Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-09-01 12:52:57 INFO
TEST-RUNNER
Test instance 3ijxmaVtzhwHaPA created
baseUrl
https://www.certification.openid.net/test/3ijxmaVtzhwHaPA
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code token",
  "request_type": "plain_http_request",
  "response_mode": "form_post",
  "client_registration": "dynamic_client"
}
alias

                                
description
test suite runner for openid-client
planId
l0lJMpv444Mye
config
{
  "description": "test suite runner for openid-client",
  "waitTimeoutSeconds": 2
}
testName
oidcc-client-test-nonce-invalid
2020-09-01 12:52:57 SUCCESS
OIDCCGenerateServerConfiguration
Generated default server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/",
  "authorization_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/token",
  "jwks_uri": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2020-09-01 12:52:57
SetTokenEndpointAuthMethodsSupportedToClientSecretBasicOnly
Changed token_endpoint_auth_methods_supported to client_secret_basic only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/",
  "authorization_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/token",
  "jwks_uri": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2020-09-01 12:52:57
OIDCCGenerateServerJWKs
Generated server public private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "39FKSX7Kxfre-dorYoo4h_sK5NqN0ZWQ0cHYNBH6WV-iZVMnz4nhKrjpSh1K0urwQbL1xr-3_fbE03j0DHDqft2tuywPqXSr5je_wwGyizWQQ8V0wLRQ_3O800B8kVSvIY-2mLjNWYHvF4CpbhDAUETAqwkhWzuZYZY7ZULM-Us",
      "kty": "RSA",
      "q": "lmtq1YngCfr8-UHMR9bR5OvruitizdZ6RHoGtujAV0zSX5WY5pwfnV5qEgFpAvYImRVv6si-iHE09TJ8gzM9tvwus6ZxScj0ogAqUOv8dBscD0aWQrGj0lpoJCqYK_XLKorZOfU7JQzZb3YicarjIOy6OmTeeyBlRi2eIxTPduk",
      "d": "aB-HI0pX-yNOwsBGOidQwQx4zwnhBtqq6-6OI_pfEMpd3jNdgOdEcYFFWp5hO0mM0SsHNJZDak4QHkzWNT1h-dK6qeB0-V5FJ1WVBKiO2CrOe2qDv8zLfX_M6P3LpMq_KZukHgZltyRn85v_V0jzkImzcFOMrItWppRH8eD1Fod-gJxmB2l1fG39d4VKLD94TF-OvBDcWiKFVpDUJ9SE0Wb72BRJgrf8Mb3sBoJ3Sm_rhjbI-572z9F8LmkDsPRrE4_ABHZV6-CB8iyYjHdY9WR84DZLpO22yHp6oimbubuKTpy6GL4uqfYyk-0-9UDuRFe5WDQerArlDw46iwaCEQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "4a9f4d24-e4c6-41ba-89aa-94b5d495dc55",
      "qi": "SVR57FkQHcJHGsoK_sBZ1TpUlbunSnuBg0Yyb1y1qKdjfUh0pI1OJRvxy__twNSsAdH7sWIra0GUWsrFb7kp38H74TyytqqM7x9mkf5HXnnbQ62V7v9CaJ7OiC2QPOqTWO1x6xbG4rJn8GoF3UjtkA7xlMAyX4_B9CXvNbt96c4",
      "dp": "sZxdLjuO4FM3tOBbw2PafpZKS9ff6OyessX4M0H9AAVzUqMNmZVZ-NQqVSUvpnbH1-sTPPgRI1k7UnHOgTzt6WUzI7BQcXHjo9qjszVaoTwNUqqT_wRYro8CzkWDVLT2EVUBWup0Es6YlHcGfRCP_GLC3jdtn_-ItTdJxQ6gqEc",
      "dq": "UN3E3LI36QWvNM3D5ic-RkTzQO4MOz8AEopLy8_Lf-OEAfEp92idsnvMqItrijT9IFefCGkNzcqWvu96cwp8NkDTVq-3ngRUSDewiDqmSUE9z5SSOZ7IxNDnxfHER3Xn2KI28Gq_dka3Kq4nDFbjrpK196i81xLuf1ENAC0y7-k",
      "n": "g4KLaHdy7QRThromXahI8LT5UomoaY7XdqfXelxm2gr-zc5-paUPfYtLeAdIAR5tE2SsEAgXVDMGhOLy0BZ0M8lgozgasKEayFj7-vSsx05iKQDR3gyyEzpK5-wrhvX1ut_OjcFF18MYVmq1cdguG2NE3k2rd9APo54rTFKLRfPNBRNdvTSGDew4XWVQP-ekJyTaxHB5baVnD8UjbtmY8pJT4Cd2NXtzTkMNmUfIlQ4FBSQvnkyDNomZOkOAwaLLvmofwd_Pf28EfVAsLWzf0BDoPijSSQmLUdpx427B6le-E2c_Xpk5SSFEB8gsVapHHGdVOZJ7uY75RyJstxx3Qw"
    },
    {
      "kty": "EC",
      "d": "LmI_cNVJNPiSdaWuvLnpwMca4nIgW7aDkVY1_PHWLG8",
      "use": "sig",
      "crv": "P-256",
      "kid": "95683568-d697-4294-b17b-f200e2de0ce2",
      "x": "5nVGqBBcpxEzSw_ADlUQvGoTICozdIV_xQEDoZYMZhM",
      "y": "3Q3ml3tD-1r6sQ6v-lwIgpIeIwASDMfo_lPpohLhQHY"
    },
    {
      "kty": "EC",
      "d": "PtnPmx4aRTYH0K5NiJuJi91YDiaQdaIZrqbaS-T_NSE",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "5666d42c-4688-40c7-b58b-5ad66bda6695",
      "x": "W3gEi3fEtPzTcZWy4CZvDNIP1wjT5VREdZ27koaQx7k",
      "y": "jkeAghdWV-kpxQIbAJmhROJidOSh6RdYr-VNPY1BhbA"
    },
    {
      "kty": "OKP",
      "d": "RurjI_3usQMtcQkkSbizMiJRZbkqcoCbzH8pnV05KpQ",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "59931b64-5aab-497e-85cf-0b1ccfabf707",
      "x": "kxsxj0FSTTVgR28_ywCecsxIam8su7cz6N1gZNFRC1o"
    }
  ]
}
server_encryption_keys
{
  "keys": [
    {
      "p": "2AynOtnTDXL9_NUX7o6d8XmpARQy0q4Z0j_oYR5wBGSpkBSdrwRXzYPcJgPSZwEKheJCffvN69DBLcBoRnbbDehcrRFwNtY1GMiU8gXWlWlGkqFZiJeYfFDLXior1nPy9dXDnnaRH5hBe0bYv-n1rq9lISnISuVIvVa1UN5D2Mk",
      "kty": "RSA",
      "q": "zmR3_5lMEDsFaw5rqOHQ3hZ995q177qeimFHIePGZTd7fzpytg0vINUHjXbXPx-c87TOXCU1yJETWqWDQ4QNqVdycUvc5ROJprv3D0BsS9EKBSkVGdv0od7WEzuoNwGacjLokL8KINfhTnHXmFelV-_pIGKFZyuVBTzYoiv9LLU",
      "d": "Cd-pxJiK-bcuD6AEKd1wLftPQkbPydt58DP7jXOLAlypAoWTkQv_Q4LEix_FDeQCF3ili2MWPqjleBhNY_rTFAju0runBPzj0QdEbD36RqP5Nv6IMgM8-Xf9M9tjcH3Y5byxfZNcHMWSFxQLHcf_Nm5obmIjvbiLOLCQ8BFbK_YF61WNRyB5flxyFr4KNXm1T1MGlnIxU1Nrn1iu43E303waFw5hy0RR7AnLOLBdNDwFRXFdBTNLafgEFyqZAN0HNW1pKPJqekbwp1tMB-aCjf0qD3arX7vPUN3HGpLaOHMJ77q4H8WdUIfIQu0Fk7uxRbhxVCzrwIWxzo3x3JJ14Q",
      "e": "AQAB",
      "use": "enc",
      "kid": "804a493d-bae4-4754-9f98-0d65f1e6120e",
      "qi": "NoZnghGOWJRM4Ag2LIp3bgx6pUJZpuvXwFNZgH-eKWeJOyiBpdtGpV6T54h7D_pQXUpK-0aDQeHbDLWUgum4JeaPwAP6TyIqobSm8twhzlP5DeQmTzclSgHcddXrJbbr98Yi59LJh-bTP7zf7zzmuUF1BoofgycUAf2qEhbGKg",
      "dp": "fumf6uA-LG5aaQU8k7RPb6RJ9QpKeJwxKuLDvRlGMC55tNuHbWIdueo1jlc8Z6mi5tbsvFkIs_fjIt8d4ha7w0W1-yx9QJlAg5iAdlObpBU9kbEaiTSULKLBdEVNjyJ5nJO_3_xCb87e2G3bsZDb84uw2nRS5jweKKsgw6ptLJE",
      "alg": "RSA-OAEP",
      "dq": "GRsXjbv0CLVlP1SNvAlcAufxgsELCJJG3sZehLzUUVOibiOJ-KM57GB9frPKEx-hU_PWdlcAZ9ld5VTk1r2le8frX-S-hg8OW33Z270Wb1KKSX5p1q9u3pHgsI49NBO52dJff9v9O2mHOqeWdi2TK1M_pHTXjWk7w1tXbsKzFVE",
      "n": "ri74yEX7m4pJYCJwunFKc5hx8sYwa7lsGPCdw7XigAL9Hkq0T6EzlF1yCc6I-CYJeUNlF9FA9unjiiYAtWKu0IWbOxanfrgLbvNaCAVpIUz2WbQBam04n6lbkg-Gb08iogw2dRFGXbINsFl1V2KtrqkGvSC9oVZosKuPTqV4EBNrr7l9nVihJfsq6p7gYZyNV86fej85ukq5BYoTUIBfC9e2s6LRXtoMn5JEf6ofucmNH56zTXumaV76CwGrtXM6wrYlEsfMO26Z6ddH_VKxBnmqpXpWil-AxhE2b2deGr9BOL94FLfslbLLj9hHN_oNiq6YasL5n_Qtre4J0N_SHQ"
    },
    {
      "kty": "EC",
      "d": "wIkn7GzYfXp5CiCMXEJ-A65RGeRQdjWlpZ2KkJBbBGM",
      "use": "enc",
      "crv": "P-256",
      "kid": "6e600173-7b7a-4047-bb95-d13ecc54e52d",
      "x": "ateSf_zsUi1wq4CBEsOL1DTUK9MSEN5bAhIaqbDVJEE",
      "y": "J2-5zu2F6sBZVUBH2AMhME0An3CD9M6zPVJfoz80sLQ",
      "alg": "ECDH-ES"
    }
  ]
}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "4a9f4d24-e4c6-41ba-89aa-94b5d495dc55",
      "n": "g4KLaHdy7QRThromXahI8LT5UomoaY7XdqfXelxm2gr-zc5-paUPfYtLeAdIAR5tE2SsEAgXVDMGhOLy0BZ0M8lgozgasKEayFj7-vSsx05iKQDR3gyyEzpK5-wrhvX1ut_OjcFF18MYVmq1cdguG2NE3k2rd9APo54rTFKLRfPNBRNdvTSGDew4XWVQP-ekJyTaxHB5baVnD8UjbtmY8pJT4Cd2NXtzTkMNmUfIlQ4FBSQvnkyDNomZOkOAwaLLvmofwd_Pf28EfVAsLWzf0BDoPijSSQmLUdpx427B6le-E2c_Xpk5SSFEB8gsVapHHGdVOZJ7uY75RyJstxx3Qw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "01bedbe7-8bbd-4e01-8fbb-57c49cf74f82",
      "n": "kVJtmPH-4TCZN7lq-9DHv8gZ1C539lJfpsTijb9_iBIdy97Eo-GjydAPyleqztcgmVl-NHGUiFvZ_QvwXqvqXgsNgIm5xG8eEBOx1cjyz-06q-V4IZV93z4g1wXaTE08S6Gp7qtCYqHA-voyoSxboRBYd3ZKSE4xEBm_qHeMy62ZCxLS8Z1ec7YSSPvKFxiMl6r0mE8L0EUh9lYGTrJuqhR54FoP5im0O4XiK14RfzSH4K3AWGDxwo2VYwKGzxBMxrOaA-ZvIsWwd-4iU_z_PobGfG4Nf8LMOtK0yit86E6VtbdzbRQ0R9TPtJN5saHWivyU3TRtbyouiLIBR9O_xw"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "95683568-d697-4294-b17b-f200e2de0ce2",
      "x": "5nVGqBBcpxEzSw_ADlUQvGoTICozdIV_xQEDoZYMZhM",
      "y": "3Q3ml3tD-1r6sQ6v-lwIgpIeIwASDMfo_lPpohLhQHY"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "8f86f25c-41dd-4c29-af81-46e469c0c367",
      "x": "nCYNcjHzD_GRwwNq8BO2HSOb9tkJS3WmW74Z5ZhDp9U",
      "y": "vYNdXFN1Qt9FDcAHEc29VHuYeir-PIHTwl6priA9eXo"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "5666d42c-4688-40c7-b58b-5ad66bda6695",
      "x": "W3gEi3fEtPzTcZWy4CZvDNIP1wjT5VREdZ27koaQx7k",
      "y": "jkeAghdWV-kpxQIbAJmhROJidOSh6RdYr-VNPY1BhbA"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "59931b64-5aab-497e-85cf-0b1ccfabf707",
      "x": "kxsxj0FSTTVgR28_ywCecsxIam8su7cz6N1gZNFRC1o"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "804a493d-bae4-4754-9f98-0d65f1e6120e",
      "alg": "RSA-OAEP",
      "n": "ri74yEX7m4pJYCJwunFKc5hx8sYwa7lsGPCdw7XigAL9Hkq0T6EzlF1yCc6I-CYJeUNlF9FA9unjiiYAtWKu0IWbOxanfrgLbvNaCAVpIUz2WbQBam04n6lbkg-Gb08iogw2dRFGXbINsFl1V2KtrqkGvSC9oVZosKuPTqV4EBNrr7l9nVihJfsq6p7gYZyNV86fej85ukq5BYoTUIBfC9e2s6LRXtoMn5JEf6ofucmNH56zTXumaV76CwGrtXM6wrYlEsfMO26Z6ddH_VKxBnmqpXpWil-AxhE2b2deGr9BOL94FLfslbLLj9hHN_oNiq6YasL5n_Qtre4J0N_SHQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "6e600173-7b7a-4047-bb95-d13ecc54e52d",
      "x": "ateSf_zsUi1wq4CBEsOL1DTUK9MSEN5bAhIaqbDVJEE",
      "y": "J2-5zu2F6sBZVUBH2AMhME0An3CD9M6zPVJfoz80sLQ",
      "alg": "ECDH-ES"
    }
  ]
}
2020-09-01 12:52:57 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2020-09-01 12:52:57 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-09-01 12:52:57 SUCCESS
OIDCCLoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "given_name": "Demo",
  "family_name": "User",
  "middle_name": "Theresa",
  "nickname": "Dee",
  "preferred_username": "d.tu",
  "gender": "female",
  "birthdate": "2000-02-03",
  "address": {
    "street_address": "100 Universal City Plaza",
    "locality": "Hollywood",
    "region": "CA",
    "postal_code": "91608",
    "country": "USA"
  },
  "zoneinfo": "America/Los_Angeles",
  "locale": "en-US",
  "phone_number": "+1 555 5550000",
  "phone_number_verified": false,
  "email": "user@example.com",
  "email_verified": false,
  "website": "https://openid.net/",
  "updated_at": "1580000000"
}
2020-09-01 12:52:57 SUCCESS
GetDynamicClientConfiguration
No client details on configuration, created an empty dynamic_client_registration_template object.
2020-09-01 12:52:57
oidcc-client-test-nonce-invalid
Setup Done
2020-09-01 12:52:57 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance 3ijxmaVtzhwHaPA
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Discovery endpoint
2020-09-01 12:52:57 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance 3ijxmaVtzhwHaPA
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/",
  "authorization_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/token",
  "jwks_uri": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
outgoing_path
.well-known/openid-configuration
2020-09-01 12:52:58 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance 3ijxmaVtzhwHaPA
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "content-type": "application/json",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "178",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
register
incoming_body_form_params
incoming_method
POST
incoming_body_json
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ]
}
incoming_query_string_params
{}
incoming_body
{"token_endpoint_auth_method":"client_secret_basic","response_types":["code token"],"grant_types":["authorization_code","implicit"],"redirect_uris":["https://rp.example.com/cb"]}
Registration endpoint
2020-09-01 12:52:58 SUCCESS
OIDCCExtractDynamicRegistrationRequest
Extracted dynamic client registration request
request
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ]
}
2020-09-01 12:52:58 INFO
EnsureRegistrationRequestContainsAtLeastOneContact
This application requires that registration requests contain at least one contact.
2020-09-01 12:52:58 SUCCESS
ValidateClientGrantTypes
grant_types match response_types
grant_types
[
  "authorization_code",
  "implicit"
]
response_types
[
  "code token"
]
2020-09-01 12:52:58 SUCCESS
OIDCCValidateClientRedirectUris
Valid redirect_uri(s) provided in registration request
redirect_uris
[
  "https://rp.example.com/cb"
]
2020-09-01 12:52:58 SUCCESS
ValidateClientLogoUris
Client does not contain any logo_uri
2020-09-01 12:52:58 SUCCESS
ValidateClientUris
Client does not contain any client_uri
2020-09-01 12:52:58 SUCCESS
ValidateClientPolicyUris
Client does not contain any policy_uri
2020-09-01 12:52:58 SUCCESS
ValidateClientTosUris
Client does not contain any tos_uri
2020-09-01 12:52:58 SUCCESS
ValidateClientSubjectType
A subject_type was not provided
2020-09-01 12:52:58 INFO
ValidateIdTokenSignedResponseAlg
Skipped evaluation due to missing required element: client id_token_signed_response_alg
path
id_token_signed_response_alg
mapped
object
client
2020-09-01 12:52:58 SUCCESS
EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet
id_token_encrypted_response_enc is not set
2020-09-01 12:52:58 INFO
ValidateUserinfoSignedResponseAlg
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2020-09-01 12:52:58 SUCCESS
EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet
userinfo_encrypted_response_enc is not set
2020-09-01 12:52:58 INFO
ValidateRequestObjectSigningAlg
Skipped evaluation due to missing required element: client request_object_signing_alg
path
request_object_signing_alg
mapped
object
client
2020-09-01 12:52:58 SUCCESS
EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet
request_object_encryption_enc is not set
2020-09-01 12:52:58 INFO
ValidateTokenEndpointAuthSigningAlg
Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg
path
token_endpoint_auth_signing_alg
mapped
object
client
2020-09-01 12:52:58 SUCCESS
ValidateDefaultMaxAge
default_max_age is not set
2020-09-01 12:52:58 INFO
ValidateRequireAuthTime
Skipped evaluation due to missing required element: client require_auth_time
path
require_auth_time
mapped
object
client
2020-09-01 12:52:58 INFO
ValidateDefaultAcrValues
Skipped evaluation due to missing required element: client default_acr_values
path
default_acr_values
mapped
object
client
2020-09-01 12:52:58 INFO
ValidateInitiateLoginUri
Skipped evaluation due to missing required element: client initiate_login_uri
path
initiate_login_uri
mapped
object
client
2020-09-01 12:52:58 INFO
ValidateRequestUris
Skipped evaluation due to missing required element: client request_uris
path
request_uris
mapped
object
client
2020-09-01 12:52:58 SUCCESS
ValidateClientRegistrationRequestSectorIdentifierUri
A sector_identifier_uri was not provided
2020-09-01 12:52:58 SUCCESS
OIDCCRegisterClient
Registered client
client
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "client_id": "client_ATbMJRusFuGiqEs60250:}-.\\"
}
2020-09-01 12:52:58
OIDCCCreateClientSecretForDynamicClient
Set the secret for registered client
client_secret
secret_TWNMpghsxLxIPxMQtxfJtKnZDSEnIakUDWcafIutZUVOUPqrXJ5395337911:/`~%
2020-09-01 12:52:58 SUCCESS
EnsureTokenEndPointAuthMethodIsClientSecretBasic
token_endpoint_auth_method is 'client_secret_basic' as expected
2020-09-01 12:52:58 SUCCESS
EnsureClientDoesNotHaveBothJwksAndJwksUri
Client does not have both jwks and jwks_uri set
client
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "client_id": "client_ATbMJRusFuGiqEs60250:}-.\\",
  "client_secret": "secret_TWNMpghsxLxIPxMQtxfJtKnZDSEnIakUDWcafIutZUVOUPqrXJ5395337911:/`~%"
}
2020-09-01 12:52:58 INFO
FetchClientKeys
Skipped evaluation due to missing required element: client jwks_uri
path
jwks_uri
mapped
object
client
2020-09-01 12:52:58 SUCCESS
OIDCCExtractServerSigningAlg
Using the default algorithm for the first key in server jwks
signing_algorithm
RS256
2020-09-01 12:52:58
SetClientIdTokenSignedResponseAlgToServerSigningAlg
Set id_token_signed_response_alg for the registered client
id_token_signed_response_alg
RS256
2020-09-01 12:52:58 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance 3ijxmaVtzhwHaPA
outgoing_status_code
201
outgoing_headers
{}
outgoing_body
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "client_id": "client_ATbMJRusFuGiqEs60250:}-.\\",
  "client_secret": "secret_TWNMpghsxLxIPxMQtxfJtKnZDSEnIakUDWcafIutZUVOUPqrXJ5395337911:/`~%",
  "id_token_signed_response_alg": "RS256"
}
outgoing_path
register
2020-09-01 12:52:58 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance 3ijxmaVtzhwHaPA
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "got/9.6.0 (https://github.com/sindresorhus/got)",
  "accept-encoding": "gzip, deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "client_id": "client_ATbMJRusFuGiqEs60250:}-.\\",
  "scope": "openid",
  "response_type": "code token",
  "redirect_uri": "https://rp.example.com/cb",
  "state": "F-vIzVVb-deJO1aVC4XZ07sjcEUw1pMTq5u8xFht2Lc",
  "nonce": "lMQwWiN48XGqzh8FQS8YOuWtm3kJO6Vbn9VNWpaPThE",
  "response_mode": "form_post"
}
incoming_body
Authorization endpoint
2020-09-01 12:52:58 SUCCESS
EnsureRequestDoesNotContainRequestObject
Request does not contain a request parameter
2020-09-01 12:52:58 SUCCESS
OIDCCEnsureAuthorizationHttpRequestContainsOpenIDScope
Found 'openid' in scope http request parameter
actual
[
  "openid"
]
expected
openid
2020-09-01 12:52:58 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client_ATbMJRusFuGiqEs60250:}-.\\",
  "scope": "openid",
  "response_type": "code token",
  "redirect_uri": "https://rp.example.com/cb",
  "state": "F-vIzVVb-deJO1aVC4XZ07sjcEUw1pMTq5u8xFht2Lc",
  "nonce": "lMQwWiN48XGqzh8FQS8YOuWtm3kJO6Vbn9VNWpaPThE",
  "response_mode": "form_post"
}
2020-09-01 12:52:58 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid
2020-09-01 12:52:58 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
lMQwWiN48XGqzh8FQS8YOuWtm3kJO6Vbn9VNWpaPThE
2020-09-01 12:52:58 SUCCESS
EnsureResponseTypeIsCodeToken
Response type is expected value
expected
code token
2020-09-01 12:52:58 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client_ATbMJRusFuGiqEs60250:}-.\
2020-09-01 12:52:58 SUCCESS
EnsureValidRedirectUriForAuthorizationEndpointRequest
redirect_uri is one of the allowed redirect uris
actual
https://rp.example.com/cb
expected
[
  "https://rp.example.com/cb"
]
2020-09-01 12:52:58 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid"
]
expected
openid
2020-09-01 12:52:58 SUCCESS
DisallowMaxAgeEqualsZeroAndPromptNone
The client did not send max_age=0 and prompt=none parameters as expected
2020-09-01 12:52:58 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
qtE4W6gUab
2020-09-01 12:52:58 SUCCESS
CalculateCHash
Successful c_hash encoding
c_hash
Q0zAgG-WrI8soNvMHE2vBA
2020-09-01 12:52:58 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
KeIt0KTnW57Am7yoK4Nt8krfylGvMmfmbQbzZ562SsMuMx6RIT
2020-09-01 12:52:58 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
sQjD2HTpXfY0viExfHH27w
2020-09-01 12:52:58 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://rp.example.com/cb",
  "state": "F-vIzVVb-deJO1aVC4XZ07sjcEUw1pMTq5u8xFht2Lc"
}
2020-09-01 12:52:58 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://rp.example.com/cb",
  "state": "F-vIzVVb-deJO1aVC4XZ07sjcEUw1pMTq5u8xFht2Lc",
  "code": "qtE4W6gUab"
}
2020-09-01 12:52:58
AddTokenToAuthorizationEndpointResponseParams
Added token and token_type to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://rp.example.com/cb",
  "state": "F-vIzVVb-deJO1aVC4XZ07sjcEUw1pMTq5u8xFht2Lc",
  "code": "qtE4W6gUab",
  "access_token": "KeIt0KTnW57Am7yoK4Nt8krfylGvMmfmbQbzZ562SsMuMx6RIT",
  "token_type": "Bearer"
}
2020-09-01 12:52:58 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance 3ijxmaVtzhwHaPA
outgoing
ModelAndView [view="formPostResponseMode"; model={formAction=https://rp.example.com/cb, formParameters={"state":"F-vIzVVb-deJO1aVC4XZ07sjcEUw1pMTq5u8xFht2Lc","code":"qtE4W6gUab","access_token":"KeIt0KTnW57Am7yoK4Nt8krfylGvMmfmbQbzZ562SsMuMx6RIT","token_type":"Bearer"}}]
outgoing_path
authorize
2020-09-01 12:52:59 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance 3ijxmaVtzhwHaPA
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "authorization": "Basic Y2xpZW50X0FUYk1KUnVzRnVHaXFFczYwMjUwJTNBJTdELS4lNUM6c2VjcmV0X1RXTk1wZ2hzeEx4SVB4TVF0eGZKdEtuWkRTRW5JYWtVRFdjYWZJdXRaVVZPVVBxclhKNTM5NTMzNzkxMSUzQSUyRiU2MH4lMjU\u003d",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "92",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "code": "qtE4W6gUab",
  "redirect_uri": "https://rp.example.com/cb"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&code=qtE4W6gUab&redirect_uri=https%3A%2F%2Frp.example.com%2Fcb
Token endpoint
2020-09-01 12:52:59 SUCCESS
ExtractClientCredentialsFromBasicAuthorizationHeader
Extracted client authentication
client_id
client_ATbMJRusFuGiqEs60250:}-.\
client_secret
secret_TWNMpghsxLxIPxMQtxfJtKnZDSEnIakUDWcafIutZUVOUPqrXJ5395337911:/`~%
method
client_secret_basic
2020-09-01 12:52:59 SUCCESS
ValidateClientIdAndSecret
Client id and secret match
2020-09-01 12:52:59 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
qtE4W6gUab
2020-09-01 12:52:59 SUCCESS
ValidateRedirectUriForTokenEndpointRequest
redirect_uri is the same as the one used in the authorization request
actual
https://rp.example.com/cb
2020-09-01 12:52:59 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
OCp3P64QY3XFc9b09RKfRjb8wTt3VY9VhJcgrHMD8T0mikRpOF
2020-09-01 12:52:59 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
57qskbTcmLsQqsavbLm0AQ
2020-09-01 12:52:59 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/
sub
user-subject-1234531
aud
client_ATbMJRusFuGiqEs60250:}-.\
nonce
lMQwWiN48XGqzh8FQS8YOuWtm3kJO6Vbn9VNWpaPThE
iat
1598964779
exp
1598965079
2020-09-01 12:52:59 SUCCESS
AddInvalidNonceValueToIdToken
Added invalid nonce to ID token claims
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/",
  "sub": "user-subject-1234531",
  "aud": "client_ATbMJRusFuGiqEs60250:}-.\\",
  "nonce": "lMQwWiN48XGqzh8FQS8YOuWtm3kJO6Vbn9VNWpaPThE1",
  "iat": 1598964779,
  "exp": 1598965079
}
nonce
lMQwWiN48XGqzh8FQS8YOuWtm3kJO6Vbn9VNWpaPThE1
2020-09-01 12:52:59 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
57qskbTcmLsQqsavbLm0AQ
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/3ijxmaVtzhwHaPA/",
  "sub": "user-subject-1234531",
  "aud": "client_ATbMJRusFuGiqEs60250:}-.\\",
  "nonce": "lMQwWiN48XGqzh8FQS8YOuWtm3kJO6Vbn9VNWpaPThE1",
  "iat": 1598964779,
  "exp": 1598965079,
  "at_hash": "57qskbTcmLsQqsavbLm0AQ"
}
2020-09-01 12:52:59 SUCCESS
OIDCCSignIdToken
Signed the ID token
id_token
eyJraWQiOiI0YTlmNGQyNC1lNGM2LTQxYmEtODlhYS05NGI1ZDQ5NWRjNTUiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiNTdxc2tiVGNtTHNRcXNhdmJMbTBBUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0FUYk1KUnVzRnVHaXFFczYwMjUwOn0tLlxcIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcLzNpanhtYVZ0emh3SGFQQVwvIiwiZXhwIjoxNTk4OTY1MDc5LCJub25jZSI6ImxNUXdXaU40OFhHcXpoOEZRUzhZT3VXdG0za0pPNlZibjlWTldwYVBUaEUxIiwiaWF0IjoxNTk4OTY0Nzc5fQ.OFu9DoNIi4W3zTlfFqyTXjDo9F3z0AZSNBKQS-unyC4sCXO0plH7qa09Prd2z4f2w7ic8ElGVDbazR_0xfbtQmL8du8n_EiboAIIH2iNUOv2KPRkmRxFjN_WedXPpdD_RaBOOyWC_DNXTIZNoCIVqAyv8hBaitEQKiMpFyPmHDFGoiCWW9XsFwEYOZjUXJ3z8MI-XenhydFWI1TXHbbO1bvfRUT8Nvz1INAJ7l74qffl898mxku2EqOywIwDROyiHEhB0X1i3RugVz7koSjQyFUZaOe5vgchNAfgvefRIemsz2HGbpxoTUDUan-9-A1WdQ_NPwWL0svVkTJb4mv3VA
key
{"p":"39FKSX7Kxfre-dorYoo4h_sK5NqN0ZWQ0cHYNBH6WV-iZVMnz4nhKrjpSh1K0urwQbL1xr-3_fbE03j0DHDqft2tuywPqXSr5je_wwGyizWQQ8V0wLRQ_3O800B8kVSvIY-2mLjNWYHvF4CpbhDAUETAqwkhWzuZYZY7ZULM-Us","kty":"RSA","q":"lmtq1YngCfr8-UHMR9bR5OvruitizdZ6RHoGtujAV0zSX5WY5pwfnV5qEgFpAvYImRVv6si-iHE09TJ8gzM9tvwus6ZxScj0ogAqUOv8dBscD0aWQrGj0lpoJCqYK_XLKorZOfU7JQzZb3YicarjIOy6OmTeeyBlRi2eIxTPduk","d":"aB-HI0pX-yNOwsBGOidQwQx4zwnhBtqq6-6OI_pfEMpd3jNdgOdEcYFFWp5hO0mM0SsHNJZDak4QHkzWNT1h-dK6qeB0-V5FJ1WVBKiO2CrOe2qDv8zLfX_M6P3LpMq_KZukHgZltyRn85v_V0jzkImzcFOMrItWppRH8eD1Fod-gJxmB2l1fG39d4VKLD94TF-OvBDcWiKFVpDUJ9SE0Wb72BRJgrf8Mb3sBoJ3Sm_rhjbI-572z9F8LmkDsPRrE4_ABHZV6-CB8iyYjHdY9WR84DZLpO22yHp6oimbubuKTpy6GL4uqfYyk-0-9UDuRFe5WDQerArlDw46iwaCEQ","e":"AQAB","use":"sig","kid":"4a9f4d24-e4c6-41ba-89aa-94b5d495dc55","qi":"SVR57FkQHcJHGsoK_sBZ1TpUlbunSnuBg0Yyb1y1qKdjfUh0pI1OJRvxy__twNSsAdH7sWIra0GUWsrFb7kp38H74TyytqqM7x9mkf5HXnnbQ62V7v9CaJ7OiC2QPOqTWO1x6xbG4rJn8GoF3UjtkA7xlMAyX4_B9CXvNbt96c4","dp":"sZxdLjuO4FM3tOBbw2PafpZKS9ff6OyessX4M0H9AAVzUqMNmZVZ-NQqVSUvpnbH1-sTPPgRI1k7UnHOgTzt6WUzI7BQcXHjo9qjszVaoTwNUqqT_wRYro8CzkWDVLT2EVUBWup0Es6YlHcGfRCP_GLC3jdtn_-ItTdJxQ6gqEc","dq":"UN3E3LI36QWvNM3D5ic-RkTzQO4MOz8AEopLy8_Lf-OEAfEp92idsnvMqItrijT9IFefCGkNzcqWvu96cwp8NkDTVq-3ngRUSDewiDqmSUE9z5SSOZ7IxNDnxfHER3Xn2KI28Gq_dka3Kq4nDFbjrpK196i81xLuf1ENAC0y7-k","n":"g4KLaHdy7QRThromXahI8LT5UomoaY7XdqfXelxm2gr-zc5-paUPfYtLeAdIAR5tE2SsEAgXVDMGhOLy0BZ0M8lgozgasKEayFj7-vSsx05iKQDR3gyyEzpK5-wrhvX1ut_OjcFF18MYVmq1cdguG2NE3k2rd9APo54rTFKLRfPNBRNdvTSGDew4XWVQP-ekJyTaxHB5baVnD8UjbtmY8pJT4Cd2NXtzTkMNmUfIlQ4FBSQvnkyDNomZOkOAwaLLvmofwd_Pf28EfVAsLWzf0BDoPijSSQmLUdpx427B6le-E2c_Xpk5SSFEB8gsVapHHGdVOZJ7uY75RyJstxx3Qw"}
algorithm
RS256
2020-09-01 12:52:59 INFO
EncryptIdToken
Skipped evaluation due to missing required element: client id_token_encrypted_response_alg
path
id_token_encrypted_response_alg
mapped
object
client
2020-09-01 12:52:59 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
OCp3P64QY3XFc9b09RKfRjb8wTt3VY9VhJcgrHMD8T0mikRpOF
token_type
Bearer
id_token
eyJraWQiOiI0YTlmNGQyNC1lNGM2LTQxYmEtODlhYS05NGI1ZDQ5NWRjNTUiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiNTdxc2tiVGNtTHNRcXNhdmJMbTBBUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0FUYk1KUnVzRnVHaXFFczYwMjUwOn0tLlxcIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcLzNpanhtYVZ0emh3SGFQQVwvIiwiZXhwIjoxNTk4OTY1MDc5LCJub25jZSI6ImxNUXdXaU40OFhHcXpoOEZRUzhZT3VXdG0za0pPNlZibjlWTldwYVBUaEUxIiwiaWF0IjoxNTk4OTY0Nzc5fQ.OFu9DoNIi4W3zTlfFqyTXjDo9F3z0AZSNBKQS-unyC4sCXO0plH7qa09Prd2z4f2w7ic8ElGVDbazR_0xfbtQmL8du8n_EiboAIIH2iNUOv2KPRkmRxFjN_WedXPpdD_RaBOOyWC_DNXTIZNoCIVqAyv8hBaitEQKiMpFyPmHDFGoiCWW9XsFwEYOZjUXJ3z8MI-XenhydFWI1TXHbbO1bvfRUT8Nvz1INAJ7l74qffl898mxku2EqOywIwDROyiHEhB0X1i3RugVz7koSjQyFUZaOe5vgchNAfgvefRIemsz2HGbpxoTUDUan-9-A1WdQ_NPwWL0svVkTJb4mv3VA
scope
openid
2020-09-01 12:52:59 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance 3ijxmaVtzhwHaPA
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "OCp3P64QY3XFc9b09RKfRjb8wTt3VY9VhJcgrHMD8T0mikRpOF",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiI0YTlmNGQyNC1lNGM2LTQxYmEtODlhYS05NGI1ZDQ5NWRjNTUiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiNTdxc2tiVGNtTHNRcXNhdmJMbTBBUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0FUYk1KUnVzRnVHaXFFczYwMjUwOn0tLlxcIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcLzNpanhtYVZ0emh3SGFQQVwvIiwiZXhwIjoxNTk4OTY1MDc5LCJub25jZSI6ImxNUXdXaU40OFhHcXpoOEZRUzhZT3VXdG0za0pPNlZibjlWTldwYVBUaEUxIiwiaWF0IjoxNTk4OTY0Nzc5fQ.OFu9DoNIi4W3zTlfFqyTXjDo9F3z0AZSNBKQS-unyC4sCXO0plH7qa09Prd2z4f2w7ic8ElGVDbazR_0xfbtQmL8du8n_EiboAIIH2iNUOv2KPRkmRxFjN_WedXPpdD_RaBOOyWC_DNXTIZNoCIVqAyv8hBaitEQKiMpFyPmHDFGoiCWW9XsFwEYOZjUXJ3z8MI-XenhydFWI1TXHbbO1bvfRUT8Nvz1INAJ7l74qffl898mxku2EqOywIwDROyiHEhB0X1i3RugVz7koSjQyFUZaOe5vgchNAfgvefRIemsz2HGbpxoTUDUan-9-A1WdQ_NPwWL0svVkTJb4mv3VA",
  "scope": "openid"
}
outgoing_path
token
2020-09-01 12:52:59 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance 3ijxmaVtzhwHaPA
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Jwks endpoint
2020-09-01 12:52:59 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance 3ijxmaVtzhwHaPA
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "4a9f4d24-e4c6-41ba-89aa-94b5d495dc55",
      "n": "g4KLaHdy7QRThromXahI8LT5UomoaY7XdqfXelxm2gr-zc5-paUPfYtLeAdIAR5tE2SsEAgXVDMGhOLy0BZ0M8lgozgasKEayFj7-vSsx05iKQDR3gyyEzpK5-wrhvX1ut_OjcFF18MYVmq1cdguG2NE3k2rd9APo54rTFKLRfPNBRNdvTSGDew4XWVQP-ekJyTaxHB5baVnD8UjbtmY8pJT4Cd2NXtzTkMNmUfIlQ4FBSQvnkyDNomZOkOAwaLLvmofwd_Pf28EfVAsLWzf0BDoPijSSQmLUdpx427B6le-E2c_Xpk5SSFEB8gsVapHHGdVOZJ7uY75RyJstxx3Qw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "01bedbe7-8bbd-4e01-8fbb-57c49cf74f82",
      "n": "kVJtmPH-4TCZN7lq-9DHv8gZ1C539lJfpsTijb9_iBIdy97Eo-GjydAPyleqztcgmVl-NHGUiFvZ_QvwXqvqXgsNgIm5xG8eEBOx1cjyz-06q-V4IZV93z4g1wXaTE08S6Gp7qtCYqHA-voyoSxboRBYd3ZKSE4xEBm_qHeMy62ZCxLS8Z1ec7YSSPvKFxiMl6r0mE8L0EUh9lYGTrJuqhR54FoP5im0O4XiK14RfzSH4K3AWGDxwo2VYwKGzxBMxrOaA-ZvIsWwd-4iU_z_PobGfG4Nf8LMOtK0yit86E6VtbdzbRQ0R9TPtJN5saHWivyU3TRtbyouiLIBR9O_xw"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "95683568-d697-4294-b17b-f200e2de0ce2",
      "x": "5nVGqBBcpxEzSw_ADlUQvGoTICozdIV_xQEDoZYMZhM",
      "y": "3Q3ml3tD-1r6sQ6v-lwIgpIeIwASDMfo_lPpohLhQHY"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "8f86f25c-41dd-4c29-af81-46e469c0c367",
      "x": "nCYNcjHzD_GRwwNq8BO2HSOb9tkJS3WmW74Z5ZhDp9U",
      "y": "vYNdXFN1Qt9FDcAHEc29VHuYeir-PIHTwl6priA9eXo"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "5666d42c-4688-40c7-b58b-5ad66bda6695",
      "x": "W3gEi3fEtPzTcZWy4CZvDNIP1wjT5VREdZ27koaQx7k",
      "y": "jkeAghdWV-kpxQIbAJmhROJidOSh6RdYr-VNPY1BhbA"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "59931b64-5aab-497e-85cf-0b1ccfabf707",
      "x": "kxsxj0FSTTVgR28_ywCecsxIam8su7cz6N1gZNFRC1o"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "804a493d-bae4-4754-9f98-0d65f1e6120e",
      "alg": "RSA-OAEP",
      "n": "ri74yEX7m4pJYCJwunFKc5hx8sYwa7lsGPCdw7XigAL9Hkq0T6EzlF1yCc6I-CYJeUNlF9FA9unjiiYAtWKu0IWbOxanfrgLbvNaCAVpIUz2WbQBam04n6lbkg-Gb08iogw2dRFGXbINsFl1V2KtrqkGvSC9oVZosKuPTqV4EBNrr7l9nVihJfsq6p7gYZyNV86fej85ukq5BYoTUIBfC9e2s6LRXtoMn5JEf6ofucmNH56zTXumaV76CwGrtXM6wrYlEsfMO26Z6ddH_VKxBnmqpXpWil-AxhE2b2deGr9BOL94FLfslbLLj9hHN_oNiq6YasL5n_Qtre4J0N_SHQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "6e600173-7b7a-4047-bb95-d13ecc54e52d",
      "x": "ateSf_zsUi1wq4CBEsOL1DTUK9MSEN5bAhIaqbDVJEE",
      "y": "J2-5zu2F6sBZVUBH2AMhME0An3CD9M6zPVJfoz80sLQ",
      "alg": "ECDH-ES"
    }
  ]
}
outgoing_path
jwks
2020-09-01 12:53:01 FINISHED
oidcc-client-test-nonce-invalid
Test has run to completion
testmodule_result
PASSED
Test Results