Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-09-01 12:52:40 INFO
TEST-RUNNER
Test instance UmJ7CphyXmkbGOj created
baseUrl
https://www.certification.openid.net/test/UmJ7CphyXmkbGOj
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "id_token token",
  "request_type": "plain_http_request",
  "response_mode": "form_post",
  "client_registration": "dynamic_client"
}
alias

                                
description
test suite runner for openid-client
planId
2AWaC6uTX8byR
config
{
  "description": "test suite runner for openid-client",
  "waitTimeoutSeconds": 2
}
testName
oidcc-client-test-nonce-invalid
2020-09-01 12:52:40 SUCCESS
OIDCCGenerateServerConfiguration
Generated default server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/",
  "authorization_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/token",
  "jwks_uri": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2020-09-01 12:52:40
SetTokenEndpointAuthMethodsSupportedToClientSecretBasicOnly
Changed token_endpoint_auth_methods_supported to client_secret_basic only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/",
  "authorization_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/token",
  "jwks_uri": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2020-09-01 12:52:41
OIDCCGenerateServerJWKs
Generated server public private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "6TOr8LTHeiihDnWMfTd37cnBq5F5puBUBecFNXl9qw75qaq0mHthWR3VGn023KfLH1uIVhi8DDiWg3Vg9cPrWLLrfXDN2DWL5s8i7IIdSMYLHbgoykLsynwvF0A2NDrAhzXFLOyDgGLebOAOldcaiAeAmEvpS0BCVNM0jC_nxUc",
      "kty": "RSA",
      "q": "sdHezIJYiM39DAwml9BY5aRtik3ngI5YbnPOKfUniC-Z-fwH_YYIm7FKvhL1HdLZEVc1lgwqndWexExXHgp4Jk57NmLUiT__HjAb8hPfQm6NudVjT7Uf6ijB4hONq6z7RQnt6rGQoyLDZ5q431eZdqv0w-5oXKySfLxi11skCsc",
      "d": "TYVE8S5wISBZttD06AwJBL21iw1oLLzuxsIaHrPaDzprtSGi0dD2ccUsAySXYjx4xNdpH9plUvu91xZjYp3_PzlupixAOBinIitBs96hsUwlTk3BKwMApuQL7AODXK4L2a1x9HtM7eApgT4pzUHTTv16Gy6uDkKT4gvmQJhd_-Awjn_9A6nv3IoZ82f-JpGqOAD90vRGiPc69YVTHG_hqjADvA-gO75Zd4cjI8vFwx5_9KhNG3hrS0N6MKIv_vkvOVRJZ1I8-hX_aKRfxnd-74lUDVh4Y1f9TCKh-U2uH2vS_QfAq6BbVURWKm_d8yK80q3PcsC5Hh70xSyVpIV6kQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "c35e72f0-d775-49e7-8746-ef1c35e7270f",
      "qi": "sTyfcjm8vpuaPj15URchptk2r65ebjU43XywcmPO63rAoLwKX30Oh1TDBfdKzPSISLYNvUj6i5JjDkqTZuFl-5Sg-Omb1pgMXEmHtnrd0RugWU5L62N1ppGO3XiV6g10-KpfGzOom4Lce29DP_MWoFMU-Jp_G27lGzUOJ8lx54A",
      "dp": "LuYRYis5IrwhB8NkKZqKJ-w3YsWy7XiX7Uf0qDhyqYAtfY2zHCdUAJQbU2RzMBUeqIPD-2ymBN8sheuJQGPSZNg2u9d_zkeWhyiJIX9ZXFVXzvZGXcbv0BkBb2-edwqJxadurAY0vBEmIkc9J61GzKyVlAtQM64MqPqAyuCnf-k",
      "dq": "jlt5ZfqYTHW0txdnMjTvZnGb7JRv2MCc1VhK3dZRXrrVJ4f5EaNjctmd_8uHhufNNg--a7Cz0YY6w-Zl_DvfcrNz-tdmVbbxVEapqMT2AOYm-nZ2OlLECR-2EHsc-SrUQrIvUav0IlZrX59DkDI-Pv5tRwqvbDoQUGI1MznZAfM",
      "n": "ofvoBeeGJphMMhru3hXiKk12OlXDKPNkwIFL-wVT9yf0HLWXv2LUkQ5QlH365a8OJc8TShvspoSgZPwijP09dIeKdfOUjikQ5wsIxoINpYt_UWsumKKOXVlRVDJnoRGJar1krBpC3-HkhWaTNYqIrMjMtsZigmelJKm2Hp0Hm_SMrZcb7Uwdyc6CcLzsE7snSVE-2b-WOFw8TYHaiG4CDzeFD1aok92Ct20dcZImSOtTGm_XNt7RhoJgT0FOSjPx0cuLZ3cwSuUs4gXmivH6Gxm0Lu9eRNfJea5SdUrwPRf8P-r36QyF6AiBkvS2V2wA9yDh3UVhAJWiSU8xRdsgMQ"
    },
    {
      "kty": "EC",
      "d": "w6-zZbtlsCT-OHBadM_WqUP4dsnMa64WC6_DMMMkpMY",
      "use": "sig",
      "crv": "P-256",
      "kid": "67ae8574-48c6-449f-b620-4035b9e8b7b1",
      "x": "HbqCJIlZE7tdJxOfxI3P9YAMAJQt2oc3HTzfnlLSmkY",
      "y": "pNg7DsE6cC-00qzaoc-X6uXRyu_BhC_S6cpIegAkXQM"
    },
    {
      "kty": "EC",
      "d": "814zoLzMVdKfyH5I1-u438ufXil-2ZMTcsWKQRQzpC8",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "5fd4125e-1b85-4d9f-ac01-9fac9d578032",
      "x": "JCFjcjSPOvZaOyfqEgjkq5QYMgkzX3EPZvmm4LFCeWg",
      "y": "NMdURoayWbEgN7Lf9SCvfPAKarnynP5TT2Uu9h9wSYE"
    },
    {
      "kty": "OKP",
      "d": "E1pSr6mGt6OSPjSbGwQmseaT2zH6LGpqGAr0s8MleKs",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "c119be3e-e15e-45b7-9483-6d7a5972ce34",
      "x": "iUPgVGS1BxCLQMYshig2lcCSdE9f2-FY1AaJGdhHYL8"
    }
  ]
}
server_encryption_keys
{
  "keys": [
    {
      "p": "zqfbJkAf6ds_rNTvWVcl9ynww4K9qLPhixoOhtI7DFjC2t_U33DQ_akgSHBfH2_aNb4MB0wIeHPIlre6DfLf6o0URS7gy1zQ4Lpw3TP6qnTS66w3xvcgzPSJo2RHjhgEAH93PcdMQ2v9iSRZSsBCpr_07hfYS35YGOkc98F0yfM",
      "kty": "RSA",
      "q": "yjoAq3Fg5CEh2CxUjVpvVPDwHBjMx5uACwk0R4qtH6RHJkwOSvlNuDvFQ5AEbacHzmJhYZSHWEsaWjbf17K9_AiOiJjvd_P7fBkFhV2nUfC-ZZBqQgRv1wKppvjzu9hTIICWhIp63GJ_JJaqiR-B2XexYZHL-wJbZEmSXOzwLQ8",
      "d": "ceUG-xbnGQuR19cEA2VKGBB2u90ua_D-Plp035EucQ3BSZ9mkcPTwigQB6akhBqpBBqawHjjVf3v1-6wliGeNL0C9uIC1VZD0twMyStLtNMeg6IjMJBTRUieRgGl7bzHi8vLtArU0fdA1XCgNSWw2Lo9ioRYIVbqLz3fQ_3mvj8zDI9f89a4vxsXFbwJy1HolI9OCgVuGhgpfUW-ZBPWCoR7HAxxKoXdeFvXqldPLkzYdnIPVFn5iiEMJ7Qc6Wh1GxUdQYBn-5BPnzw95w_b5tX-WBNURSt9_wHP0hAFLHG71CWIcfrMHb4AiOFPTZkDlzfYAJ-6qNmYWFBHwcWokQ",
      "e": "AQAB",
      "use": "enc",
      "kid": "bc7935d6-d8ee-4cea-acc8-8d5eaa4d3a64",
      "qi": "wLS3pu_oK4ya5NcQv_ndL5RWNFj-hxSuwOEqgduxbkj1Uuc5s4FWUTOXfAyh4Lq1yEtVTZJSOwRldeKEjg7-OewesfYh3hlBtGdGjnDD9ZQZBPHSCMmhy4V8HzbEcSLmBogliJ4YtwiUT2IK9DeWMf8uC8vZYrCACJ9-Ch0_IYY",
      "dp": "U9X-7t6W081xYJEl5I2ZRlMKbJZukLEg78iLWiCReenMavThLCBdeHqTMS_9Nwiucpz9zjwHN65pEtPIM_5y3nmLXqGs6nNl_bVFMkfzChHIu3krS5lYAi22ZMW6zadqgDU1z6c5hiSaP3eyjcO_hlxbZffgdIf1_20aplwiIAc",
      "alg": "RSA-OAEP",
      "dq": "QnNCyxMrcmsMsvsGIZio4rF1RNZFXAXV0kqI-kUwVChoFMaDH9HB3xsM3AGT4vAy2XdsZmMnAjVTiHdloHwkf4_UPkB61-C9L28NaGB43a0M81S8BcttcKp4UtyVQpF350M5sn3Kl2ZqPvyfNwW6Zlo1WElPTMDehRrD1HMrDLM",
      "n": "oz9FfjrpZyUgBZqGvkb6loKlqNCaIV2aGRYqvc-o8JfaU-V8MCnGkTttQ8hwNy1hCBreLZKCMxzx5sZVzP74wdOQ8QAql5O_dpUEFS-07owrCWMjG8RzO4ajQOxho8qjquqzBtKFJOhjgYUU7VU_WOdsN9HKgdeeZCbeqfbJ2WKknbN897_lMpOVzlVjohWCbWHAD2NtSLhX4xJoeYpeuhGsQGvZw3L72M-CldlWEsMmB3LLYo0SRlMy6aGDz4alaWrztdbmdvvbvMC-XPJVkToBQKxn8PiBRFnTfVK1wIrz-VIF59JbInVptb1wvyO1rRZOL-wMUrmhzXCDNSeMPQ"
    },
    {
      "kty": "EC",
      "d": "FRl2jMtxaD5rgu3rBmMcQSaWYxeGB4oLOxjtQdLXrkM",
      "use": "enc",
      "crv": "P-256",
      "kid": "310bc58e-23a1-42ef-b182-efd034f8455c",
      "x": "gqEdWrH3irrOnYJUbS8lq63sf25yE3Np3uboLGrWb1I",
      "y": "5pALg2tYTQEPReiYFGKgP2F6hB9Kj0YE0cVHuuEFKX0",
      "alg": "ECDH-ES"
    }
  ]
}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "c35e72f0-d775-49e7-8746-ef1c35e7270f",
      "n": "ofvoBeeGJphMMhru3hXiKk12OlXDKPNkwIFL-wVT9yf0HLWXv2LUkQ5QlH365a8OJc8TShvspoSgZPwijP09dIeKdfOUjikQ5wsIxoINpYt_UWsumKKOXVlRVDJnoRGJar1krBpC3-HkhWaTNYqIrMjMtsZigmelJKm2Hp0Hm_SMrZcb7Uwdyc6CcLzsE7snSVE-2b-WOFw8TYHaiG4CDzeFD1aok92Ct20dcZImSOtTGm_XNt7RhoJgT0FOSjPx0cuLZ3cwSuUs4gXmivH6Gxm0Lu9eRNfJea5SdUrwPRf8P-r36QyF6AiBkvS2V2wA9yDh3UVhAJWiSU8xRdsgMQ"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "bff0117e-e516-4ecf-8ff2-8942b10682c6",
      "n": "loh-upGQi1uXNKMppGC4mkKzQrjq096-Kl-cq14xhGpV5uUD7DDMxiNNzV-CXltrt5s5YvKbsztQOXY4277GZvLOXo-rq19iHrZfwk2ijiC0hyLNH0_yNzrlxocmjEc4r_8qNBbv8JQ58DvS_8-rrR-c-OmRDWNjEEiEmXl895VqzMv6mxSpEcuDDDAmHYcEN3TCuBFi_cOyJnWMgj-lD_pQOAGfnmvUCUVDsRHXctuzBKXPK3OjE127HY5BGbKeNAftL9BEEX5Xasoayaf_DOIInIcvdcGGOymZ1sFJapnZPed81td4xSpBpDW98IOc90Vna-onHAzWsp6n_xnyww"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "67ae8574-48c6-449f-b620-4035b9e8b7b1",
      "x": "HbqCJIlZE7tdJxOfxI3P9YAMAJQt2oc3HTzfnlLSmkY",
      "y": "pNg7DsE6cC-00qzaoc-X6uXRyu_BhC_S6cpIegAkXQM"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "7742820d-2004-433a-aecc-b72435cf962e",
      "x": "3gLoJFFV7g_Tn0ixczIG-N8E0MtkivpWbOaeQIRX26E",
      "y": "ywnVX0VjPE1dZY5ZCafBgN5En0boTs5ZsvvlDuCa9Ro"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "5fd4125e-1b85-4d9f-ac01-9fac9d578032",
      "x": "JCFjcjSPOvZaOyfqEgjkq5QYMgkzX3EPZvmm4LFCeWg",
      "y": "NMdURoayWbEgN7Lf9SCvfPAKarnynP5TT2Uu9h9wSYE"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "c119be3e-e15e-45b7-9483-6d7a5972ce34",
      "x": "iUPgVGS1BxCLQMYshig2lcCSdE9f2-FY1AaJGdhHYL8"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "bc7935d6-d8ee-4cea-acc8-8d5eaa4d3a64",
      "alg": "RSA-OAEP",
      "n": "oz9FfjrpZyUgBZqGvkb6loKlqNCaIV2aGRYqvc-o8JfaU-V8MCnGkTttQ8hwNy1hCBreLZKCMxzx5sZVzP74wdOQ8QAql5O_dpUEFS-07owrCWMjG8RzO4ajQOxho8qjquqzBtKFJOhjgYUU7VU_WOdsN9HKgdeeZCbeqfbJ2WKknbN897_lMpOVzlVjohWCbWHAD2NtSLhX4xJoeYpeuhGsQGvZw3L72M-CldlWEsMmB3LLYo0SRlMy6aGDz4alaWrztdbmdvvbvMC-XPJVkToBQKxn8PiBRFnTfVK1wIrz-VIF59JbInVptb1wvyO1rRZOL-wMUrmhzXCDNSeMPQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "310bc58e-23a1-42ef-b182-efd034f8455c",
      "x": "gqEdWrH3irrOnYJUbS8lq63sf25yE3Np3uboLGrWb1I",
      "y": "5pALg2tYTQEPReiYFGKgP2F6hB9Kj0YE0cVHuuEFKX0",
      "alg": "ECDH-ES"
    }
  ]
}
2020-09-01 12:52:41 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2020-09-01 12:52:41 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-09-01 12:52:41 SUCCESS
OIDCCLoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "given_name": "Demo",
  "family_name": "User",
  "middle_name": "Theresa",
  "nickname": "Dee",
  "preferred_username": "d.tu",
  "gender": "female",
  "birthdate": "2000-02-03",
  "address": {
    "street_address": "100 Universal City Plaza",
    "locality": "Hollywood",
    "region": "CA",
    "postal_code": "91608",
    "country": "USA"
  },
  "zoneinfo": "America/Los_Angeles",
  "locale": "en-US",
  "phone_number": "+1 555 5550000",
  "phone_number_verified": false,
  "email": "user@example.com",
  "email_verified": false,
  "website": "https://openid.net/",
  "updated_at": "1580000000"
}
2020-09-01 12:52:41 SUCCESS
GetDynamicClientConfiguration
No client details on configuration, created an empty dynamic_client_registration_template object.
2020-09-01 12:52:41
oidcc-client-test-nonce-invalid
Setup Done
2020-09-01 12:52:43 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance UmJ7CphyXmkbGOj
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Discovery endpoint
2020-09-01 12:52:43 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance UmJ7CphyXmkbGOj
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/",
  "authorization_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/token",
  "jwks_uri": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
outgoing_path
.well-known/openid-configuration
2020-09-01 12:52:44 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance UmJ7CphyXmkbGOj
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "content-type": "application/json",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "161",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
register
incoming_body_form_params
incoming_method
POST
incoming_body_json
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "id_token token"
  ],
  "grant_types": [
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ]
}
incoming_query_string_params
{}
incoming_body
{"token_endpoint_auth_method":"client_secret_basic","response_types":["id_token token"],"grant_types":["implicit"],"redirect_uris":["https://rp.example.com/cb"]}
Registration endpoint
2020-09-01 12:52:44 SUCCESS
OIDCCExtractDynamicRegistrationRequest
Extracted dynamic client registration request
request
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "id_token token"
  ],
  "grant_types": [
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ]
}
2020-09-01 12:52:44 INFO
EnsureRegistrationRequestContainsAtLeastOneContact
This application requires that registration requests contain at least one contact.
2020-09-01 12:52:44 SUCCESS
ValidateClientGrantTypes
grant_types match response_types
grant_types
[
  "implicit"
]
response_types
[
  "id_token token"
]
2020-09-01 12:52:44 SUCCESS
OIDCCValidateClientRedirectUris
Valid redirect_uri(s) provided in registration request
redirect_uris
[
  "https://rp.example.com/cb"
]
2020-09-01 12:52:44 SUCCESS
ValidateClientLogoUris
Client does not contain any logo_uri
2020-09-01 12:52:44 SUCCESS
ValidateClientUris
Client does not contain any client_uri
2020-09-01 12:52:44 SUCCESS
ValidateClientPolicyUris
Client does not contain any policy_uri
2020-09-01 12:52:44 SUCCESS
ValidateClientTosUris
Client does not contain any tos_uri
2020-09-01 12:52:44 SUCCESS
ValidateClientSubjectType
A subject_type was not provided
2020-09-01 12:52:44 INFO
ValidateIdTokenSignedResponseAlg
Skipped evaluation due to missing required element: client id_token_signed_response_alg
path
id_token_signed_response_alg
mapped
object
client
2020-09-01 12:52:44 SUCCESS
EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet
id_token_encrypted_response_enc is not set
2020-09-01 12:52:44 INFO
ValidateUserinfoSignedResponseAlg
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2020-09-01 12:52:44 SUCCESS
EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet
userinfo_encrypted_response_enc is not set
2020-09-01 12:52:44 INFO
ValidateRequestObjectSigningAlg
Skipped evaluation due to missing required element: client request_object_signing_alg
path
request_object_signing_alg
mapped
object
client
2020-09-01 12:52:44 SUCCESS
EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet
request_object_encryption_enc is not set
2020-09-01 12:52:44 INFO
ValidateTokenEndpointAuthSigningAlg
Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg
path
token_endpoint_auth_signing_alg
mapped
object
client
2020-09-01 12:52:44 SUCCESS
ValidateDefaultMaxAge
default_max_age is not set
2020-09-01 12:52:44 INFO
ValidateRequireAuthTime
Skipped evaluation due to missing required element: client require_auth_time
path
require_auth_time
mapped
object
client
2020-09-01 12:52:44 INFO
ValidateDefaultAcrValues
Skipped evaluation due to missing required element: client default_acr_values
path
default_acr_values
mapped
object
client
2020-09-01 12:52:44 INFO
ValidateInitiateLoginUri
Skipped evaluation due to missing required element: client initiate_login_uri
path
initiate_login_uri
mapped
object
client
2020-09-01 12:52:44 INFO
ValidateRequestUris
Skipped evaluation due to missing required element: client request_uris
path
request_uris
mapped
object
client
2020-09-01 12:52:44 SUCCESS
ValidateClientRegistrationRequestSectorIdentifierUri
A sector_identifier_uri was not provided
2020-09-01 12:52:44 SUCCESS
OIDCCRegisterClient
Registered client
client
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "id_token token"
  ],
  "grant_types": [
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "client_id": "client_NDfsglFNPoMrvgd11253~/\u0026]\\"
}
2020-09-01 12:52:44
OIDCCCreateClientSecretForDynamicClient
Set the secret for registered client
client_secret
secret_giZhOfSbgGwpYoAQXaxkqOCTBhHXjaSBqHxTLZDtVlmtEOZvaS0685551614*[/$\
2020-09-01 12:52:44 SUCCESS
EnsureTokenEndPointAuthMethodIsClientSecretBasic
token_endpoint_auth_method is 'client_secret_basic' as expected
2020-09-01 12:52:44 SUCCESS
EnsureClientDoesNotHaveBothJwksAndJwksUri
Client does not have both jwks and jwks_uri set
client
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "id_token token"
  ],
  "grant_types": [
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "client_id": "client_NDfsglFNPoMrvgd11253~/\u0026]\\",
  "client_secret": "secret_giZhOfSbgGwpYoAQXaxkqOCTBhHXjaSBqHxTLZDtVlmtEOZvaS0685551614*[/$\\"
}
2020-09-01 12:52:44 INFO
FetchClientKeys
Skipped evaluation due to missing required element: client jwks_uri
path
jwks_uri
mapped
object
client
2020-09-01 12:52:44 SUCCESS
OIDCCExtractServerSigningAlg
Using the default algorithm for the first key in server jwks
signing_algorithm
RS256
2020-09-01 12:52:44
SetClientIdTokenSignedResponseAlgToServerSigningAlg
Set id_token_signed_response_alg for the registered client
id_token_signed_response_alg
RS256
2020-09-01 12:52:44 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance UmJ7CphyXmkbGOj
outgoing_status_code
201
outgoing_headers
{}
outgoing_body
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "id_token token"
  ],
  "grant_types": [
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "client_id": "client_NDfsglFNPoMrvgd11253~/\u0026]\\",
  "client_secret": "secret_giZhOfSbgGwpYoAQXaxkqOCTBhHXjaSBqHxTLZDtVlmtEOZvaS0685551614*[/$\\",
  "id_token_signed_response_alg": "RS256"
}
outgoing_path
register
2020-09-01 12:52:44 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance UmJ7CphyXmkbGOj
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "got/9.6.0 (https://github.com/sindresorhus/got)",
  "accept-encoding": "gzip, deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "client_id": "client_NDfsglFNPoMrvgd11253~/\u0026]\\",
  "scope": "openid",
  "response_type": "id_token token",
  "redirect_uri": "https://rp.example.com/cb",
  "state": "BLfVGTG23iBL_46pEgIGo3RAkwK4vHmQqPP7alG7d_s",
  "nonce": "indF8bhAarat8fCSg9UN5eygDw1HM6y9HricFx7Gsps",
  "response_mode": "form_post"
}
incoming_body
Authorization endpoint
2020-09-01 12:52:44 SUCCESS
EnsureRequestDoesNotContainRequestObject
Request does not contain a request parameter
2020-09-01 12:52:44 SUCCESS
OIDCCEnsureAuthorizationHttpRequestContainsOpenIDScope
Found 'openid' in scope http request parameter
actual
[
  "openid"
]
expected
openid
2020-09-01 12:52:44 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client_NDfsglFNPoMrvgd11253~/\u0026]\\",
  "scope": "openid",
  "response_type": "id_token token",
  "redirect_uri": "https://rp.example.com/cb",
  "state": "BLfVGTG23iBL_46pEgIGo3RAkwK4vHmQqPP7alG7d_s",
  "nonce": "indF8bhAarat8fCSg9UN5eygDw1HM6y9HricFx7Gsps",
  "response_mode": "form_post"
}
2020-09-01 12:52:44 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid
2020-09-01 12:52:44 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
indF8bhAarat8fCSg9UN5eygDw1HM6y9HricFx7Gsps
2020-09-01 12:52:44 SUCCESS
EnsureResponseTypeIsIdTokenToken
Response type is expected value
expected
id_token token
2020-09-01 12:52:44 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client_NDfsglFNPoMrvgd11253~/&]\
2020-09-01 12:52:44 SUCCESS
EnsureValidRedirectUriForAuthorizationEndpointRequest
redirect_uri is one of the allowed redirect uris
actual
https://rp.example.com/cb
expected
[
  "https://rp.example.com/cb"
]
2020-09-01 12:52:44 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid"
]
expected
openid
2020-09-01 12:52:44 SUCCESS
DisallowMaxAgeEqualsZeroAndPromptNone
The client did not send max_age=0 and prompt=none parameters as expected
2020-09-01 12:52:44 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
BqwYbSIrxS7npkIfP3bYSOKhvrTwaWIVe88IXyWeFYDDt3I3zR
2020-09-01 12:52:44 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
JAQ-vKdO2sFouQliXbILdA
2020-09-01 12:52:44 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/
sub
user-subject-1234531
aud
client_NDfsglFNPoMrvgd11253~/&]\
nonce
indF8bhAarat8fCSg9UN5eygDw1HM6y9HricFx7Gsps
iat
1598964764
exp
1598965064
2020-09-01 12:52:44 SUCCESS
AddInvalidNonceValueToIdToken
Added invalid nonce to ID token claims
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/",
  "sub": "user-subject-1234531",
  "aud": "client_NDfsglFNPoMrvgd11253~/\u0026]\\",
  "nonce": "indF8bhAarat8fCSg9UN5eygDw1HM6y9HricFx7Gsps1",
  "iat": 1598964764,
  "exp": 1598965064
}
nonce
indF8bhAarat8fCSg9UN5eygDw1HM6y9HricFx7Gsps1
2020-09-01 12:52:44 INFO
AddCHashToIdTokenClaims
Skipped evaluation due to missing required string: c_hash
expected
c_hash
2020-09-01 12:52:44 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
JAQ-vKdO2sFouQliXbILdA
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/UmJ7CphyXmkbGOj/",
  "sub": "user-subject-1234531",
  "aud": "client_NDfsglFNPoMrvgd11253~/\u0026]\\",
  "nonce": "indF8bhAarat8fCSg9UN5eygDw1HM6y9HricFx7Gsps1",
  "iat": 1598964764,
  "exp": 1598965064,
  "at_hash": "JAQ-vKdO2sFouQliXbILdA"
}
2020-09-01 12:52:44 SUCCESS
OIDCCSignIdToken
Signed the ID token
id_token
eyJraWQiOiJjMzVlNzJmMC1kNzc1LTQ5ZTctODc0Ni1lZjFjMzVlNzI3MGYiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiSkFRLXZLZE8yc0ZvdVFsaVhiSUxkQSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X05EZnNnbEZOUG9NcnZnZDExMjUzflwvJl1cXCIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9VbUo3Q3BoeVhta2JHT2pcLyIsImV4cCI6MTU5ODk2NTA2NCwibm9uY2UiOiJpbmRGOGJoQWFyYXQ4ZkNTZzlVTjVleWdEdzFITTZ5OUhyaWNGeDdHc3BzMSIsImlhdCI6MTU5ODk2NDc2NH0.YeeTKJ44gf_vk6xHaUe0qxZzecCUfeGwx-1aKdKpc7uX19RRjAeS_XYRrIvkFjfahuMEuUCwAhe0SNwZtq7Ta2q18zYE_rwGb31W-csTq3NEV2_Qfjju6CPi3V0JL-7WSsYnnrts7-qjq8QZuAi4ozSUOrWdZpHNex4aoIerAnU287GLQL7Ne7dq7F3tVbXUGAOftVkaQGHIzUqWpTZ0Tp2ffGBIQAJeZWDiyGEfoD7v-3vZlcprS59_JikFejc1mFa7KkqAhtrinEGBVqr-2re3x5YWUlsu-K7tFxALiHYAZbCp5c4aLpTlzzXKSAZIHfX8hvRkbNu_kZRJcKvBtg
key
{"p":"6TOr8LTHeiihDnWMfTd37cnBq5F5puBUBecFNXl9qw75qaq0mHthWR3VGn023KfLH1uIVhi8DDiWg3Vg9cPrWLLrfXDN2DWL5s8i7IIdSMYLHbgoykLsynwvF0A2NDrAhzXFLOyDgGLebOAOldcaiAeAmEvpS0BCVNM0jC_nxUc","kty":"RSA","q":"sdHezIJYiM39DAwml9BY5aRtik3ngI5YbnPOKfUniC-Z-fwH_YYIm7FKvhL1HdLZEVc1lgwqndWexExXHgp4Jk57NmLUiT__HjAb8hPfQm6NudVjT7Uf6ijB4hONq6z7RQnt6rGQoyLDZ5q431eZdqv0w-5oXKySfLxi11skCsc","d":"TYVE8S5wISBZttD06AwJBL21iw1oLLzuxsIaHrPaDzprtSGi0dD2ccUsAySXYjx4xNdpH9plUvu91xZjYp3_PzlupixAOBinIitBs96hsUwlTk3BKwMApuQL7AODXK4L2a1x9HtM7eApgT4pzUHTTv16Gy6uDkKT4gvmQJhd_-Awjn_9A6nv3IoZ82f-JpGqOAD90vRGiPc69YVTHG_hqjADvA-gO75Zd4cjI8vFwx5_9KhNG3hrS0N6MKIv_vkvOVRJZ1I8-hX_aKRfxnd-74lUDVh4Y1f9TCKh-U2uH2vS_QfAq6BbVURWKm_d8yK80q3PcsC5Hh70xSyVpIV6kQ","e":"AQAB","use":"sig","kid":"c35e72f0-d775-49e7-8746-ef1c35e7270f","qi":"sTyfcjm8vpuaPj15URchptk2r65ebjU43XywcmPO63rAoLwKX30Oh1TDBfdKzPSISLYNvUj6i5JjDkqTZuFl-5Sg-Omb1pgMXEmHtnrd0RugWU5L62N1ppGO3XiV6g10-KpfGzOom4Lce29DP_MWoFMU-Jp_G27lGzUOJ8lx54A","dp":"LuYRYis5IrwhB8NkKZqKJ-w3YsWy7XiX7Uf0qDhyqYAtfY2zHCdUAJQbU2RzMBUeqIPD-2ymBN8sheuJQGPSZNg2u9d_zkeWhyiJIX9ZXFVXzvZGXcbv0BkBb2-edwqJxadurAY0vBEmIkc9J61GzKyVlAtQM64MqPqAyuCnf-k","dq":"jlt5ZfqYTHW0txdnMjTvZnGb7JRv2MCc1VhK3dZRXrrVJ4f5EaNjctmd_8uHhufNNg--a7Cz0YY6w-Zl_DvfcrNz-tdmVbbxVEapqMT2AOYm-nZ2OlLECR-2EHsc-SrUQrIvUav0IlZrX59DkDI-Pv5tRwqvbDoQUGI1MznZAfM","n":"ofvoBeeGJphMMhru3hXiKk12OlXDKPNkwIFL-wVT9yf0HLWXv2LUkQ5QlH365a8OJc8TShvspoSgZPwijP09dIeKdfOUjikQ5wsIxoINpYt_UWsumKKOXVlRVDJnoRGJar1krBpC3-HkhWaTNYqIrMjMtsZigmelJKm2Hp0Hm_SMrZcb7Uwdyc6CcLzsE7snSVE-2b-WOFw8TYHaiG4CDzeFD1aok92Ct20dcZImSOtTGm_XNt7RhoJgT0FOSjPx0cuLZ3cwSuUs4gXmivH6Gxm0Lu9eRNfJea5SdUrwPRf8P-r36QyF6AiBkvS2V2wA9yDh3UVhAJWiSU8xRdsgMQ"}
algorithm
RS256
2020-09-01 12:52:44 INFO
EncryptIdToken
Skipped evaluation due to missing required element: client id_token_encrypted_response_alg
path
id_token_encrypted_response_alg
mapped
object
client
2020-09-01 12:52:44 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://rp.example.com/cb",
  "state": "BLfVGTG23iBL_46pEgIGo3RAkwK4vHmQqPP7alG7d_s"
}
2020-09-01 12:52:44 SUCCESS
AddIdTokenToAuthorizationEndpointResponseParams
Added id_token to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://rp.example.com/cb",
  "state": "BLfVGTG23iBL_46pEgIGo3RAkwK4vHmQqPP7alG7d_s",
  "id_token": "eyJraWQiOiJjMzVlNzJmMC1kNzc1LTQ5ZTctODc0Ni1lZjFjMzVlNzI3MGYiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiSkFRLXZLZE8yc0ZvdVFsaVhiSUxkQSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X05EZnNnbEZOUG9NcnZnZDExMjUzflwvJl1cXCIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9VbUo3Q3BoeVhta2JHT2pcLyIsImV4cCI6MTU5ODk2NTA2NCwibm9uY2UiOiJpbmRGOGJoQWFyYXQ4ZkNTZzlVTjVleWdEdzFITTZ5OUhyaWNGeDdHc3BzMSIsImlhdCI6MTU5ODk2NDc2NH0.YeeTKJ44gf_vk6xHaUe0qxZzecCUfeGwx-1aKdKpc7uX19RRjAeS_XYRrIvkFjfahuMEuUCwAhe0SNwZtq7Ta2q18zYE_rwGb31W-csTq3NEV2_Qfjju6CPi3V0JL-7WSsYnnrts7-qjq8QZuAi4ozSUOrWdZpHNex4aoIerAnU287GLQL7Ne7dq7F3tVbXUGAOftVkaQGHIzUqWpTZ0Tp2ffGBIQAJeZWDiyGEfoD7v-3vZlcprS59_JikFejc1mFa7KkqAhtrinEGBVqr-2re3x5YWUlsu-K7tFxALiHYAZbCp5c4aLpTlzzXKSAZIHfX8hvRkbNu_kZRJcKvBtg"
}
2020-09-01 12:52:44
AddTokenToAuthorizationEndpointResponseParams
Added token and token_type to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://rp.example.com/cb",
  "state": "BLfVGTG23iBL_46pEgIGo3RAkwK4vHmQqPP7alG7d_s",
  "id_token": "eyJraWQiOiJjMzVlNzJmMC1kNzc1LTQ5ZTctODc0Ni1lZjFjMzVlNzI3MGYiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiSkFRLXZLZE8yc0ZvdVFsaVhiSUxkQSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X05EZnNnbEZOUG9NcnZnZDExMjUzflwvJl1cXCIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9VbUo3Q3BoeVhta2JHT2pcLyIsImV4cCI6MTU5ODk2NTA2NCwibm9uY2UiOiJpbmRGOGJoQWFyYXQ4ZkNTZzlVTjVleWdEdzFITTZ5OUhyaWNGeDdHc3BzMSIsImlhdCI6MTU5ODk2NDc2NH0.YeeTKJ44gf_vk6xHaUe0qxZzecCUfeGwx-1aKdKpc7uX19RRjAeS_XYRrIvkFjfahuMEuUCwAhe0SNwZtq7Ta2q18zYE_rwGb31W-csTq3NEV2_Qfjju6CPi3V0JL-7WSsYnnrts7-qjq8QZuAi4ozSUOrWdZpHNex4aoIerAnU287GLQL7Ne7dq7F3tVbXUGAOftVkaQGHIzUqWpTZ0Tp2ffGBIQAJeZWDiyGEfoD7v-3vZlcprS59_JikFejc1mFa7KkqAhtrinEGBVqr-2re3x5YWUlsu-K7tFxALiHYAZbCp5c4aLpTlzzXKSAZIHfX8hvRkbNu_kZRJcKvBtg",
  "access_token": "BqwYbSIrxS7npkIfP3bYSOKhvrTwaWIVe88IXyWeFYDDt3I3zR",
  "token_type": "Bearer"
}
2020-09-01 12:52:44 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance UmJ7CphyXmkbGOj
outgoing
ModelAndView [view="formPostResponseMode"; model={formAction=https://rp.example.com/cb, formParameters={"state":"BLfVGTG23iBL_46pEgIGo3RAkwK4vHmQqPP7alG7d_s","id_token":"eyJraWQiOiJjMzVlNzJmMC1kNzc1LTQ5ZTctODc0Ni1lZjFjMzVlNzI3MGYiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiSkFRLXZLZE8yc0ZvdVFsaVhiSUxkQSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X05EZnNnbEZOUG9NcnZnZDExMjUzflwvJl1cXCIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9VbUo3Q3BoeVhta2JHT2pcLyIsImV4cCI6MTU5ODk2NTA2NCwibm9uY2UiOiJpbmRGOGJoQWFyYXQ4ZkNTZzlVTjVleWdEdzFITTZ5OUhyaWNGeDdHc3BzMSIsImlhdCI6MTU5ODk2NDc2NH0.YeeTKJ44gf_vk6xHaUe0qxZzecCUfeGwx-1aKdKpc7uX19RRjAeS_XYRrIvkFjfahuMEuUCwAhe0SNwZtq7Ta2q18zYE_rwGb31W-csTq3NEV2_Qfjju6CPi3V0JL-7WSsYnnrts7-qjq8QZuAi4ozSUOrWdZpHNex4aoIerAnU287GLQL7Ne7dq7F3tVbXUGAOftVkaQGHIzUqWpTZ0Tp2ffGBIQAJeZWDiyGEfoD7v-3vZlcprS59_JikFejc1mFa7KkqAhtrinEGBVqr-2re3x5YWUlsu-K7tFxALiHYAZbCp5c4aLpTlzzXKSAZIHfX8hvRkbNu_kZRJcKvBtg","access_token":"BqwYbSIrxS7npkIfP3bYSOKhvrTwaWIVe88IXyWeFYDDt3I3zR","token_type":"Bearer"}}]
outgoing_path
authorize
2020-09-01 12:52:45 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance UmJ7CphyXmkbGOj
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Jwks endpoint
2020-09-01 12:52:45 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance UmJ7CphyXmkbGOj
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "c35e72f0-d775-49e7-8746-ef1c35e7270f",
      "n": "ofvoBeeGJphMMhru3hXiKk12OlXDKPNkwIFL-wVT9yf0HLWXv2LUkQ5QlH365a8OJc8TShvspoSgZPwijP09dIeKdfOUjikQ5wsIxoINpYt_UWsumKKOXVlRVDJnoRGJar1krBpC3-HkhWaTNYqIrMjMtsZigmelJKm2Hp0Hm_SMrZcb7Uwdyc6CcLzsE7snSVE-2b-WOFw8TYHaiG4CDzeFD1aok92Ct20dcZImSOtTGm_XNt7RhoJgT0FOSjPx0cuLZ3cwSuUs4gXmivH6Gxm0Lu9eRNfJea5SdUrwPRf8P-r36QyF6AiBkvS2V2wA9yDh3UVhAJWiSU8xRdsgMQ"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "bff0117e-e516-4ecf-8ff2-8942b10682c6",
      "n": "loh-upGQi1uXNKMppGC4mkKzQrjq096-Kl-cq14xhGpV5uUD7DDMxiNNzV-CXltrt5s5YvKbsztQOXY4277GZvLOXo-rq19iHrZfwk2ijiC0hyLNH0_yNzrlxocmjEc4r_8qNBbv8JQ58DvS_8-rrR-c-OmRDWNjEEiEmXl895VqzMv6mxSpEcuDDDAmHYcEN3TCuBFi_cOyJnWMgj-lD_pQOAGfnmvUCUVDsRHXctuzBKXPK3OjE127HY5BGbKeNAftL9BEEX5Xasoayaf_DOIInIcvdcGGOymZ1sFJapnZPed81td4xSpBpDW98IOc90Vna-onHAzWsp6n_xnyww"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "67ae8574-48c6-449f-b620-4035b9e8b7b1",
      "x": "HbqCJIlZE7tdJxOfxI3P9YAMAJQt2oc3HTzfnlLSmkY",
      "y": "pNg7DsE6cC-00qzaoc-X6uXRyu_BhC_S6cpIegAkXQM"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "7742820d-2004-433a-aecc-b72435cf962e",
      "x": "3gLoJFFV7g_Tn0ixczIG-N8E0MtkivpWbOaeQIRX26E",
      "y": "ywnVX0VjPE1dZY5ZCafBgN5En0boTs5ZsvvlDuCa9Ro"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "5fd4125e-1b85-4d9f-ac01-9fac9d578032",
      "x": "JCFjcjSPOvZaOyfqEgjkq5QYMgkzX3EPZvmm4LFCeWg",
      "y": "NMdURoayWbEgN7Lf9SCvfPAKarnynP5TT2Uu9h9wSYE"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "c119be3e-e15e-45b7-9483-6d7a5972ce34",
      "x": "iUPgVGS1BxCLQMYshig2lcCSdE9f2-FY1AaJGdhHYL8"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "bc7935d6-d8ee-4cea-acc8-8d5eaa4d3a64",
      "alg": "RSA-OAEP",
      "n": "oz9FfjrpZyUgBZqGvkb6loKlqNCaIV2aGRYqvc-o8JfaU-V8MCnGkTttQ8hwNy1hCBreLZKCMxzx5sZVzP74wdOQ8QAql5O_dpUEFS-07owrCWMjG8RzO4ajQOxho8qjquqzBtKFJOhjgYUU7VU_WOdsN9HKgdeeZCbeqfbJ2WKknbN897_lMpOVzlVjohWCbWHAD2NtSLhX4xJoeYpeuhGsQGvZw3L72M-CldlWEsMmB3LLYo0SRlMy6aGDz4alaWrztdbmdvvbvMC-XPJVkToBQKxn8PiBRFnTfVK1wIrz-VIF59JbInVptb1wvyO1rRZOL-wMUrmhzXCDNSeMPQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "310bc58e-23a1-42ef-b182-efd034f8455c",
      "x": "gqEdWrH3irrOnYJUbS8lq63sf25yE3Np3uboLGrWb1I",
      "y": "5pALg2tYTQEPReiYFGKgP2F6hB9Kj0YE0cVHuuEFKX0",
      "alg": "ECDH-ES"
    }
  ]
}
outgoing_path
jwks
2020-09-01 12:52:46 FINISHED
oidcc-client-test-nonce-invalid
Test has run to completion
testmodule_result
PASSED
Test Results