_iohzQYm7mYzuxs7BmD6cG9NtD57v99tdTOsnD9WVnr_GCx8DRU4",
      "dp": "aaupHdecjW54zMgI75km6RKVDGcGnXNwVHbQfQCxksOcPLcZwg184EnaftU4D6Ld--NsXZg1G9dZ1tqu4ea-p99UYzRGYfiInH_XplMETQKE1yvH9rPWbGdhlQxxGbUkL5PupqjDikzZ--IDuIvczA1llihbdv5nE5wbfh0V1Hs",
      "alg": "RSA-OAEP",
      "dq": "cRAYDGKmby4XG1uBMnWNuWjgwEtF83TiA1RvWTZmYI-ywObktBP5Wu_N8m0LK4525kFq3nyVbCtWFzxAAnG7MOSRBrQ2qo019IcL0EwsBow4pcpPn1-M3u5n3zFQGQbIu7rb0ci_9sSsAbj_5kQmFBjdb29Zlf0YXSpDQh69ViE",
      "n": "hApji43APH24KhpSdfyY7SD_g8pnyMchXE7VNkVKcgO3NPgfuuWS5wdwiUxsHfsSSTkEo1YhbbSTAlgHayWuaQ6buqjeey_UDxm-716K9ovx-ti8owwSboKo90UxUVGUsNa1QZQz1ZNZipfEBqpUiTdtVgpUAD6RK1oWyJUXIxAYeZf_rbdDK43rboFCVxpfH4lUAYeQtFiuQ1MGoF-AuUWFE16iOSgQD8HrLr2gk6yjS9O0RM_nZD5Czxd-Nh02o59WJtjvgJwQcGtOhSc6NXetNTAUF2xyYTErTxAIaVBkN42RCejdfi6ZxhNmAuzN1g6EupwhqMdle-pOtA5kiQ"
    },
    {
      "kty": "EC",
      "d": "b4KJJ3RfGGjbBLbdyffFX-Mcy6TatdEp0C5ej_mqUfU",
      "use": "enc",
      "crv": "P-256",
      "kid": "82a8b90c-04b9-44c7-9bbe-12e2e227145e",
      "x": "a_1MmxffrJypT_3UzKcdLAEli9wN-3t1nNdE8EeT2zU",
      "y": "KBa6pQB-ZrH0ZJmVStoKNkxqDWzfW9QOSPrl3JKiAi0",
      "alg": "ECDH-ES"
    }
  ]
}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "e07b43e3-d8d3-4879-baab-ada2398ba5d5",
      "n": "nJI4rq_eZbhzF0sKZGUVY3keUYBz9-Z6cwnC9yyQ8vKo8h4I_Z-UBb51wR3jFo_pcr9UhMqfhQ5647GVfd7iaLU_zQwOu5rIzzQqBiI-TDPWB-9glwoULHmqVCbrNoEjeVWGFzj_aCi7u4Eu7JzPEqzBAGivGl_vj1OjgimPJsD6inNVaN8R3zaJGc6aABJnLr9zjKBVNnNfZP4QB3qaCdL79qa_NnhTzm73c6mZoyFmnXVR941PL4lGShfGgjiD3ti3Il960f_ELHYOlKKABBIqHK4aiOIfX68Jq35vrLqXpPSD1yABSkQ1AhnCL3uopNJvEVT8hPGzwcSIjMcJQw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "d7a10d4d-e059-43c5-801a-d2a2a70dfe53",
      "n": "rw4AJvCBLQQyybDOUt5pXTiRNWvIJ7VQEQjVf7pgpaNaLY_-3rsl1UPfhVNB99HRU2vw-EmjSNIhPaBe_cmFTSMJNwc2BOsdffXKoOY1PDHaYZcSMXTwiTSqbYEEaCXewPDdnT4WKpCuMy4F6EEKR6nzvCfK7GTBpHjsZl0z_2PvymNjwtRvj5Z5O_yvlVpj0QvHUCDt4UEABzdTl-Uqsbnaj9G62A5Gc6Nja8HTVPonhmAusMk3CCj1KxGctBtNF-9drXGg1rHOoV1KRKFTArRS68U0X3tWfCtd2urKuQY7b3yKzVhFWHntszzNzO2Ccr9JLTagMK-5ylKqUxCuVQ"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "23bde9d3-7349-48b9-bd2a-45eb4975da8c",
      "x": "bmxVMTsNcvK9zuHET3H6WOckV9SBMk1rR5UTUJ5h86g",
      "y": "a-ZkPfa29fXQUl8SAFwD32jPhv8fvFELTUK_wz4XhhI"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "1823a8aa-9206-47e3-a582-08c7389fd153",
      "x": "hPjsjK1BF3nhNZ25un2-HsQH_3JgoyyJh-wXR8l72kg",
      "y": "LjNueJrN1aTb_NOkfINb217o2pgFY05ELiq5V3s_rKI"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "60efb2fa-d6ba-4088-bcc6-28079f2a5c9b",
      "x": "tCMj_q7-SEbxCAEMr7hLMwp0iUYeEWAezaPkrZhc45Q",
      "y": "q-MBn5xmQA3tsYR4sr7IfVeVNYwxRSZPXeZT-zYme6A"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "9358b71e-8e1d-4b17-9ed0-a74a1c5295ae",
      "x": "m307JPM7ZYo6yrb5VvTddMwGqqc2jbmWDqkzRIR-0_0"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "49e7e5ee-fd96-4dde-a061-82f656300eb7",
      "alg": "RSA-OAEP",
      "n": "hApji43APH24KhpSdfyY7SD_g8pnyMchXE7VNkVKcgO3NPgfuuWS5wdwiUxsHfsSSTkEo1YhbbSTAlgHayWuaQ6buqjeey_UDxm-716K9ovx-ti8owwSboKo90UxUVGUsNa1QZQz1ZNZipfEBqpUiTdtVgpUAD6RK1oWyJUXIxAYeZf_rbdDK43rboFCVxpfH4lUAYeQtFiuQ1MGoF-AuUWFE16iOSgQD8HrLr2gk6yjS9O0RM_nZD5Czxd-Nh02o59WJtjvgJwQcGtOhSc6NXetNTAUF2xyYTErTxAIaVBkN42RCejdfi6ZxhNmAuzN1g6EupwhqMdle-pOtA5kiQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "82a8b90c-04b9-44c7-9bbe-12e2e227145e",
      "x": "a_1MmxffrJypT_3UzKcdLAEli9wN-3t1nNdE8EeT2zU",
      "y": "KBa6pQB-ZrH0ZJmVStoKNkxqDWzfW9QOSPrl3JKiAi0",
      "alg": "ECDH-ES"
    }
  ]
}
2020-08-10 19:45:24 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2020-08-10 19:45:24 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-08-10 19:45:24 SUCCESS
OIDCCLoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "given_name": "Demo",
  "family_name": "User",
  "middle_name": "Theresa",
  "nickname": "Dee",
  "preferred_username": "d.tu",
  "gender": "female",
  "birthdate": "2000-02-03",
  "address": {
    "street_address": "100 Universal City Plaza",
    "locality": "Hollywood",
    "region": "CA",
    "postal_code": "91608",
    "country": "USA"
  },
  "zoneinfo": "America/Los_Angeles",
  "locale": "en-US",
  "phone_number": "+1 555 5550000",
  "phone_number_verified": false,
  "email": "user@example.com",
  "email_verified": false,
  "website": "https://openid.net/",
  "updated_at": "1580000000"
}
2020-08-10 19:45:24 SUCCESS
GetDynamicClientConfiguration
No client details on configuration, created an empty dynamic_client_registration_template object.
2020-08-10 19:45:24
oidcc-client-test-nonce-invalid
Setup Done
2020-08-10 19:46:01 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance mBDaIKJ5fhU5Eta
incoming_headers
{
  "host": "www.certification.openid.net",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-08-10 19:46:01 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance mBDaIKJ5fhU5Eta
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/morph_oidc_client/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/morph_oidc_client/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/morph_oidc_client/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
outgoing_path
.well-known/openid-configuration
2020-08-10 19:46:01 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance mBDaIKJ5fhU5Eta
incoming_headers
{
  "host": "www.certification.openid.net",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "337",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
register
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
{"redirect_uris":["https://morph-oidc-client.strid.ninja/auth/cb","https://www.certification.openid.net/test/a/morph_oidc_client/callback"],"response_types":["code"],"grant_types":["authorization_code"],"contacts":["ulrik.strid@outlook.com"],"client_name":"form_post_morph_oidc_client","token_endpoint_auth_method":"client_secret_basic"}
Registration endpoint
2020-08-10 19:46:01 SUCCESS
OIDCCExtractDynamicRegistrationRequest
Extracted dynamic client registration request
request
{
  "redirect_uris": [
    "https://morph-oidc-client.strid.ninja/auth/cb",
    "https://www.certification.openid.net/test/a/morph_oidc_client/callback"
  ],
  "response_types": [
    "code"
  ],
  "grant_types": [
    "authorization_code"
  ],
  "contacts": [
    "ulrik.strid@outlook.com"
  ],
  "client_name": "form_post_morph_oidc_client",
  "token_endpoint_auth_method": "client_secret_basic"
}
2020-08-10 19:46:01 SUCCESS
EnsureRegistrationRequestContainsAtLeastOneContact
Registration request contains valid contacts
contacts
[
  "ulrik.strid@outlook.com"
]
2020-08-10 19:46:01 SUCCESS
ValidateClientGrantTypes
grant_types match response_types
grant_types
[
  "authorization_code"
]
response_types
[
  "code"
]
2020-08-10 19:46:01 SUCCESS
OIDCCValidateClientRedirectUris
Valid redirect_uri(s) provided in registration request
redirect_uris
[
  "https://morph-oidc-client.strid.ninja/auth/cb",
  "https://www.certification.openid.net/test/a/morph_oidc_client/callback"
]
2020-08-10 19:46:01 SUCCESS
ValidateClientLogoUris
Client does not contain any logo_uri
2020-08-10 19:46:01 SUCCESS
ValidateClientUris
Client does not contain any client_uri
2020-08-10 19:46:01 SUCCESS
ValidateClientPolicyUris
Client does not contain any policy_uri
2020-08-10 19:46:01 SUCCESS
ValidateClientTosUris
Client does not contain any tos_uri
2020-08-10 19:46:01 SUCCESS
ValidateClientSubjectType
A subject_type was not provided
2020-08-10 19:46:01 INFO
ValidateIdTokenSignedResponseAlg
Skipped evaluation due to missing required element: client id_token_signed_response_alg
path
id_token_signed_response_alg
mapped
object
client
2020-08-10 19:46:01 SUCCESS
EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet
id_token_encrypted_response_enc is not set
2020-08-10 19:46:01 INFO
ValidateUserinfoSignedResponseAlg
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2020-08-10 19:46:01 SUCCESS
EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet
userinfo_encrypted_response_enc is not set
2020-08-10 19:46:01 INFO
ValidateRequestObjectSigningAlg
Skipped evaluation due to missing required element: client request_object_signing_alg
path
request_object_signing_alg
mapped
object
client
2020-08-10 19:46:01 SUCCESS
EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet
request_object_encryption_enc is not set
2020-08-10 19:46:01 INFO
ValidateTokenEndpointAuthSigningAlg
Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg
path
token_endpoint_auth_signing_alg
mapped
object
client
2020-08-10 19:46:01 SUCCESS
ValidateDefaultMaxAge
default_max_age is not set
2020-08-10 19:46:01 INFO
ValidateRequireAuthTime
Skipped evaluation due to missing required element: client require_auth_time
path
require_auth_time
mapped
object
client
2020-08-10 19:46:01 INFO
ValidateDefaultAcrValues
Skipped evaluation due to missing required element: client default_acr_values
path
default_acr_values
mapped
object
client
2020-08-10 19:46:01 INFO
ValidateInitiateLoginUri
Skipped evaluation due to missing required element: client initiate_login_uri
path
initiate_login_uri
mapped
object
client
2020-08-10 19:46:01 INFO
ValidateRequestUris
Skipped evaluation due to missing required element: client request_uris
path
request_uris
mapped
object
client
2020-08-10 19:46:01 SUCCESS
ValidateClientRegistrationRequestSectorIdentifierUri
A sector_identifier_uri was not provided
2020-08-10 19:46:01 SUCCESS
OIDCCRegisterClient
Registered client
client
{
  "redirect_uris": [
    "https://morph-oidc-client.strid.ninja/auth/cb",
    "https://www.certification.openid.net/test/a/morph_oidc_client/callback"
  ],
  "response_types": [
    "code"
  ],
  "grant_types": [
    "authorization_code"
  ],
  "contacts": [
    "ulrik.strid@outlook.com"
  ],
  "client_name": "form_post_morph_oidc_client",
  "token_endpoint_auth_method": "client_secret_basic",
  "client_id": "client_djONvPwzndRbFnf67448)*\u0026\\!"
}
2020-08-10 19:46:01
OIDCCCreateClientSecretForDynamicClient
Set the secret for registered client
client_secret
secret_qBkGOeiAdlMSWTOknvkASqkyNuDMOeAJcblARuuCEGYPUGFHwW6145619066#!/:(
2020-08-10 19:46:01 SUCCESS
EnsureTokenEndPointAuthMethodIsClientSecretBasic
token_endpoint_auth_method is 'client_secret_basic' as expected
2020-08-10 19:46:01 SUCCESS
EnsureClientDoesNotHaveBothJwksAndJwksUri
Client does not have both jwks and jwks_uri set
client
{
  "redirect_uris": [
    "https://morph-oidc-client.strid.ninja/auth/cb",
    "https://www.certification.openid.net/test/a/morph_oidc_client/callback"
  ],
  "response_types": [
    "code"
  ],
  "grant_types": [
    "authorization_code"
  ],
  "contacts": [
    "ulrik.strid@outlook.com"
  ],
  "client_name": "form_post_morph_oidc_client",
  "token_endpoint_auth_method": "client_secret_basic",
  "client_id": "client_djONvPwzndRbFnf67448)*\u0026\\!",
  "client_secret": "secret_qBkGOeiAdlMSWTOknvkASqkyNuDMOeAJcblARuuCEGYPUGFHwW6145619066#!/:("
}
2020-08-10 19:46:01 INFO
FetchClientKeys
Skipped evaluation due to missing required element: client jwks_uri
path
jwks_uri
mapped
object
client
2020-08-10 19:46:01 SUCCESS
OIDCCExtractServerSigningAlg
Using the default algorithm for the first key in server jwks
signing_algorithm
RS256
2020-08-10 19:46:01
SetClientIdTokenSignedResponseAlgToServerSigningAlg
Set id_token_signed_response_alg for the registered client
id_token_signed_response_alg
RS256
2020-08-10 19:46:01 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance mBDaIKJ5fhU5Eta
outgoing_status_code
201
outgoing_headers
{}
outgoing_body
{
  "redirect_uris": [
    "https://morph-oidc-client.strid.ninja/auth/cb",
    "https://www.certification.openid.net/test/a/morph_oidc_client/callback"
  ],
  "response_types": [
    "code"
  ],
  "grant_types": [
    "authorization_code"
  ],
  "contacts": [
    "ulrik.strid@outlook.com"
  ],
  "client_name": "form_post_morph_oidc_client",
  "token_endpoint_auth_method": "client_secret_basic",
  "client_id": "client_djONvPwzndRbFnf67448)*\u0026\\!",
  "client_secret": "secret_qBkGOeiAdlMSWTOknvkASqkyNuDMOeAJcblARuuCEGYPUGFHwW6145619066#!/:(",
  "id_token_signed_response_alg": "RS256"
}
outgoing_path
register
2020-08-10 19:46:02 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance mBDaIKJ5fhU5Eta
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/webp,*/*;q\u003d0.8",
  "accept-language": "en-US,en;q\u003d0.5",
  "accept-encoding": "gzip, deflate, br",
  "referer": "https://morph-oidc-client.strid.ninja/",
  "dnt": "1",
  "cookie": "expected_tab\u003dmicrosoftonline; welcome_info_name\u003dUlrik%20Strid; JSESSIONID\u003dCB87DB255579AE321C16855066F1AF5F",
  "upgrade-insecure-requests": "1",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "response_type": "code",
  "client_id": "client_djONvPwzndRbFnf67448)*\u0026\\!",
  "redirect_uri": "https://morph-oidc-client.strid.ninja/auth/cb",
  "scope": "openid profile email",
  "state": "edada4a1-6c24-42e9-88cb-80f5aa4542fb",
  "nonce": "0cbd5966-0fe0-4746-af08-b711a7e11448"
}
incoming_body
Authorization endpoint
2020-08-10 19:46:02 SUCCESS
EnsureRequestDoesNotContainRequestObject
Request does not contain a request parameter
2020-08-10 19:46:02 SUCCESS
OIDCCEnsureAuthorizationHttpRequestContainsOpenIDScope
Found 'openid' in scope http request parameter
actual
[
  "openid",
  "profile",
  "email"
]
expected
openid
2020-08-10 19:46:02 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "response_type": "code",
  "client_id": "client_djONvPwzndRbFnf67448)*\u0026\\!",
  "redirect_uri": "https://morph-oidc-client.strid.ninja/auth/cb",
  "scope": "openid profile email",
  "state": "edada4a1-6c24-42e9-88cb-80f5aa4542fb",
  "nonce": "0cbd5966-0fe0-4746-af08-b711a7e11448"
}
2020-08-10 19:46:02 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid profile email
2020-08-10 19:46:02 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
0cbd5966-0fe0-4746-af08-b711a7e11448
2020-08-10 19:46:02 SUCCESS
EnsureResponseTypeIsCode
Response type is expected value
expected
code
2020-08-10 19:46:02 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client_djONvPwzndRbFnf67448)*&\!
2020-08-10 19:46:02 SUCCESS
EnsureValidRedirectUriForAuthorizationEndpointRequest
redirect_uri is one of the allowed redirect uris
actual
https://morph-oidc-client.strid.ninja/auth/cb
expected
[
  "https://morph-oidc-client.strid.ninja/auth/cb",
  "https://www.certification.openid.net/test/a/morph_oidc_client/callback"
]
2020-08-10 19:46:02 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid",
  "profile",
  "email"
]
expected
openid
2020-08-10 19:46:02 SUCCESS
DisallowMaxAgeEqualsZeroAndPromptNone
The client did not send max_age=0 and prompt=none parameters as expected
2020-08-10 19:46:02 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
qdn1hpPPTt
2020-08-10 19:46:02 SUCCESS
CalculateCHash
Successful c_hash encoding
c_hash
kJgZw400es7M89rQlGcfVA
2020-08-10 19:46:02 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://morph-oidc-client.strid.ninja/auth/cb",
  "state": "edada4a1-6c24-42e9-88cb-80f5aa4542fb"
}
2020-08-10 19:46:02 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://morph-oidc-client.strid.ninja/auth/cb",
  "state": "edada4a1-6c24-42e9-88cb-80f5aa4542fb",
  "code": "qdn1hpPPTt"
}
2020-08-10 19:46:02 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance mBDaIKJ5fhU5Eta
outgoing
ModelAndView [view="formPostResponseMode"; model={formAction=https://morph-oidc-client.strid.ninja/auth/cb, formParameters={"state":"edada4a1-6c24-42e9-88cb-80f5aa4542fb","code":"qdn1hpPPTt"}}]
outgoing_path
authorize
2020-08-10 19:46:02 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance mBDaIKJ5fhU5Eta
incoming_headers
{
  "host": "www.certification.openid.net",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-08-10 19:46:02 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance mBDaIKJ5fhU5Eta
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "e07b43e3-d8d3-4879-baab-ada2398ba5d5",
      "n": "nJI4rq_eZbhzF0sKZGUVY3keUYBz9-Z6cwnC9yyQ8vKo8h4I_Z-UBb51wR3jFo_pcr9UhMqfhQ5647GVfd7iaLU_zQwOu5rIzzQqBiI-TDPWB-9glwoULHmqVCbrNoEjeVWGFzj_aCi7u4Eu7JzPEqzBAGivGl_vj1OjgimPJsD6inNVaN8R3zaJGc6aABJnLr9zjKBVNnNfZP4QB3qaCdL79qa_NnhTzm73c6mZoyFmnXVR941PL4lGShfGgjiD3ti3Il960f_ELHYOlKKABBIqHK4aiOIfX68Jq35vrLqXpPSD1yABSkQ1AhnCL3uopNJvEVT8hPGzwcSIjMcJQw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "d7a10d4d-e059-43c5-801a-d2a2a70dfe53",
      "n": "rw4AJvCBLQQyybDOUt5pXTiRNWvIJ7VQEQjVf7pgpaNaLY_-3rsl1UPfhVNB99HRU2vw-EmjSNIhPaBe_cmFTSMJNwc2BOsdffXKoOY1PDHaYZcSMXTwiTSqbYEEaCXewPDdnT4WKpCuMy4F6EEKR6nzvCfK7GTBpHjsZl0z_2PvymNjwtRvj5Z5O_yvlVpj0QvHUCDt4UEABzdTl-Uqsbnaj9G62A5Gc6Nja8HTVPonhmAusMk3CCj1KxGctBtNF-9drXGg1rHOoV1KRKFTArRS68U0X3tWfCtd2urKuQY7b3yKzVhFWHntszzNzO2Ccr9JLTagMK-5ylKqUxCuVQ"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "23bde9d3-7349-48b9-bd2a-45eb4975da8c",
      "x": "bmxVMTsNcvK9zuHET3H6WOckV9SBMk1rR5UTUJ5h86g",
      "y": "a-ZkPfa29fXQUl8SAFwD32jPhv8fvFELTUK_wz4XhhI"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "1823a8aa-9206-47e3-a582-08c7389fd153",
      "x": "hPjsjK1BF3nhNZ25un2-HsQH_3JgoyyJh-wXR8l72kg",
      "y": "LjNueJrN1aTb_NOkfINb217o2pgFY05ELiq5V3s_rKI"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "60efb2fa-d6ba-4088-bcc6-28079f2a5c9b",
      "x": "tCMj_q7-SEbxCAEMr7hLMwp0iUYeEWAezaPkrZhc45Q",
      "y": "q-MBn5xmQA3tsYR4sr7IfVeVNYwxRSZPXeZT-zYme6A"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "9358b71e-8e1d-4b17-9ed0-a74a1c5295ae",
      "x": "m307JPM7ZYo6yrb5VvTddMwGqqc2jbmWDqkzRIR-0_0"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "49e7e5ee-fd96-4dde-a061-82f656300eb7",
      "alg": "RSA-OAEP",
      "n": "hApji43APH24KhpSdfyY7SD_g8pnyMchXE7VNkVKcgO3NPgfuuWS5wdwiUxsHfsSSTkEo1YhbbSTAlgHayWuaQ6buqjeey_UDxm-716K9ovx-ti8owwSboKo90UxUVGUsNa1QZQz1ZNZipfEBqpUiTdtVgpUAD6RK1oWyJUXIxAYeZf_rbdDK43rboFCVxpfH4lUAYeQtFiuQ1MGoF-AuUWFE16iOSgQD8HrLr2gk6yjS9O0RM_nZD5Czxd-Nh02o59WJtjvgJwQcGtOhSc6NXetNTAUF2xyYTErTxAIaVBkN42RCejdfi6ZxhNmAuzN1g6EupwhqMdle-pOtA5kiQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "82a8b90c-04b9-44c7-9bbe-12e2e227145e",
      "x": "a_1MmxffrJypT_3UzKcdLAEli9wN-3t1nNdE8EeT2zU",
      "y": "KBa6pQB-ZrH0ZJmVStoKNkxqDWzfW9QOSPrl3JKiAi0",
      "alg": "ECDH-ES"
    }
  ]
}
outgoing_path
jwks
2020-08-10 19:46:02 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance mBDaIKJ5fhU5Eta
incoming_headers
{
  "host": "www.certification.openid.net",
  "authorization": "Basic Y2xpZW50X2RqT052UHd6bmRSYkZuZjY3NDQ4JTI5JTJBJTI2JTVDJTIxOnNlY3JldF9xQmtHT2VpQWRsTVNXVE9rbnZrQVNxa3lOdURNT2VBSmNibEFSdXVDRUdZUFVHRkh3VzYxNDU2MTkwNjYlMjMlMjElMkYlM0ElMjg\u003d",
  "content-type": "application/x-www-form-urlencoded",
  "accept": "application/json",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "253",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "scope": "openid",
  "code": "qdn1hpPPTt",
  "client_id": "client_djONvPwzndRbFnf67448)*\u0026\\!",
  "client_secret": "secret_qBkGOeiAdlMSWTOknvkASqkyNuDMOeAJcblARuuCEGYPUGFHwW6145619066#!/:(",
  "redirect_uri": "https://morph-oidc-client.strid.ninja/auth/cb"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&scope=openid&code=qdn1hpPPTt&client_id=client_djONvPwzndRbFnf67448%29*%26%5C%21&client_secret=secret_qBkGOeiAdlMSWTOknvkASqkyNuDMOeAJcblARuuCEGYPUGFHwW6145619066%23%21%2F%3A%28&redirect_uri=https%3A%2F%2Fmorph-oidc-client.strid.ninja%2Fauth%2Fcb
Token endpoint
2020-08-10 19:46:02 SUCCESS
ExtractClientCredentialsFromBasicAuthorizationHeader
Extracted client authentication
client_id
client_djONvPwzndRbFnf67448)*&\!
client_secret
secret_qBkGOeiAdlMSWTOknvkASqkyNuDMOeAJcblARuuCEGYPUGFHwW6145619066#!/:(
method
client_secret_basic
2020-08-10 19:46:02 SUCCESS
ValidateClientIdAndSecret
Client id and secret match
2020-08-10 19:46:02 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
qdn1hpPPTt
2020-08-10 19:46:02 SUCCESS
ValidateRedirectUriForTokenEndpointRequest
redirect_uri is the same as the one used in the authorization request
actual
https://morph-oidc-client.strid.ninja/auth/cb
2020-08-10 19:46:02 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
4Mzn9amlpGfKWi4EH13uu1mr4XVSdG0M1d3NnR0s560w2P66B9
2020-08-10 19:46:02 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
k-THyP-wEilcRp9zKU3u2g
2020-08-10 19:46:02 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/morph_oidc_client/
sub
user-subject-1234531
aud
client_djONvPwzndRbFnf67448)*&\!
nonce
0cbd5966-0fe0-4746-af08-b711a7e11448
iat
1597088762
exp
1597089062
2020-08-10 19:46:02 SUCCESS
AddInvalidNonceValueToIdToken
Added invalid nonce to ID token claims
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/morph_oidc_client/",
  "sub": "user-subject-1234531",
  "aud": "client_djONvPwzndRbFnf67448)*\u0026\\!",
  "nonce": "0cbd5966-0fe0-4746-af08-b711a7e114481",
  "iat": 1597088762,
  "exp": 1597089062
}
nonce
0cbd5966-0fe0-4746-af08-b711a7e114481
2020-08-10 19:46:02 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
k-THyP-wEilcRp9zKU3u2g
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/morph_oidc_client/",
  "sub": "user-subject-1234531",
  "aud": "client_djONvPwzndRbFnf67448)*\u0026\\!",
  "nonce": "0cbd5966-0fe0-4746-af08-b711a7e114481",
  "iat": 1597088762,
  "exp": 1597089062,
  "at_hash": "k-THyP-wEilcRp9zKU3u2g"
}
2020-08-10 19:46:02 SUCCESS
OIDCCSignIdToken
Signed the ID token
id_token
eyJraWQiOiJlMDdiNDNlMy1kOGQzLTQ4NzktYmFhYi1hZGEyMzk4YmE1ZDUiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiay1USHlQLXdFaWxjUnA5ektVM3UyZyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X2RqT052UHd6bmRSYkZuZjY3NDQ4KSomXFwhIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL21vcnBoX29pZGNfY2xpZW50XC8iLCJleHAiOjE1OTcwODkwNjIsIm5vbmNlIjoiMGNiZDU5NjYtMGZlMC00NzQ2LWFmMDgtYjcxMWE3ZTExNDQ4MSIsImlhdCI6MTU5NzA4ODc2Mn0.MGbBKoxf-3VUhE80MK1IDnl0balpPefvp5lFIqqycZ4gM1tj-ox_rOMu2KHGgHice49Ma_BkzYyL9UpRaWqSKSE1CRzfYXttdGpI-txfiMoQ5uHsXJ3RDu056VRFoTVbO1LzORGMJsT3JqMrbR2GJK8EaCS4OaYBVOBtMbIbzpb4L7Ei4oh_Fio1A-B4jPB_kxfwExMPcbM7N_AuGC9TqVUZD1KNWouw1rn8An5Cvj89MCFnZzRz3uemGxI-IwjJCeE0bzAPiZy5G5jvE40mPlpMVEAknbBrunuCqJkiQ2doYCmOxQv4nz1ZQr1or_S6Sp8Fv0r1l7Ro2ll9sbqXkw
key
{"p":"07zvbvqgPnd7KZnsDQksfxfGJJK_91YCfTI1ldtE99aF5BZH-CcqcTcy62kUFh-2tooHhLH_vi5y9ly5QfeK90aBMVmaaiw2odLQdmHwluOA-FcB2qJXIDsOn-n7XB3f7sZpeUJ9dRrOEZlC94cdUiTJIRs30pqY36G9enPSx60","kty":"RSA","q":"vU0OnHRYaL1aTUBSzQVNjPsKDZB7De_0XfbnNbXdvDsUohIm8h7r85wsyqSFQyKVKJnJdWiDnBNGkyRM0K2hjmkeBcU33U0UCx3k_u5zTft4LoiEti_zrR-Qd3ceiFgSbxZQpl6FnLMeCCKa9ayxjpmc0E-SAYz4AMRBeQSL8q8","d":"dmRK4Cy0Ko6y2GYx0YBuD-3B8zcCee2Zoes7tdPJNywufAYiHkXQlBdUy1ZiJOllSRNMQa1FukMcwZfCxo8G_M4xFEeNzGZaefOj40d5e_2mVhG4I_3HC2pkVYWoTmqP_GujHWRIHObQLhSc-uYH3sMqnbiKz5LDfslr1jy-tjn--Ne3vHNzLKqCNfXo2jKukgz0lVG6hMpi4zSPpD0K9AsdaXXmWm5zWvxKI3cedxp_eoe-uLGSt1BiHFh6fSdYaTU9i3H15Znpm5EjU-tTPVYQkOmYxKzfpFxOhdpJOn9k0fb1V8XBgXDODumnPzeDYMWgrZKETzesGrTo6amGIQ","e":"AQAB","use":"sig","kid":"e07b43e3-d8d3-4879-baab-ada2398ba5d5","qi":"OsZvaWXV71BmnzOPatgS_T8eh0kvYHCkeHnFRbGtWAxbyaWh8xguUHFjEqhCeQxmjCEeaX-dO3uwBlmq8ZrFVRQ9MOk8RNsvvzxA8BeMq3r5TKCX7h__Liy0HCM4kZ3Os3OsjRv8gvt0tzNV3u0i8wbN-yFvDt9vmRSfmgZCwek","dp":"FOP1M5vip4ceTbJ0Ca04CKoN0Jnx-rMvt652fvyNR26Q8zoHi8JBe74YdgV-B9jFLCleKIdvVhI7IXdwh8OmoFMCeB4BECygj0K_co6jMB_uH5JmCm4t7m4lOT3aoPIJoANPcLlQq3cjkbTvWICqMeqTNYL79Plvz9CjYyt-Rlk","dq":"plOBZgh38beGE2BUIF3rcNbWU2rCJFHUhYc-SZv9Mrk6fNi0LYLr0IVFeduqV32YTy8oqqdlFAp_tSNs9uHIlKdZwLozRpfF56qhnTkISNmOFFzRNn7VfSTBu6YHRscTk1WpETT18uQSnBVD0F6nN-NSvFldsU0aTxohaOKM0HM","n":"nJI4rq_eZbhzF0sKZGUVY3keUYBz9-Z6cwnC9yyQ8vKo8h4I_Z-UBb51wR3jFo_pcr9UhMqfhQ5647GVfd7iaLU_zQwOu5rIzzQqBiI-TDPWB-9glwoULHmqVCbrNoEjeVWGFzj_aCi7u4Eu7JzPEqzBAGivGl_vj1OjgimPJsD6inNVaN8R3zaJGc6aABJnLr9zjKBVNnNfZP4QB3qaCdL79qa_NnhTzm73c6mZoyFmnXVR941PL4lGShfGgjiD3ti3Il960f_ELHYOlKKABBIqHK4aiOIfX68Jq35vrLqXpPSD1yABSkQ1AhnCL3uopNJvEVT8hPGzwcSIjMcJQw"}
algorithm
RS256
2020-08-10 19:46:02 INFO
EncryptIdToken
Skipped evaluation due to missing required element: client id_token_encrypted_response_alg
path
id_token_encrypted_response_alg
mapped
object
client
2020-08-10 19:46:02 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
4Mzn9amlpGfKWi4EH13uu1mr4XVSdG0M1d3NnR0s560w2P66B9
token_type
Bearer
id_token
eyJraWQiOiJlMDdiNDNlMy1kOGQzLTQ4NzktYmFhYi1hZGEyMzk4YmE1ZDUiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiay1USHlQLXdFaWxjUnA5ektVM3UyZyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X2RqT052UHd6bmRSYkZuZjY3NDQ4KSomXFwhIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL21vcnBoX29pZGNfY2xpZW50XC8iLCJleHAiOjE1OTcwODkwNjIsIm5vbmNlIjoiMGNiZDU5NjYtMGZlMC00NzQ2LWFmMDgtYjcxMWE3ZTExNDQ4MSIsImlhdCI6MTU5NzA4ODc2Mn0.MGbBKoxf-3VUhE80MK1IDnl0balpPefvp5lFIqqycZ4gM1tj-ox_rOMu2KHGgHice49Ma_BkzYyL9UpRaWqSKSE1CRzfYXttdGpI-txfiMoQ5uHsXJ3RDu056VRFoTVbO1LzORGMJsT3JqMrbR2GJK8EaCS4OaYBVOBtMbIbzpb4L7Ei4oh_Fio1A-B4jPB_kxfwExMPcbM7N_AuGC9TqVUZD1KNWouw1rn8An5Cvj89MCFnZzRz3uemGxI-IwjJCeE0bzAPiZy5G5jvE40mPlpMVEAknbBrunuCqJkiQ2doYCmOxQv4nz1ZQr1or_S6Sp8Fv0r1l7Ro2ll9sbqXkw
scope
openid profile email
2020-08-10 19:46:02 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance mBDaIKJ5fhU5Eta
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "4Mzn9amlpGfKWi4EH13uu1mr4XVSdG0M1d3NnR0s560w2P66B9",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiJlMDdiNDNlMy1kOGQzLTQ4NzktYmFhYi1hZGEyMzk4YmE1ZDUiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiay1USHlQLXdFaWxjUnA5ektVM3UyZyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X2RqT052UHd6bmRSYkZuZjY3NDQ4KSomXFwhIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL21vcnBoX29pZGNfY2xpZW50XC8iLCJleHAiOjE1OTcwODkwNjIsIm5vbmNlIjoiMGNiZDU5NjYtMGZlMC00NzQ2LWFmMDgtYjcxMWE3ZTExNDQ4MSIsImlhdCI6MTU5NzA4ODc2Mn0.MGbBKoxf-3VUhE80MK1IDnl0balpPefvp5lFIqqycZ4gM1tj-ox_rOMu2KHGgHice49Ma_BkzYyL9UpRaWqSKSE1CRzfYXttdGpI-txfiMoQ5uHsXJ3RDu056VRFoTVbO1LzORGMJsT3JqMrbR2GJK8EaCS4OaYBVOBtMbIbzpb4L7Ei4oh_Fio1A-B4jPB_kxfwExMPcbM7N_AuGC9TqVUZD1KNWouw1rn8An5Cvj89MCFnZzRz3uemGxI-IwjJCeE0bzAPiZy5G5jvE40mPlpMVEAknbBrunuCqJkiQ2doYCmOxQv4nz1ZQr1or_S6Sp8Fv0r1l7Ro2ll9sbqXkw",
  "scope": "openid profile email"
}
outgoing_path
token
2020-08-10 19:46:07 FINISHED
oidcc-client-test-nonce-invalid
Test has run to completion
testmodule_result
PASSED
2020-08-10 19:46:21
TEST-RUNNER
Alias has now been claimed by another test
alias
morph_oidc_client
new_test_id
0M3Se6uiHavlMjb
Test Results