Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-06-11 14:36:22 INFO
TEST-RUNNER
Test instance 1ZvLJGx4vJQvUrO created
baseUrl
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response
variant
{
  "client_auth_type": "private_key_jwt",
  "fapi_auth_request_method": "by_value",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "plain_response"
}
alias
oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response
description
planId
ryqVk04lT1Uwf
config
{
  "alias": "oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response",
  "automated_ciba_approval_url": "https://fapi.panva.cz/ciba-sim?authReqId\u003d{auth_req_id}\u0026action\u003d{action}",
  "server": {
    "discoveryUrl": "https://fapi.panva.cz/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "pkjwt-one",
    "client_name": "pkjwt-one",
    "scope": "openid offline_access",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw",
          "d": "dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ",
          "p": "5SLM2g4Uv3Q1-PGqwKPQ8h8Onp674FTxxYAHCh8mivgCGx7uIjVaOxCKvCimi8NCgtON0a1QdGY-BT3NsewJUvaniWyb5BZo-kpdkSzXCvQpWuWT_iSorgEgl4anJ59JZH_QW7wtjRnF8jWnw-_nkNv4HIIVd7fdKKCkpGi1Drk",
          "q": "xgyjgfZdlfpne27vdlxi5VGmNnBnLRAe_a7Wgo6JdmKPMPa1qugxVM5tUhoYjUuUpHxi8gDSxb0-N_kIqTu7zp2Ly9iB8wQIyyYmdxN7J_B5bSn5rfTcu_Uz-EuYVEGfj0hk5_aNQc0y02Di1L4QrnMNRGBo3jWCCRZrjqyHfqc",
          "dp": "tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk",
          "dq": "FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80",
          "qi": "nmJaonUO_d62824V6YmWuEX7imXdgHKRi-tY4IUDJbrm7lKEfcn_xazqilECh1xm7O8b4bj0th3JrRcs1Al0sWP1FwVHjzzmg5oqq26PvHjmtVIHn3cXGT6AmY8-eUPkYgPBc61Ej58Usazm1iuRIe-wNIBeL244kFTQK7zJfnE",
          "kty": "RSA",
          "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    },
    "hint_type": "login_hint",
    "hint_value": "panva"
  },
  "mtls": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD\nWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4\nMTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwG\nUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9\nqbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP\n4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r\n1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVb\nvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8L\njsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQAD\nggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjS\nozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZ\nybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3\n+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4K\nnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2h\nTfkwHHtW2BegWR/q3+q9gs7uehc\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEEnW885Hp+2Q7\nl+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwr\nJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzN\nqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa\n+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi\n3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3\nN3QQqM0VAgMBAAECggEBAKrgF6Hrd9+9yhWxgaM9gIDhQO73I4tY+IOThHAh5rVI\nawNof6vFZdcGr7aiftNFnSEgG2m7exgAg4or8zPCNJHfJgUgq4Eduo8JnwoAlsnV\nVy4HeOMNTGXFMFW3hPMQt/DxieF5xGFbO69DkECJ68LV5f3dQcw2BVVWAEON/qf9\nUhgEnx79OdiCYzyoHjxaHoXk9cVTUtXwmU0lphRFT14W2Py0KZ5vA8JEefoZl/qE\no42iR0KB4eDj/LiduWAMKDLN/u0Dmq3WxLvw7LHnlqENTEY56Lw1sbMQlmvl0zCD\n68BeMz+Mvlm7VRSCxR+3uX6Nli3eb2EsYziZIlt00iUCgYEA4ZNvp0u6vXQAf7IG\nESuhu3u4cD6K8iJ6BT+O64yHJzc17e9lt+p89GasTtkgeEH/lr+XxScVBYndi/8v\naqsA47bkIoWVvcXq7C4jkv0bPelpaI/KPGfoZC1etR102+dS1ZufxzwSo64drw+H\nPuwaIkXvmpK4MBI9jEYoOHh9KR8CgYEA3oRU/iCWvKOGHlR9BmcBysVGmkvBwj8X\nLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7\nyczWFLPXbUNVqC5OLI+wTL7+ikx040lL9IRRtgub47+9IvxxaGaIRzsFwa+15D7T\nCE7K8BydH0sCgYEAivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX/RloFfHGPEaB8q7\nl5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdsl\nFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm+wTEILcaqT6uLf7HK8CgYBO\nlloWLphOI0q454oIetTNMoNO9zaFThb3ZWw0cOCLblX853xl1oc9rpeeCzgJnnpO\nx5Gs5XGNAEMMpqDAur4aA1Zon6KsZC8MhIWPZjzNYByee0wsvMq9MC9h1MLrivWC\ndEEPlGYIN62q75F2F9BFp/jOgSoyZGXP51QRHWn4pQKBgCEy7GsS3sAj3GiTmCkV\nvR3gKSlSKmJULmI+8EoT6tzYhMvyqoCHPtll2DHzBeqA6Il2DKz+gFbKln2+LrPU\nrb2rgK9e8qdZH9X36Ws8u9YA/VasGQRUFIAcFcNWoBBX79nBQ/89zrPubaN2Rh9B\nKuUEGLKAzDf1JIzseUr8jdvw\n-----END PRIVATE KEY-----\n"
  },
  "client2": {
    "client_id": "pkjwt-two",
    "client_name": "pkjwt-two",
    "scope": "openid offline_access",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "5xcUf9SqYSEQHDyQft6iabfz5WvuZyjFLTj9x_R8ARdBDyVE42vkWnf6jOZoeMZ_WjtYGLF0nwnuEVBoCVxP4Nu1UUQq8OTigmk2f4IyPT-79pvW9b7EGQDdTsBIrrb2AKktwDJe16uK64kDNO0Ay3U_nShIPgMVbmGd_K6__OwwhhrLwKv_OSbvU8ZlPI24jy1Yxfq175F_1ZQBRjm0jAMf6PBt8cgxQclgbpP-7OBUQHBzpfudD1U9W6V8hqKKjDldlI9Zg6xBa8MpC6JuQdgwkcugWdwyG69p2kq_pyl735C8yj9Bif7Vok1d4E81cSh8Jy1wGNfAmlz8ncJSRw",
          "d": "ttJDnX4Z7Q3DORORHU31H74wbmidC2_tzoEwBWkeUZ6cEediQKmy1v_kcGQ4cpRXXINmhuKdaNTqSzhZlk45w6MOJ2TOtBXgPVwPiYDvThWGFuvjfDeX3FAaxZrJ5a9Jn-w4Db3L2sQT-5NBvjViU5RG54Ze4PB_m_wOiUGXEfgonv64APPBkodIz_26lJ-r4447tcdMkDw4p6xTP-y33sPB4ZOhQ5ezE4FzQlpq0K98ysKLwo8wvhQ8stxqL46avBnflgDhTsb-1I54aU3ROjThU5tkeAkudzg4lFKdd4WmVneVMD-FJ2wrkjwztqHSBCP8G9IAXBdXRxRzdJIOAQ",
          "p": "_WOUrDYt1uay8XtnaNgutctzdI6XJaf5XrGv6wE_ZoVbqEKWTnBbVfqbwkWf58CeH32tt3hUjBFicG-XAlYI8TW5Lf6H78Fmt2y3fdowLzzWLwNDoLWo1_rOGxneL-vYM1MekZyUN-uDARdEeOL9yRPFKOZm7eWSUc_Sdlu9yuc",
          "q": "6XitRdF0tFu7O7S1rQZZjqhrza53f-Ox1vCYY_Hy4Tm_1fMc7GV0VCHoQwO3ZJPlPEE0JahnfpQkhHGj67GGO40lZYEXdBwNxtktp1zdmEokbsWmacz57SVPg4pzgS9kketf-wdUbT5VgBmNWS9MPt7rKiyFbmuPcHU99fWEsaE",
          "dp": "e_5s1FC24cCGtFCU6-NOCDwExXa5U_38s2_0C-XSZpK_pXjgIIYuy8YUzl5Pv5KsTfCsP2msxdYD-80_ci8ztQV7FpzFXHehkgSrTfSlO5hjnyHTyCLc-sOKdAyWg5C_fW4hOVQL28ltk-0U3qsFUY5RHpCQsb1zeoFeFfkSyOU",
          "dq": "2tyhsh2UBa8oaeQRm02kjrMbvAidRWoxwIhykt6xDKmSSAJLTuAcmPHgRVIqjUKHVmDZfaPMwUAmq3HMdJpKd3DtaaYGUnYqBAp7XbUUljqKxLzML8pTUBf13h3gAW5oHNJFe5F3d6FDjX5mnwBTvWxDj5mEy-pQ4N9HYlbyOYE",
          "qi": "rbxxLBMPxBVpoyNfpjYtXEuem0HHvemHiGklhCbJO_N3vRu8lEarlZ_IPLrRmq7he0cNHcd4j_yhge1-0RR0LzJ4l_Wg-B1Jc0fKJrSItp8pmjmaVHbp_ToYqVlJh_AfU5tru86zSCvVycV79BvkvLl6IusDAuRK8eD1h7dU59g",
          "kty": "RSA",
          "kid": "NriyGITqpt6QdRBXz6k_qjup6vO_81Namq05CX4hij0",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    },
    "acr_value": "urn:mace:incommon:iap:silver"
  },
  "mtls2": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJD\nWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4\nMTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwG\nUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IB\nDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0Up\nkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6wa\nKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj\n6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdP\nxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxY\nTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQAD\nggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyW\nS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XB\nKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbT\nLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0a\nDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgn\nAWzRJlZD89KZAQgjj4Z215QeLxA\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhqVAaMsvnCETz\nDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQ\nGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3\nMT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMM\nxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxa\nbXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3f\nY4Cm+zkTAgMBAAECggEASlRt2SNQPJphs7n3NkDquC3frsD4IjmDepQmOY7F/T6q\nKOYMTwOnt8cUZUMal0q5mu1p2HC4DeK+yZ8tyzCstmzqTG8vwzhMNDZblt4cfP2C\nTrAbUUcD7q18FnxoYuCB9HTcmd82tgve+DIVstYlaqcL9PkCifcloblFB/GNbToE\ndiHqRNbHvVZLMYGYsShkiyFVL61h5zkFgQCBv+kR5u3AWGGGtlhZ3dvU7+i0P7n4\ndKseQyyd9v/QcW4iW8b3f6izn4plQNcPbb4o0iAdhpnjYxCOwxc8TGZvHul/RYnl\nFGuiKUXSV/r/t/dEppsKM4moJ8n6qzsoZf6czR5NwQKBgQD+y6nJs9sNEuIBa2Jj\nEZIYhVXjVRO9XkusqN3aoKyU48X+Jg4/XDJMU6NRaMEdappo8Jgykrg0h2cNS4JD\nkrw3PwVohaR1SSwNclg7cVlH50HO6WTIrA1lAT7VXBPsxiUiKHr3nNph22chHDRw\n3qhhbluF4Nh0TXdLNwsrdcYyoQKBgQDiumS2EnCOT5uvEpW4MjFRVeLBsCt1tAuf\nVRcF2XngyfgLme0zLnQGh8ZqrHHpZmgZQBM3APnDtJ/UqzEIwg5suvrE1U2lScjv\nrpVpXr1ZiIV0Hc3wEGLcvgmZvWEtcjJfZYhNMdjbDlQo5jAPqkoJrkWV2oCubmyU\nkKma199DMwKBgAKZ16Dceib3A2GaVAXI3yHq8oaAjtQHC2S20JTzwO9AJ/xBLTIO\nYeEPlYI2PIptVSgvFI6nmsPGghHLrIe+DrfNp+N6QcSEu7NjcG0i6hNm0/Alx8aY\nowZd7eNFrlpjZ2ui2CaA7mXDVJks7YgdbcCY3MxQEEWXqNkWtcF60UwhAoGBAI6R\nWmbK7Y/vKxxJeW/bz/svIGle19Upo+1K2jFJcUQSfDD/V5JJcZfxpKjLSs3TIT5P\ndkWuDWAsohxekXTKYbupT6qZ3jtDTGC6zST29+Xm3NQJMcf05dWcgfj0hrjHCDnI\nZI71+0Czn+Qf6rTPBcNUnFkAjs4gjZJV7PB7Md7VAoGAZ/CBJI5NGWkGZjkLM4fq\nq8U2hFM9Y5IHsn9Y8vvst3+mCqcFhTS7TcYUY00qdiFXAJjiwhfGFOoc0q+AWlui\nUxB+b6FWRu73XhqkKxgBehE9i3QCrcitMufSkXKydLonfh7/PeUpB63LmMjtyLdM\nlGAIorVbtD1xAn2WaYuEb5Q\u003d\n-----END PRIVATE KEY-----\n  \n"
  },
  "resource": {
    "resourceUrl": "https://mtls.fapi.panva.cz/accounts",
    "institution_id": "xxxxx"
  },
  "browser": [
    {
      "match": "https://fapi.panva.cz/auth*",
      "tasks": [
        {
          "task": "Login",
          "optional": true,
          "match": "https://fapi.panva.cz/interaction*",
          "commands": [
            [
              "text",
              "name",
              "login",
              "foo",
              "optional"
            ],
            [
              "text",
              "name",
              "password",
              "bar",
              "optional"
            ],
            [
              "click",
              "class",
              "login-submit"
            ]
          ]
        },
        {
          "task": "Consent",
          "optional": true,
          "match": "https://fapi.panva.cz/interaction*",
          "commands": [
            [
              "click",
              "class",
              "login-submit"
            ]
          ]
        },
        {
          "task": "Verify Complete",
          "match": "https://*/test/a/*/callback*",
          "commands": [
            [
              "wait",
              "id",
              "submission_complete",
              10
            ]
          ]
        }
      ]
    }
  ]
}
testName
fapi1-advanced-final-ensure-client-id-in-token-endpoint
2021-06-11 14:36:22 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback
2021-06-11 14:36:22
GetDynamicServerConfiguration
HTTP request
request_uri
https://fapi.panva.cz/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-06-11 14:36:23 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-length": "1746",
  "content-security-policy": "default-src \u0027self\u0027;base-uri \u0027self\u0027;block-all-mixed-content;font-src \u0027self\u0027 https: data:;frame-ancestors \u0027self\u0027;img-src \u0027self\u0027 data:;object-src \u0027none\u0027;script-src \u0027self\u0027;script-src-attr \u0027none\u0027;style-src \u0027self\u0027 https: \u0027unsafe-inline\u0027;upgrade-insecure-requests",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Fri, 11 Jun 2021 14:36:22 GMT",
  "expect-ct": "max-age\u003d0",
  "referrer-policy": "no-referrer",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-permitted-cross-domain-policies": "none",
  "x-xss-protection": "0"
}
response_body
{"acr_values_supported":["urn:mace:incommon:iap:silver"],"authorization_endpoint":"https://fapi.panva.cz/auth","claims_parameter_supported":true,"claims_supported":["sub","acr","sid","auth_time","iss"],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"https://fapi.panva.cz/session/end","grant_types_supported":["implicit","authorization_code","refresh_token","urn:openid:params:grant-type:ciba"],"id_token_signing_alg_values_supported":["PS256"],"issuer":"https://fapi.panva.cz","jwks_uri":"https://fapi.panva.cz/jwks","registration_endpoint":"https://fapi.panva.cz/reg","response_modes_supported":["form_post","fragment","query","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["code id_token","code"],"scopes_supported":["openid","offline_access"],"subject_types_supported":["public"],"token_endpoint_auth_methods_supported":["private_key_jwt","self_signed_tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["PS256"],"token_endpoint":"https://mtls.fapi.panva.cz/token","pushed_authorization_request_endpoint":"https://mtls.fapi.panva.cz/request","request_object_signing_alg_values_supported":["PS256"],"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_signed_request_object":true,"userinfo_endpoint":"https://mtls.fapi.panva.cz/accounts","authorization_signing_alg_values_supported":["PS256"],"tls_client_certificate_bound_access_tokens":true,"backchannel_authentication_endpoint":"https://mtls.fapi.panva.cz/backchannel","backchannel_token_delivery_modes_supported":["poll","ping"],"backchannel_user_code_parameter_supported":true,"backchannel_authentication_request_signing_alg_values_supported":["PS256"],"claim_types_supported":["normal"]}
2021-06-11 14:36:23
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{"acr_values_supported":["urn:mace:incommon:iap:silver"],"authorization_endpoint":"https://fapi.panva.cz/auth","claims_parameter_supported":true,"claims_supported":["sub","acr","sid","auth_time","iss"],"code_challenge_methods_supported":["S256"],"end_session_endpoint":"https://fapi.panva.cz/session/end","grant_types_supported":["implicit","authorization_code","refresh_token","urn:openid:params:grant-type:ciba"],"id_token_signing_alg_values_supported":["PS256"],"issuer":"https://fapi.panva.cz","jwks_uri":"https://fapi.panva.cz/jwks","registration_endpoint":"https://fapi.panva.cz/reg","response_modes_supported":["form_post","fragment","query","jwt","query.jwt","fragment.jwt","form_post.jwt"],"response_types_supported":["code id_token","code"],"scopes_supported":["openid","offline_access"],"subject_types_supported":["public"],"token_endpoint_auth_methods_supported":["private_key_jwt","self_signed_tls_client_auth"],"token_endpoint_auth_signing_alg_values_supported":["PS256"],"token_endpoint":"https://mtls.fapi.panva.cz/token","pushed_authorization_request_endpoint":"https://mtls.fapi.panva.cz/request","request_object_signing_alg_values_supported":["PS256"],"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_signed_request_object":true,"userinfo_endpoint":"https://mtls.fapi.panva.cz/accounts","authorization_signing_alg_values_supported":["PS256"],"tls_client_certificate_bound_access_tokens":true,"backchannel_authentication_endpoint":"https://mtls.fapi.panva.cz/backchannel","backchannel_token_delivery_modes_supported":["poll","ping"],"backchannel_user_code_parameter_supported":true,"backchannel_authentication_request_signing_alg_values_supported":["PS256"],"claim_types_supported":["normal"]}
2021-06-11 14:36:23 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
acr_values_supported
[
  "urn:mace:incommon:iap:silver"
]
authorization_endpoint
https://fapi.panva.cz/auth
claims_parameter_supported
true
claims_supported
[
  "sub",
  "acr",
  "sid",
  "auth_time",
  "iss"
]
code_challenge_methods_supported
[
  "S256"
]
end_session_endpoint
https://fapi.panva.cz/session/end
grant_types_supported
[
  "implicit",
  "authorization_code",
  "refresh_token",
  "urn:openid:params:grant-type:ciba"
]
id_token_signing_alg_values_supported
[
  "PS256"
]
issuer
https://fapi.panva.cz
jwks_uri
https://fapi.panva.cz/jwks
registration_endpoint
https://fapi.panva.cz/reg
response_modes_supported
[
  "form_post",
  "fragment",
  "query",
  "jwt",
  "query.jwt",
  "fragment.jwt",
  "form_post.jwt"
]
response_types_supported
[
  "code id_token",
  "code"
]
scopes_supported
[
  "openid",
  "offline_access"
]
subject_types_supported
[
  "public"
]
token_endpoint_auth_methods_supported
[
  "private_key_jwt",
  "self_signed_tls_client_auth"
]
token_endpoint_auth_signing_alg_values_supported
[
  "PS256"
]
token_endpoint
https://mtls.fapi.panva.cz/token
pushed_authorization_request_endpoint
https://mtls.fapi.panva.cz/request
request_object_signing_alg_values_supported
[
  "PS256"
]
request_parameter_supported
true
request_uri_parameter_supported
false
require_signed_request_object
true
userinfo_endpoint
https://mtls.fapi.panva.cz/accounts
authorization_signing_alg_values_supported
[
  "PS256"
]
tls_client_certificate_bound_access_tokens
true
backchannel_authentication_endpoint
https://mtls.fapi.panva.cz/backchannel
backchannel_token_delivery_modes_supported
[
  "poll",
  "ping"
]
backchannel_user_code_parameter_supported
true
backchannel_authentication_request_signing_alg_values_supported
[
  "PS256"
]
claim_types_supported
[
  "normal"
]
2021-06-11 14:36:23 INFO
AddMTLSEndpointAliasesToEnvironment
The mtls_endpoint_aliases is not present in the server configuration
server
{
  "acr_values_supported": [
    "urn:mace:incommon:iap:silver"
  ],
  "authorization_endpoint": "https://fapi.panva.cz/auth",
  "claims_parameter_supported": true,
  "claims_supported": [
    "sub",
    "acr",
    "sid",
    "auth_time",
    "iss"
  ],
  "code_challenge_methods_supported": [
    "S256"
  ],
  "end_session_endpoint": "https://fapi.panva.cz/session/end",
  "grant_types_supported": [
    "implicit",
    "authorization_code",
    "refresh_token",
    "urn:openid:params:grant-type:ciba"
  ],
  "id_token_signing_alg_values_supported": [
    "PS256"
  ],
  "issuer": "https://fapi.panva.cz",
  "jwks_uri": "https://fapi.panva.cz/jwks",
  "registration_endpoint": "https://fapi.panva.cz/reg",
  "response_modes_supported": [
    "form_post",
    "fragment",
    "query",
    "jwt",
    "query.jwt",
    "fragment.jwt",
    "form_post.jwt"
  ],
  "response_types_supported": [
    "code id_token",
    "code"
  ],
  "scopes_supported": [
    "openid",
    "offline_access"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt",
    "self_signed_tls_client_auth"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256"
  ],
  "token_endpoint": "https://mtls.fapi.panva.cz/token",
  "pushed_authorization_request_endpoint": "https://mtls.fapi.panva.cz/request",
  "request_object_signing_alg_values_supported": [
    "PS256"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": false,
  "require_signed_request_object": true,
  "userinfo_endpoint": "https://mtls.fapi.panva.cz/accounts",
  "authorization_signing_alg_values_supported": [
    "PS256"
  ],
  "tls_client_certificate_bound_access_tokens": true,
  "backchannel_authentication_endpoint": "https://mtls.fapi.panva.cz/backchannel",
  "backchannel_token_delivery_modes_supported": [
    "poll",
    "ping"
  ],
  "backchannel_user_code_parameter_supported": true,
  "backchannel_authentication_request_signing_alg_values_supported": [
    "PS256"
  ],
  "claim_types_supported": [
    "normal"
  ]
}
2021-06-11 14:36:23 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-06-11 14:36:23 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
{
  "testHost": "fapi.panva.cz",
  "testPort": 443
}
authorization_endpoint
{
  "testHost": "fapi.panva.cz",
  "testPort": 443
}
token_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
2021-06-11 14:36:23
FetchServerKeys
Fetching server key
jwks_uri
https://fapi.panva.cz/jwks
2021-06-11 14:36:23
FetchServerKeys
HTTP request
request_uri
https://fapi.panva.cz/jwks
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-06-11 14:36:23 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-length": "462",
  "content-security-policy": "default-src \u0027self\u0027;base-uri \u0027self\u0027;block-all-mixed-content;font-src \u0027self\u0027 https: data:;frame-ancestors \u0027self\u0027;img-src \u0027self\u0027 data:;object-src \u0027none\u0027;script-src \u0027self\u0027;script-src-attr \u0027none\u0027;style-src \u0027self\u0027 https: \u0027unsafe-inline\u0027;upgrade-insecure-requests",
  "content-type": "application/jwk-set+json; charset\u003dutf-8",
  "date": "Fri, 11 Jun 2021 14:36:23 GMT",
  "expect-ct": "max-age\u003d0",
  "referrer-policy": "no-referrer",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-permitted-cross-domain-policies": "none",
  "x-xss-protection": "0"
}
response_body
{"keys":[{"kty":"RSA","use":"sig","kid":"EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M","alg":"PS256","e":"AQAB","n":"sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"}]}
2021-06-11 14:36:23
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kty":"RSA","use":"sig","kid":"EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M","alg":"PS256","e":"AQAB","n":"sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"}]}
2021-06-11 14:36:23 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-06-11 14:36:23 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-06-11 14:36:23 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-06-11 14:36:23 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2021-06-11 14:36:23 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-06-11 14:36:23 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-06-11 14:36:23 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
pkjwt-one
client_name
pkjwt-one
scope
openid offline_access
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw",
      "d": "dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ",
      "p": "5SLM2g4Uv3Q1-PGqwKPQ8h8Onp674FTxxYAHCh8mivgCGx7uIjVaOxCKvCimi8NCgtON0a1QdGY-BT3NsewJUvaniWyb5BZo-kpdkSzXCvQpWuWT_iSorgEgl4anJ59JZH_QW7wtjRnF8jWnw-_nkNv4HIIVd7fdKKCkpGi1Drk",
      "q": "xgyjgfZdlfpne27vdlxi5VGmNnBnLRAe_a7Wgo6JdmKPMPa1qugxVM5tUhoYjUuUpHxi8gDSxb0-N_kIqTu7zp2Ly9iB8wQIyyYmdxN7J_B5bSn5rfTcu_Uz-EuYVEGfj0hk5_aNQc0y02Di1L4QrnMNRGBo3jWCCRZrjqyHfqc",
      "dp": "tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk",
      "dq": "FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80",
      "qi": "nmJaonUO_d62824V6YmWuEX7imXdgHKRi-tY4IUDJbrm7lKEfcn_xazqilECh1xm7O8b4bj0th3JrRcs1Al0sWP1FwVHjzzmg5oqq26PvHjmtVIHn3cXGT6AmY8-eUPkYgPBc61Ej58Usazm1iuRIe-wNIBeL244kFTQK7zJfnE",
      "kty": "RSA",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
hint_type
login_hint
hint_value
panva
2021-06-11 14:36:23
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
2021-06-11 14:36:23 SUCCESS
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
2021-06-11 14:36:23
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
2021-06-11 14:36:23 SUCCESS
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR/q3+q9gs7uehc=
key
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAECggEBAKrgF6Hrd9+9yhWxgaM9gIDhQO73I4tY+IOThHAh5rVIawNof6vFZdcGr7aiftNFnSEgG2m7exgAg4or8zPCNJHfJgUgq4Eduo8JnwoAlsnVVy4HeOMNTGXFMFW3hPMQt/DxieF5xGFbO69DkECJ68LV5f3dQcw2BVVWAEON/qf9UhgEnx79OdiCYzyoHjxaHoXk9cVTUtXwmU0lphRFT14W2Py0KZ5vA8JEefoZl/qEo42iR0KB4eDj/LiduWAMKDLN/u0Dmq3WxLvw7LHnlqENTEY56Lw1sbMQlmvl0zCD68BeMz+Mvlm7VRSCxR+3uX6Nli3eb2EsYziZIlt00iUCgYEA4ZNvp0u6vXQAf7IGESuhu3u4cD6K8iJ6BT+O64yHJzc17e9lt+p89GasTtkgeEH/lr+XxScVBYndi/8vaqsA47bkIoWVvcXq7C4jkv0bPelpaI/KPGfoZC1etR102+dS1ZufxzwSo64drw+HPuwaIkXvmpK4MBI9jEYoOHh9KR8CgYEA3oRU/iCWvKOGHlR9BmcBysVGmkvBwj8XLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7yczWFLPXbUNVqC5OLI+wTL7+ikx040lL9IRRtgub47+9IvxxaGaIRzsFwa+15D7TCE7K8BydH0sCgYEAivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX/RloFfHGPEaB8q7l5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdslFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm+wTEILcaqT6uLf7HK8CgYBOlloWLphOI0q454oIetTNMoNO9zaFThb3ZWw0cOCLblX853xl1oc9rpeeCzgJnnpOx5Gs5XGNAEMMpqDAur4aA1Zon6KsZC8MhIWPZjzNYByee0wsvMq9MC9h1MLrivWCdEEPlGYIN62q75F2F9BFp/jOgSoyZGXP51QRHWn4pQKBgCEy7GsS3sAj3GiTmCkVvR3gKSlSKmJULmI+8EoT6tzYhMvyqoCHPtll2DHzBeqA6Il2DKz+gFbKln2+LrPUrb2rgK9e8qdZH9X36Ws8u9YA/VasGQRUFIAcFcNWoBBX79nBQ/89zrPubaN2Rh9BKuUEGLKAzDf1JIzseUr8jdvw
2021-06-11 14:36:23 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2021-06-11 14:36:23 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw",
      "d": "dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ",
      "p": "5SLM2g4Uv3Q1-PGqwKPQ8h8Onp674FTxxYAHCh8mivgCGx7uIjVaOxCKvCimi8NCgtON0a1QdGY-BT3NsewJUvaniWyb5BZo-kpdkSzXCvQpWuWT_iSorgEgl4anJ59JZH_QW7wtjRnF8jWnw-_nkNv4HIIVd7fdKKCkpGi1Drk",
      "q": "xgyjgfZdlfpne27vdlxi5VGmNnBnLRAe_a7Wgo6JdmKPMPa1qugxVM5tUhoYjUuUpHxi8gDSxb0-N_kIqTu7zp2Ly9iB8wQIyyYmdxN7J_B5bSn5rfTcu_Uz-EuYVEGfj0hk5_aNQc0y02Di1L4QrnMNRGBo3jWCCRZrjqyHfqc",
      "dp": "tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk",
      "dq": "FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80",
      "qi": "nmJaonUO_d62824V6YmWuEX7imXdgHKRi-tY4IUDJbrm7lKEfcn_xazqilECh1xm7O8b4bj0th3JrRcs1Al0sWP1FwVHjzzmg5oqq26PvHjmtVIHn3cXGT6AmY8-eUPkYgPBc61Ej58Usazm1iuRIe-wNIBeL244kFTQK7zJfnE",
      "kty": "RSA",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"
    }
  ]
}
2021-06-11 14:36:23 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2021-06-11 14:36:23 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-06-11 14:36:23 SUCCESS
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
permitted
[
  "PS256",
  "ES256"
]
2021-06-11 14:36:23 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw",
      "d": "dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ",
      "p": "5SLM2g4Uv3Q1-PGqwKPQ8h8Onp674FTxxYAHCh8mivgCGx7uIjVaOxCKvCimi8NCgtON0a1QdGY-BT3NsewJUvaniWyb5BZo-kpdkSzXCvQpWuWT_iSorgEgl4anJ59JZH_QW7wtjRnF8jWnw-_nkNv4HIIVd7fdKKCkpGi1Drk",
      "q": "xgyjgfZdlfpne27vdlxi5VGmNnBnLRAe_a7Wgo6JdmKPMPa1qugxVM5tUhoYjUuUpHxi8gDSxb0-N_kIqTu7zp2Ly9iB8wQIyyYmdxN7J_B5bSn5rfTcu_Uz-EuYVEGfj0hk5_aNQc0y02Di1L4QrnMNRGBo3jWCCRZrjqyHfqc",
      "dp": "tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk",
      "dq": "FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80",
      "qi": "nmJaonUO_d62824V6YmWuEX7imXdgHKRi-tY4IUDJbrm7lKEfcn_xazqilECh1xm7O8b4bj0th3JrRcs1Al0sWP1FwVHjzzmg5oqq26PvHjmtVIHn3cXGT6AmY8-eUPkYgPBc61Ej58Usazm1iuRIe-wNIBeL244kFTQK7zJfnE",
      "kty": "RSA",
      "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
2021-06-11 14:36:23 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
Verify configuration of second client
2021-06-11 14:36:23 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
pkjwt-two
client_name
pkjwt-two
scope
openid offline_access
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "5xcUf9SqYSEQHDyQft6iabfz5WvuZyjFLTj9x_R8ARdBDyVE42vkWnf6jOZoeMZ_WjtYGLF0nwnuEVBoCVxP4Nu1UUQq8OTigmk2f4IyPT-79pvW9b7EGQDdTsBIrrb2AKktwDJe16uK64kDNO0Ay3U_nShIPgMVbmGd_K6__OwwhhrLwKv_OSbvU8ZlPI24jy1Yxfq175F_1ZQBRjm0jAMf6PBt8cgxQclgbpP-7OBUQHBzpfudD1U9W6V8hqKKjDldlI9Zg6xBa8MpC6JuQdgwkcugWdwyG69p2kq_pyl735C8yj9Bif7Vok1d4E81cSh8Jy1wGNfAmlz8ncJSRw",
      "d": "ttJDnX4Z7Q3DORORHU31H74wbmidC2_tzoEwBWkeUZ6cEediQKmy1v_kcGQ4cpRXXINmhuKdaNTqSzhZlk45w6MOJ2TOtBXgPVwPiYDvThWGFuvjfDeX3FAaxZrJ5a9Jn-w4Db3L2sQT-5NBvjViU5RG54Ze4PB_m_wOiUGXEfgonv64APPBkodIz_26lJ-r4447tcdMkDw4p6xTP-y33sPB4ZOhQ5ezE4FzQlpq0K98ysKLwo8wvhQ8stxqL46avBnflgDhTsb-1I54aU3ROjThU5tkeAkudzg4lFKdd4WmVneVMD-FJ2wrkjwztqHSBCP8G9IAXBdXRxRzdJIOAQ",
      "p": "_WOUrDYt1uay8XtnaNgutctzdI6XJaf5XrGv6wE_ZoVbqEKWTnBbVfqbwkWf58CeH32tt3hUjBFicG-XAlYI8TW5Lf6H78Fmt2y3fdowLzzWLwNDoLWo1_rOGxneL-vYM1MekZyUN-uDARdEeOL9yRPFKOZm7eWSUc_Sdlu9yuc",
      "q": "6XitRdF0tFu7O7S1rQZZjqhrza53f-Ox1vCYY_Hy4Tm_1fMc7GV0VCHoQwO3ZJPlPEE0JahnfpQkhHGj67GGO40lZYEXdBwNxtktp1zdmEokbsWmacz57SVPg4pzgS9kketf-wdUbT5VgBmNWS9MPt7rKiyFbmuPcHU99fWEsaE",
      "dp": "e_5s1FC24cCGtFCU6-NOCDwExXa5U_38s2_0C-XSZpK_pXjgIIYuy8YUzl5Pv5KsTfCsP2msxdYD-80_ci8ztQV7FpzFXHehkgSrTfSlO5hjnyHTyCLc-sOKdAyWg5C_fW4hOVQL28ltk-0U3qsFUY5RHpCQsb1zeoFeFfkSyOU",
      "dq": "2tyhsh2UBa8oaeQRm02kjrMbvAidRWoxwIhykt6xDKmSSAJLTuAcmPHgRVIqjUKHVmDZfaPMwUAmq3HMdJpKd3DtaaYGUnYqBAp7XbUUljqKxLzML8pTUBf13h3gAW5oHNJFe5F3d6FDjX5mnwBTvWxDj5mEy-pQ4N9HYlbyOYE",
      "qi": "rbxxLBMPxBVpoyNfpjYtXEuem0HHvemHiGklhCbJO_N3vRu8lEarlZ_IPLrRmq7he0cNHcd4j_yhge1-0RR0LzJ4l_Wg-B1Jc0fKJrSItp8pmjmaVHbp_ToYqVlJh_AfU5tru86zSCvVycV79BvkvLl6IusDAuRK8eD1h7dU59g",
      "kty": "RSA",
      "kid": "NriyGITqpt6QdRBXz6k_qjup6vO_81Namq05CX4hij0",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
acr_value
urn:mace:incommon:iap:silver
2021-06-11 14:36:23
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
2021-06-11 14:36:23 SUCCESS
ValidateMTLSCertificates2Header
MTLS certificates header is valid
2021-06-11 14:36:23
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
2021-06-11 14:36:23 SUCCESS
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIC4DCCAcgCCQDO8JBSH914NDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wHhcNMTkwNjE4MTIzMjAxWhcNMjAwNjE3MTIzMjAxWjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHN0d28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALsB6MGWke5vS1TB3Z+NJkC29bEIb3XGC9WaxRovH0jqaaua2AfAF7VZzUyWS/+r6hvWOtqUVy7YF1ThnEJXuXJG9ra2B2+F5RYNCtrVj6Bi+zDTSJ4IvQfrF0XBKwwOdRu7VJpAxvweA/3woKl6Cjfy20ZupPH9mxr1R78BMKgEtdFsiLwbB7MOdDbTLsrUcEcupXv+gZek22upQKrAk/XFP067KIqKmCEhDidxhP251SloUaruv9cHEx0aDKol9eR465FAiBLvg2N7qJHCKlWdn99SgN4Y3kINsuFR7Tj4QIJZNubOjV0YeOgnAWzRJlZD89KZAQgjj4Z215QeLxA=
key
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDhqVAaMsvnCETzDtKwfKxZC1jwIOhIyUp8xp+2oN+pJwtqP0UpkLlTV7MD94HZSL3n3f9hsG6appRQGGAJ2ThOw1N9zlAr7Sk9YH6Gtu3bYSDvS6waKjVoxGrrmLfyuoEbv3PDqMWuOjE3MT/G1nwUBgIEKYAr8hizY8dUE0Z2qWvKFZJj6etjCXEppjXuwlSusHWw/tj/ePMMxMAJMPPhzJeh6AL7iUKBisJysPuaWrS9ntdPxv9PS40sv6cZT4woxmE6tpTCkAxabXqA25SgJOyKOjnvg+BPNlrucLqHw3ErWrxYTL99cHqhexO6K4FaspW3+1kuWd3fY4Cm+zkTAgMBAAECggEASlRt2SNQPJphs7n3NkDquC3frsD4IjmDepQmOY7F/T6qKOYMTwOnt8cUZUMal0q5mu1p2HC4DeK+yZ8tyzCstmzqTG8vwzhMNDZblt4cfP2CTrAbUUcD7q18FnxoYuCB9HTcmd82tgve+DIVstYlaqcL9PkCifcloblFB/GNbToEdiHqRNbHvVZLMYGYsShkiyFVL61h5zkFgQCBv+kR5u3AWGGGtlhZ3dvU7+i0P7n4dKseQyyd9v/QcW4iW8b3f6izn4plQNcPbb4o0iAdhpnjYxCOwxc8TGZvHul/RYnlFGuiKUXSV/r/t/dEppsKM4moJ8n6qzsoZf6czR5NwQKBgQD+y6nJs9sNEuIBa2JjEZIYhVXjVRO9XkusqN3aoKyU48X+Jg4/XDJMU6NRaMEdappo8Jgykrg0h2cNS4JDkrw3PwVohaR1SSwNclg7cVlH50HO6WTIrA1lAT7VXBPsxiUiKHr3nNph22chHDRw3qhhbluF4Nh0TXdLNwsrdcYyoQKBgQDiumS2EnCOT5uvEpW4MjFRVeLBsCt1tAufVRcF2XngyfgLme0zLnQGh8ZqrHHpZmgZQBM3APnDtJ/UqzEIwg5suvrE1U2lScjvrpVpXr1ZiIV0Hc3wEGLcvgmZvWEtcjJfZYhNMdjbDlQo5jAPqkoJrkWV2oCubmyUkKma199DMwKBgAKZ16Dceib3A2GaVAXI3yHq8oaAjtQHC2S20JTzwO9AJ/xBLTIOYeEPlYI2PIptVSgvFI6nmsPGghHLrIe+DrfNp+N6QcSEu7NjcG0i6hNm0/Alx8aYowZd7eNFrlpjZ2ui2CaA7mXDVJks7YgdbcCY3MxQEEWXqNkWtcF60UwhAoGBAI6RWmbK7Y/vKxxJeW/bz/svIGle19Upo+1K2jFJcUQSfDD/V5JJcZfxpKjLSs3TIT5PdkWuDWAsohxekXTKYbupT6qZ3jtDTGC6zST29+Xm3NQJMcf05dWcgfj0hrjHCDnIZI71+0Czn+Qf6rTPBcNUnFkAjs4gjZJV7PB7Md7VAoGAZ/CBJI5NGWkGZjkLM4fqq8U2hFM9Y5IHsn9Y8vvst3+mCqcFhTS7TcYUY00qdiFXAJjiwhfGFOoc0q+AWluiUxB+b6FWRu73XhqkKxgBehE9i3QCrcitMufSkXKydLonfh7/PeUpB63LmMjtyLdMlGAIorVbtD1xAn2WaYuEb5Q=
2021-06-11 14:36:23 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2021-06-11 14:36:23 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "5xcUf9SqYSEQHDyQft6iabfz5WvuZyjFLTj9x_R8ARdBDyVE42vkWnf6jOZoeMZ_WjtYGLF0nwnuEVBoCVxP4Nu1UUQq8OTigmk2f4IyPT-79pvW9b7EGQDdTsBIrrb2AKktwDJe16uK64kDNO0Ay3U_nShIPgMVbmGd_K6__OwwhhrLwKv_OSbvU8ZlPI24jy1Yxfq175F_1ZQBRjm0jAMf6PBt8cgxQclgbpP-7OBUQHBzpfudD1U9W6V8hqKKjDldlI9Zg6xBa8MpC6JuQdgwkcugWdwyG69p2kq_pyl735C8yj9Bif7Vok1d4E81cSh8Jy1wGNfAmlz8ncJSRw",
      "d": "ttJDnX4Z7Q3DORORHU31H74wbmidC2_tzoEwBWkeUZ6cEediQKmy1v_kcGQ4cpRXXINmhuKdaNTqSzhZlk45w6MOJ2TOtBXgPVwPiYDvThWGFuvjfDeX3FAaxZrJ5a9Jn-w4Db3L2sQT-5NBvjViU5RG54Ze4PB_m_wOiUGXEfgonv64APPBkodIz_26lJ-r4447tcdMkDw4p6xTP-y33sPB4ZOhQ5ezE4FzQlpq0K98ysKLwo8wvhQ8stxqL46avBnflgDhTsb-1I54aU3ROjThU5tkeAkudzg4lFKdd4WmVneVMD-FJ2wrkjwztqHSBCP8G9IAXBdXRxRzdJIOAQ",
      "p": "_WOUrDYt1uay8XtnaNgutctzdI6XJaf5XrGv6wE_ZoVbqEKWTnBbVfqbwkWf58CeH32tt3hUjBFicG-XAlYI8TW5Lf6H78Fmt2y3fdowLzzWLwNDoLWo1_rOGxneL-vYM1MekZyUN-uDARdEeOL9yRPFKOZm7eWSUc_Sdlu9yuc",
      "q": "6XitRdF0tFu7O7S1rQZZjqhrza53f-Ox1vCYY_Hy4Tm_1fMc7GV0VCHoQwO3ZJPlPEE0JahnfpQkhHGj67GGO40lZYEXdBwNxtktp1zdmEokbsWmacz57SVPg4pzgS9kketf-wdUbT5VgBmNWS9MPt7rKiyFbmuPcHU99fWEsaE",
      "dp": "e_5s1FC24cCGtFCU6-NOCDwExXa5U_38s2_0C-XSZpK_pXjgIIYuy8YUzl5Pv5KsTfCsP2msxdYD-80_ci8ztQV7FpzFXHehkgSrTfSlO5hjnyHTyCLc-sOKdAyWg5C_fW4hOVQL28ltk-0U3qsFUY5RHpCQsb1zeoFeFfkSyOU",
      "dq": "2tyhsh2UBa8oaeQRm02kjrMbvAidRWoxwIhykt6xDKmSSAJLTuAcmPHgRVIqjUKHVmDZfaPMwUAmq3HMdJpKd3DtaaYGUnYqBAp7XbUUljqKxLzML8pTUBf13h3gAW5oHNJFe5F3d6FDjX5mnwBTvWxDj5mEy-pQ4N9HYlbyOYE",
      "qi": "rbxxLBMPxBVpoyNfpjYtXEuem0HHvemHiGklhCbJO_N3vRu8lEarlZ_IPLrRmq7he0cNHcd4j_yhge1-0RR0LzJ4l_Wg-B1Jc0fKJrSItp8pmjmaVHbp_ToYqVlJh_AfU5tru86zSCvVycV79BvkvLl6IusDAuRK8eD1h7dU59g",
      "kty": "RSA",
      "kid": "NriyGITqpt6QdRBXz6k_qjup6vO_81Namq05CX4hij0",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "NriyGITqpt6QdRBXz6k_qjup6vO_81Namq05CX4hij0",
      "alg": "PS256",
      "n": "5xcUf9SqYSEQHDyQft6iabfz5WvuZyjFLTj9x_R8ARdBDyVE42vkWnf6jOZoeMZ_WjtYGLF0nwnuEVBoCVxP4Nu1UUQq8OTigmk2f4IyPT-79pvW9b7EGQDdTsBIrrb2AKktwDJe16uK64kDNO0Ay3U_nShIPgMVbmGd_K6__OwwhhrLwKv_OSbvU8ZlPI24jy1Yxfq175F_1ZQBRjm0jAMf6PBt8cgxQclgbpP-7OBUQHBzpfudD1U9W6V8hqKKjDldlI9Zg6xBa8MpC6JuQdgwkcugWdwyG69p2kq_pyl735C8yj9Bif7Vok1d4E81cSh8Jy1wGNfAmlz8ncJSRw"
    }
  ]
}
2021-06-11 14:36:23 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2021-06-11 14:36:23 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-06-11 14:36:23 SUCCESS
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
permitted
[
  "PS256",
  "ES256"
]
2021-06-11 14:36:23 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "5xcUf9SqYSEQHDyQft6iabfz5WvuZyjFLTj9x_R8ARdBDyVE42vkWnf6jOZoeMZ_WjtYGLF0nwnuEVBoCVxP4Nu1UUQq8OTigmk2f4IyPT-79pvW9b7EGQDdTsBIrrb2AKktwDJe16uK64kDNO0Ay3U_nShIPgMVbmGd_K6__OwwhhrLwKv_OSbvU8ZlPI24jy1Yxfq175F_1ZQBRjm0jAMf6PBt8cgxQclgbpP-7OBUQHBzpfudD1U9W6V8hqKKjDldlI9Zg6xBa8MpC6JuQdgwkcugWdwyG69p2kq_pyl735C8yj9Bif7Vok1d4E81cSh8Jy1wGNfAmlz8ncJSRw",
      "d": "ttJDnX4Z7Q3DORORHU31H74wbmidC2_tzoEwBWkeUZ6cEediQKmy1v_kcGQ4cpRXXINmhuKdaNTqSzhZlk45w6MOJ2TOtBXgPVwPiYDvThWGFuvjfDeX3FAaxZrJ5a9Jn-w4Db3L2sQT-5NBvjViU5RG54Ze4PB_m_wOiUGXEfgonv64APPBkodIz_26lJ-r4447tcdMkDw4p6xTP-y33sPB4ZOhQ5ezE4FzQlpq0K98ysKLwo8wvhQ8stxqL46avBnflgDhTsb-1I54aU3ROjThU5tkeAkudzg4lFKdd4WmVneVMD-FJ2wrkjwztqHSBCP8G9IAXBdXRxRzdJIOAQ",
      "p": "_WOUrDYt1uay8XtnaNgutctzdI6XJaf5XrGv6wE_ZoVbqEKWTnBbVfqbwkWf58CeH32tt3hUjBFicG-XAlYI8TW5Lf6H78Fmt2y3fdowLzzWLwNDoLWo1_rOGxneL-vYM1MekZyUN-uDARdEeOL9yRPFKOZm7eWSUc_Sdlu9yuc",
      "q": "6XitRdF0tFu7O7S1rQZZjqhrza53f-Ox1vCYY_Hy4Tm_1fMc7GV0VCHoQwO3ZJPlPEE0JahnfpQkhHGj67GGO40lZYEXdBwNxtktp1zdmEokbsWmacz57SVPg4pzgS9kketf-wdUbT5VgBmNWS9MPt7rKiyFbmuPcHU99fWEsaE",
      "dp": "e_5s1FC24cCGtFCU6-NOCDwExXa5U_38s2_0C-XSZpK_pXjgIIYuy8YUzl5Pv5KsTfCsP2msxdYD-80_ci8ztQV7FpzFXHehkgSrTfSlO5hjnyHTyCLc-sOKdAyWg5C_fW4hOVQL28ltk-0U3qsFUY5RHpCQsb1zeoFeFfkSyOU",
      "dq": "2tyhsh2UBa8oaeQRm02kjrMbvAidRWoxwIhykt6xDKmSSAJLTuAcmPHgRVIqjUKHVmDZfaPMwUAmq3HMdJpKd3DtaaYGUnYqBAp7XbUUljqKxLzML8pTUBf13h3gAW5oHNJFe5F3d6FDjX5mnwBTvWxDj5mEy-pQ4N9HYlbyOYE",
      "qi": "rbxxLBMPxBVpoyNfpjYtXEuem0HHvemHiGklhCbJO_N3vRu8lEarlZ_IPLrRmq7he0cNHcd4j_yhge1-0RR0LzJ4l_Wg-B1Jc0fKJrSItp8pmjmaVHbp_ToYqVlJh_AfU5tru86zSCvVycV79BvkvLl6IusDAuRK8eD1h7dU59g",
      "kty": "RSA",
      "kid": "NriyGITqpt6QdRBXz6k_qjup6vO_81Namq05CX4hij0",
      "alg": "PS256",
      "use": "sig"
    }
  ]
}
2021-06-11 14:36:23 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
2021-06-11 14:36:23 SUCCESS
GetResourceEndpointConfiguration
Found a resource endpoint object
resourceUrl
https://mtls.fapi.panva.cz/accounts
institution_id
xxxxx
2021-06-11 14:36:23 SUCCESS
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
protected_resource_url
https://mtls.fapi.panva.cz/accounts
2021-06-11 14:36:23 SUCCESS
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
resource_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
2021-06-11 14:36:23 SUCCESS
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
accounts_resource_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
accounts_request_endpoint
{
  "testHost": "mtls.fapi.panva.cz",
  "testPort": 443
}
2021-06-11 14:36:23
fapi1-advanced-final-ensure-client-id-in-token-endpoint
Setup Done
Make request to authorization endpoint
2021-06-11 14:36:23 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
pkjwt-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback
scope
openid offline_access
2021-06-11 14:36:23 SUCCESS
AddAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
authorization_endpoint_request
{
  "client_id": "pkjwt-one",
  "redirect_uri": "https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback",
  "scope": "openid offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}
2021-06-11 14:36:23
CreateRandomStateValue
Created state value
requested_state_length
10
state
LGpUkQfv0m
2021-06-11 14:36:23 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
pkjwt-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
LGpUkQfv0m
2021-06-11 14:36:23
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
6lQXfLAjXr
2021-06-11 14:36:23 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
pkjwt-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
LGpUkQfv0m
nonce
6lQXfLAjXr
2021-06-11 14:36:23 SUCCESS
SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken
Added response_type parameter to request
client_id
pkjwt-one
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback
scope
openid offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
LGpUkQfv0m
nonce
6lQXfLAjXr
response_type
code id_token
2021-06-11 14:36:23 SUCCESS
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
request_object_claims
{
  "client_id": "pkjwt-one",
  "redirect_uri": "https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback",
  "scope": "openid offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "LGpUkQfv0m",
  "nonce": "6lQXfLAjXr",
  "response_type": "code id_token"
}
2021-06-11 14:36:23 SUCCESS
AddNbfToRequestObject
Added nbf to request object claims
nbf
1.623422183E9
2021-06-11 14:36:23 SUCCESS
AddExpToRequestObject
Added exp to request object claims
exp
1.623422483E9
2021-06-11 14:36:23 SUCCESS
AddAudToRequestObject
Added aud to request object claims
aud
https://fapi.panva.cz
2021-06-11 14:36:23 SUCCESS
AddIssToRequestObject
Added iss to request object claims
iss
pkjwt-one
2021-06-11 14:36:23 SUCCESS
AddClientIdToRequestObject
Added client_id to request object claims
client_id
pkjwt-one
2021-06-11 14:36:23 SUCCESS
SignRequestObject
Signed the request object
claims
{"aud":"https:\/\/fapi.panva.cz","nbf":1623422183,"scope":"openid offline_access","claims":{"id_token":{"acr":{"value":"urn:mace:incommon:iap:silver","essential":true}}},"iss":"pkjwt-one","response_type":"code id_token","redirect_uri":"https:\/\/www.certification.openid.net\/test\/a\/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response\/callback","state":"LGpUkQfv0m","exp":1623422483,"nonce":"6lQXfLAjXr","client_id":"pkjwt-one"}
header
{"kid":"EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M","alg":"PS256"}
request_object
eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvZmFwaS5wYW52YS5jeiIsIm5iZiI6MTYyMzQyMjE4Mywic2NvcGUiOiJvcGVuaWQgb2ZmbGluZV9hY2Nlc3MiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImVzc2VudGlhbCI6dHJ1ZX19fSwiaXNzIjoicGtqd3Qtb25lIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb2lkYy1wcm92aWRlci1ieV92YWx1ZS1wcml2YXRlX2tleV9qd3QtcGxhaW5fZmFwaS1wbGFpbl9yZXNwb25zZVwvY2FsbGJhY2siLCJzdGF0ZSI6IkxHcFVrUWZ2MG0iLCJleHAiOjE2MjM0MjI0ODMsIm5vbmNlIjoiNmxRWGZMQWpYciIsImNsaWVudF9pZCI6InBrand0LW9uZSJ9.cOnBuH5gnPv5sUsFUjMYOCd2ePL1iAvmTY1CtbIR5vLNTFpgt7mkHvbXtWgzDy1Ht-NSYRMyGSJgkjZLU7ck5FNp51gdarqRE4DQz-v_OD59NKmEYNCDxHE0XKAmpiwY3DoQYeJpQNcu4G64V7DgZkkGQf0ktMfo34IogsL9MQDWiSlVbYPdE9aVlq8fOMDaQ_4B4OxtYqOhgu8hMi-3Q1frZZBF2n1wl9ept9sCcSGKg2RrgtC4F-SbtO8B34NAs_1v2aY6xhbzPjL0T_MclI9uouqFZveZj0iyh77MYpIszcUWNjOBeD8Mw7svw2UnYVfKf6AyPz3MAulAO-F73Q
key
{"p":"5SLM2g4Uv3Q1-PGqwKPQ8h8Onp674FTxxYAHCh8mivgCGx7uIjVaOxCKvCimi8NCgtON0a1QdGY-BT3NsewJUvaniWyb5BZo-kpdkSzXCvQpWuWT_iSorgEgl4anJ59JZH_QW7wtjRnF8jWnw-_nkNv4HIIVd7fdKKCkpGi1Drk","kty":"RSA","q":"xgyjgfZdlfpne27vdlxi5VGmNnBnLRAe_a7Wgo6JdmKPMPa1qugxVM5tUhoYjUuUpHxi8gDSxb0-N_kIqTu7zp2Ly9iB8wQIyyYmdxN7J_B5bSn5rfTcu_Uz-EuYVEGfj0hk5_aNQc0y02Di1L4QrnMNRGBo3jWCCRZrjqyHfqc","d":"dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ","e":"AQAB","use":"sig","kid":"EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M","qi":"nmJaonUO_d62824V6YmWuEX7imXdgHKRi-tY4IUDJbrm7lKEfcn_xazqilECh1xm7O8b4bj0th3JrRcs1Al0sWP1FwVHjzzmg5oqq26PvHjmtVIHn3cXGT6AmY8-eUPkYgPBc61Ej58Usazm1iuRIe-wNIBeL244kFTQK7zJfnE","dp":"tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk","alg":"PS256","dq":"FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80","n":"sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw"}
2021-06-11 14:36:23 SUCCESS
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://fapi.panva.cz/auth?request=eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvZmFwaS5wYW52YS5jeiIsIm5iZiI6MTYyMzQyMjE4Mywic2NvcGUiOiJvcGVuaWQgb2ZmbGluZV9hY2Nlc3MiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImVzc2VudGlhbCI6dHJ1ZX19fSwiaXNzIjoicGtqd3Qtb25lIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb2lkYy1wcm92aWRlci1ieV92YWx1ZS1wcml2YXRlX2tleV9qd3QtcGxhaW5fZmFwaS1wbGFpbl9yZXNwb25zZVwvY2FsbGJhY2siLCJzdGF0ZSI6IkxHcFVrUWZ2MG0iLCJleHAiOjE2MjM0MjI0ODMsIm5vbmNlIjoiNmxRWGZMQWpYciIsImNsaWVudF9pZCI6InBrand0LW9uZSJ9.cOnBuH5gnPv5sUsFUjMYOCd2ePL1iAvmTY1CtbIR5vLNTFpgt7mkHvbXtWgzDy1Ht-NSYRMyGSJgkjZLU7ck5FNp51gdarqRE4DQz-v_OD59NKmEYNCDxHE0XKAmpiwY3DoQYeJpQNcu4G64V7DgZkkGQf0ktMfo34IogsL9MQDWiSlVbYPdE9aVlq8fOMDaQ_4B4OxtYqOhgu8hMi-3Q1frZZBF2n1wl9ept9sCcSGKg2RrgtC4F-SbtO8B34NAs_1v2aY6xhbzPjL0T_MclI9uouqFZveZj0iyh77MYpIszcUWNjOBeD8Mw7svw2UnYVfKf6AyPz3MAulAO-F73Q&client_id=pkjwt-one&redirect_uri=https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback&scope=openid%20offline_access&response_type=code%20id_token
2021-06-11 14:36:23 REDIRECT
fapi1-advanced-final-ensure-client-id-in-token-endpoint
Redirecting to authorization endpoint
redirect_to
https://fapi.panva.cz/auth?request=eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvZmFwaS5wYW52YS5jeiIsIm5iZiI6MTYyMzQyMjE4Mywic2NvcGUiOiJvcGVuaWQgb2ZmbGluZV9hY2Nlc3MiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImVzc2VudGlhbCI6dHJ1ZX19fSwiaXNzIjoicGtqd3Qtb25lIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb2lkYy1wcm92aWRlci1ieV92YWx1ZS1wcml2YXRlX2tleV9qd3QtcGxhaW5fZmFwaS1wbGFpbl9yZXNwb25zZVwvY2FsbGJhY2siLCJzdGF0ZSI6IkxHcFVrUWZ2MG0iLCJleHAiOjE2MjM0MjI0ODMsIm5vbmNlIjoiNmxRWGZMQWpYciIsImNsaWVudF9pZCI6InBrand0LW9uZSJ9.cOnBuH5gnPv5sUsFUjMYOCd2ePL1iAvmTY1CtbIR5vLNTFpgt7mkHvbXtWgzDy1Ht-NSYRMyGSJgkjZLU7ck5FNp51gdarqRE4DQz-v_OD59NKmEYNCDxHE0XKAmpiwY3DoQYeJpQNcu4G64V7DgZkkGQf0ktMfo34IogsL9MQDWiSlVbYPdE9aVlq8fOMDaQ_4B4OxtYqOhgu8hMi-3Q1frZZBF2n1wl9ept9sCcSGKg2RrgtC4F-SbtO8B34NAs_1v2aY6xhbzPjL0T_MclI9uouqFZveZj0iyh77MYpIszcUWNjOBeD8Mw7svw2UnYVfKf6AyPz3MAulAO-F73Q&client_id=pkjwt-one&redirect_uri=https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback&scope=openid%20offline_access&response_type=code%20id_token
2021-06-11 14:36:24
WebRunner
Scripted browser HTTP request
browser
goToUrl
request_method
GET
request_uri
https://fapi.panva.cz/auth?request=eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvZmFwaS5wYW52YS5jeiIsIm5iZiI6MTYyMzQyMjE4Mywic2NvcGUiOiJvcGVuaWQgb2ZmbGluZV9hY2Nlc3MiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImVzc2VudGlhbCI6dHJ1ZX19fSwiaXNzIjoicGtqd3Qtb25lIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb2lkYy1wcm92aWRlci1ieV92YWx1ZS1wcml2YXRlX2tleV9qd3QtcGxhaW5fZmFwaS1wbGFpbl9yZXNwb25zZVwvY2FsbGJhY2siLCJzdGF0ZSI6IkxHcFVrUWZ2MG0iLCJleHAiOjE2MjM0MjI0ODMsIm5vbmNlIjoiNmxRWGZMQWpYciIsImNsaWVudF9pZCI6InBrand0LW9uZSJ9.cOnBuH5gnPv5sUsFUjMYOCd2ePL1iAvmTY1CtbIR5vLNTFpgt7mkHvbXtWgzDy1Ht-NSYRMyGSJgkjZLU7ck5FNp51gdarqRE4DQz-v_OD59NKmEYNCDxHE0XKAmpiwY3DoQYeJpQNcu4G64V7DgZkkGQf0ktMfo34IogsL9MQDWiSlVbYPdE9aVlq8fOMDaQ_4B4OxtYqOhgu8hMi-3Q1frZZBF2n1wl9ept9sCcSGKg2RrgtC4F-SbtO8B34NAs_1v2aY6xhbzPjL0T_MclI9uouqFZveZj0iyh77MYpIszcUWNjOBeD8Mw7svw2UnYVfKf6AyPz3MAulAO-F73Q&client_id=pkjwt-one&redirect_uri=https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback&scope=openid%20offline_access&response_type=code%20id_token
2021-06-11 14:36:24 RESPONSE
WebRunner
Scripted browser HTTP response
response_content
<!DOCTYPE html>
<html >
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <title>Sign-in</title>
    <style>
      @import url(https://fonts.googleapis.com/css?family=Roboto:400,100);

      body {
        font-family: 'Roboto', sans-serif;
        margin-top: 25px;
        margin-bottom: 25px;
      }

      .login-card {
        padding: 40px;
        padding-top: 0px;
        padding-bottom: 10px;
        width: 274px;
        background-color: #F7F7F7;
        margin: 0 auto 10px;
        border-radius: 2px;
        box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
        overflow: hidden;
      }

      .login-card + .login-card {
        padding-top: 10px;
      }

      .login-card h1 {
        font-weight: 100;
        text-align: center;
        font-size: 2.3em;
      }

      .login-card [type=submit] {
        width: 100%;
        display: block;
        margin-bottom: 10px;
        position: relative;
      }

      .login-card input[type=text], input[type=email], input[type=password] {
        height: 44px;
        font-size: 16px;
        width: 100%;
        margin-bottom: 10px;
        -webkit-appearance: none;
        background: #fff;
        border: 1px solid #d9d9d9;
        border-top: 1px solid #c0c0c0;
        padding: 0 8px;
        box-sizing: border-box;
        -moz-box-sizing: border-box;
      }

      .login {
        text-align: center;
        font-size: 14px;
        font-family: 'Arial', sans-serif;
        font-weight: 700;
        height: 36px;
        padding: 0 8px;
      }

      .login-submit {
        border: 0px;
        color: #fff;
        text-shadow: 0 1px rgba(0,0,0,0.1);
        background-color: #4d90fe;
      }

      .login-card a {
        text-decoration: none;
        color: #666;
        font-weight: 400;
        text-align: center;
        display: inline-block;
        opacity: 0.6;
      }

      .login-help {
        width: 100%;
        text-align: center;
        font-size: 12px;
      }

      .login-client-image img {
        margin-bottom: 20px;
        display: block;
        margin-left: auto;
        margin-right: auto;
        width: 20%;
      }

      .login-card input[type=checkbox] {
        margin-bottom: 10px;
      }

      .login-card label {
        color: #999;
      }

      .grant-debug {
        text-align: center;
        font-family: Fixed, monospace;
        width: 100%;
        font-size: 12px;
        color: #999;
      }

      .grant-debug div {
        padding-top: 10px;
      }

      ul {
        font-weight: 100;
        padding-left: 1em;
        list-style-type: circle;
      }

      li + ul, ul + li, li + li {
        padding-top: 0.3em;
      }

      button {
        cursor: pointer;
      }
    </style>
  </head>
  <body>
    <div class="login-card">
      <h1>Sign-in</h1>
      <form autocomplete="off" action="https://fapi.panva.cz/interaction/syAdJ8eorefGhD4EgYU6l" method="post">
  <input type="hidden" name="prompt" value="login"/>
  <input required type="text" name="login" placeholder="Enter any login" autofocus="on">
  <input required type="password" name="password" placeholder="and password" >

  <button type="submit" class="login login-submit">Sign-in</button>
</form>
      <div class="login-help">
        <a href="https://fapi.panva.cz/interaction/syAdJ8eorefGhD4EgYU6l/abort">[ Cancel ]</a>
        
        
      </div>
    </div>
    <div class="grant-debug">
      <details>
        <summary style="text-align: center;">(Click to expand) DEBUG information</summary>
        <div>
          <strong>uid</strong>: syAdJ8eorefGhD4EgYU6l
        </div>

        

        <div>
          PARAMS <br>
         ======== <br>
          <strong>client_id</strong>: 'pkjwt-one'<br/><strong>nonce</strong>: '6lQXfLAjXr'<br/><strong>redirect_uri</strong>: 'https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback'<br/><strong>response_type</strong>: 'code id_token'<br/><strong>scope</strong>: 'openid'<br/><strong>state</strong>: 'LGpUkQfv0m'<br/><strong>claims</strong>: '{"id_token":{"acr":{"value":"urn:mace:incommon:iap:silver","essential":true}}}'
        </div>

        <div>
          PROMPT <br>
         ======== <br>
          <strong>name</strong>: 'login'<br/><strong>reasons</strong>: [ 'no_session', 'essential_acr' ]<br/><strong>details</strong>: { acr: { value: 'urn:mace:incommon:iap:silver', essential: true } }
        </div>
      </details>
    </div>
  </body>
</html>
response_content_type
text/html
response_status_text
200-OK
response_status_code
200
2021-06-11 14:36:24 INFO
WebRunner
Entering text
task
Login
browser
text
element_type
name
value
foo
url
https://fapi.panva.cz/interaction/syAdJ8eorefGhD4EgYU6l
target
login
2021-06-11 14:36:24 INFO
WebRunner
Entering text
task
Login
browser
text
element_type
name
value
bar
url
https://fapi.panva.cz/interaction/syAdJ8eorefGhD4EgYU6l
target
password
2021-06-11 14:36:24 INFO
WebRunner
Clicking an element
task
Login
browser
click
element_type
class
url
https://fapi.panva.cz/interaction/syAdJ8eorefGhD4EgYU6l
target
login-submit
2021-06-11 14:36:25 INFO
WebRunner
Completed processing of webpage
task
Login
browser
complete
response_status_text
200-OK
match
https://fapi.panva.cz/interaction*
url
https://fapi.panva.cz/interaction/xbXwQ7eMjZAFlX5EgA7NT
response_status_code
200
2021-06-11 14:36:25 INFO
WebRunner
Clicking an element
task
Consent
browser
click
element_type
class
url
https://fapi.panva.cz/interaction/xbXwQ7eMjZAFlX5EgA7NT
target
login-submit
2021-06-11 14:36:26 INCOMING
fapi1-advanced-final-ensure-client-id-in-token-endpoint
Incoming HTTP request to test instance 1ZvLJGx4vJQvUrO
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://fapi.panva.cz/interaction/xbXwQ7eMjZAFlX5EgA7NT",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US",
  "origin": "https://fapi.panva.cz",
  "cache-control": "max-age\u003d0",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-06-11 14:36:26 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/svt3w5RAIRlmZSW8mxk1",
  "fullUrl": "https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/implicit/svt3w5RAIRlmZSW8mxk1"
}
2021-06-11 14:36:26 OUTGOING
fapi1-advanced-final-ensure-client-id-in-token-endpoint
Response to HTTP request to test instance 1ZvLJGx4vJQvUrO
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/implicit/svt3w5RAIRlmZSW8mxk1, returnUrl=/log-detail.html?log=1ZvLJGx4vJQvUrO}]
outgoing_path
callback
2021-06-11 14:36:26 INFO
WebRunner
Completed processing of webpage
task
Consent
browser
complete
response_status_text
200-
match
https://fapi.panva.cz/interaction*
url
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback#code=akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM&id_token=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g&state=LGpUkQfv0m
response_status_code
200
2021-06-11 14:36:26 INFO
WebRunner
Waiting
regexp
seconds
10
task
Verify Complete
browser
wait
action
element_type
id
url
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback#code=akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM&id_token=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g&state=LGpUkQfv0m
target
submission_complete
2021-06-11 14:36:26 INCOMING
fapi1-advanced-final-ensure-client-id-in-token-endpoint
Incoming HTTP request to test instance 1ZvLJGx4vJQvUrO
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "accept": "*/*",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback#code\u003dakcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM\u0026id_token\u003deyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g\u0026state\u003dLGpUkQfv0m",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US",
  "cookie": "JSESSIONID\u003dE362710A623D511BD1DBE5DB9DF44DB7",
  "x-requested-with": "XMLHttpRequest",
  "content-type": "text/plain",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "821",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/svt3w5RAIRlmZSW8mxk1
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
#code=akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM&id_token=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g&state=LGpUkQfv0m
2021-06-11 14:36:26 OUTGOING
fapi1-advanced-final-ensure-client-id-in-token-endpoint
Response to HTTP request to test instance 1ZvLJGx4vJQvUrO
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/svt3w5RAIRlmZSW8mxk1
2021-06-11 14:36:26
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
parameters
[
  {
    "name": "code",
    "value": "akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM"
  },
  {
    "name": "id_token",
    "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g"
  },
  {
    "name": "state",
    "value": "LGpUkQfv0m"
  }
]
2021-06-11 14:36:26 SUCCESS
ExtractImplicitHashToCallbackResponse
Extracted the hash values
code
akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM
id_token
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g
state
LGpUkQfv0m
2021-06-11 14:36:26 REDIRECT-IN
fapi1-advanced-final-ensure-client-id-in-token-endpoint
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://fapi.panva.cz/interaction/xbXwQ7eMjZAFlX5EgA7NT",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US",
  "origin": "https://fapi.panva.cz",
  "cache-control": "max-age\u003d0",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{
  "code": "akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM",
  "id_token": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g",
  "state": "LGpUkQfv0m"
}
post_body
Verify authorization endpoint response
2021-06-11 14:36:26 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2021-06-11 14:36:26 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2021-06-11 14:36:26 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2021-06-11 14:36:26 SUCCESS
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
2021-06-11 14:36:26 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2021-06-11 14:36:26 SUCCESS
ValidateSuccessfulHybridResponseFromAuthorizationEndpoint
authorization endpoint response does not include unexpected parameters
code
akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM
id_token
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g
state
LGpUkQfv0m
2021-06-11 14:36:26 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
LGpUkQfv0m
2021-06-11 14:36:26
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
2021-06-11 14:36:26 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM
2021-06-11 14:36:26 SUCCESS
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
actual
344
required
128
2021-06-11 14:36:26 SUCCESS
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
actual
201.06472194569977
expected
96.0
2021-06-11 14:36:26 SUCCESS
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
value
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g
header
{
  "kid": "EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M",
  "typ": "JWT",
  "alg": "PS256"
}
claims
{
  "sub": "foo",
  "acr": "urn:mace:incommon:iap:silver",
  "c_hash": "cBKVqz7QsN56EWb-XDXR9g",
  "aud": "pkjwt-one",
  "s_hash": "EhG8cq94R-FsrVT9r3c7Ww",
  "iss": "https://fapi.panva.cz",
  "exp": 1623425785,
  "nonce": "6lQXfLAjXr",
  "iat": 1623422185
}
2021-06-11 14:36:26 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2021-06-11 14:36:26 SUCCESS
EnsureIdTokenContainsKid
kid was found in the ID token header
kid
EUsMLFwXz5zMhkJoo1lcnIM2pApLc3kc_2WV8YKYC3M
2021-06-11 14:36:26 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
6lQXfLAjXr
2021-06-11 14:36:26 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
actual
urn:mace:incommon:iap:silver
requested
[
  "urn:mace:incommon:iap:silver"
]
2021-06-11 14:36:26 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g
2021-06-11 14:36:26 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g
2021-06-11 14:36:26 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
foo
2021-06-11 14:36:26 SUCCESS
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
permitted
[
  "PS256",
  "ES256"
]
alg
PS256
2021-06-11 14:36:26 INFO
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2021-06-11 14:36:26 INFO
FAPIValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2021-06-11 14:36:26 SUCCESS
ExtractSHash
Extracted s_hash from ID Token
s_hash
EhG8cq94R-FsrVT9r3c7Ww
alg
PS256
2021-06-11 14:36:26 SUCCESS
ValidateSHash
s_hash validated successfully
expected_hash
EhG8cq94R-FsrVT9r3c7Ww
unhashed_value
LGpUkQfv0m
id_token_hash
EhG8cq94R-FsrVT9r3c7Ww
2021-06-11 14:36:26 SUCCESS
ExtractCHash
Extracted c_hash from ID Token
c_hash
cBKVqz7QsN56EWb-XDXR9g
alg
PS256
2021-06-11 14:36:26 SUCCESS
ValidateCHash
c_hash validated successfully
expected_hash
cBKVqz7QsN56EWb-XDXR9g
unhashed_value
akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM
id_token_hash
cBKVqz7QsN56EWb-XDXR9g
2021-06-11 14:36:26 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback
Swapping to Client2
2021-06-11 14:36:26 SUCCESS
AddClientIdToTokenEndpointRequest
grant_type
authorization_code
code
akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback
client_id
pkjwt-two
2021-06-11 14:36:26 SUCCESS
CreateClientAuthenticationAssertionClaims
Created client assertion claims
iss
pkjwt-two
sub
pkjwt-two
aud
https://mtls.fapi.panva.cz/token
jti
E93xOQkC1mia86wl1q2r
iat
1623422186
exp
1623422246
2021-06-11 14:36:26 SUCCESS
SignClientAuthenticationAssertion
Signed the client assertion
client_assertion
eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJwa2p3dC10d28iLCJhdWQiOiJodHRwczpcL1wvbXRscy5mYXBpLnBhbnZhLmN6XC90b2tlbiIsImlzcyI6InBrand0LXR3byIsImV4cCI6MTYyMzQyMjI0NiwiaWF0IjoxNjIzNDIyMTg2LCJqdGkiOiJFOTN4T1FrQzFtaWE4NndsMXEyciJ9.b5I7UUKe0E0L9B4iDwYNzrMrt-kcJ9qjnxok83Wpl76FhZZl0Vqf3O8SiYGiSJ4BD04p2QHxQX5ZLws-arVNJetcr2Mk_ZBh5-xfXBmnqlS-HaMea9nsaFDYSI8d4TvGPZgwp5Dt-BqNvGUo4ZXdLfG0MYIKONreXZxyV-YroaXfK7cd7HuZVvae0H9Qajikyp1n1PMq19xDvi10pY-0g-bpPijihi4ZEllyO0gTWJiu8FyHz7DZKTYNpq2qU425w3BXzKt4poSdYWkvtx8cRWESzAUM2_IwKkWIeuU4t4pSd7wp8ofGdB-jP8NNHUaJULcLuaYCtkLe0DAurKnQXQ
2021-06-11 14:36:26
AddClientAssertionToTokenEndpointRequest
Added client assertion
grant_type
authorization_code
code
akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM
redirect_uri
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback
client_id
pkjwt-two
client_assertion
eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJwa2p3dC10d28iLCJhdWQiOiJodHRwczpcL1wvbXRscy5mYXBpLnBhbnZhLmN6XC90b2tlbiIsImlzcyI6InBrand0LXR3byIsImV4cCI6MTYyMzQyMjI0NiwiaWF0IjoxNjIzNDIyMTg2LCJqdGkiOiJFOTN4T1FrQzFtaWE4NndsMXEyciJ9.b5I7UUKe0E0L9B4iDwYNzrMrt-kcJ9qjnxok83Wpl76FhZZl0Vqf3O8SiYGiSJ4BD04p2QHxQX5ZLws-arVNJetcr2Mk_ZBh5-xfXBmnqlS-HaMea9nsaFDYSI8d4TvGPZgwp5Dt-BqNvGUo4ZXdLfG0MYIKONreXZxyV-YroaXfK7cd7HuZVvae0H9Qajikyp1n1PMq19xDvi10pY-0g-bpPijihi4ZEllyO0gTWJiu8FyHz7DZKTYNpq2qU425w3BXzKt4poSdYWkvtx8cRWESzAUM2_IwKkWIeuU4t4pSd7wp8ofGdB-jP8NNHUaJULcLuaYCtkLe0DAurKnQXQ
client_assertion_type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-06-11 14:36:26 INFO
WebRunner
Completed processing of webpage
task
Verify Complete
browser
complete
response_status_text
200-
match
https://*/test/a/*/callback*
url
https://www.certification.openid.net/test/a/oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response/callback#code=akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM&id_token=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkVVc01MRndYejV6TWhrSm9vMWxjbklNMnBBcExjM2tjXzJXVjhZS1lDM00ifQ.eyJzdWIiOiJmb28iLCJhY3IiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwibm9uY2UiOiI2bFFYZkxBalhyIiwiY19oYXNoIjoiY0JLVnF6N1FzTjU2RVdiLVhEWFI5ZyIsInNfaGFzaCI6IkVoRzhjcTk0Ui1Gc3JWVDlyM2M3V3ciLCJhdWQiOiJwa2p3dC1vbmUiLCJleHAiOjE2MjM0MjU3ODUsImlhdCI6MTYyMzQyMjE4NSwiaXNzIjoiaHR0cHM6Ly9mYXBpLnBhbnZhLmN6In0.QEKSiFTgwdSaoAGLEWhuHoE8Yqd7IrFb8zeEwZqc2v_lA4RhhiBRWM7fsyyOLPNR9qtqJKN9i7zaXNhm5_H5DqQhbxJUJiIYNIkySfOacalcez6aUsGa2DNscNSU_kx8HCQ9eRk7ZE-uchzR5C0-ALDwpDeak9zcTSCHcEtV7egPR6nsVNKyqXnoTFl6SVZfx4DVcE-8IBSS0TH7sZ1mLPYoOr8nC1VwiEnuVhd7GQg_NziS-P9l54dOl6gwOensRao9J6JU4M0teQCSNDVJkrG7lHUkkOvWKN2fmbB_OaSoLNjdtUHONm0BxF8oDk4CXrPBh-1881PQ3-3I5ef68g&state=LGpUkQfv0m
response_status_code
200
2021-06-11 14:36:26
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://mtls.fapi.panva.cz/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "974"
}
request_body
grant_type=authorization_code&code=akcif_0kmIDPI2Pj2zBU-sN72apzcPnq9hR9oz_2kgM&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2Foidc-provider-by_value-private_key_jwt-plain_fapi-plain_response%2Fcallback&client_id=pkjwt-two&client_assertion=eyJraWQiOiJFVXNNTEZ3WHo1ek1oa0pvbzFsY25JTTJwQXBMYzNrY18yV1Y4WUtZQzNNIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJwa2p3dC10d28iLCJhdWQiOiJodHRwczpcL1wvbXRscy5mYXBpLnBhbnZhLmN6XC90b2tlbiIsImlzcyI6InBrand0LXR3byIsImV4cCI6MTYyMzQyMjI0NiwiaWF0IjoxNjIzNDIyMTg2LCJqdGkiOiJFOTN4T1FrQzFtaWE4NndsMXEyciJ9.b5I7UUKe0E0L9B4iDwYNzrMrt-kcJ9qjnxok83Wpl76FhZZl0Vqf3O8SiYGiSJ4BD04p2QHxQX5ZLws-arVNJetcr2Mk_ZBh5-xfXBmnqlS-HaMea9nsaFDYSI8d4TvGPZgwp5Dt-BqNvGUo4ZXdLfG0MYIKONreXZxyV-YroaXfK7cd7HuZVvae0H9Qajikyp1n1PMq19xDvi10pY-0g-bpPijihi4ZEllyO0gTWJiu8FyHz7DZKTYNpq2qU425w3BXzKt4poSdYWkvtx8cRWESzAUM2_IwKkWIeuU4t4pSd7wp8ofGdB-jP8NNHUaJULcLuaYCtkLe0DAurKnQXQ&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
request_mutual_tls
{
  "cert": "MIIC4DCCAcgCCQDuBF1vmG5mlDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwHhcNMTkwNjE4MTIzMTA2WhcNMjAwNjE3MTIzMTA2WjAyMQswCQYDVQQGEwJDWjEPMA0GA1UEBwwGUHJhZ3VlMRIwEAYDVQQDDAlwa210bHNvbmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFGKYDieCWZ63Fx9jMhtlPlHUgkR6bmKqGwvZuVAe9Zz+sHvbVtTk/4AEOjSozksxf070O1PnK3zY0SuZynhKJnTaFouN45iMnnNQS6XMKd9Tm5WpSRbxfaOeuIZybvOmNy0nuxkvqcE5fXIyr9bDCO9WEArQIQqjGJ93zKJpV2nT9Q7heTK430z7Hp3+XxwGXoKsLW/jebr3ryWTMEv8ouEbXeCz2OH6Oup8UIwXDyjYxwhwS5FAcRQdh4KnhHOLGYVAuVR3wPewtrTioYznFdfwtDHGd9fZVxrXPlVqCksj0CTnPf7UgXtjm2hTfkwHHtW2BegWR/q3+q9gs7uehc\u003d",
  "key": "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEEnW885Hp+2Q7l+KCtKPOwfPIVOLKshgygWIAXC8z5TKnA1N9qbB2BvpDpWUKdXrYuBzWcNH/PHwrJvX42AHGeXCZJDSXzuRH934/fjMQHTFJquoP4rziUlRJfT+pwJcuvgxgGLI5xgzNqD7gZZp/9LVm5OdXU1poQviUel+hwV5eiT1r1fOe5LOiXkLwp3kBLlqGrtRPFIIa+20qkvnFh5ZcnRmOmm2vcAnI7OaNc2rSLHVbvkFuY8mMEx8rtthq0dQyyy1Ucudi3cLCI2x8Px0qQFUqWH4LgNaj7VZjlU1NPE8LjsSPLasZsMsn0wt22fo+v5bJbaZ3N3QQqM0VAgMBAAECggEBAKrgF6Hrd9+9yhWxgaM9gIDhQO73I4tY+IOThHAh5rVIawNof6vFZdcGr7aiftNFnSEgG2m7exgAg4or8zPCNJHfJgUgq4Eduo8JnwoAlsnVVy4HeOMNTGXFMFW3hPMQt/DxieF5xGFbO69DkECJ68LV5f3dQcw2BVVWAEON/qf9UhgEnx79OdiCYzyoHjxaHoXk9cVTUtXwmU0lphRFT14W2Py0KZ5vA8JEefoZl/qEo42iR0KB4eDj/LiduWAMKDLN/u0Dmq3WxLvw7LHnlqENTEY56Lw1sbMQlmvl0zCD68BeMz+Mvlm7VRSCxR+3uX6Nli3eb2EsYziZIlt00iUCgYEA4ZNvp0u6vXQAf7IGESuhu3u4cD6K8iJ6BT+O64yHJzc17e9lt+p89GasTtkgeEH/lr+XxScVBYndi/8vaqsA47bkIoWVvcXq7C4jkv0bPelpaI/KPGfoZC1etR102+dS1ZufxzwSo64drw+HPuwaIkXvmpK4MBI9jEYoOHh9KR8CgYEA3oRU/iCWvKOGHlR9BmcBysVGmkvBwj8XLTJGfxJkm3M9utLSg0uNo7vW0Zm88KdzdeaRBt6ltZAG3hBL0mHNwC0hYRv5fzO7yczWFLPXbUNVqC5OLI+wTL7+ikx040lL9IRRtgub47+9IvxxaGaIRzsFwa+15D7TCE7K8BydH0sCgYEAivnkC2VL2tcyS3op5MBF95Vk77qIrl9xX/RloFfHGPEaB8q7l5EfhRAQzs9VAuJejsjhv7SxbeUfmtYQp55NgP44FdDJjc73SqWugyvvcbhxmdslFQxLkBSnydwpGCav0Sz9RqmLLk7iuO1PPQQHoeAGm+wTEILcaqT6uLf7HK8CgYBOlloWLphOI0q454oIetTNMoNO9zaFThb3ZWw0cOCLblX853xl1oc9rpeeCzgJnnpOx5Gs5XGNAEMMpqDAur4aA1Zon6KsZC8MhIWPZjzNYByee0wsvMq9MC9h1MLrivWCdEEPlGYIN62q75F2F9BFp/jOgSoyZGXP51QRHWn4pQKBgCEy7GsS3sAj3GiTmCkVvR3gKSlSKmJULmI+8EoT6tzYhMvyqoCHPtll2DHzBeqA6Il2DKz+gFbKln2+LrPUrb2rgK9e8qdZH9X36Ws8u9YA/VasGQRUFIAcFcNWoBBX79nBQ/89zrPubaN2Rh9BKuUEGLKAzDf1JIzseUr8jdvw"
}
2021-06-11 14:36:27 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
401 UNAUTHORIZED
response_status_text
Unauthorized
response_headers
{
  "cache-control": "no-cache, no-store",
  "content-length": "77",
  "content-security-policy": "default-src \u0027self\u0027;base-uri \u0027self\u0027;block-all-mixed-content;font-src \u0027self\u0027 https: data:;frame-ancestors \u0027self\u0027;img-src \u0027self\u0027 data:;object-src \u0027none\u0027;script-src \u0027self\u0027;script-src-attr \u0027none\u0027;style-src \u0027self\u0027 https: \u0027unsafe-inline\u0027;upgrade-insecure-requests",
  "content-type": "application/json; charset\u003dutf-8",
  "date": "Fri, 11 Jun 2021 14:36:27 GMT",
  "expect-ct": "max-age\u003d0",
  "pragma": "no-cache",
  "referrer-policy": "no-referrer",
  "server": [
    "Caddy",
    "Cowboy"
  ],
  "strict-transport-security": "max-age\u003d15552000; includeSubDomains",
  "vary": "Origin",
  "via": "1.1 vegur",
  "x-content-type-options": "nosniff",
  "x-dns-prefetch-control": "off",
  "x-download-options": "noopen",
  "x-frame-options": "SAMEORIGIN",
  "x-permitted-cross-domain-policies": "none",
  "x-xss-protection": "0"
}
response_body
{"error":"invalid_client","error_description":"client authentication failed"}
2021-06-11 14:36:27 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
error
invalid_client
error_description
client authentication failed
2021-06-11 14:36:27 SUCCESS
CheckTokenEndpointHttpStatusForInvalidRequestOrInvalidClientError
Token endpoint http status code was 401 for error 'invalid_client'
2021-06-11 14:36:27 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2021-06-11 14:36:27 SUCCESS
CheckErrorFromTokenEndpointResponseErrorInvalidClient
Token Endpoint response error returned expected 'error' of 'invalid_client'
error
invalid_client
2021-06-11 14:36:27 SUCCESS
ValidateErrorFromTokenEndpointResponseError
Token endpoint response error returned valid 'error' field
error
invalid_client
2021-06-11 14:36:27 SUCCESS
CheckErrorDescriptionFromTokenEndpointResponseErrorContainsCRLFTAB
token_endpoint_response 'error_description' field does not include CR/LF/TAB
error_description
client authentication failed
2021-06-11 14:36:27 SUCCESS
ValidateErrorDescriptionFromTokenEndpointResponseError
token_endpoint_response error returned valid 'error_description' field
error_description
client authentication failed
2021-06-11 14:36:27 SUCCESS
ValidateErrorUriFromTokenEndpointResponseError
token_endpoint_response did not include optional 'error_uri' field
2021-06-11 14:36:27 FINISHED
fapi1-advanced-final-ensure-client-id-in-token-endpoint
Test has run to completion
testmodule_result
PASSED
2021-06-11 14:36:28
TEST-RUNNER
Alias has now been claimed by another test
alias
oidc-provider-by_value-private_key_jwt-plain_fapi-plain_response
new_test_id
GcNBWL7tmyYWTk8
Test Results