Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-06-13 21:25:38 INFO
TEST-RUNNER
Test instance OK3RzKZdf6VCCry created
baseUrl
https://www.certification.openid.net/test/a/MSTR_M2021_UP1
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code",
  "request_type": "plain_http_request",
  "response_mode": "default",
  "client_registration": "static_client"
}
alias
MSTR_M2021_UP1
description
planId
iEllghTC7G18K
config
{
  "alias": "MSTR_M2021_UP1",
  "client": {
    "client_id": "87654321",
    "client_secret": "12345678",
    "redirect_uri": "https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login"
  }
}
testName
oidcc-client-test-nonce-invalid
2021-06-13 21:25:38 SUCCESS
OIDCCGenerateServerConfiguration
Generated default server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2021-06-13 21:25:38
SetTokenEndpointAuthMethodsSupportedToClientSecretBasicOnly
Changed token_endpoint_auth_methods_supported to client_secret_basic only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2021-06-13 21:25:39
OIDCCGenerateServerJWKs
Generated server public private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "8VrAPXTcqnExjLjydY46eG4Umoj67KJLuXrMElByoD9WN2QHBwd_OQMHxtmnG6vghFketSWShGWkAZoC8ykxUgLp5Cc8e7p-BXGvUe_5wRqaPurux_fWsPDph6BS1vDQkHzfE9NAlRIc_A9aH3WSuKDpZuzLdMYb0eHd3-qDfZk",
      "kty": "RSA",
      "q": "l66Mmjjyxqn5MkjtRswUX495Xg-bXi_GKTGlhsYtHm3moCJ9uOfGOskBbwZ4i8Zx7-Vs_sQWHaqnzfgPS4EROHnk8CRnohIqvQlFoe2OIYpNMESshxngJr82VCTubPB7aMR7SAlzLoGZQA1YXvdrpfFTzerUS5O8bi-8spKyhDE",
      "d": "fd5kQrHLa3XnqDmDgMtehwXhbO0AD-yQFG1YlpOFEAaSCEKCAmjLkXMhr3DGPSVEgtx9En7NYu3DMbmHnsk1ks0Q0hOJgw-idRlnF-16qc1ZeBK19_rsj81U49BYTaskkeBfH6KcB3QMaS5RjwjJKeNVqpiR7v723BfrBB72wECwUhcFHbGPq5i5y-4ScIv7_FLUOAzmd9WW6ypaE_ZsCEV1pKgq3czZ5n41b2PdKbc3VG-vkzvrCJL59eV0YVo0O9576LXIcFsxeFmfPlU4Yx0EESRAlJqEoSAO6Bg9BCe8cWWBXJBSeBCF1rG9l68tgxasRcgMX9dCpSzIq10aAQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "705e20b4-dc3c-41ec-be2c-ec88760c4bea",
      "qi": "jI51dwpcCB1svu9vfGcz_nizUfz3IDawtuCzJ1KOjCL4r4eABuMrv1NjmLdxGiR7MnRTKWXhK3G6y_kPD2JYCes--DTqmYkCKCJbcNToQ18hpPVbD8svaQGLes-6zudOi5rK4eQHP5DEDzPG_W536-Y5OMAS2sG7EzvV6_uI0Hw",
      "dp": "TsjR8f3Avn5-rzH8K3WHDqLYZO2MA0yjLWOxU9Ug5cBnE2O6i4fd9q1Pj5Ci5PyBKJKy3GzsW_2VwNQWXGu45s1-rfRE4RqqYnqOwU91lpxpd1pXIb18PnwVrykdgX5QhqnMY_tUnJSyE3GreJN3ln8oUWnArFiy4hs5wwsZaxk",
      "dq": "h-SG7WjWASypKObzRblzC0ZESwQag2Cz3ZYwITYNmDSIKbGdB3sHOwV4tlqKx1dsHqxiYUGWOs_49Own79Jbdkim1osXGbnC9oeHDhMBgoUgsHzmQUfqbWxkJTDNN2agefWGKbzlp6XOgfcy1CpBFHPITDT2LBvY9rLoEOii7RE",
      "n": "jwEXofEdlIkzT_o6u8ZEkYOYxHiOtieoYY2O3eq2wPGTrDsx4wqWwk5xF0ic2LHzyYqo4xBZVc8RRTM4XRg3FYt1CM54bC9i88k8fJFK_6CUkmaPzWAliiLHbggc9lcr9Uy-8HmLsuLZzarx8k5SfLWQeTO7Oi1LFhh-YDlZ8gPYeHox7sa_28_vAucqo53FXr2sPX1F9bdGNjjHm80HpiAy52GCl8VfAbNPCXk7ijM3JAmrlRGXoLLsz9PW2MN64AR-BIjWO7stL1RroxyEJv8BVD98aUxNGO9FjgHcPww_PP6hGoodHobzxQla6Rm6-toPLL7qXoMI06o4Rk_uSQ"
    },
    {
      "kty": "EC",
      "d": "7G1ueO9_0T0Ee5jF8c5sLzfvGDPas-bXQ-SbI7lnEvU",
      "use": "sig",
      "crv": "P-256",
      "kid": "e8993bf0-be21-4d70-a005-03ec6dac74d9",
      "x": "dOBiEHVgLLdTNVqGs2hYsRlAa3VH2fg-MI3cGOpllpQ",
      "y": "tusspy70yGT3Fr_qeU8savvSc9y6yAVn6ij2RAKdIPY"
    },
    {
      "kty": "EC",
      "d": "jdOW6-mkvClLTmb-2gNExsTMxb41-uTYHXkK_xnd4Zk",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "1e372ac6-a2f7-498f-8e26-16b2ea051f44",
      "x": "Rev2J71NmYE3pYPcllFHsDSDA87udo4ahCtrVg5OkhI",
      "y": "G6S-sZQcL6lRsc0vp_UJEhDwoM0Y3QYXzP2tlaf3_cM"
    },
    {
      "kty": "OKP",
      "d": "lLA5aO-I7yOdOMCjY4IGvt6JPKNBYu7yKk_nOOxiP7c",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "95f74806-1908-4221-b836-8210c13a3245",
      "x": "dXtEziMFL8sXREa5PpZ4tIWoRcX_Zx4KQ-ZpoGv30DI"
    }
  ]
}
server_encryption_keys
{
  "keys": [
    {
      "p": "_3_0xaA62jq6YhwXuwPY9561GfGtGzAkJhfI1knhqtiOaa-cautdbW8clNce4-pTnXLiuj8I7ox2nzhZmg1CpHiCIU6QtD-RpvkycQ_Hvz2zVUIGbqASSYUE9tePMJFpb4BfdhBKYkL6WMLxmwIZ_tNWBPAVP6-OPtEKqnh4rBk",
      "kty": "RSA",
      "q": "nvP-KrQVhWu04vRh8dm4DZ6YizV9Eu0etZ0sC-R7uksPKpoE-0p1i1sKWPCOtImS2_hQvS7DDDJl070ep_NnET22uTohx3-kJOEwBVFi1fwgnRQfbMwWVMcxajF2okPtxDKbqXG_XRhSacGNAVj_HhxE0qLkM3O0Vv8ENE004Ts",
      "d": "WUL-OwM-aIS5Kyn8XYHWOaQnF17fUnHvUfJ-vmPpPoV0AN9Ur24xaxExrrX0LXKUIxFVZvrt7PGCwbU0dxK8NtmnOx3V0F_xVHkqxFwQEbups4j4Wekj844KRPc__Kd3_ecZYRTj2i2pYTZxFjwFAC-31KWXumMSQHMdZbA0IH5o2XMGS4eOf59XsRKpRD7_dQqlC6znU5BZ7I8Ny22k5n01ZESOC8Ot1r8DX3lDfmpe7MHfagp5AJnUr7WRrafO8k3YPJhvwMzJB7LXSR2qUEs6m96SsnXCMx0JJIZ0WdApFuBgdkgO3_c2eFZh1vUrmu02KlXIlTSKDo3_cmbr0Q",
      "e": "AQAB",
      "use": "enc",
      "kid": "0608275f-86ea-4b47-ab13-77a4de5e43d7",
      "qi": "3UeXATpIi89v09yFoq7N14AQa10WBt3d5GcRhbAwQ3IBbuYYTzQEBGxdM8Wmgoc25bupXCH5dvtdqsN3gCOrrgPlHhC6kGLveqk4uPWyy4ASC3oSDY6BPplavKF8tnzYJvxWMixDgfEapIlniNV8KHrv80bRGJgRcky8VVuGxfU",
      "dp": "Tz36Rojpd-GbCO65lXEeC76XYJKKI9KMg5wA2CVV7kz37mNe2fJhqZ06ehc2J233vO9yzlzaglHiQIOTlqniL2yIv5fEXYMRw32qXVKNmwyh4CF4KTtQMKkm3wAAEwomb0SbVty6lTs8tebQVEkUkuos1Z84l-X08hqXekOe-ZE",
      "alg": "RSA-OAEP",
      "dq": "Kada1an3cc01y7uq5wvc1YTYCLLtocYNpB4Z6svnOHxu7wUJhSiQAQLMhV4Up27d01MRJWJZrpqOYJxQqkZ4neYEOinnrDXgt-FjCiG3uselbERXr9UTjQfeBSwNIJyYdC-m5xJtyWGURy53WwENacCSsHgLQQhzG9EcMvCAiP0",
      "n": "nqR9MuQRGrcVA4cduwy8xfw27LwS3Vhv8CDiRZ9murL6XzsY6-TgBnXtqFfTwlC5GFfdrdiknd2a-6km8RNGJllHi-c1U2kyGyJdzVORfWl_0wgvLC9Gz2Hrw1WOtrShkopNDDaoJtUO8GnDHr3XP-xlFV8eu9agvYlIy93wft_-E4Exc-FBE8FNlB53_eKT0LRYISxTSXmTD63qAi3-rXUFZWSETsJbIZ404VWoAF1IDzMF_Wt5TjaJCEybXAOYzfarN8LAdQxrJ_b5OqZTpeA2j1VeIjuFIz17nVKq9xWIismwVJcIZcM6PhrWEfXUMABDi7LNuMPThGaGTSWiww"
    },
    {
      "kty": "EC",
      "d": "N-Kdl6YapMu2yFu4Pq7XkB852vUmn2JR2rmilB5KIoA",
      "use": "enc",
      "crv": "P-256",
      "kid": "8e2250b7-75ad-4485-9939-b5d8ad0d0668",
      "x": "sLWoyf9jHiju_lh106ooMpYEVZCRfu9KNmn8o9ppL-E",
      "y": "lM3zvUnQc15mKpligRF7PBTKwHVKFCs3_7e6fNSQFio",
      "alg": "ECDH-ES"
    }
  ]
}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "705e20b4-dc3c-41ec-be2c-ec88760c4bea",
      "n": "jwEXofEdlIkzT_o6u8ZEkYOYxHiOtieoYY2O3eq2wPGTrDsx4wqWwk5xF0ic2LHzyYqo4xBZVc8RRTM4XRg3FYt1CM54bC9i88k8fJFK_6CUkmaPzWAliiLHbggc9lcr9Uy-8HmLsuLZzarx8k5SfLWQeTO7Oi1LFhh-YDlZ8gPYeHox7sa_28_vAucqo53FXr2sPX1F9bdGNjjHm80HpiAy52GCl8VfAbNPCXk7ijM3JAmrlRGXoLLsz9PW2MN64AR-BIjWO7stL1RroxyEJv8BVD98aUxNGO9FjgHcPww_PP6hGoodHobzxQla6Rm6-toPLL7qXoMI06o4Rk_uSQ"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "8785095b-0d2c-4c34-a6cd-207d1343bf29",
      "n": "obzJse18DqF9nixDl7-tuMTnDxKRBTiXVCc-tKLrgAvGoNJH393QREbXXtYIyM54x_Zwlcu7AeiWuAY15j2YfqPHKl0LrvN8TEn3BTNLdWFme9QvGkAlA5ysM7L8-DRBfqq-EAdFIT2wQriKUzlFi1wRlTwoVzF52OQuzckVKH6KUTDxnSaWd0BsPQ95c2qgSgVq7KPi0IVCKYx6bG8GnDZj0Mjqcs0S1JBF0NqS_-BxdTxBlYtvLXdtd9sNUmvRYEXOSAeh8cxc92GRHRo1ybvqkXDEZPQac1yCd_v9jViF3o4NTPCxZJNLM8sgqSTmr0sSW0gYwja3n5dPtNFvpQ"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "e8993bf0-be21-4d70-a005-03ec6dac74d9",
      "x": "dOBiEHVgLLdTNVqGs2hYsRlAa3VH2fg-MI3cGOpllpQ",
      "y": "tusspy70yGT3Fr_qeU8savvSc9y6yAVn6ij2RAKdIPY"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "3104f890-0730-477e-98fa-3f2dca925461",
      "x": "TB7ylZge5swFfeXAqUleqd9f5Je1SF5MUMJGy9XZ5dQ",
      "y": "tmIsUGKl_jaPJDfDDFURjTlZPcu1l3pX4hK6ICeKrdA"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "1e372ac6-a2f7-498f-8e26-16b2ea051f44",
      "x": "Rev2J71NmYE3pYPcllFHsDSDA87udo4ahCtrVg5OkhI",
      "y": "G6S-sZQcL6lRsc0vp_UJEhDwoM0Y3QYXzP2tlaf3_cM"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "95f74806-1908-4221-b836-8210c13a3245",
      "x": "dXtEziMFL8sXREa5PpZ4tIWoRcX_Zx4KQ-ZpoGv30DI"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "0608275f-86ea-4b47-ab13-77a4de5e43d7",
      "alg": "RSA-OAEP",
      "n": "nqR9MuQRGrcVA4cduwy8xfw27LwS3Vhv8CDiRZ9murL6XzsY6-TgBnXtqFfTwlC5GFfdrdiknd2a-6km8RNGJllHi-c1U2kyGyJdzVORfWl_0wgvLC9Gz2Hrw1WOtrShkopNDDaoJtUO8GnDHr3XP-xlFV8eu9agvYlIy93wft_-E4Exc-FBE8FNlB53_eKT0LRYISxTSXmTD63qAi3-rXUFZWSETsJbIZ404VWoAF1IDzMF_Wt5TjaJCEybXAOYzfarN8LAdQxrJ_b5OqZTpeA2j1VeIjuFIz17nVKq9xWIismwVJcIZcM6PhrWEfXUMABDi7LNuMPThGaGTSWiww"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "8e2250b7-75ad-4485-9939-b5d8ad0d0668",
      "x": "sLWoyf9jHiju_lh106ooMpYEVZCRfu9KNmn8o9ppL-E",
      "y": "lM3zvUnQc15mKpligRF7PBTKwHVKFCs3_7e6fNSQFio",
      "alg": "ECDH-ES"
    }
  ]
}
2021-06-13 21:25:39 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-06-13 21:25:39 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-06-13 21:25:39 SUCCESS
OIDCCLoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "given_name": "Demo",
  "family_name": "User",
  "middle_name": "Theresa",
  "nickname": "Dee",
  "preferred_username": "d.tu",
  "gender": "female",
  "birthdate": "2000-02-03",
  "address": {
    "street_address": "100 Universal City Plaza",
    "locality": "Hollywood",
    "region": "CA",
    "postal_code": "91608",
    "country": "USA"
  },
  "zoneinfo": "America/Los_Angeles",
  "locale": "en-US",
  "phone_number": "+1 555 5550000",
  "phone_number_verified": false,
  "email": "user@example.com",
  "email_verified": false,
  "website": "https://openid.net/",
  "updated_at": 1580000000
}
2021-06-13 21:25:39 SUCCESS
OIDCCGetStaticClientConfigurationForRPTests
Found a static client object
client_id
87654321
client_secret
12345678
redirect_uris
[
  "https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login"
]
2021-06-13 21:25:39 SUCCESS
EnsureClientDoesNotHaveBothJwksAndJwksUri
Client does not have both jwks and jwks_uri set
client
{
  "client_id": "87654321",
  "client_secret": "12345678",
  "redirect_uris": [
    "https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login"
  ]
}
2021-06-13 21:25:39 INFO
FetchClientKeys
Skipped evaluation due to missing required element: client jwks_uri
path
jwks_uri
mapped
object
client
2021-06-13 21:25:39 SUCCESS
ValidateClientGrantTypes
grant_types match response_types
grant_types
[
  "authorization_code"
]
response_types
[
  "code"
]
2021-06-13 21:25:39 SUCCESS
OIDCCValidateClientRedirectUris
Valid redirect_uri(s) provided in registration request
redirect_uris
[
  "https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login"
]
2021-06-13 21:25:39 SUCCESS
ValidateClientLogoUris
Client does not contain any logo_uri
2021-06-13 21:25:39 SUCCESS
ValidateClientUris
Client does not contain any client_uri
2021-06-13 21:25:39 SUCCESS
ValidateClientPolicyUris
Client does not contain any policy_uri
2021-06-13 21:25:39 SUCCESS
ValidateClientTosUris
Client does not contain any tos_uri
2021-06-13 21:25:39 SUCCESS
ValidateClientSubjectType
A subject_type was not provided
2021-06-13 21:25:39 INFO
ValidateIdTokenSignedResponseAlg
Skipped evaluation due to missing required element: client id_token_signed_response_alg
path
id_token_signed_response_alg
mapped
object
client
2021-06-13 21:25:39 SUCCESS
EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet
id_token_encrypted_response_enc is not set
2021-06-13 21:25:39 INFO
ValidateUserinfoSignedResponseAlg
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2021-06-13 21:25:39 SUCCESS
EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet
userinfo_encrypted_response_enc is not set
2021-06-13 21:25:39 INFO
ValidateRequestObjectSigningAlg
Skipped evaluation due to missing required element: client request_object_signing_alg
path
request_object_signing_alg
mapped
object
client
2021-06-13 21:25:39 SUCCESS
EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet
request_object_encryption_enc is not set
2021-06-13 21:25:39 INFO
ValidateTokenEndpointAuthSigningAlg
Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg
path
token_endpoint_auth_signing_alg
mapped
object
client
2021-06-13 21:25:39 SUCCESS
ValidateDefaultMaxAge
default_max_age is not set
2021-06-13 21:25:39 INFO
ValidateRequireAuthTime
Skipped evaluation due to missing required element: client require_auth_time
path
require_auth_time
mapped
object
client
2021-06-13 21:25:39 INFO
ValidateDefaultAcrValues
Skipped evaluation due to missing required element: client default_acr_values
path
default_acr_values
mapped
object
client
2021-06-13 21:25:39 INFO
ValidateInitiateLoginUri
Skipped evaluation due to missing required element: client initiate_login_uri
path
initiate_login_uri
mapped
object
client
2021-06-13 21:25:39 INFO
ValidateRequestUris
Skipped evaluation due to missing required element: client request_uris
path
request_uris
mapped
object
client
2021-06-13 21:25:39 SUCCESS
OIDCCExtractServerSigningAlg
Using the default algorithm for the first key in server jwks
signing_algorithm
RS256
2021-06-13 21:25:39
SetClientIdTokenSignedResponseAlgToServerSigningAlg
Set id_token_signed_response_alg for the registered client
id_token_signed_response_alg
RS256
2021-06-13 21:25:39
oidcc-client-test-nonce-invalid
Setup Done
2021-06-13 21:26:39 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance OK3RzKZdf6VCCry
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/xml, text/xml, application/json, application/*+xml, application/*+json",
  "user-agent": "Java/11.0.8",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Discovery endpoint
2021-06-13 21:26:39 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance OK3RzKZdf6VCCry
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-06-13 21:29:11 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance OK3RzKZdf6VCCry
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/xml, text/xml, application/json, application/*+xml, application/*+json",
  "user-agent": "Java/11.0.8",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Discovery endpoint
2021-06-13 21:29:11 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance OK3RzKZdf6VCCry
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "gender",
    "birthdate",
    "preferred_username",
    "profile",
    "website",
    "locale",
    "updated_at",
    "address",
    "zoneinfo",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-06-13 21:30:02 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance OK3RzKZdf6VCCry
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "referer": "https://env-239211.customer.cloud.microstrategy.com/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-GB-oxendict;q\u003d0.9,en;q\u003d0.8,tr;q\u003d0.7,eu;q\u003d0.6",
  "cookie": "__utmc\u003d201319536; __utmz\u003d201319536.1623336640.30.8.utmcsr\u003dcertification.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/; __utma\u003d201319536.763838286.1615572732.1623353581.1623411213.32; JSESSIONID\u003d32A224047A3267CDD9D4EE876688B2EF",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "response_type": "code",
  "client_id": "87654321",
  "scope": "openid profile email offline_access",
  "state": "GXV-B2H5tFrXx7ow4ApJ3bUtbXNdvv3QdeHl_6u9qO4\u003d",
  "redirect_uri": "https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login",
  "nonce": "FQrAhIMHhyJTw5JbvCgCJXzkicmXqeUu-SfQQqcXl6o"
}
incoming_body
Authorization endpoint
2021-06-13 21:30:02 SUCCESS
EnsureRequestDoesNotContainRequestObject
Request does not contain a request parameter
2021-06-13 21:30:02 SUCCESS
EnsureAuthorizationHttpRequestContainsOpenIDScope
Found 'openid' in scope http request parameter
actual
[
  "openid",
  "profile",
  "email",
  "offline_access"
]
expected
openid
2021-06-13 21:30:02 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "response_type": "code",
  "client_id": "87654321",
  "scope": "openid profile email offline_access",
  "state": "GXV-B2H5tFrXx7ow4ApJ3bUtbXNdvv3QdeHl_6u9qO4\u003d",
  "redirect_uri": "https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login",
  "nonce": "FQrAhIMHhyJTw5JbvCgCJXzkicmXqeUu-SfQQqcXl6o"
}
2021-06-13 21:30:02 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid profile email offline_access
2021-06-13 21:30:02 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
FQrAhIMHhyJTw5JbvCgCJXzkicmXqeUu-SfQQqcXl6o
2021-06-13 21:30:02 SUCCESS
EnsureResponseTypeIsCode
Response type is expected value
expected
code
2021-06-13 21:30:02 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
87654321
2021-06-13 21:30:02 SUCCESS
EnsureValidRedirectUriForAuthorizationEndpointRequest
redirect_uri is one of the allowed redirect uris
actual
https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login
expected
[
  "https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login"
]
2021-06-13 21:30:02 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid",
  "profile",
  "email",
  "offline_access"
]
expected
openid
2021-06-13 21:30:02 SUCCESS
DisallowMaxAgeEqualsZeroAndPromptNone
The client did not send max_age=0 and prompt=none parameters as expected
2021-06-13 21:30:02 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
7BaJ6vpK5V
2021-06-13 21:30:02 SUCCESS
CalculateCHash
Successful c_hash encoding
c_hash
LAxbo_gA2hI7uk3Zoab-zw
2021-06-13 21:30:02 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login",
  "state": "GXV-B2H5tFrXx7ow4ApJ3bUtbXNdvv3QdeHl_6u9qO4\u003d"
}
2021-06-13 21:30:02 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login",
  "state": "GXV-B2H5tFrXx7ow4ApJ3bUtbXNdvv3QdeHl_6u9qO4\u003d",
  "code": "7BaJ6vpK5V"
}
2021-06-13 21:30:02
SendAuthorizationResponseWithResponseModeQuery
Redirecting back to client
uri
https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login?state=GXV-B2H5tFrXx7ow4ApJ3bUtbXNdvv3QdeHl_6u9qO4%3D&code=7BaJ6vpK5V
2021-06-13 21:30:02 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance OK3RzKZdf6VCCry
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login?state=GXV-B2H5tFrXx7ow4ApJ3bUtbXNdvv3QdeHl_6u9qO4%3D&code=7BaJ6vpK5V]
outgoing_path
authorize
2021-06-13 21:30:02 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance OK3RzKZdf6VCCry
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/json;charset\u003dUTF-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "authorization": "Basic ODc2NTQzMjE6MTIzNDU2Nzg\u003d",
  "user-agent": "Java/11.0.8",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "161",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "code": "7BaJ6vpK5V",
  "redirect_uri": "https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&code=7BaJ6vpK5V&redirect_uri=https%3A%2F%2Fenv-239211.customer.cloud.microstrategy.com%2FMicroStrategyLibrary%2Fauth%2Foidc%2Flogin
Token endpoint
2021-06-13 21:30:02 SUCCESS
ExtractClientCredentialsFromBasicAuthorizationHeader
Extracted client authentication
client_id
87654321
client_secret
12345678
method
client_secret_basic
2021-06-13 21:30:02 SUCCESS
ValidateClientIdAndSecret
Client id and secret match
2021-06-13 21:30:02 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
7BaJ6vpK5V
2021-06-13 21:30:02 SUCCESS
ValidateRedirectUriForTokenEndpointRequest
redirect_uri is the same as the one used in the authorization request
actual
https://env-239211.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login
2021-06-13 21:30:02 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
2rDkJjvTXrBdPpsxe85HFxg5wJNwswKs23u5tPCujwG0DfxeMz
2021-06-13 21:30:02 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
6tEb_7TvMD44xy3_1zw6aw
2021-06-13 21:30:02 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/MSTR_M2021_UP1/
sub
user-subject-1234531
aud
87654321
nonce
FQrAhIMHhyJTw5JbvCgCJXzkicmXqeUu-SfQQqcXl6o
iat
1623619802
exp
1623620102
2021-06-13 21:30:02 SUCCESS
AddInvalidNonceValueToIdToken
Added invalid nonce to ID token claims
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/",
  "sub": "user-subject-1234531",
  "aud": "87654321",
  "nonce": "FQrAhIMHhyJTw5JbvCgCJXzkicmXqeUu-SfQQqcXl6o1",
  "iat": 1623619802,
  "exp": 1623620102
}
nonce
FQrAhIMHhyJTw5JbvCgCJXzkicmXqeUu-SfQQqcXl6o1
2021-06-13 21:30:02 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
6tEb_7TvMD44xy3_1zw6aw
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/MSTR_M2021_UP1/",
  "sub": "user-subject-1234531",
  "aud": "87654321",
  "nonce": "FQrAhIMHhyJTw5JbvCgCJXzkicmXqeUu-SfQQqcXl6o1",
  "iat": 1623619802,
  "exp": 1623620102,
  "at_hash": "6tEb_7TvMD44xy3_1zw6aw"
}
2021-06-13 21:30:02 SUCCESS
OIDCCSignIdToken
Signed the ID token
id_token
eyJraWQiOiI3MDVlMjBiNC1kYzNjLTQxZWMtYmUyYy1lYzg4NzYwYzRiZWEiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiNnRFYl83VHZNRDQ0eHkzXzF6dzZhdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiODc2NTQzMjEiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvTVNUUl9NMjAyMV9VUDFcLyIsImV4cCI6MTYyMzYyMDEwMiwibm9uY2UiOiJGUXJBaElNSGh5SlR3NUpidkNnQ0pYemtpY21YcWVVdS1TZlFRcWNYbDZvMSIsImlhdCI6MTYyMzYxOTgwMn0.UeXSi0UvRNUWvJx5wKNGEBdnVcPpg6N4lv-IMlHxPXPCWFm4W2I59KwOtbL5zjG18RRye5yBTImtXGWxK4kLENGBANK_80JA_bMQtNRaOMYy3SeDAGLxMf8Ir6BswwZJJT0XkW1tUIgwe998VFbydDtRS6b0pW5kkfcULGG1oN7Er_T6cDOgam7Fjz86Xf6FKt9zPNtV6fI_PsrsbF-lfCxLvWffAgx8-FG4MHAJDAG7txADZ29GDZSA_o-QACxzQS1St5iX6D5pEgCpi4Q83d35Ej4vKXEoEWLPVsKKoQkaP0UPEAZIpO4SfEF2qTq08RY3jXfCTjF8QzS3kjkLKA
key
{"p":"8VrAPXTcqnExjLjydY46eG4Umoj67KJLuXrMElByoD9WN2QHBwd_OQMHxtmnG6vghFketSWShGWkAZoC8ykxUgLp5Cc8e7p-BXGvUe_5wRqaPurux_fWsPDph6BS1vDQkHzfE9NAlRIc_A9aH3WSuKDpZuzLdMYb0eHd3-qDfZk","kty":"RSA","q":"l66Mmjjyxqn5MkjtRswUX495Xg-bXi_GKTGlhsYtHm3moCJ9uOfGOskBbwZ4i8Zx7-Vs_sQWHaqnzfgPS4EROHnk8CRnohIqvQlFoe2OIYpNMESshxngJr82VCTubPB7aMR7SAlzLoGZQA1YXvdrpfFTzerUS5O8bi-8spKyhDE","d":"fd5kQrHLa3XnqDmDgMtehwXhbO0AD-yQFG1YlpOFEAaSCEKCAmjLkXMhr3DGPSVEgtx9En7NYu3DMbmHnsk1ks0Q0hOJgw-idRlnF-16qc1ZeBK19_rsj81U49BYTaskkeBfH6KcB3QMaS5RjwjJKeNVqpiR7v723BfrBB72wECwUhcFHbGPq5i5y-4ScIv7_FLUOAzmd9WW6ypaE_ZsCEV1pKgq3czZ5n41b2PdKbc3VG-vkzvrCJL59eV0YVo0O9576LXIcFsxeFmfPlU4Yx0EESRAlJqEoSAO6Bg9BCe8cWWBXJBSeBCF1rG9l68tgxasRcgMX9dCpSzIq10aAQ","e":"AQAB","use":"sig","kid":"705e20b4-dc3c-41ec-be2c-ec88760c4bea","qi":"jI51dwpcCB1svu9vfGcz_nizUfz3IDawtuCzJ1KOjCL4r4eABuMrv1NjmLdxGiR7MnRTKWXhK3G6y_kPD2JYCes--DTqmYkCKCJbcNToQ18hpPVbD8svaQGLes-6zudOi5rK4eQHP5DEDzPG_W536-Y5OMAS2sG7EzvV6_uI0Hw","dp":"TsjR8f3Avn5-rzH8K3WHDqLYZO2MA0yjLWOxU9Ug5cBnE2O6i4fd9q1Pj5Ci5PyBKJKy3GzsW_2VwNQWXGu45s1-rfRE4RqqYnqOwU91lpxpd1pXIb18PnwVrykdgX5QhqnMY_tUnJSyE3GreJN3ln8oUWnArFiy4hs5wwsZaxk","dq":"h-SG7WjWASypKObzRblzC0ZESwQag2Cz3ZYwITYNmDSIKbGdB3sHOwV4tlqKx1dsHqxiYUGWOs_49Own79Jbdkim1osXGbnC9oeHDhMBgoUgsHzmQUfqbWxkJTDNN2agefWGKbzlp6XOgfcy1CpBFHPITDT2LBvY9rLoEOii7RE","n":"jwEXofEdlIkzT_o6u8ZEkYOYxHiOtieoYY2O3eq2wPGTrDsx4wqWwk5xF0ic2LHzyYqo4xBZVc8RRTM4XRg3FYt1CM54bC9i88k8fJFK_6CUkmaPzWAliiLHbggc9lcr9Uy-8HmLsuLZzarx8k5SfLWQeTO7Oi1LFhh-YDlZ8gPYeHox7sa_28_vAucqo53FXr2sPX1F9bdGNjjHm80HpiAy52GCl8VfAbNPCXk7ijM3JAmrlRGXoLLsz9PW2MN64AR-BIjWO7stL1RroxyEJv8BVD98aUxNGO9FjgHcPww_PP6hGoodHobzxQla6Rm6-toPLL7qXoMI06o4Rk_uSQ"}
algorithm
RS256
2021-06-13 21:30:02 INFO
EncryptIdToken
Skipped evaluation due to missing required element: client id_token_encrypted_response_alg
path
id_token_encrypted_response_alg
mapped
object
client
2021-06-13 21:30:02 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
2rDkJjvTXrBdPpsxe85HFxg5wJNwswKs23u5tPCujwG0DfxeMz
token_type
Bearer
id_token
eyJraWQiOiI3MDVlMjBiNC1kYzNjLTQxZWMtYmUyYy1lYzg4NzYwYzRiZWEiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiNnRFYl83VHZNRDQ0eHkzXzF6dzZhdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiODc2NTQzMjEiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvTVNUUl9NMjAyMV9VUDFcLyIsImV4cCI6MTYyMzYyMDEwMiwibm9uY2UiOiJGUXJBaElNSGh5SlR3NUpidkNnQ0pYemtpY21YcWVVdS1TZlFRcWNYbDZvMSIsImlhdCI6MTYyMzYxOTgwMn0.UeXSi0UvRNUWvJx5wKNGEBdnVcPpg6N4lv-IMlHxPXPCWFm4W2I59KwOtbL5zjG18RRye5yBTImtXGWxK4kLENGBANK_80JA_bMQtNRaOMYy3SeDAGLxMf8Ir6BswwZJJT0XkW1tUIgwe998VFbydDtRS6b0pW5kkfcULGG1oN7Er_T6cDOgam7Fjz86Xf6FKt9zPNtV6fI_PsrsbF-lfCxLvWffAgx8-FG4MHAJDAG7txADZ29GDZSA_o-QACxzQS1St5iX6D5pEgCpi4Q83d35Ej4vKXEoEWLPVsKKoQkaP0UPEAZIpO4SfEF2qTq08RY3jXfCTjF8QzS3kjkLKA
scope
openid profile email offline_access
2021-06-13 21:30:02 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance OK3RzKZdf6VCCry
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "2rDkJjvTXrBdPpsxe85HFxg5wJNwswKs23u5tPCujwG0DfxeMz",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiI3MDVlMjBiNC1kYzNjLTQxZWMtYmUyYy1lYzg4NzYwYzRiZWEiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiNnRFYl83VHZNRDQ0eHkzXzF6dzZhdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiODc2NTQzMjEiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvTVNUUl9NMjAyMV9VUDFcLyIsImV4cCI6MTYyMzYyMDEwMiwibm9uY2UiOiJGUXJBaElNSGh5SlR3NUpidkNnQ0pYemtpY21YcWVVdS1TZlFRcWNYbDZvMSIsImlhdCI6MTYyMzYxOTgwMn0.UeXSi0UvRNUWvJx5wKNGEBdnVcPpg6N4lv-IMlHxPXPCWFm4W2I59KwOtbL5zjG18RRye5yBTImtXGWxK4kLENGBANK_80JA_bMQtNRaOMYy3SeDAGLxMf8Ir6BswwZJJT0XkW1tUIgwe998VFbydDtRS6b0pW5kkfcULGG1oN7Er_T6cDOgam7Fjz86Xf6FKt9zPNtV6fI_PsrsbF-lfCxLvWffAgx8-FG4MHAJDAG7txADZ29GDZSA_o-QACxzQS1St5iX6D5pEgCpi4Q83d35Ej4vKXEoEWLPVsKKoQkaP0UPEAZIpO4SfEF2qTq08RY3jXfCTjF8QzS3kjkLKA",
  "scope": "openid profile email offline_access"
}
outgoing_path
token
2021-06-13 21:30:03 INCOMING
oidcc-client-test-nonce-invalid
Incoming HTTP request to test instance OK3RzKZdf6VCCry
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/json, application/jwk-set+json",
  "user-agent": "Java/11.0.8",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
Jwks endpoint
2021-06-13 21:30:03 OUTGOING
oidcc-client-test-nonce-invalid
Response to HTTP request to test instance OK3RzKZdf6VCCry
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "705e20b4-dc3c-41ec-be2c-ec88760c4bea",
      "n": "jwEXofEdlIkzT_o6u8ZEkYOYxHiOtieoYY2O3eq2wPGTrDsx4wqWwk5xF0ic2LHzyYqo4xBZVc8RRTM4XRg3FYt1CM54bC9i88k8fJFK_6CUkmaPzWAliiLHbggc9lcr9Uy-8HmLsuLZzarx8k5SfLWQeTO7Oi1LFhh-YDlZ8gPYeHox7sa_28_vAucqo53FXr2sPX1F9bdGNjjHm80HpiAy52GCl8VfAbNPCXk7ijM3JAmrlRGXoLLsz9PW2MN64AR-BIjWO7stL1RroxyEJv8BVD98aUxNGO9FjgHcPww_PP6hGoodHobzxQla6Rm6-toPLL7qXoMI06o4Rk_uSQ"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "8785095b-0d2c-4c34-a6cd-207d1343bf29",
      "n": "obzJse18DqF9nixDl7-tuMTnDxKRBTiXVCc-tKLrgAvGoNJH393QREbXXtYIyM54x_Zwlcu7AeiWuAY15j2YfqPHKl0LrvN8TEn3BTNLdWFme9QvGkAlA5ysM7L8-DRBfqq-EAdFIT2wQriKUzlFi1wRlTwoVzF52OQuzckVKH6KUTDxnSaWd0BsPQ95c2qgSgVq7KPi0IVCKYx6bG8GnDZj0Mjqcs0S1JBF0NqS_-BxdTxBlYtvLXdtd9sNUmvRYEXOSAeh8cxc92GRHRo1ybvqkXDEZPQac1yCd_v9jViF3o4NTPCxZJNLM8sgqSTmr0sSW0gYwja3n5dPtNFvpQ"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "e8993bf0-be21-4d70-a005-03ec6dac74d9",
      "x": "dOBiEHVgLLdTNVqGs2hYsRlAa3VH2fg-MI3cGOpllpQ",
      "y": "tusspy70yGT3Fr_qeU8savvSc9y6yAVn6ij2RAKdIPY"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "3104f890-0730-477e-98fa-3f2dca925461",
      "x": "TB7ylZge5swFfeXAqUleqd9f5Je1SF5MUMJGy9XZ5dQ",
      "y": "tmIsUGKl_jaPJDfDDFURjTlZPcu1l3pX4hK6ICeKrdA"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "1e372ac6-a2f7-498f-8e26-16b2ea051f44",
      "x": "Rev2J71NmYE3pYPcllFHsDSDA87udo4ahCtrVg5OkhI",
      "y": "G6S-sZQcL6lRsc0vp_UJEhDwoM0Y3QYXzP2tlaf3_cM"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "95f74806-1908-4221-b836-8210c13a3245",
      "x": "dXtEziMFL8sXREa5PpZ4tIWoRcX_Zx4KQ-ZpoGv30DI"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "0608275f-86ea-4b47-ab13-77a4de5e43d7",
      "alg": "RSA-OAEP",
      "n": "nqR9MuQRGrcVA4cduwy8xfw27LwS3Vhv8CDiRZ9murL6XzsY6-TgBnXtqFfTwlC5GFfdrdiknd2a-6km8RNGJllHi-c1U2kyGyJdzVORfWl_0wgvLC9Gz2Hrw1WOtrShkopNDDaoJtUO8GnDHr3XP-xlFV8eu9agvYlIy93wft_-E4Exc-FBE8FNlB53_eKT0LRYISxTSXmTD63qAi3-rXUFZWSETsJbIZ404VWoAF1IDzMF_Wt5TjaJCEybXAOYzfarN8LAdQxrJ_b5OqZTpeA2j1VeIjuFIz17nVKq9xWIismwVJcIZcM6PhrWEfXUMABDi7LNuMPThGaGTSWiww"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "8e2250b7-75ad-4485-9939-b5d8ad0d0668",
      "x": "sLWoyf9jHiju_lh106ooMpYEVZCRfu9KNmn8o9ppL-E",
      "y": "lM3zvUnQc15mKpligRF7PBTKwHVKFCs3_7e6fNSQFio",
      "alg": "ECDH-ES"
    }
  ]
}
outgoing_path
jwks
2021-06-13 21:30:07 FINISHED
oidcc-client-test-nonce-invalid
Test has run to completion
testmodule_result
PASSED
2021-06-13 21:30:35
TEST-RUNNER
Alias has now been claimed by another test
alias
MSTR_M2021_UP1
new_test_id
K4fS0o2f6TIDBYh
Test Results