Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-09-01 12:52:39 INFO
TEST-RUNNER
Test instance xN1vPAaL0cArlcO created
baseUrl
https://www.certification.openid.net/test/xN1vPAaL0cArlcO
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code token",
  "request_type": "plain_http_request",
  "response_mode": "form_post",
  "client_registration": "dynamic_client"
}
alias

                                
description
test suite runner for openid-client
planId
l0lJMpv444Mye
config
{
  "description": "test suite runner for openid-client",
  "waitTimeoutSeconds": 2
}
testName
oidcc-client-test-idtoken-sig-rs256
2020-09-01 12:52:39 SUCCESS
OIDCCGenerateServerConfigurationIdTokenSigningAlgRS256Only
Generated default server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/",
  "authorization_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/token",
  "jwks_uri": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2020-09-01 12:52:39
SetTokenEndpointAuthMethodsSupportedToClientSecretBasicOnly
Changed token_endpoint_auth_methods_supported to client_secret_basic only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/",
  "authorization_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/token",
  "jwks_uri": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2020-09-01 12:52:39
OIDCCGenerateServerJWKs
Generated server public private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "3hNo2iSIlioRJPtX-Won1p3rj1c7zMIACS0qkfht5e_HmalgqGtQYYiOSR7w8y-b0sereFOPMYK4QKL1U53G5f7ETi2wNOAqQjovy6KrPfKqNYBSGdEuDkY3olw4LQvI35dblHO36ymGf8p6yvepIff-dVnwpYa0YXGapwOvea8",
      "kty": "RSA",
      "q": "or_imd-sUjzqUMwzMPkisRTee9zZG5V5OeRkOwuMx0kjPY4JTvGz2OoPrrYtf-ccGNcBNvcddV3_t-31an4dQPUXBO0kMKjQExXD8PzoCO2vColmZrdmuKwWub5MMvuCqXsrC-rOs8DWOqVmscjo_H7Rl9Msd9-S4YgvA7rHKYM",
      "d": "O2ujnhk4ua2pdS2Z1Zl8rKp5AGkMAMdbdxJQRzhrABHfPONQOr6CTNx6PEdQ0-wQNLnKCmkjtqvOdunEItUjq1lp22C2ZkxpQleOP0DEM39Q_Sls9_0hoJqDsuR0SoQ3sSIFSJLaaWxZkJHP0dI1Y7M1UD4yH5LacSyMBEq_zHGVWfB-I8x-mrhai_cBNYtnLl3RpkRjobxh81saQXyJEXZrB1z7wD843_DPRry6DPzguG-NAs45BUvLBUdX64AON7qbl9y7oJGgaLN0qzwBAIFS3cHeVecrvUKfWGd3CgrYVfKa2bYzdEoPjTZfVngMFCmUPECrX8_wr1rjO90QpQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "bad55877-cb2e-4600-a357-fd3b2cc7918d",
      "qi": "zNdgyUPuAb-18zzUnjZ4NSicmVX3p9hc9psy7JKsL-sy03HtX3lQ5q2CUFAte06IeLi-SGunhH_GTy3gz1yhtJOnZ39VtFcKK60CcJ3vbYce_p7LT2s1eKrVa2ylh0WFiUDQ3fYZ_W03SmXbPNOJbx0lZToC8kdjo5VO_9VPc4c",
      "dp": "yRqilQkId5PYurixzjeHpB6WNtQ0XxQ_nA--wTlLrDIbetebpGip_ej_kM_oOxEd9x7B9NEWlytdV4s6xmHWwGiZtIJDU168ZgTzS2Ef2ZVq9dAiiSaYomyL7Qe-B2zolzIlyKWSI-8S0Z623B6ylwRQ9kxgVEVMDAIonp4Dxhk",
      "dq": "U_ne2rbnG6gC35397A8hL24tPow-GlWOL6kBbtYO1eWPIXvgobNlsU9UuDmYUJ7XiJmoLsxjjuPpxuYp88EPJy1Pq2MRgWoZsz9P01EsCS9bWnx7MhUAE9n3_--JMeVFDl5XX9bQwT-HSst9qc6ZKW_mhgiYsWHTUDwMxkfh7DE",
      "n": "jS69Z-QSVEaaOOJf-j1Ld0NjByy6txKXnqOxkhATri-kg6Ee4PFt2rKA_tXwa1WswYwt4zPWArlkDCRMe007hisFDAY3XJrXZvsrhserBl8itNYdnqk1hYJ3iOgX-QZ9Sd2NcJvNJGqvloYm_uVUAI_6PZpuZ9PEOugq_2wieyQ4yl1prhWKoNSyC2JW-FBWZSmL1KnLMORyPev_cfLivK0SBPPr2QCQO_eWlMXz165BjmXm72DtCc3i83xDMrtSc3OOTcuMCSlEeF60Zb3qlKx6HqWnL-VXxcBA5qcUyD9j2BK2kpC6ueRVJ7g_T10erfUrkfhnmzFVxczrulFLjQ"
    },
    {
      "kty": "EC",
      "d": "UPAdQpIbInX3JbUWbYSYoUuXNHeG43CAGDuUxVBVx5s",
      "use": "sig",
      "crv": "P-256",
      "kid": "29e877d5-3a1f-432a-b920-a80a13fd073e",
      "x": "GFr24YlrK1T2WsH2jwssVzryuETbxez6rB9tji0Dcfc",
      "y": "L2WV9XWrKPWLvQ5XxTuFurlA0o0KI6y7QyuSmsKOb4Y"
    },
    {
      "kty": "EC",
      "d": "QpMwEyk9ccyimQtbKv0gtIgXnXljqwxN2ZysbXyyFmY",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "a70b902a-7ade-48c1-9194-f2c52c8f5d19",
      "x": "P_5Tw6Anjo68dIt4Er5w5pLe0G4FjrqpyTlACXCb6CU",
      "y": "vDR0_1MPZv0jiYwuQMgVTtn0CCW6yJCYbCvAhuAMbnI"
    },
    {
      "kty": "OKP",
      "d": "UQDk3-1RZrTJZg_xQf5LUFNWHLWktt5TlQM9IA0HPfE",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "423028d0-2178-4c14-a8b4-aef2324c7228",
      "x": "RUehkw3wHNRy1tC4Rz4Oq1JEmZzXtTg1-aAcNr876Js"
    }
  ]
}
server_encryption_keys
{
  "keys": [
    {
      "p": "_qNbuT6doqDwgnZkdZwriVkkkYFi5fJlzVHRwQI1hnwZ_HHtR80OnwGfPBONr7-8Yb_s7gc3VlXJ1LlbYRKFzUZXk1aGOHAXySfu_BI4-VASJRonRfyuBEE7yVv0qD2HLfBs_Ki4g1AZF7ylia47Qf2z2S_ZJVIp3lHoAM7p6wk",
      "kty": "RSA",
      "q": "q8JG4xKd4ibbta1LsY89X1SEaVsW9vwmmf5VZATVm4cAB8L-uFGEiMndb8yirlYllL2cEEH-n4crDOy4cIL79uSizA27kJi_7eRGIqvjZY76y4Y-kAct5xb-KbrJk8JFHX-NpDLp6fQY4Yoyy3kc48eakjiVdemSCH8uTrFERRc",
      "d": "VGLoXuvVlcEwGwfiXXe4Qf4UpLT9yA8FkoT16nCO_1aTwSWsG43g41_8NPX_ErAZDEwgaOJYtwokSKCuMPU3Gx7lwMuOJ9BbhJf2uQ03owG9K9DyvhUfZzkNlHWtm_smcWZXvhKHkft8gjjhIfJGLw_OSmwmp-uEgelGafYE4AQUeCvuof_34Sdub7tmDuSNDyCBxs2N1JqQPcDhr5j8xh64XF-OuGaolbI-cdsttMo3WahFzRdAqOJ6YLAhnowP9VnCf2X1qPmRGVvcQNm88-G_gjzkOB_NBPTI8IxghrONcROxWWezkJZMyY2SWBLRrw39tsEcKOmB_C_3KcNdEQ",
      "e": "AQAB",
      "use": "enc",
      "kid": "b07ca9d1-adfc-49a3-a70f-09aa90a1a4f9",
      "qi": "xA9KMJ0s8SR1ea-eItC2NkM9mkSep7dsaZEEFZbq9_Sw2NZDnnZMWpLbygb5ZPDYemsOR0SD0YoxKFPE4Gn_0VEcD26Q3UoLSCJUqPNpveuDHpr_jj6LbHxxVGH3JcMkfOFUAdo0hUXX1Nrvq_fGpss5aGN2M7v1Lxom9V3RJEE",
      "dp": "hLHMUrR2oRENRG892qwPY_u4OrsaNooi0uQYUmQ8UGDLieo0pH4PaH0H5d6qrzNTj_zcEw5fn_YEv334SJXGdDp72KP2PeLsAj91Ipa8ae94BS2j2azbYgw8g6oPzLyDfUUVBnVF8egDq4L7IMxSxQjYeA2fMvumJdy48fLho0E",
      "alg": "RSA-OAEP",
      "dq": "mhGMCrYxX6JhpQcNBfoqIDAtEmB-KhCnA62LpUtc3MTtNwkn-ehNjXIeKuIR73YhAdpPepnoL-tMp6xUCcDFCYOvsICFBkCusVL5wrITKY9m0lfaGNIHz-nlFUOS-_LgkoRPZsGw54ZpJy8TP0elrYDn20_caceZkfuba0VBqwM",
      "n": "qthckseoQw2DoralR1NkF962BiJLV8fdJwAG9F7hJhtW-zoMjWJ8WCs1LNFpks-vn38JbUJjGiTMyLBgryYMIk5o8N2tcrLFIVBJpnYr5JW4ug1KVqBofMPhI04EHBCQOGiGeeqtJg4k2bYFQfVjWM1nyFhD6sqRIPvd1H3sOsHLRBVZzMnwQ2g5LTtstaz3q4N0R68JHegTVE5FQfc7BubKSXePKCGNa2RIhDheBZ9gP0sxht1KWUS3ypYSLznmR5qYBjkMDI-z2B9-5cNWVdCyj99h6csdg1dH2k9ufItcU57xV3SQ93_TfVobc6sy37GcmHtIYMwxIvw5SsGKzw"
    },
    {
      "kty": "EC",
      "d": "_lGtY7SLVoV52jbK_P_PturXlocGwdg7qZbgF0bI7qs",
      "use": "enc",
      "crv": "P-256",
      "kid": "8658af58-8216-46c7-9afd-010e2abc8d02",
      "x": "nnBR-VBniQLiJkHUvoC8eYjQVIEK5wKZrxMkjCRXziQ",
      "y": "m9TnH7Gr5PL8FojCr9I7Nrp9iOrFIoRCh2KJ7-uJOgQ",
      "alg": "ECDH-ES"
    }
  ]
}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "bad55877-cb2e-4600-a357-fd3b2cc7918d",
      "n": "jS69Z-QSVEaaOOJf-j1Ld0NjByy6txKXnqOxkhATri-kg6Ee4PFt2rKA_tXwa1WswYwt4zPWArlkDCRMe007hisFDAY3XJrXZvsrhserBl8itNYdnqk1hYJ3iOgX-QZ9Sd2NcJvNJGqvloYm_uVUAI_6PZpuZ9PEOugq_2wieyQ4yl1prhWKoNSyC2JW-FBWZSmL1KnLMORyPev_cfLivK0SBPPr2QCQO_eWlMXz165BjmXm72DtCc3i83xDMrtSc3OOTcuMCSlEeF60Zb3qlKx6HqWnL-VXxcBA5qcUyD9j2BK2kpC6ueRVJ7g_T10erfUrkfhnmzFVxczrulFLjQ"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "a4f3209c-8185-4f4b-bf76-18a6e2ed1375",
      "n": "683_beLZP6hE8q78PHU9YpOj6QaqPllsO0ypk-aQffRP56IBob5DUQuVwaToVgfFYGCmW88TGb44_HUQE5adrr54B4YfQDH-AJmFhF_Hoxz8bO5RxNe6VGqmPUuOH8FWN2hWNQOznnqUQO3LCFke6O1XbhvvRldxhp7yn81xeWDxjqom8ApPEgi1OcSjJ8RqhJeUmlYT3smPeXhCUJbWSYjtUOqB5d1dM4RBkk9YSQr2pnARRb1k6S0CNTz0oS5H3T6Ph_ehlX5E6wzjkDK7evcXlXXvePl6NilJlVa95_siV8fnQb-IIkAv4rhIQIcvdpnZxesrTYPuZ0l8pDTZ2w"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "29e877d5-3a1f-432a-b920-a80a13fd073e",
      "x": "GFr24YlrK1T2WsH2jwssVzryuETbxez6rB9tji0Dcfc",
      "y": "L2WV9XWrKPWLvQ5XxTuFurlA0o0KI6y7QyuSmsKOb4Y"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "ccee66e1-bfa1-454c-80dd-9ac08fd98fe5",
      "x": "R-tRZ9sgToKeIIstvloTne42G9_fS0KKn9pLj3l3y5Q",
      "y": "1B6Ic3H7IenafATnecKgbmYNvs20_vGYyrRFkwnK5aw"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "a70b902a-7ade-48c1-9194-f2c52c8f5d19",
      "x": "P_5Tw6Anjo68dIt4Er5w5pLe0G4FjrqpyTlACXCb6CU",
      "y": "vDR0_1MPZv0jiYwuQMgVTtn0CCW6yJCYbCvAhuAMbnI"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "423028d0-2178-4c14-a8b4-aef2324c7228",
      "x": "RUehkw3wHNRy1tC4Rz4Oq1JEmZzXtTg1-aAcNr876Js"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "b07ca9d1-adfc-49a3-a70f-09aa90a1a4f9",
      "alg": "RSA-OAEP",
      "n": "qthckseoQw2DoralR1NkF962BiJLV8fdJwAG9F7hJhtW-zoMjWJ8WCs1LNFpks-vn38JbUJjGiTMyLBgryYMIk5o8N2tcrLFIVBJpnYr5JW4ug1KVqBofMPhI04EHBCQOGiGeeqtJg4k2bYFQfVjWM1nyFhD6sqRIPvd1H3sOsHLRBVZzMnwQ2g5LTtstaz3q4N0R68JHegTVE5FQfc7BubKSXePKCGNa2RIhDheBZ9gP0sxht1KWUS3ypYSLznmR5qYBjkMDI-z2B9-5cNWVdCyj99h6csdg1dH2k9ufItcU57xV3SQ93_TfVobc6sy37GcmHtIYMwxIvw5SsGKzw"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "8658af58-8216-46c7-9afd-010e2abc8d02",
      "x": "nnBR-VBniQLiJkHUvoC8eYjQVIEK5wKZrxMkjCRXziQ",
      "y": "m9TnH7Gr5PL8FojCr9I7Nrp9iOrFIoRCh2KJ7-uJOgQ",
      "alg": "ECDH-ES"
    }
  ]
}
2020-09-01 12:52:39 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2020-09-01 12:52:39 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-09-01 12:52:39 SUCCESS
OIDCCLoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "given_name": "Demo",
  "family_name": "User",
  "middle_name": "Theresa",
  "nickname": "Dee",
  "preferred_username": "d.tu",
  "gender": "female",
  "birthdate": "2000-02-03",
  "address": {
    "street_address": "100 Universal City Plaza",
    "locality": "Hollywood",
    "region": "CA",
    "postal_code": "91608",
    "country": "USA"
  },
  "zoneinfo": "America/Los_Angeles",
  "locale": "en-US",
  "phone_number": "+1 555 5550000",
  "phone_number_verified": false,
  "email": "user@example.com",
  "email_verified": false,
  "website": "https://openid.net/",
  "updated_at": "1580000000"
}
2020-09-01 12:52:39 SUCCESS
GetDynamicClientConfiguration
No client details on configuration, created an empty dynamic_client_registration_template object.
2020-09-01 12:52:39
oidcc-client-test-idtoken-sig-rs256
Setup Done
2020-09-01 12:52:40 INCOMING
oidcc-client-test-idtoken-sig-rs256
Incoming HTTP request to test instance xN1vPAaL0cArlcO
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Discovery endpoint
2020-09-01 12:52:40 OUTGOING
oidcc-client-test-idtoken-sig-rs256
Response to HTTP request to test instance xN1vPAaL0cArlcO
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/",
  "authorization_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/token",
  "jwks_uri": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
outgoing_path
.well-known/openid-configuration
2020-09-01 12:52:40 INCOMING
oidcc-client-test-idtoken-sig-rs256
Incoming HTTP request to test instance xN1vPAaL0cArlcO
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "content-type": "application/json",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "217",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
register
incoming_body_form_params
incoming_method
POST
incoming_body_json
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "id_token_signed_response_alg": "RS256"
}
incoming_query_string_params
{}
incoming_body
{"token_endpoint_auth_method":"client_secret_basic","response_types":["code token"],"grant_types":["authorization_code","implicit"],"redirect_uris":["https://rp.example.com/cb"],"id_token_signed_response_alg":"RS256"}
Registration endpoint
2020-09-01 12:52:40 SUCCESS
OIDCCExtractDynamicRegistrationRequest
Extracted dynamic client registration request
request
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "id_token_signed_response_alg": "RS256"
}
2020-09-01 12:52:40 INFO
EnsureRegistrationRequestContainsAtLeastOneContact
This application requires that registration requests contain at least one contact.
2020-09-01 12:52:40 SUCCESS
ValidateClientGrantTypes
grant_types match response_types
grant_types
[
  "authorization_code",
  "implicit"
]
response_types
[
  "code token"
]
2020-09-01 12:52:40 SUCCESS
OIDCCValidateClientRedirectUris
Valid redirect_uri(s) provided in registration request
redirect_uris
[
  "https://rp.example.com/cb"
]
2020-09-01 12:52:40 SUCCESS
ValidateClientLogoUris
Client does not contain any logo_uri
2020-09-01 12:52:40 SUCCESS
ValidateClientUris
Client does not contain any client_uri
2020-09-01 12:52:40 SUCCESS
ValidateClientPolicyUris
Client does not contain any policy_uri
2020-09-01 12:52:40 SUCCESS
ValidateClientTosUris
Client does not contain any tos_uri
2020-09-01 12:52:40 SUCCESS
ValidateClientSubjectType
A subject_type was not provided
2020-09-01 12:52:40 SUCCESS
ValidateIdTokenSignedResponseAlg
id_token_signed_response_alg is one of the known algorithms
alg
RS256
2020-09-01 12:52:40 SUCCESS
EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet
id_token_encrypted_response_enc is not set
2020-09-01 12:52:40 INFO
ValidateUserinfoSignedResponseAlg
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2020-09-01 12:52:40 SUCCESS
EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet
userinfo_encrypted_response_enc is not set
2020-09-01 12:52:40 INFO
ValidateRequestObjectSigningAlg
Skipped evaluation due to missing required element: client request_object_signing_alg
path
request_object_signing_alg
mapped
object
client
2020-09-01 12:52:40 SUCCESS
EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet
request_object_encryption_enc is not set
2020-09-01 12:52:40 INFO
ValidateTokenEndpointAuthSigningAlg
Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg
path
token_endpoint_auth_signing_alg
mapped
object
client
2020-09-01 12:52:40 SUCCESS
ValidateDefaultMaxAge
default_max_age is not set
2020-09-01 12:52:40 INFO
ValidateRequireAuthTime
Skipped evaluation due to missing required element: client require_auth_time
path
require_auth_time
mapped
object
client
2020-09-01 12:52:40 INFO
ValidateDefaultAcrValues
Skipped evaluation due to missing required element: client default_acr_values
path
default_acr_values
mapped
object
client
2020-09-01 12:52:40 INFO
ValidateInitiateLoginUri
Skipped evaluation due to missing required element: client initiate_login_uri
path
initiate_login_uri
mapped
object
client
2020-09-01 12:52:40 INFO
ValidateRequestUris
Skipped evaluation due to missing required element: client request_uris
path
request_uris
mapped
object
client
2020-09-01 12:52:40 SUCCESS
ValidateClientRegistrationRequestSectorIdentifierUri
A sector_identifier_uri was not provided
2020-09-01 12:52:40 SUCCESS
OIDCCRegisterClient
Registered client
client
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "id_token_signed_response_alg": "RS256",
  "client_id": "client_KKCmTUCLKUBUTWE40910[_?_ "
}
2020-09-01 12:52:40
OIDCCCreateClientSecretForDynamicClient
Set the secret for registered client
client_secret
secret_LgEMSCbhrcTFXiweCICCNCxAcDMNQfCBkXUBzjTPpjaUOVHhqU6591178805(|\"/
2020-09-01 12:52:40 SUCCESS
EnsureTokenEndPointAuthMethodIsClientSecretBasic
token_endpoint_auth_method is 'client_secret_basic' as expected
2020-09-01 12:52:40
SetClientIdTokenSignedResponseAlgToRS256
Set id_token_signed_response_alg to RS256 for the registered client
client
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "id_token_signed_response_alg": "RS256",
  "client_id": "client_KKCmTUCLKUBUTWE40910[_?_ ",
  "client_secret": "secret_LgEMSCbhrcTFXiweCICCNCxAcDMNQfCBkXUBzjTPpjaUOVHhqU6591178805(|\\\"/"
}
2020-09-01 12:52:40 SUCCESS
EnsureClientDoesNotHaveBothJwksAndJwksUri
Client does not have both jwks and jwks_uri set
client
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "id_token_signed_response_alg": "RS256",
  "client_id": "client_KKCmTUCLKUBUTWE40910[_?_ ",
  "client_secret": "secret_LgEMSCbhrcTFXiweCICCNCxAcDMNQfCBkXUBzjTPpjaUOVHhqU6591178805(|\\\"/"
}
2020-09-01 12:52:40 INFO
FetchClientKeys
Skipped evaluation due to missing required element: client jwks_uri
path
jwks_uri
mapped
object
client
2020-09-01 12:52:40
SetServerSigningAlgToRS256
Successfully set signing algorithm to RS256
2020-09-01 12:52:40
SetClientIdTokenSignedResponseAlgToServerSigningAlg
Set id_token_signed_response_alg for the registered client
id_token_signed_response_alg
RS256
2020-09-01 12:52:40 OUTGOING
oidcc-client-test-idtoken-sig-rs256
Response to HTTP request to test instance xN1vPAaL0cArlcO
outgoing_status_code
201
outgoing_headers
{}
outgoing_body
{
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "redirect_uris": [
    "https://rp.example.com/cb"
  ],
  "id_token_signed_response_alg": "RS256",
  "client_id": "client_KKCmTUCLKUBUTWE40910[_?_ ",
  "client_secret": "secret_LgEMSCbhrcTFXiweCICCNCxAcDMNQfCBkXUBzjTPpjaUOVHhqU6591178805(|\\\"/"
}
outgoing_path
register
2020-09-01 12:52:41 INCOMING
oidcc-client-test-idtoken-sig-rs256
Incoming HTTP request to test instance xN1vPAaL0cArlcO
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "got/9.6.0 (https://github.com/sindresorhus/got)",
  "accept-encoding": "gzip, deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "client_id": "client_KKCmTUCLKUBUTWE40910[_?_ ",
  "scope": "openid",
  "response_type": "code token",
  "redirect_uri": "https://rp.example.com/cb",
  "state": "0PZQOnoJLcsJL5lL1I8rnfb47hShj95kgoa8Lsx4wuA",
  "response_mode": "form_post"
}
incoming_body
Authorization endpoint
2020-09-01 12:52:41 SUCCESS
EnsureRequestDoesNotContainRequestObject
Request does not contain a request parameter
2020-09-01 12:52:41 SUCCESS
OIDCCEnsureAuthorizationHttpRequestContainsOpenIDScope
Found 'openid' in scope http request parameter
actual
[
  "openid"
]
expected
openid
2020-09-01 12:52:41 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client_KKCmTUCLKUBUTWE40910[_?_ ",
  "scope": "openid",
  "response_type": "code token",
  "redirect_uri": "https://rp.example.com/cb",
  "state": "0PZQOnoJLcsJL5lL1I8rnfb47hShj95kgoa8Lsx4wuA",
  "response_mode": "form_post"
}
2020-09-01 12:52:41 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid
2020-09-01 12:52:41 INFO
ExtractNonceFromAuthorizationRequest
Couldn't find 'nonce' in authorization endpoint parameters
2020-09-01 12:52:41 SUCCESS
EnsureResponseTypeIsCodeToken
Response type is expected value
expected
code token
2020-09-01 12:52:41 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client_KKCmTUCLKUBUTWE40910[_?_ 
2020-09-01 12:52:41 SUCCESS
EnsureValidRedirectUriForAuthorizationEndpointRequest
redirect_uri is one of the allowed redirect uris
actual
https://rp.example.com/cb
expected
[
  "https://rp.example.com/cb"
]
2020-09-01 12:52:41 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid"
]
expected
openid
2020-09-01 12:52:41 SUCCESS
DisallowMaxAgeEqualsZeroAndPromptNone
The client did not send max_age=0 and prompt=none parameters as expected
2020-09-01 12:52:41 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
YvMheq5CJv
2020-09-01 12:52:41 SUCCESS
CalculateCHash
Successful c_hash encoding
c_hash
IOMI0RfOBJkQlUw-Emvjxg
2020-09-01 12:52:41 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
xIeogiGWTLxoGCRlmCo4AQkfmmfdcxdYTdkbdzpmUFpUmwK894
2020-09-01 12:52:41 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
uHOo__lFRInCgSqLv826RQ
2020-09-01 12:52:41 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://rp.example.com/cb",
  "state": "0PZQOnoJLcsJL5lL1I8rnfb47hShj95kgoa8Lsx4wuA"
}
2020-09-01 12:52:41 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://rp.example.com/cb",
  "state": "0PZQOnoJLcsJL5lL1I8rnfb47hShj95kgoa8Lsx4wuA",
  "code": "YvMheq5CJv"
}
2020-09-01 12:52:41
AddTokenToAuthorizationEndpointResponseParams
Added token and token_type to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://rp.example.com/cb",
  "state": "0PZQOnoJLcsJL5lL1I8rnfb47hShj95kgoa8Lsx4wuA",
  "code": "YvMheq5CJv",
  "access_token": "xIeogiGWTLxoGCRlmCo4AQkfmmfdcxdYTdkbdzpmUFpUmwK894",
  "token_type": "Bearer"
}
2020-09-01 12:52:41 OUTGOING
oidcc-client-test-idtoken-sig-rs256
Response to HTTP request to test instance xN1vPAaL0cArlcO
outgoing
ModelAndView [view="formPostResponseMode"; model={formAction=https://rp.example.com/cb, formParameters={"state":"0PZQOnoJLcsJL5lL1I8rnfb47hShj95kgoa8Lsx4wuA","code":"YvMheq5CJv","access_token":"xIeogiGWTLxoGCRlmCo4AQkfmmfdcxdYTdkbdzpmUFpUmwK894","token_type":"Bearer"}}]
outgoing_path
authorize
2020-09-01 12:52:41 INCOMING
oidcc-client-test-idtoken-sig-rs256
Incoming HTTP request to test instance xN1vPAaL0cArlcO
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "authorization": "Basic Y2xpZW50X0tLQ21UVUNMS1VCVVRXRTQwOTEwJTVCXyUzRl8rOnNlY3JldF9MZ0VNU0NiaHJjVEZYaXdlQ0lDQ05DeEFjRE1OUWZDQmtYVUJ6alRQcGphVU9WSGhxVTY1OTExNzg4MDUoJTdDJTVDJTIyJTJG",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "92",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "code": "YvMheq5CJv",
  "redirect_uri": "https://rp.example.com/cb"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&code=YvMheq5CJv&redirect_uri=https%3A%2F%2Frp.example.com%2Fcb
Token endpoint
2020-09-01 12:52:41 SUCCESS
ExtractClientCredentialsFromBasicAuthorizationHeader
Extracted client authentication
client_id
client_KKCmTUCLKUBUTWE40910[_?_ 
client_secret
secret_LgEMSCbhrcTFXiweCICCNCxAcDMNQfCBkXUBzjTPpjaUOVHhqU6591178805(|\"/
method
client_secret_basic
2020-09-01 12:52:41 SUCCESS
ValidateClientIdAndSecret
Client id and secret match
2020-09-01 12:52:41 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
YvMheq5CJv
2020-09-01 12:52:41 SUCCESS
ValidateRedirectUriForTokenEndpointRequest
redirect_uri is the same as the one used in the authorization request
actual
https://rp.example.com/cb
2020-09-01 12:52:41 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
DT9UNDJYVi5w6t1FEVbLmgXLLzku1MCFCXJN9OuIudKoFFUS1s
2020-09-01 12:52:41 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
8wSBF28lG2n-x3zeSy9Juw
2020-09-01 12:52:41 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/xN1vPAaL0cArlcO/
sub
user-subject-1234531
aud
client_KKCmTUCLKUBUTWE40910[_?_ 
iat
1598964761
exp
1598965061
2020-09-01 12:52:41 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
8wSBF28lG2n-x3zeSy9Juw
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/xN1vPAaL0cArlcO/",
  "sub": "user-subject-1234531",
  "aud": "client_KKCmTUCLKUBUTWE40910[_?_ ",
  "iat": 1598964761,
  "exp": 1598965061,
  "at_hash": "8wSBF28lG2n-x3zeSy9Juw"
}
2020-09-01 12:52:41 SUCCESS
OIDCCSignIdToken
Signed the ID token
id_token
eyJraWQiOiJiYWQ1NTg3Ny1jYjJlLTQ2MDAtYTM1Ny1mZDNiMmNjNzkxOGQiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiOHdTQkYyOGxHMm4teDN6ZVN5OUp1dyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0tLQ21UVUNMS1VCVVRXRTQwOTEwW18_XyAiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwveE4xdlBBYUwwY0FybGNPXC8iLCJleHAiOjE1OTg5NjUwNjEsImlhdCI6MTU5ODk2NDc2MX0.JYwR2JxTqwmqJraWabHdHYuMYxMFCvFPkqK3COhscN2WVgTAijHys6t0LmfuxsrGPxBNwk7S7WUsM7w84F38U6cCYa8yMtBod6raYpVpZGqJul-ud8BcPaQqhYyHXoJEhtdoWz2bQlnz10ewga8C92GW2flgM_Ml9Cov0SClptSG8YjVaok7OqfnvYLVF84DNbnvtVUg64oznppGL4GSXLwfU0R7w_r1IWPWDS8AsquIwGgRgl-wotivxk49TbcsoxrhnkpcWCLwUZ1ND1krlmhvKyJvMbalZaPUvhAyL5nqgDEUPMZ9g5K8LKM12mPSo-kEqpRMpMN-vy1BMQKMsA
key
{"p":"3hNo2iSIlioRJPtX-Won1p3rj1c7zMIACS0qkfht5e_HmalgqGtQYYiOSR7w8y-b0sereFOPMYK4QKL1U53G5f7ETi2wNOAqQjovy6KrPfKqNYBSGdEuDkY3olw4LQvI35dblHO36ymGf8p6yvepIff-dVnwpYa0YXGapwOvea8","kty":"RSA","q":"or_imd-sUjzqUMwzMPkisRTee9zZG5V5OeRkOwuMx0kjPY4JTvGz2OoPrrYtf-ccGNcBNvcddV3_t-31an4dQPUXBO0kMKjQExXD8PzoCO2vColmZrdmuKwWub5MMvuCqXsrC-rOs8DWOqVmscjo_H7Rl9Msd9-S4YgvA7rHKYM","d":"O2ujnhk4ua2pdS2Z1Zl8rKp5AGkMAMdbdxJQRzhrABHfPONQOr6CTNx6PEdQ0-wQNLnKCmkjtqvOdunEItUjq1lp22C2ZkxpQleOP0DEM39Q_Sls9_0hoJqDsuR0SoQ3sSIFSJLaaWxZkJHP0dI1Y7M1UD4yH5LacSyMBEq_zHGVWfB-I8x-mrhai_cBNYtnLl3RpkRjobxh81saQXyJEXZrB1z7wD843_DPRry6DPzguG-NAs45BUvLBUdX64AON7qbl9y7oJGgaLN0qzwBAIFS3cHeVecrvUKfWGd3CgrYVfKa2bYzdEoPjTZfVngMFCmUPECrX8_wr1rjO90QpQ","e":"AQAB","use":"sig","kid":"bad55877-cb2e-4600-a357-fd3b2cc7918d","qi":"zNdgyUPuAb-18zzUnjZ4NSicmVX3p9hc9psy7JKsL-sy03HtX3lQ5q2CUFAte06IeLi-SGunhH_GTy3gz1yhtJOnZ39VtFcKK60CcJ3vbYce_p7LT2s1eKrVa2ylh0WFiUDQ3fYZ_W03SmXbPNOJbx0lZToC8kdjo5VO_9VPc4c","dp":"yRqilQkId5PYurixzjeHpB6WNtQ0XxQ_nA--wTlLrDIbetebpGip_ej_kM_oOxEd9x7B9NEWlytdV4s6xmHWwGiZtIJDU168ZgTzS2Ef2ZVq9dAiiSaYomyL7Qe-B2zolzIlyKWSI-8S0Z623B6ylwRQ9kxgVEVMDAIonp4Dxhk","dq":"U_ne2rbnG6gC35397A8hL24tPow-GlWOL6kBbtYO1eWPIXvgobNlsU9UuDmYUJ7XiJmoLsxjjuPpxuYp88EPJy1Pq2MRgWoZsz9P01EsCS9bWnx7MhUAE9n3_--JMeVFDl5XX9bQwT-HSst9qc6ZKW_mhgiYsWHTUDwMxkfh7DE","n":"jS69Z-QSVEaaOOJf-j1Ld0NjByy6txKXnqOxkhATri-kg6Ee4PFt2rKA_tXwa1WswYwt4zPWArlkDCRMe007hisFDAY3XJrXZvsrhserBl8itNYdnqk1hYJ3iOgX-QZ9Sd2NcJvNJGqvloYm_uVUAI_6PZpuZ9PEOugq_2wieyQ4yl1prhWKoNSyC2JW-FBWZSmL1KnLMORyPev_cfLivK0SBPPr2QCQO_eWlMXz165BjmXm72DtCc3i83xDMrtSc3OOTcuMCSlEeF60Zb3qlKx6HqWnL-VXxcBA5qcUyD9j2BK2kpC6ueRVJ7g_T10erfUrkfhnmzFVxczrulFLjQ"}
algorithm
RS256
2020-09-01 12:52:41 INFO
EncryptIdToken
Skipped evaluation due to missing required element: client id_token_encrypted_response_alg
path
id_token_encrypted_response_alg
mapped
object
client
2020-09-01 12:52:41 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
DT9UNDJYVi5w6t1FEVbLmgXLLzku1MCFCXJN9OuIudKoFFUS1s
token_type
Bearer
id_token
eyJraWQiOiJiYWQ1NTg3Ny1jYjJlLTQ2MDAtYTM1Ny1mZDNiMmNjNzkxOGQiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiOHdTQkYyOGxHMm4teDN6ZVN5OUp1dyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0tLQ21UVUNMS1VCVVRXRTQwOTEwW18_XyAiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwveE4xdlBBYUwwY0FybGNPXC8iLCJleHAiOjE1OTg5NjUwNjEsImlhdCI6MTU5ODk2NDc2MX0.JYwR2JxTqwmqJraWabHdHYuMYxMFCvFPkqK3COhscN2WVgTAijHys6t0LmfuxsrGPxBNwk7S7WUsM7w84F38U6cCYa8yMtBod6raYpVpZGqJul-ud8BcPaQqhYyHXoJEhtdoWz2bQlnz10ewga8C92GW2flgM_Ml9Cov0SClptSG8YjVaok7OqfnvYLVF84DNbnvtVUg64oznppGL4GSXLwfU0R7w_r1IWPWDS8AsquIwGgRgl-wotivxk49TbcsoxrhnkpcWCLwUZ1ND1krlmhvKyJvMbalZaPUvhAyL5nqgDEUPMZ9g5K8LKM12mPSo-kEqpRMpMN-vy1BMQKMsA
scope
openid
2020-09-01 12:52:41 OUTGOING
oidcc-client-test-idtoken-sig-rs256
Response to HTTP request to test instance xN1vPAaL0cArlcO
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "DT9UNDJYVi5w6t1FEVbLmgXLLzku1MCFCXJN9OuIudKoFFUS1s",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiJiYWQ1NTg3Ny1jYjJlLTQ2MDAtYTM1Ny1mZDNiMmNjNzkxOGQiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiOHdTQkYyOGxHMm4teDN6ZVN5OUp1dyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50X0tLQ21UVUNMS1VCVVRXRTQwOTEwW18_XyAiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwveE4xdlBBYUwwY0FybGNPXC8iLCJleHAiOjE1OTg5NjUwNjEsImlhdCI6MTU5ODk2NDc2MX0.JYwR2JxTqwmqJraWabHdHYuMYxMFCvFPkqK3COhscN2WVgTAijHys6t0LmfuxsrGPxBNwk7S7WUsM7w84F38U6cCYa8yMtBod6raYpVpZGqJul-ud8BcPaQqhYyHXoJEhtdoWz2bQlnz10ewga8C92GW2flgM_Ml9Cov0SClptSG8YjVaok7OqfnvYLVF84DNbnvtVUg64oznppGL4GSXLwfU0R7w_r1IWPWDS8AsquIwGgRgl-wotivxk49TbcsoxrhnkpcWCLwUZ1ND1krlmhvKyJvMbalZaPUvhAyL5nqgDEUPMZ9g5K8LKM12mPSo-kEqpRMpMN-vy1BMQKMsA",
  "scope": "openid"
}
outgoing_path
token
2020-09-01 12:52:42 INCOMING
oidcc-client-test-idtoken-sig-rs256
Incoming HTTP request to test instance xN1vPAaL0cArlcO
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Jwks endpoint
2020-09-01 12:52:42 OUTGOING
oidcc-client-test-idtoken-sig-rs256
Response to HTTP request to test instance xN1vPAaL0cArlcO
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "bad55877-cb2e-4600-a357-fd3b2cc7918d",
      "n": "jS69Z-QSVEaaOOJf-j1Ld0NjByy6txKXnqOxkhATri-kg6Ee4PFt2rKA_tXwa1WswYwt4zPWArlkDCRMe007hisFDAY3XJrXZvsrhserBl8itNYdnqk1hYJ3iOgX-QZ9Sd2NcJvNJGqvloYm_uVUAI_6PZpuZ9PEOugq_2wieyQ4yl1prhWKoNSyC2JW-FBWZSmL1KnLMORyPev_cfLivK0SBPPr2QCQO_eWlMXz165BjmXm72DtCc3i83xDMrtSc3OOTcuMCSlEeF60Zb3qlKx6HqWnL-VXxcBA5qcUyD9j2BK2kpC6ueRVJ7g_T10erfUrkfhnmzFVxczrulFLjQ"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "a4f3209c-8185-4f4b-bf76-18a6e2ed1375",
      "n": "683_beLZP6hE8q78PHU9YpOj6QaqPllsO0ypk-aQffRP56IBob5DUQuVwaToVgfFYGCmW88TGb44_HUQE5adrr54B4YfQDH-AJmFhF_Hoxz8bO5RxNe6VGqmPUuOH8FWN2hWNQOznnqUQO3LCFke6O1XbhvvRldxhp7yn81xeWDxjqom8ApPEgi1OcSjJ8RqhJeUmlYT3smPeXhCUJbWSYjtUOqB5d1dM4RBkk9YSQr2pnARRb1k6S0CNTz0oS5H3T6Ph_ehlX5E6wzjkDK7evcXlXXvePl6NilJlVa95_siV8fnQb-IIkAv4rhIQIcvdpnZxesrTYPuZ0l8pDTZ2w"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "29e877d5-3a1f-432a-b920-a80a13fd073e",
      "x": "GFr24YlrK1T2WsH2jwssVzryuETbxez6rB9tji0Dcfc",
      "y": "L2WV9XWrKPWLvQ5XxTuFurlA0o0KI6y7QyuSmsKOb4Y"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "ccee66e1-bfa1-454c-80dd-9ac08fd98fe5",
      "x": "R-tRZ9sgToKeIIstvloTne42G9_fS0KKn9pLj3l3y5Q",
      "y": "1B6Ic3H7IenafATnecKgbmYNvs20_vGYyrRFkwnK5aw"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "a70b902a-7ade-48c1-9194-f2c52c8f5d19",
      "x": "P_5Tw6Anjo68dIt4Er5w5pLe0G4FjrqpyTlACXCb6CU",
      "y": "vDR0_1MPZv0jiYwuQMgVTtn0CCW6yJCYbCvAhuAMbnI"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "423028d0-2178-4c14-a8b4-aef2324c7228",
      "x": "RUehkw3wHNRy1tC4Rz4Oq1JEmZzXtTg1-aAcNr876Js"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "b07ca9d1-adfc-49a3-a70f-09aa90a1a4f9",
      "alg": "RSA-OAEP",
      "n": "qthckseoQw2DoralR1NkF962BiJLV8fdJwAG9F7hJhtW-zoMjWJ8WCs1LNFpks-vn38JbUJjGiTMyLBgryYMIk5o8N2tcrLFIVBJpnYr5JW4ug1KVqBofMPhI04EHBCQOGiGeeqtJg4k2bYFQfVjWM1nyFhD6sqRIPvd1H3sOsHLRBVZzMnwQ2g5LTtstaz3q4N0R68JHegTVE5FQfc7BubKSXePKCGNa2RIhDheBZ9gP0sxht1KWUS3ypYSLznmR5qYBjkMDI-z2B9-5cNWVdCyj99h6csdg1dH2k9ufItcU57xV3SQ93_TfVobc6sy37GcmHtIYMwxIvw5SsGKzw"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "8658af58-8216-46c7-9afd-010e2abc8d02",
      "x": "nnBR-VBniQLiJkHUvoC8eYjQVIEK5wKZrxMkjCRXziQ",
      "y": "m9TnH7Gr5PL8FojCr9I7Nrp9iOrFIoRCh2KJ7-uJOgQ",
      "alg": "ECDH-ES"
    }
  ]
}
outgoing_path
jwks
2020-09-01 12:52:42 INCOMING
oidcc-client-test-idtoken-sig-rs256
Incoming HTTP request to test instance xN1vPAaL0cArlcO
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/3.15.9 (https://github.com/panva/node-openid-client)",
  "authorization": "Bearer DT9UNDJYVi5w6t1FEVbLmgXLLzku1MCFCXJN9OuIudKoFFUS1s",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
userinfo
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Userinfo endpoint
2020-09-01 12:52:42 SUCCESS
OIDCCExtractBearerAccessTokenFromRequest
Found access token on incoming request
access_token
DT9UNDJYVi5w6t1FEVbLmgXLLzku1MCFCXJN9OuIudKoFFUS1s
2020-09-01 12:52:42 SUCCESS
RequireBearerAccessToken
Found access token in request
actual
DT9UNDJYVi5w6t1FEVbLmgXLLzku1MCFCXJN9OuIudKoFFUS1s
2020-09-01 12:52:42 SUCCESS
FilterUserInfoForScopes
User info endpoint output
sub
user-subject-1234531
2020-09-01 12:52:42
ClearAccessTokenFromRequest
Condition ran but did not log anything
2020-09-01 12:52:42 INFO
AddIssAndAudToUserInfoResponse
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2020-09-01 12:52:42 INFO
SignUserInfoResponse
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2020-09-01 12:52:42 INFO
EncryptUserInfoResponse
Skipped evaluation due to missing required element: client userinfo_encrypted_response_alg
path
userinfo_encrypted_response_alg
mapped
object
client
2020-09-01 12:52:42 OUTGOING
oidcc-client-test-idtoken-sig-rs256
Response to HTTP request to test instance xN1vPAaL0cArlcO
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "sub": "user-subject-1234531"
}
outgoing_path
userinfo
2020-09-01 12:52:42 FINISHED
oidcc-client-test-idtoken-sig-rs256
Test has run to completion
testmodule_result
PASSED
Test Results