Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-05-18 13:04:33 INFO
TEST-RUNNER
Test instance ikzGStnHUkDorsS created
baseUrl
https://www.certification.openid.net/test/a/3_0_1
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code token",
  "server_metadata": "discovery",
  "response_mode": "form_post",
  "client_registration": "dynamic_client"
}
alias
3_0_1
description
Tests with 3.0.1
planId
E4quepq4WIIbY
config
{
  "alias": "3_0_1",
  "description": "Tests with 3.0.1",
  "server": {
    "discoveryUrl": "https://testop.funet.fi/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "cert1",
    "client_secret": "changeit",
    "client_name": "second-cert-client"
  },
  "client_secret_post": {
    "client_id": "cert1_post",
    "client_secret": "changeit"
  },
  "client2": {
    "client_id": "cert2",
    "client_secret": "changeit",
    "client_name": "third-cert-client"
  }
}
testName
oidcc-refresh-token
2021-05-18 13:04:33 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
2021-05-18 13:04:33
GetDynamicServerConfiguration
HTTP request
request_uri
https://testop.funet.fi/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-05-18 13:04:34 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 13:04:34 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "2259",
  "set-cookie": "JSESSIONID\u003dnode030eh7vuoq42n18i0zvh0l36gb262.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"authorization_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/authorize","token_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/token","registration_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/register","issuer":"https:\/\/testop.funet.fi","jwks_uri":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/keyset","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"grant_types_supported":["authorization_code","implicit","refresh_token"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"request_object_signing_alg_values_supported":["none","RS256","RS384","RS512","HS256","HS384","HS512","ES256","ES384","ES512"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"subject_types_supported":["public","pairwise"],"userinfo_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/userinfo","acr_values_supported":["password"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"display_values_supported":["page"],"claims_supported":["aud","iss","sub","iat","exp","acr","auth_time","email","email_verified","address","phone","phone_number_verified","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"claims_parameter_supported":true}
2021-05-18 13:04:34
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{"authorization_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/authorize","token_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/token","registration_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/register","issuer":"https:\/\/testop.funet.fi","jwks_uri":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/keyset","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"grant_types_supported":["authorization_code","implicit","refresh_token"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"request_object_signing_alg_values_supported":["none","RS256","RS384","RS512","HS256","HS384","HS512","ES256","ES384","ES512"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"subject_types_supported":["public","pairwise"],"userinfo_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/userinfo","acr_values_supported":["password"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"display_values_supported":["page"],"claims_supported":["aud","iss","sub","iat","exp","acr","auth_time","email","email_verified","address","phone","phone_number_verified","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"claims_parameter_supported":true}
2021-05-18 13:04:34 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
authorization_endpoint
https://testop.funet.fi/idp/profile/oidc/authorize
token_endpoint
https://testop.funet.fi/idp/profile/oidc/token
registration_endpoint
https://testop.funet.fi/idp/profile/oidc/register
issuer
https://testop.funet.fi
jwks_uri
https://testop.funet.fi/idp/profile/oidc/keyset
scopes_supported
[
  "openid",
  "profile",
  "email",
  "address",
  "phone",
  "offline_access"
]
response_types_supported
[
  "code",
  "id_token",
  "id_token token",
  "code id_token",
  "code token",
  "code id_token token"
]
response_modes_supported
[
  "query",
  "fragment",
  "form_post"
]
grant_types_supported
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
token_endpoint_auth_methods_supported
[
  "client_secret_basic",
  "client_secret_post",
  "client_secret_jwt",
  "private_key_jwt"
]
request_object_signing_alg_values_supported
[
  "none",
  "RS256",
  "RS384",
  "RS512",
  "HS256",
  "HS384",
  "HS512",
  "ES256",
  "ES384",
  "ES512"
]
request_parameter_supported
true
request_uri_parameter_supported
true
subject_types_supported
[
  "public",
  "pairwise"
]
userinfo_endpoint
https://testop.funet.fi/idp/profile/oidc/userinfo
acr_values_supported
[
  "password"
]
id_token_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "HS256",
  "HS384",
  "HS512"
]
id_token_encryption_alg_values_supported
[
  "RSA1_5",
  "RSA-OAEP",
  "RSA-OAEP-256",
  "A128KW",
  "A192KW",
  "A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW"
]
id_token_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A192CBC-HS384",
  "A256CBC-HS512",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
userinfo_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "HS256",
  "HS384",
  "HS512"
]
userinfo_encryption_alg_values_supported
[
  "RSA1_5",
  "RSA-OAEP",
  "RSA-OAEP-256",
  "A128KW",
  "A192KW",
  "A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW"
]
userinfo_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A192CBC-HS384",
  "A256CBC-HS512",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
display_values_supported
[
  "page"
]
claims_supported
[
  "aud",
  "iss",
  "sub",
  "iat",
  "exp",
  "acr",
  "auth_time",
  "email",
  "email_verified",
  "address",
  "phone",
  "phone_number_verified",
  "name",
  "family_name",
  "given_name",
  "middle_name",
  "nickname",
  "preferred_username",
  "profile",
  "picture",
  "website",
  "gender",
  "birthdate",
  "zoneinfo",
  "locale",
  "updated_at"
]
claims_parameter_supported
true
2021-05-18 13:04:34 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-05-18 13:04:34 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
authorization_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
token_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
2021-05-18 13:04:34
FetchServerKeys
Fetching server key
jwks_uri
https://testop.funet.fi/idp/profile/oidc/keyset
2021-05-18 13:04:34
FetchServerKeys
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/keyset
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-05-18 13:04:34 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 13:04:34 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "1146",
  "set-cookie": "JSESSIONID\u003dnode0pqbpjj3osuqn1v1q543zfb56r263.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"keys":[{"kty":"RSA","e":"AQAB","kid":"testKeyFromPEM","n":"sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"},{"kty":"EC","use":"sig","crv":"P-256","kid":"defaultECSign","x":"U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA","y":"CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"},{"kty":"RSA","e":"AQAB","use":"enc","kid":"defaultRSAEnc","n":"io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"}]}
2021-05-18 13:04:34
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kty":"RSA","e":"AQAB","kid":"testKeyFromPEM","n":"sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"},{"kty":"EC","use":"sig","crv":"P-256","kid":"defaultECSign","x":"U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA","y":"CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"},{"kty":"RSA","e":"AQAB","use":"enc","kid":"defaultRSAEnc","n":"io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"}]}
2021-05-18 13:04:34 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "testKeyFromPEM",
      "n": "sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "defaultECSign",
      "x": "U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA",
      "y": "CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "defaultRSAEnc",
      "n": "io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"
    }
  ]
}
2021-05-18 13:04:34 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "testKeyFromPEM",
      "n": "sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "defaultECSign",
      "x": "U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA",
      "y": "CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "defaultRSAEnc",
      "n": "io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"
    }
  ]
}
2021-05-18 13:04:34 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-05-18 13:04:34 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2021-05-18 13:04:34 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-18 13:04:34 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-05-18 13:04:34 SUCCESS
GetDynamicClientConfiguration
Created dynamic_client_registration_template object from the client configuration.
client_id
cert1
client_secret
changeit
client_name
second-cert-client
2021-05-18 13:04:34 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "64hPpgP20SlHVqHHnsIyYNnDp3cEP1lKSUk_uSXoEUPa054Rm8tB37Ob8wlNr6gIDADgmzeCBpJK3hFNX5p-TcemsWxn_OonAO9Ra_Q_2w5m3ZKEorJNdOXwlb5_hKNzCOWLi90SFILYI0dg5VMPtXUT4zKeLjLn476nxhr5b9s",
      "kty": "RSA",
      "q": "wXNpl5joDc1GMF4xMDnVT6Kk-2K1eyzG8Qf2o1K8ZZU9U0yyuVkSd2JQ49gji6YW6tQbntONhnpBjQ-7y5BXfPM429Ir5HxEjK565NYlWtfTd8ax91RRnqwwW1Z3F8WF96OgoKRZhulqnC-WBaD-_yhWco-xNwrM2sL1SgRC9Cs",
      "d": "a9G6PQpCDxvSbZp2ifmZYjbxz9ZhDCZo8XD6H6jzXncCkPvDR5oZMRr4zxhX2OlYjOT0gzuNCvOO2jSo9PUkvBq4ySr7N9xNtbBael1BuX3mzM6ha2DdXjLwpwIoatoBjGTj7EnywzWS9wg1NjI7DBDG63RjCC5pNb4rK6wdJeHg_fP_YB8sucaxXPDgFe6ih6fvize-JeMJgFEP6Arjj4tJY5UBN3ZNdQZ41kH7dUeFfBEWaxNmIc2jmEB5W1_VdEJM26m73AsKZPh43vPBZx2z82pMdRw_e7iKaPTkXgG__jy7vsfhffZK6FHW9IwXO6wtyYKMGCPXlRcqI8txFQ",
      "e": "AQAB",
      "use": "sig",
      "qi": "zMqx017nSkPNkUirLLtA40VUh1ATQt3YrmXWFaMYRib7ZBbBtSneM1GtrY_YWmwRLXXpY9ojFvIf4rjoPZYRYk_-8SbMpMt4bdfh_AT9gdYevpvXxFzsiRDfOu9-fEFNTKh1juG_yrjl37RTvMEf5p2SdM9F9znKq7FsOypoZUI",
      "dp": "GYUqhCV3z8_2L9fVpkkKZl4SCgomRqrpFqm-ItSNoZlFk5pT9BqA57kxU5MVfMvrG0nZDFhmWUnunMMpLAu0Vb8lO6IwXkIMudg0bUsIxDZ6RNXEU1CYfesQN1ltvbRsGXGtvhjVBa3rt17bi92FHTczUXHBm-XeJFobGacAkfM",
      "alg": "RS256",
      "dq": "vbO6yXGlpds1yDqmC7-64YQCO45ZnzeSw0xm3VRF8Wu_Ho-o979UL4RXBIewm8I82P01NLQKJeR_oZ_bLc0XLi2pBU99wWrnIfn8A6nIKeRZuCw92udxvqLmLLuGv-Xv8J8h5kYkkPsWk6DKgiyVwovA8kjcpLhPmPrz5Sh2q88",
      "n": "sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"
    }
  ]
}
2021-05-18 13:04:34 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-18 13:04:34 SUCCESS
CreateDynamicRegistrationRequest
Created dynamic registration request
client_name
second-cert-client ikzGStnHUkDorsS
2021-05-18 13:04:34
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2021-05-18 13:04:34
AddImplicitGrantTypeToDynamicRegistrationRequest
Added 'implicit' to 'grant_types'
grant_types
[
  "authorization_code",
  "implicit"
]
2021-05-18 13:04:34
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client ikzGStnHUkDorsS",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"
      }
    ]
  }
}
2021-05-18 13:04:34
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client ikzGStnHUkDorsS",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic"
}
2021-05-18 13:04:34
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client ikzGStnHUkDorsS",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ]
}
2021-05-18 13:04:34
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client ikzGStnHUkDorsS",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ]
}
2021-05-18 13:04:34
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client ikzGStnHUkDorsS",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2021-05-18 13:04:34
AddRefreshTokenGrantTypeToDynamicRegistrationRequest
Added 'refresh_token' to 'grant_types'
grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2021-05-18 13:04:34
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/register
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "734"
}
request_body
{"client_name":"second-cert-client ikzGStnHUkDorsS","grant_types":["authorization_code","implicit","refresh_token"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"}]},"token_endpoint_auth_method":"client_secret_basic","response_types":["code token"],"redirect_uris":["https://www.certification.openid.net/test/a/3_0_1/callback"],"contacts":["certification@oidf.org"]}
2021-05-18 13:04:35 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "date": "Tue, 18 May 2021 13:04:35 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1059",
  "set-cookie": "JSESSIONID\u003dnode0pk84go368z0y2hyg2u7e9lj2264.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"grant_types":["implicit","refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_a78702432425e376b504d8c5652eb9c1","client_secret_expires_at":1652879075,"scope":"openid profile email address phone offline_access","client_id_issued_at":1621343075,"client_secret":"_6e7905bcce41066bf380443556f4f164","client_name":"second-cert-client ikzGStnHUkDorsS","contacts":["certification@oidf.org"],"response_types":["code token"],"id_token_signed_response_alg":"RS256"}
2021-05-18 13:04:35
CallDynamicRegistrationEndpoint
Registration endpoint response
dynamic_registration_response
{"grant_types":["implicit","refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_a78702432425e376b504d8c5652eb9c1","client_secret_expires_at":1652879075,"scope":"openid profile email address phone offline_access","client_id_issued_at":1621343075,"client_secret":"_6e7905bcce41066bf380443556f4f164","client_name":"second-cert-client ikzGStnHUkDorsS","contacts":["certification@oidf.org"],"response_types":["code token"],"id_token_signed_response_alg":"RS256"}
2021-05-18 13:04:35
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
grant_types
[
  "implicit",
  "refresh_token",
  "authorization_code"
]
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "sfvzblNRXaIwR8mAL8TnkQqez7KgluJnQrF27aLRNuv42vhZAcGgDvyWnhQf3Lkf1hiuDRCAskihmnANKi2mueyE73V4J51aR_z1IGM5uQC-URbB1TzEJfF1VmrlAgVhYHlvPtmLE2ehUYuIv-UUkLJMkUK1s3gbUMkWKVQOvZcbAgKxue4CpamxqKiKoDmnLTis-0pMs7cd4GKnxH9sWME8feyA6lF--fCDkxhzdTDCe5qfmnlXa68MQYdbfTmaPXeRnbfdY0rHoYSSZ14w1IjhHS6hgIDdL74AWrwbyYJpyissnK5QxWSPuebTKXfa248wfiyV5asYisZYiPiFyQ"
    }
  ]
}
subject_type
public
application_type
web
redirect_uris
[
  "https://www.certification.openid.net/test/a/3_0_1/callback"
]
token_endpoint_auth_method
client_secret_basic
client_id
_a78702432425e376b504d8c5652eb9c1
client_secret_expires_at
1652879075
scope
openid profile email address phone offline_access
client_id_issued_at
1621343075
client_secret
_6e7905bcce41066bf380443556f4f164
client_name
second-cert-client ikzGStnHUkDorsS
contacts
[
  "certification@oidf.org"
]
response_types
[
  "code token"
]
id_token_signed_response_alg
RS256
2021-05-18 13:04:35
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2021-05-18 13:04:35
SetScopeInClientConfigurationToOpenIdOfflineAccessIfServerSupportsOfflineAccess
Set scope in client configuration to "openid offline_access"as 'scope_supported' contains 'offline_access'
scope
openid offline_access
2021-05-18 13:04:35 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
Contents of 'token_endpoint_auth_methods_supported' in discovery document matches expectations.
actual
[
  "client_secret_basic",
  "client_secret_post",
  "client_secret_jwt",
  "private_key_jwt"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2021-05-18 13:04:35 SUCCESS
GetDynamicClient2Configuration
Found a dynamic_client_registration_template object
client_id
cert2
client_secret
changeit
client_name
third-cert-client
2021-05-18 13:04:35 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "4Sb3KBJCelbHIZ5YYF70EOWGECnpSqCofdN1UKxfrcTA8d0z3AD47w8dyLDq8mqUWdTBDkOaH8r_ewy5w_sQ_C_Onu5evn-KuCRYhbGRyIXaa9S41o7Dsr-rCRw3QGMugn9TNmP7H2mvYW7LSN1L-8a_20BTxbEtEuG3BSsJeXM",
      "kty": "RSA",
      "q": "nRRfGgjrNw_YytMCAa06aqJjWAtNUydqgkMvC9eaDjjTjh9WnLKIJB1WPGkQtXkYtgAAaMFCGhP3jD2f5-I9JrtXodv_-ipJBDoCRJknW-1lzOxoeRGZBw15hm8_QGGF0VDKZn0ehneqUDiYGq5lbuhzgtsZUPlj8IwUH7F_9sk",
      "d": "gOmK-NPjwUF48F3E1xkA5yWIMImd1xfTOg25qivYK9AOQGlrFGVng5Hm-0ChbdDLFHKX3j7U1DBLrUpmwMjEL8c6W90bK6IztJGA-6saU3vsysB1x5_0ub4F0rx3dp-1OuqdxYLbeTPhgKRnyJUnUUMtLXho2o7Otr0Zv8u5P9t_cvGkJTUW-_hILL-9W3pDNiqXnIDXvOY9k5osDbSM7D0sATpw6n0VefRCq5sHWl8U1aKmgGbIlzwCL0_5uFuskdn119z18K4UKx2pgqELGyhBj3AHG32UCCi1ie_stxiwjs24FKFxQmuXjlpTfVioZikFGGIBqAkWfuswN_QoIQ",
      "e": "AQAB",
      "use": "sig",
      "qi": "CvwHfneUkpVxJCOXcJdE3BHj6_92GHsyq44BSgGdCjYDe3CtbRz4Rg4ztqLZUlwr1kJgRzCb1btfhyGaT_2qhGoipci6ocHtICzMnfDz7dgjvtBsiL5nJp21ZL5K-qcq_YDf-SmlUmIJd0vr09m945u_sXski-ymRQ1wMI7YC7A",
      "dp": "ba6DvJuYkuxvOWtf9iKLlyeY9YrVQSueqR04C0LNoWM18x0lREmc-yhMBBZbfhh5iIFiQsaf8Fj9uD3syRInphLL_xR0RyzusOHT1d04_YxnaRxJpwwJPaytb1S1fcJTR_Mq4FY4YYckjrxgf3B-sXqSwAZISQgUwxv-AqCCjw0",
      "alg": "RS256",
      "dq": "KUj2afhYIiO3Hi_xghFOnkJKDBUEYMumUdBoqBslsYE8EUmpUQwXfi57wOr4akoGtacwdFf_EK2YzbJQufibi_eHY9JX6B9_C25XtEHwt1eg_whPuSpn5xOikjPhEwHO0yIB4IgYIs2G5QjK6ZBWtpy_52_AqqixnMKkc2QKtwk",
      "n": "iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"
    }
  ]
}
2021-05-18 13:04:35 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-18 13:04:35 SUCCESS
CreateDynamicRegistrationRequest
Created dynamic registration request
client_name
third-cert-client ikzGStnHUkDorsS
2021-05-18 13:04:35
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2021-05-18 13:04:35
AddImplicitGrantTypeToDynamicRegistrationRequest
Added 'implicit' to 'grant_types'
grant_types
[
  "authorization_code",
  "implicit"
]
2021-05-18 13:04:35
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client ikzGStnHUkDorsS",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"
      }
    ]
  }
}
2021-05-18 13:04:35
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client ikzGStnHUkDorsS",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic"
}
2021-05-18 13:04:35
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client ikzGStnHUkDorsS",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ]
}
2021-05-18 13:04:35
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client ikzGStnHUkDorsS",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ]
}
2021-05-18 13:04:35
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client ikzGStnHUkDorsS",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2021-05-18 13:04:35
AddRefreshTokenGrantTypeToDynamicRegistrationRequest
Added 'refresh_token' to 'grant_types'
grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2021-05-18 13:04:35
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/register
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "733"
}
request_body
{"client_name":"third-cert-client ikzGStnHUkDorsS","grant_types":["authorization_code","implicit","refresh_token"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"}]},"token_endpoint_auth_method":"client_secret_basic","response_types":["code token"],"redirect_uris":["https://www.certification.openid.net/test/a/3_0_1/callback"],"contacts":["certification@oidf.org"]}
2021-05-18 13:04:36 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "date": "Tue, 18 May 2021 13:04:36 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1058",
  "set-cookie": "JSESSIONID\u003dnode0h5i7e2qfmula1ew2zr4zfvkey265.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"grant_types":["implicit","refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_df883bcd6eb665a67362e1cfdeaace76","client_secret_expires_at":1652879076,"scope":"openid profile email address phone offline_access","client_id_issued_at":1621343076,"client_secret":"_c16af2482321f7ee7d5c5d16c5f2c24b","client_name":"third-cert-client ikzGStnHUkDorsS","contacts":["certification@oidf.org"],"response_types":["code token"],"id_token_signed_response_alg":"RS256"}
2021-05-18 13:04:36
CallDynamicRegistrationEndpoint
Registration endpoint response
dynamic_registration_response
{"grant_types":["implicit","refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_df883bcd6eb665a67362e1cfdeaace76","client_secret_expires_at":1652879076,"scope":"openid profile email address phone offline_access","client_id_issued_at":1621343076,"client_secret":"_c16af2482321f7ee7d5c5d16c5f2c24b","client_name":"third-cert-client ikzGStnHUkDorsS","contacts":["certification@oidf.org"],"response_types":["code token"],"id_token_signed_response_alg":"RS256"}
2021-05-18 13:04:36
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
grant_types
[
  "implicit",
  "refresh_token",
  "authorization_code"
]
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "iibQQz3ZQfy-df5uWcJDOvFe7O1U0qMvmruJ2X5jx5rnmMBX3dfQA5bawaZaKcmAAmbHnbQkncoIE9nfaV0Lpe2j3goo8ZSMC_o6x0tzgb0Bhs7IDFkZe-nLea8u1ti93IR8et_ldcVBJaiC3P_S4iV8EmiycWjrLz6AVZ8R34Y_9d48xsyXfjb8WJqqf4zkPJxDgh1oiFgZVrKPM3HhKrlUq3trLw3nwlu1mPbrzZELdrdAU7262tK7avHAD1PEN6hkFDvd2gbLLyaf_wgRJyK0Ng5XeCC2CoPRzlBC03IPJCQsCfA0YFhWaYh8Yos0V9mWl7NsqI1F8EICqDHdSw"
    }
  ]
}
subject_type
public
application_type
web
redirect_uris
[
  "https://www.certification.openid.net/test/a/3_0_1/callback"
]
token_endpoint_auth_method
client_secret_basic
client_id
_df883bcd6eb665a67362e1cfdeaace76
client_secret_expires_at
1652879076
scope
openid profile email address phone offline_access
client_id_issued_at
1621343076
client_secret
_c16af2482321f7ee7d5c5d16c5f2c24b
client_name
third-cert-client ikzGStnHUkDorsS
contacts
[
  "certification@oidf.org"
]
response_types
[
  "code token"
]
id_token_signed_response_alg
RS256
2021-05-18 13:04:36
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2021-05-18 13:04:36
SetScopeInClientConfigurationToOpenIdOfflineAccessIfServerSupportsOfflineAccess
Set scope in client configuration to "openid offline_access"as 'scope_supported' contains 'offline_access'
scope
openid offline_access
2021-05-18 13:04:36 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
Contents of 'token_endpoint_auth_methods_supported' in discovery document matches expectations.
actual
[
  "client_secret_basic",
  "client_secret_post",
  "client_secret_jwt",
  "private_key_jwt"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2021-05-18 13:04:36 SUCCESS
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
protected_resource_url
https://testop.funet.fi/idp/profile/oidc/userinfo
2021-05-18 13:04:36
oidcc-refresh-token
Setup Done
Make request to authorization endpoint
2021-05-18 13:04:36 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
_a78702432425e376b504d8c5652eb9c1
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
2021-05-18 13:04:36
CreateRandomStateValue
Created state value
requested_state_length
10
state
W4kMGGpWnK
2021-05-18 13:04:36 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
_a78702432425e376b504d8c5652eb9c1
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
W4kMGGpWnK
2021-05-18 13:04:36
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
rHiBkql1qO
2021-05-18 13:04:36 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
_a78702432425e376b504d8c5652eb9c1
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
W4kMGGpWnK
nonce
rHiBkql1qO
2021-05-18 13:04:36 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
_a78702432425e376b504d8c5652eb9c1
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
W4kMGGpWnK
nonce
rHiBkql1qO
response_type
code token
2021-05-18 13:04:36
SetAuthorizationEndpointRequestResponseModeToFormPost
Added response_mode parameter to request
client_id
_a78702432425e376b504d8c5652eb9c1
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
W4kMGGpWnK
nonce
rHiBkql1qO
response_type
code token
response_mode
form_post
2021-05-18 13:04:36 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
client_id
_a78702432425e376b504d8c5652eb9c1
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
W4kMGGpWnK
nonce
rHiBkql1qO
response_type
code token
response_mode
form_post
prompt
consent
2021-05-18 13:04:36 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_a78702432425e376b504d8c5652eb9c1&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=W4kMGGpWnK&nonce=rHiBkql1qO&response_type=code%20token&response_mode=form_post&prompt=consent
2021-05-18 13:04:36 REDIRECT
oidcc-refresh-token
Redirecting to authorization endpoint
redirect_to
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_a78702432425e376b504d8c5652eb9c1&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=W4kMGGpWnK&nonce=rHiBkql1qO&response_type=code%20token&response_mode=form_post&prompt=consent
2021-05-18 13:04:41 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance ikzGStnHUkDorsS
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "upgrade-insecure-requests": "1",
  "origin": "https://testop.funet.fi",
  "content-type": "application/x-www-form-urlencoded",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "JSESSIONID\u003d0A69521AC4D32FBDC4BB3D5DFD6F6645",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "989",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
callback
incoming_body_form_params
{
  "code": "AAdzZWNyZXQxRzZNpV8m9HYUevGKgdmyEIXjlRyD_F5ySiumyxZBAUev5zwe7HxY2YmwCJxc44MyrAFdtlYJLiZYbj-fM72N83kAZLvt95WEy8QzZFBPFx0fjUO3FSv4p56ifNox6sNITThwE1zkb5gUPhYgyN4ckesvDZsYJ77mJdah6c91Y6ezPBj3th4t8VdWDvMgeOz3UmPa-XT8ZstrZF9oCU8a1N1nZ90qoL44Tm59WMNE2Iz4-L9AMK5ba6VZcMOy39NNNBzq-Kb0Tv_sht3huF-Mo-tbK8eaoqXkjDk5iESPMvizD03wC4_raHhCSKyz4kTgM5uBrhaIq_IKJSWvdMzyaENx1DffzR0d0174mDHHCDlEcawDZXjHlkZj77l_9MgbAFRxvuN0lWC-Fp4j0RrQ0qwJsvIo58RHKdw2luwF0GhnQi4_iib3Xe-CFsXOkM0H",
  "state": "W4kMGGpWnK",
  "access_token": "AAdzZWNyZXQx4Zv5qoFkpvmvb9wmxyT7JKb-_ZEfvLX5pCccxXr-vJYes93kC1k59yDU3icoNwTsskXxrfln4FqNasVhED4vTVYKDGdpNYZFqoZSnBEDIB__kOWwwtSgukDIkHMxOlCYZly_rbdSQlJ9XGrTTIq3F4wlMZP-zwxOyNTUmztlazy4gSlRCUE1dlfHBFrPbu8QuuZ6yuj5LqK_1nRbyANHwPvfMS962fOQulu16nGpRzAy9PMYYFQ4gk2CW-fQYK1EMas_kld0IAzKsnF_QH8teZU5aGISTzBiA5Je2pvf82e7ziTLNSMixZU3F99w6KQ056dg-8JcFLgvdJuY-876A76tuhluMni2kITt0EJUI-C4uFPsu7-w1PRQvZdiLkaPUeiFMb3moxZnlzuaS8I0T2ENZZ8eo3q3b4fGeVqswcWnghUtIVwkj9oMMXAkO7c0",
  "token_type": "Bearer",
  "expires_in": "600"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
code=AAdzZWNyZXQxRzZNpV8m9HYUevGKgdmyEIXjlRyD_F5ySiumyxZBAUev5zwe7HxY2YmwCJxc44MyrAFdtlYJLiZYbj-fM72N83kAZLvt95WEy8QzZFBPFx0fjUO3FSv4p56ifNox6sNITThwE1zkb5gUPhYgyN4ckesvDZsYJ77mJdah6c91Y6ezPBj3th4t8VdWDvMgeOz3UmPa-XT8ZstrZF9oCU8a1N1nZ90qoL44Tm59WMNE2Iz4-L9AMK5ba6VZcMOy39NNNBzq-Kb0Tv_sht3huF-Mo-tbK8eaoqXkjDk5iESPMvizD03wC4_raHhCSKyz4kTgM5uBrhaIq_IKJSWvdMzyaENx1DffzR0d0174mDHHCDlEcawDZXjHlkZj77l_9MgbAFRxvuN0lWC-Fp4j0RrQ0qwJsvIo58RHKdw2luwF0GhnQi4_iib3Xe-CFsXOkM0H&state=W4kMGGpWnK&access_token=AAdzZWNyZXQx4Zv5qoFkpvmvb9wmxyT7JKb-_ZEfvLX5pCccxXr-vJYes93kC1k59yDU3icoNwTsskXxrfln4FqNasVhED4vTVYKDGdpNYZFqoZSnBEDIB__kOWwwtSgukDIkHMxOlCYZly_rbdSQlJ9XGrTTIq3F4wlMZP-zwxOyNTUmztlazy4gSlRCUE1dlfHBFrPbu8QuuZ6yuj5LqK_1nRbyANHwPvfMS962fOQulu16nGpRzAy9PMYYFQ4gk2CW-fQYK1EMas_kld0IAzKsnF_QH8teZU5aGISTzBiA5Je2pvf82e7ziTLNSMixZU3F99w6KQ056dg-8JcFLgvdJuY-876A76tuhluMni2kITt0EJUI-C4uFPsu7-w1PRQvZdiLkaPUeiFMb3moxZnlzuaS8I0T2ENZZ8eo3q3b4fGeVqswcWnghUtIVwkj9oMMXAkO7c0&token_type=Bearer&expires_in=600
2021-05-18 13:04:41 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/p5mqJFlOZExvj2OXK359",
  "fullUrl": "https://www.certification.openid.net/test/a/3_0_1/implicit/p5mqJFlOZExvj2OXK359"
}
2021-05-18 13:04:41 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance ikzGStnHUkDorsS
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/3_0_1/implicit/p5mqJFlOZExvj2OXK359, returnUrl=/log-detail.html?log=ikzGStnHUkDorsS}]
outgoing_path
callback
2021-05-18 13:04:41 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance ikzGStnHUkDorsS
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/3_0_1/callback",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "__utma\u003d201319536.760360395.1526462956.1616416266.1620398155.50; __utmz\u003d201319536.1620398155.50.31.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d0A69521AC4D32FBDC4BB3D5DFD6F6645",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/p5mqJFlOZExvj2OXK359
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-05-18 13:04:41 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance ikzGStnHUkDorsS
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/p5mqJFlOZExvj2OXK359
2021-05-18 13:04:41 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2021-05-18 13:04:41 REDIRECT-IN
oidcc-refresh-token
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "upgrade-insecure-requests": "1",
  "origin": "https://testop.funet.fi",
  "content-type": "application/x-www-form-urlencoded",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "JSESSIONID\u003d0A69521AC4D32FBDC4BB3D5DFD6F6645",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "989",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
http_method
POST
url_fragment
{}
post_body
{
  "code": "AAdzZWNyZXQxRzZNpV8m9HYUevGKgdmyEIXjlRyD_F5ySiumyxZBAUev5zwe7HxY2YmwCJxc44MyrAFdtlYJLiZYbj-fM72N83kAZLvt95WEy8QzZFBPFx0fjUO3FSv4p56ifNox6sNITThwE1zkb5gUPhYgyN4ckesvDZsYJ77mJdah6c91Y6ezPBj3th4t8VdWDvMgeOz3UmPa-XT8ZstrZF9oCU8a1N1nZ90qoL44Tm59WMNE2Iz4-L9AMK5ba6VZcMOy39NNNBzq-Kb0Tv_sht3huF-Mo-tbK8eaoqXkjDk5iESPMvizD03wC4_raHhCSKyz4kTgM5uBrhaIq_IKJSWvdMzyaENx1DffzR0d0174mDHHCDlEcawDZXjHlkZj77l_9MgbAFRxvuN0lWC-Fp4j0RrQ0qwJsvIo58RHKdw2luwF0GhnQi4_iib3Xe-CFsXOkM0H",
  "state": "W4kMGGpWnK",
  "access_token": "AAdzZWNyZXQx4Zv5qoFkpvmvb9wmxyT7JKb-_ZEfvLX5pCccxXr-vJYes93kC1k59yDU3icoNwTsskXxrfln4FqNasVhED4vTVYKDGdpNYZFqoZSnBEDIB__kOWwwtSgukDIkHMxOlCYZly_rbdSQlJ9XGrTTIq3F4wlMZP-zwxOyNTUmztlazy4gSlRCUE1dlfHBFrPbu8QuuZ6yuj5LqK_1nRbyANHwPvfMS962fOQulu16nGpRzAy9PMYYFQ4gk2CW-fQYK1EMas_kld0IAzKsnF_QH8teZU5aGISTzBiA5Je2pvf82e7ziTLNSMixZU3F99w6KQ056dg-8JcFLgvdJuY-876A76tuhluMni2kITt0EJUI-C4uFPsu7-w1PRQvZdiLkaPUeiFMb3moxZnlzuaS8I0T2ENZZ8eo3q3b4fGeVqswcWnghUtIVwkj9oMMXAkO7c0",
  "token_type": "Bearer",
  "expires_in": "600"
}
Verify authorization endpoint response
2021-05-18 13:04:41 SUCCESS
CheckCallbackHttpMethodIsPost
HTTP method used at redirect_uri is 'POST'
2021-05-18 13:04:41 SUCCESS
CheckCallbackContentTypeIsFormUrlEncoded
content-type header to redirect_uri has the expected value
content_type
application/x-www-form-urlencoded
expected
application/x-www-form-urlencoded
2021-05-18 13:04:41 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2021-05-18 13:04:41 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2021-05-18 13:04:41 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2021-05-18 13:04:41
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
2021-05-18 13:04:41 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2021-05-18 13:04:41 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
W4kMGGpWnK
2021-05-18 13:04:41 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
AAdzZWNyZXQxRzZNpV8m9HYUevGKgdmyEIXjlRyD_F5ySiumyxZBAUev5zwe7HxY2YmwCJxc44MyrAFdtlYJLiZYbj-fM72N83kAZLvt95WEy8QzZFBPFx0fjUO3FSv4p56ifNox6sNITThwE1zkb5gUPhYgyN4ckesvDZsYJ77mJdah6c91Y6ezPBj3th4t8VdWDvMgeOz3UmPa-XT8ZstrZF9oCU8a1N1nZ90qoL44Tm59WMNE2Iz4-L9AMK5ba6VZcMOy39NNNBzq-Kb0Tv_sht3huF-Mo-tbK8eaoqXkjDk5iESPMvizD03wC4_raHhCSKyz4kTgM5uBrhaIq_IKJSWvdMzyaENx1DffzR0d0174mDHHCDlEcawDZXjHlkZj77l_9MgbAFRxvuN0lWC-Fp4j0RrQ0qwJsvIo58RHKdw2luwF0GhnQi4_iib3Xe-CFsXOkM0H
2021-05-18 13:04:41 SUCCESS
ExtractAccessTokenFromAuthorizationResponse
Extracted the access token
value
AAdzZWNyZXQx4Zv5qoFkpvmvb9wmxyT7JKb-_ZEfvLX5pCccxXr-vJYes93kC1k59yDU3icoNwTsskXxrfln4FqNasVhED4vTVYKDGdpNYZFqoZSnBEDIB__kOWwwtSgukDIkHMxOlCYZly_rbdSQlJ9XGrTTIq3F4wlMZP-zwxOyNTUmztlazy4gSlRCUE1dlfHBFrPbu8QuuZ6yuj5LqK_1nRbyANHwPvfMS962fOQulu16nGpRzAy9PMYYFQ4gk2CW-fQYK1EMas_kld0IAzKsnF_QH8teZU5aGISTzBiA5Je2pvf82e7ziTLNSMixZU3F99w6KQ056dg-8JcFLgvdJuY-876A76tuhluMni2kITt0EJUI-C4uFPsu7-w1PRQvZdiLkaPUeiFMb3moxZnlzuaS8I0T2ENZZ8eo3q3b4fGeVqswcWnghUtIVwkj9oMMXAkO7c0
type
Bearer
Userinfo endpoint tests
2021-05-18 13:04:41
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/userinfo
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer AAdzZWNyZXQx4Zv5qoFkpvmvb9wmxyT7JKb-_ZEfvLX5pCccxXr-vJYes93kC1k59yDU3icoNwTsskXxrfln4FqNasVhED4vTVYKDGdpNYZFqoZSnBEDIB__kOWwwtSgukDIkHMxOlCYZly_rbdSQlJ9XGrTTIq3F4wlMZP-zwxOyNTUmztlazy4gSlRCUE1dlfHBFrPbu8QuuZ6yuj5LqK_1nRbyANHwPvfMS962fOQulu16nGpRzAy9PMYYFQ4gk2CW-fQYK1EMas_kld0IAzKsnF_QH8teZU5aGISTzBiA5Je2pvf82e7ziTLNSMixZU3F99w6KQ056dg-8JcFLgvdJuY-876A76tuhluMni2kITt0EJUI-C4uFPsu7-w1PRQvZdiLkaPUeiFMb3moxZnlzuaS8I0T2ENZZ8eo3q3b4fGeVqswcWnghUtIVwkj9oMMXAkO7c0",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2021-05-18 13:04:42 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 13:04:41 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode0vw802ynwuz3jowjy5zg9qsaf266.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"sub":"teppo@funet.fi"}
2021-05-18 13:04:42 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "date": "Tue, 18 May 2021 13:04:41 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode0vw802ynwuz3jowjy5zg9qsaf266.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
status_code
{
  "code": 200
}
body
{"sub":"teppo@funet.fi"}
2021-05-18 13:04:42 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
AAdzZWNyZXQxRzZNpV8m9HYUevGKgdmyEIXjlRyD_F5ySiumyxZBAUev5zwe7HxY2YmwCJxc44MyrAFdtlYJLiZYbj-fM72N83kAZLvt95WEy8QzZFBPFx0fjUO3FSv4p56ifNox6sNITThwE1zkb5gUPhYgyN4ckesvDZsYJ77mJdah6c91Y6ezPBj3th4t8VdWDvMgeOz3UmPa-XT8ZstrZF9oCU8a1N1nZ90qoL44Tm59WMNE2Iz4-L9AMK5ba6VZcMOy39NNNBzq-Kb0Tv_sht3huF-Mo-tbK8eaoqXkjDk5iESPMvizD03wC4_raHhCSKyz4kTgM5uBrhaIq_IKJSWvdMzyaENx1DffzR0d0174mDHHCDlEcawDZXjHlkZj77l_9MgbAFRxvuN0lWC-Fp4j0RrQ0qwJsvIo58RHKdw2luwF0GhnQi4_iib3Xe-CFsXOkM0H
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
2021-05-18 13:04:42 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxOl82ZTc5MDViY2NlNDEwNjZiZjM4MDQ0MzU1NmY0ZjE2NA==
2021-05-18 13:04:42
CallTokenEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxOl82ZTc5MDViY2NlNDEwNjZiZjM4MDQ0MzU1NmY0ZjE2NA\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "581"
}
request_body
grant_type=authorization_code&code=AAdzZWNyZXQxRzZNpV8m9HYUevGKgdmyEIXjlRyD_F5ySiumyxZBAUev5zwe7HxY2YmwCJxc44MyrAFdtlYJLiZYbj-fM72N83kAZLvt95WEy8QzZFBPFx0fjUO3FSv4p56ifNox6sNITThwE1zkb5gUPhYgyN4ckesvDZsYJ77mJdah6c91Y6ezPBj3th4t8VdWDvMgeOz3UmPa-XT8ZstrZF9oCU8a1N1nZ90qoL44Tm59WMNE2Iz4-L9AMK5ba6VZcMOy39NNNBzq-Kb0Tv_sht3huF-Mo-tbK8eaoqXkjDk5iESPMvizD03wC4_raHhCSKyz4kTgM5uBrhaIq_IKJSWvdMzyaENx1DffzR0d0174mDHHCDlEcawDZXjHlkZj77l_9MgbAFRxvuN0lWC-Fp4j0RrQ0qwJsvIo58RHKdw2luwF0GhnQi4_iib3Xe-CFsXOkM0H&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2F3_0_1%2Fcallback
2021-05-18 13:04:42 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 13:04:42 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1887",
  "set-cookie": "JSESSIONID\u003dnode01mkfhm953mkum1yxna7h0oqzd267.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQx89MuFY-8LIayYO1d0TlzdtvkrU0vZyjTo-0I1Z9CvO38gbq7djUlfzzodMcPYKnhoPrqI0c0JwLzG9Vd_EjsaS8PX1LmteDNTRQFfK1HaPhRWh-XneXcv39v88rZnsc3yA9oJbIlfalR1DBX6Cdz8rh5wTDCKCFZH4fgoP1N_-zaKDxaVVH4YSb_QKqeJDUmm_SLJUodVFBe1-sLvXe3gmAWA9OM5OPllM_QsY8hudpta7CoDslycjolCD-2uA3Oed8MaNatI3lFyzVXGe6Bf9f1J3OKUCUPSO9c9M8G0tjLKoge7OSl6PcoVx7du7Jva20srD_JThLxKpftm_H-safOtDla8n4thafxInk_LSHW_g8ewqzsE46mOTAbaMOpcXB8iVK4lzPEt73_3fKI2PIDmEctMJhKhkLyvWpULDCmWDsGqTmkPVH_jb1VR5GENQ","refresh_token":"AAdzZWNyZXQxzz3GFTpHXvMGtEWyMrKoUeWkBddUGqqYB1ppuZsq2gCLhMn7kv9yFQwBRYAc6nIwID9yoxrYox6Mj9m4Tp0tWERAMinRZZH6Jcv9_sx6GYgmY904xA-RBmHI446W3PrI_XX1T8OwVKROeJqC7cjloOaoue8hzBgXhURWY0U1IrRwFi7r-ch6mn8yYWq8LjpZSooqtxW-NAa8KZng-htGy8I_vvPAqrgn_ttapwA-b4rLg2MmFGgi24lnjyqNTkhOEn7cN7wryaUKaORUQA5GdZslQ_Eh20TiKRcSrMv8wmyBAFs72Am49Bovwm3G-eOIAED7C2p9j8-oTV_zLbOGf7uA-RTa_k3olR0_5AhmrZeRf4KUW2yRCyixfAGQLy--T_3fR5UAmAEQUBOh2o1IFVGg5AMMv6-l_ZxYwv_6wQ-VpYGlFzZ5ur4pJ0z0utQ8cw","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiejF3b1BIQXBxNFpDaDZWWHZfZHpMUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2ODIsImlhdCI6MTYyMTM0MzA4Miwibm9uY2UiOiJySGlCa3FsMXFPIn0.No_I7obPwQC5x04kLRFTTsBSbCose_p93xJMeDFLMesNUIdVE_dYsm0O40wprqWtQsFh0MKWXVoohjWMeejnZ1Un5aQLfYHLdZTx8j2M-MbLlyJGLHac5-9-UtXMsAH-yKLU5GjSAGr6ZUWXr3kBUENK2leP8cY3GSrKxV9BErE-E9qGcNhn_r20SDbO_kubD-Sfodt6aRFMqhJsySQAm6KpjHbjErxoYLoynl7Z4SbXMmxdbYzdqwG2TJXmdfUhksWGhrcz6u-IWjmCEMdVXGrDMhdCTrRWgyNGUujURW4ZH-AHNa1isYgf3uXp0402ho9WzcSRNBXVxO80tJGPnweiMhi0XuayxK2wBimbz6G90_qpiqtwtTtIkVC4_ZvMLYRVzN4m58t2Pd9XjotjnmsUCqSrzqgoQvbfbzByEBfdSlKOjgc6eX_qTwFjntOvSClSqWCBnY6kl2YB40PRSyYzaDnMoPiwWxCbHQpcdLuOQSnCwMqp_Z5zSUuGELmY","token_type":"Bearer","expires_in":600}
2021-05-18 13:04:42
CallTokenEndpoint
Token endpoint response
token_endpoint_response
{"access_token":"AAdzZWNyZXQx89MuFY-8LIayYO1d0TlzdtvkrU0vZyjTo-0I1Z9CvO38gbq7djUlfzzodMcPYKnhoPrqI0c0JwLzG9Vd_EjsaS8PX1LmteDNTRQFfK1HaPhRWh-XneXcv39v88rZnsc3yA9oJbIlfalR1DBX6Cdz8rh5wTDCKCFZH4fgoP1N_-zaKDxaVVH4YSb_QKqeJDUmm_SLJUodVFBe1-sLvXe3gmAWA9OM5OPllM_QsY8hudpta7CoDslycjolCD-2uA3Oed8MaNatI3lFyzVXGe6Bf9f1J3OKUCUPSO9c9M8G0tjLKoge7OSl6PcoVx7du7Jva20srD_JThLxKpftm_H-safOtDla8n4thafxInk_LSHW_g8ewqzsE46mOTAbaMOpcXB8iVK4lzPEt73_3fKI2PIDmEctMJhKhkLyvWpULDCmWDsGqTmkPVH_jb1VR5GENQ","refresh_token":"AAdzZWNyZXQxzz3GFTpHXvMGtEWyMrKoUeWkBddUGqqYB1ppuZsq2gCLhMn7kv9yFQwBRYAc6nIwID9yoxrYox6Mj9m4Tp0tWERAMinRZZH6Jcv9_sx6GYgmY904xA-RBmHI446W3PrI_XX1T8OwVKROeJqC7cjloOaoue8hzBgXhURWY0U1IrRwFi7r-ch6mn8yYWq8LjpZSooqtxW-NAa8KZng-htGy8I_vvPAqrgn_ttapwA-b4rLg2MmFGgi24lnjyqNTkhOEn7cN7wryaUKaORUQA5GdZslQ_Eh20TiKRcSrMv8wmyBAFs72Am49Bovwm3G-eOIAED7C2p9j8-oTV_zLbOGf7uA-RTa_k3olR0_5AhmrZeRf4KUW2yRCyixfAGQLy--T_3fR5UAmAEQUBOh2o1IFVGg5AMMv6-l_ZxYwv_6wQ-VpYGlFzZ5ur4pJ0z0utQ8cw","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiejF3b1BIQXBxNFpDaDZWWHZfZHpMUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2ODIsImlhdCI6MTYyMTM0MzA4Miwibm9uY2UiOiJySGlCa3FsMXFPIn0.No_I7obPwQC5x04kLRFTTsBSbCose_p93xJMeDFLMesNUIdVE_dYsm0O40wprqWtQsFh0MKWXVoohjWMeejnZ1Un5aQLfYHLdZTx8j2M-MbLlyJGLHac5-9-UtXMsAH-yKLU5GjSAGr6ZUWXr3kBUENK2leP8cY3GSrKxV9BErE-E9qGcNhn_r20SDbO_kubD-Sfodt6aRFMqhJsySQAm6KpjHbjErxoYLoynl7Z4SbXMmxdbYzdqwG2TJXmdfUhksWGhrcz6u-IWjmCEMdVXGrDMhdCTrRWgyNGUujURW4ZH-AHNa1isYgf3uXp0402ho9WzcSRNBXVxO80tJGPnweiMhi0XuayxK2wBimbz6G90_qpiqtwtTtIkVC4_ZvMLYRVzN4m58t2Pd9XjotjnmsUCqSrzqgoQvbfbzByEBfdSlKOjgc6eX_qTwFjntOvSClSqWCBnY6kl2YB40PRSyYzaDnMoPiwWxCbHQpcdLuOQSnCwMqp_Z5zSUuGELmY","token_type":"Bearer","expires_in":600}
2021-05-18 13:04:42 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
AAdzZWNyZXQx89MuFY-8LIayYO1d0TlzdtvkrU0vZyjTo-0I1Z9CvO38gbq7djUlfzzodMcPYKnhoPrqI0c0JwLzG9Vd_EjsaS8PX1LmteDNTRQFfK1HaPhRWh-XneXcv39v88rZnsc3yA9oJbIlfalR1DBX6Cdz8rh5wTDCKCFZH4fgoP1N_-zaKDxaVVH4YSb_QKqeJDUmm_SLJUodVFBe1-sLvXe3gmAWA9OM5OPllM_QsY8hudpta7CoDslycjolCD-2uA3Oed8MaNatI3lFyzVXGe6Bf9f1J3OKUCUPSO9c9M8G0tjLKoge7OSl6PcoVx7du7Jva20srD_JThLxKpftm_H-safOtDla8n4thafxInk_LSHW_g8ewqzsE46mOTAbaMOpcXB8iVK4lzPEt73_3fKI2PIDmEctMJhKhkLyvWpULDCmWDsGqTmkPVH_jb1VR5GENQ
refresh_token
AAdzZWNyZXQxzz3GFTpHXvMGtEWyMrKoUeWkBddUGqqYB1ppuZsq2gCLhMn7kv9yFQwBRYAc6nIwID9yoxrYox6Mj9m4Tp0tWERAMinRZZH6Jcv9_sx6GYgmY904xA-RBmHI446W3PrI_XX1T8OwVKROeJqC7cjloOaoue8hzBgXhURWY0U1IrRwFi7r-ch6mn8yYWq8LjpZSooqtxW-NAa8KZng-htGy8I_vvPAqrgn_ttapwA-b4rLg2MmFGgi24lnjyqNTkhOEn7cN7wryaUKaORUQA5GdZslQ_Eh20TiKRcSrMv8wmyBAFs72Am49Bovwm3G-eOIAED7C2p9j8-oTV_zLbOGf7uA-RTa_k3olR0_5AhmrZeRf4KUW2yRCyixfAGQLy--T_3fR5UAmAEQUBOh2o1IFVGg5AMMv6-l_ZxYwv_6wQ-VpYGlFzZ5ur4pJ0z0utQ8cw
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiejF3b1BIQXBxNFpDaDZWWHZfZHpMUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2ODIsImlhdCI6MTYyMTM0MzA4Miwibm9uY2UiOiJySGlCa3FsMXFPIn0.No_I7obPwQC5x04kLRFTTsBSbCose_p93xJMeDFLMesNUIdVE_dYsm0O40wprqWtQsFh0MKWXVoohjWMeejnZ1Un5aQLfYHLdZTx8j2M-MbLlyJGLHac5-9-UtXMsAH-yKLU5GjSAGr6ZUWXr3kBUENK2leP8cY3GSrKxV9BErE-E9qGcNhn_r20SDbO_kubD-Sfodt6aRFMqhJsySQAm6KpjHbjErxoYLoynl7Z4SbXMmxdbYzdqwG2TJXmdfUhksWGhrcz6u-IWjmCEMdVXGrDMhdCTrRWgyNGUujURW4ZH-AHNa1isYgf3uXp0402ho9WzcSRNBXVxO80tJGPnweiMhi0XuayxK2wBimbz6G90_qpiqtwtTtIkVC4_ZvMLYRVzN4m58t2Pd9XjotjnmsUCqSrzqgoQvbfbzByEBfdSlKOjgc6eX_qTwFjntOvSClSqWCBnY6kl2YB40PRSyYzaDnMoPiwWxCbHQpcdLuOQSnCwMqp_Z5zSUuGELmY
token_type
Bearer
expires_in
600
2021-05-18 13:04:42 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-18 13:04:42 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
AAdzZWNyZXQx89MuFY-8LIayYO1d0TlzdtvkrU0vZyjTo-0I1Z9CvO38gbq7djUlfzzodMcPYKnhoPrqI0c0JwLzG9Vd_EjsaS8PX1LmteDNTRQFfK1HaPhRWh-XneXcv39v88rZnsc3yA9oJbIlfalR1DBX6Cdz8rh5wTDCKCFZH4fgoP1N_-zaKDxaVVH4YSb_QKqeJDUmm_SLJUodVFBe1-sLvXe3gmAWA9OM5OPllM_QsY8hudpta7CoDslycjolCD-2uA3Oed8MaNatI3lFyzVXGe6Bf9f1J3OKUCUPSO9c9M8G0tjLKoge7OSl6PcoVx7du7Jva20srD_JThLxKpftm_H-safOtDla8n4thafxInk_LSHW_g8ewqzsE46mOTAbaMOpcXB8iVK4lzPEt73_3fKI2PIDmEctMJhKhkLyvWpULDCmWDsGqTmkPVH_jb1VR5GENQ
2021-05-18 13:04:42 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQx89MuFY-8LIayYO1d0TlzdtvkrU0vZyjTo-0I1Z9CvO38gbq7djUlfzzodMcPYKnhoPrqI0c0JwLzG9Vd_EjsaS8PX1LmteDNTRQFfK1HaPhRWh-XneXcv39v88rZnsc3yA9oJbIlfalR1DBX6Cdz8rh5wTDCKCFZH4fgoP1N_-zaKDxaVVH4YSb_QKqeJDUmm_SLJUodVFBe1-sLvXe3gmAWA9OM5OPllM_QsY8hudpta7CoDslycjolCD-2uA3Oed8MaNatI3lFyzVXGe6Bf9f1J3OKUCUPSO9c9M8G0tjLKoge7OSl6PcoVx7du7Jva20srD_JThLxKpftm_H-safOtDla8n4thafxInk_LSHW_g8ewqzsE46mOTAbaMOpcXB8iVK4lzPEt73_3fKI2PIDmEctMJhKhkLyvWpULDCmWDsGqTmkPVH_jb1VR5GENQ
type
Bearer
2021-05-18 13:04:42 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-18 13:04:42 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-18 13:04:42 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
AAdzZWNyZXQxzz3GFTpHXvMGtEWyMrKoUeWkBddUGqqYB1ppuZsq2gCLhMn7kv9yFQwBRYAc6nIwID9yoxrYox6Mj9m4Tp0tWERAMinRZZH6Jcv9_sx6GYgmY904xA-RBmHI446W3PrI_XX1T8OwVKROeJqC7cjloOaoue8hzBgXhURWY0U1IrRwFi7r-ch6mn8yYWq8LjpZSooqtxW-NAa8KZng-htGy8I_vvPAqrgn_ttapwA-b4rLg2MmFGgi24lnjyqNTkhOEn7cN7wryaUKaORUQA5GdZslQ_Eh20TiKRcSrMv8wmyBAFs72Am49Bovwm3G-eOIAED7C2p9j8-oTV_zLbOGf7uA-RTa_k3olR0_5AhmrZeRf4KUW2yRCyixfAGQLy--T_3fR5UAmAEQUBOh2o1IFVGg5AMMv6-l_ZxYwv_6wQ-VpYGlFzZ5ur4pJ0z0utQ8cw
2021-05-18 13:04:42 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiejF3b1BIQXBxNFpDaDZWWHZfZHpMUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2ODIsImlhdCI6MTYyMTM0MzA4Miwibm9uY2UiOiJySGlCa3FsMXFPIn0.No_I7obPwQC5x04kLRFTTsBSbCose_p93xJMeDFLMesNUIdVE_dYsm0O40wprqWtQsFh0MKWXVoohjWMeejnZ1Un5aQLfYHLdZTx8j2M-MbLlyJGLHac5-9-UtXMsAH-yKLU5GjSAGr6ZUWXr3kBUENK2leP8cY3GSrKxV9BErE-E9qGcNhn_r20SDbO_kubD-Sfodt6aRFMqhJsySQAm6KpjHbjErxoYLoynl7Z4SbXMmxdbYzdqwG2TJXmdfUhksWGhrcz6u-IWjmCEMdVXGrDMhdCTrRWgyNGUujURW4ZH-AHNa1isYgf3uXp0402ho9WzcSRNBXVxO80tJGPnweiMhi0XuayxK2wBimbz6G90_qpiqtwtTtIkVC4_ZvMLYRVzN4m58t2Pd9XjotjnmsUCqSrzqgoQvbfbzByEBfdSlKOjgc6eX_qTwFjntOvSClSqWCBnY6kl2YB40PRSyYzaDnMoPiwWxCbHQpcdLuOQSnCwMqp_Z5zSUuGELmY
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "z1woPHApq4ZCh6VXv_dzLQ",
  "sub": "teppo@funet.fi",
  "aud": "_a78702432425e376b504d8c5652eb9c1",
  "acr": "password",
  "auth_time": 1621342875,
  "iss": "https://testop.funet.fi",
  "exp": 1621346682,
  "iat": 1621343082,
  "nonce": "rHiBkql1qO"
}
2021-05-18 13:04:42 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2021-05-18 13:04:42 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
rHiBkql1qO
2021-05-18 13:04:42 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2021-05-18 13:04:42 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiejF3b1BIQXBxNFpDaDZWWHZfZHpMUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2ODIsImlhdCI6MTYyMTM0MzA4Miwibm9uY2UiOiJySGlCa3FsMXFPIn0.No_I7obPwQC5x04kLRFTTsBSbCose_p93xJMeDFLMesNUIdVE_dYsm0O40wprqWtQsFh0MKWXVoohjWMeejnZ1Un5aQLfYHLdZTx8j2M-MbLlyJGLHac5-9-UtXMsAH-yKLU5GjSAGr6ZUWXr3kBUENK2leP8cY3GSrKxV9BErE-E9qGcNhn_r20SDbO_kubD-Sfodt6aRFMqhJsySQAm6KpjHbjErxoYLoynl7Z4SbXMmxdbYzdqwG2TJXmdfUhksWGhrcz6u-IWjmCEMdVXGrDMhdCTrRWgyNGUujURW4ZH-AHNa1isYgf3uXp0402ho9WzcSRNBXVxO80tJGPnweiMhi0XuayxK2wBimbz6G90_qpiqtwtTtIkVC4_ZvMLYRVzN4m58t2Pd9XjotjnmsUCqSrzqgoQvbfbzByEBfdSlKOjgc6eX_qTwFjntOvSClSqWCBnY6kl2YB40PRSyYzaDnMoPiwWxCbHQpcdLuOQSnCwMqp_Z5zSUuGELmY
2021-05-18 13:04:42 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiejF3b1BIQXBxNFpDaDZWWHZfZHpMUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2ODIsImlhdCI6MTYyMTM0MzA4Miwibm9uY2UiOiJySGlCa3FsMXFPIn0.No_I7obPwQC5x04kLRFTTsBSbCose_p93xJMeDFLMesNUIdVE_dYsm0O40wprqWtQsFh0MKWXVoohjWMeejnZ1Un5aQLfYHLdZTx8j2M-MbLlyJGLHac5-9-UtXMsAH-yKLU5GjSAGr6ZUWXr3kBUENK2leP8cY3GSrKxV9BErE-E9qGcNhn_r20SDbO_kubD-Sfodt6aRFMqhJsySQAm6KpjHbjErxoYLoynl7Z4SbXMmxdbYzdqwG2TJXmdfUhksWGhrcz6u-IWjmCEMdVXGrDMhdCTrRWgyNGUujURW4ZH-AHNa1isYgf3uXp0402ho9WzcSRNBXVxO80tJGPnweiMhi0XuayxK2wBimbz6G90_qpiqtwtTtIkVC4_ZvMLYRVzN4m58t2Pd9XjotjnmsUCqSrzqgoQvbfbzByEBfdSlKOjgc6eX_qTwFjntOvSClSqWCBnY6kl2YB40PRSyYzaDnMoPiwWxCbHQpcdLuOQSnCwMqp_Z5zSUuGELmY
2021-05-18 13:04:42 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
teppo@funet.fi
2021-05-18 13:04:42 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxzz3GFTpHXvMGtEWyMrKoUeWkBddUGqqYB1ppuZsq2gCLhMn7kv9yFQwBRYAc6nIwID9yoxrYox6Mj9m4Tp0tWERAMinRZZH6Jcv9_sx6GYgmY904xA-RBmHI446W3PrI_XX1T8OwVKROeJqC7cjloOaoue8hzBgXhURWY0U1IrRwFi7r-ch6mn8yYWq8LjpZSooqtxW-NAa8KZng-htGy8I_vvPAqrgn_ttapwA-b4rLg2MmFGgi24lnjyqNTkhOEn7cN7wryaUKaORUQA5GdZslQ_Eh20TiKRcSrMv8wmyBAFs72Am49Bovwm3G-eOIAED7C2p9j8-oTV_zLbOGf7uA-RTa_k3olR0_5AhmrZeRf4KUW2yRCyixfAGQLy--T_3fR5UAmAEQUBOh2o1IFVGg5AMMv6-l_ZxYwv_6wQ-VpYGlFzZ5ur4pJ0z0utQ8cw
2021-05-18 13:04:42 SUCCESS
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
supported_grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2021-05-18 13:04:42 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Refresh Token Request
2021-05-18 13:04:42 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxzz3GFTpHXvMGtEWyMrKoUeWkBddUGqqYB1ppuZsq2gCLhMn7kv9yFQwBRYAc6nIwID9yoxrYox6Mj9m4Tp0tWERAMinRZZH6Jcv9_sx6GYgmY904xA-RBmHI446W3PrI_XX1T8OwVKROeJqC7cjloOaoue8hzBgXhURWY0U1IrRwFi7r-ch6mn8yYWq8LjpZSooqtxW-NAa8KZng-htGy8I_vvPAqrgn_ttapwA-b4rLg2MmFGgi24lnjyqNTkhOEn7cN7wryaUKaORUQA5GdZslQ_Eh20TiKRcSrMv8wmyBAFs72Am49Bovwm3G-eOIAED7C2p9j8-oTV_zLbOGf7uA-RTa_k3olR0_5AhmrZeRf4KUW2yRCyixfAGQLy--T_3fR5UAmAEQUBOh2o1IFVGg5AMMv6-l_ZxYwv_6wQ-VpYGlFzZ5ur4pJ0z0utQ8cw
2021-05-18 13:04:42 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid offline_access' to token endpoint request
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxzz3GFTpHXvMGtEWyMrKoUeWkBddUGqqYB1ppuZsq2gCLhMn7kv9yFQwBRYAc6nIwID9yoxrYox6Mj9m4Tp0tWERAMinRZZH6Jcv9_sx6GYgmY904xA-RBmHI446W3PrI_XX1T8OwVKROeJqC7cjloOaoue8hzBgXhURWY0U1IrRwFi7r-ch6mn8yYWq8LjpZSooqtxW-NAa8KZng-htGy8I_vvPAqrgn_ttapwA-b4rLg2MmFGgi24lnjyqNTkhOEn7cN7wryaUKaORUQA5GdZslQ_Eh20TiKRcSrMv8wmyBAFs72Am49Bovwm3G-eOIAED7C2p9j8-oTV_zLbOGf7uA-RTa_k3olR0_5AhmrZeRf4KUW2yRCyixfAGQLy--T_3fR5UAmAEQUBOh2o1IFVGg5AMMv6-l_ZxYwv_6wQ-VpYGlFzZ5ur4pJ0z0utQ8cw
scope
openid offline_access
2021-05-18 13:04:42 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxOl82ZTc5MDViY2NlNDEwNjZiZjM4MDQ0MzU1NmY0ZjE2NA==
2021-05-18 13:04:42 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2021-05-18 13:04:43 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2021-05-18 13:04:43
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxOl82ZTc5MDViY2NlNDEwNjZiZjM4MDQ0MzU1NmY0ZjE2NA\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "529"
}
request_body
grant_type=refresh_token&refresh_token=AAdzZWNyZXQxzz3GFTpHXvMGtEWyMrKoUeWkBddUGqqYB1ppuZsq2gCLhMn7kv9yFQwBRYAc6nIwID9yoxrYox6Mj9m4Tp0tWERAMinRZZH6Jcv9_sx6GYgmY904xA-RBmHI446W3PrI_XX1T8OwVKROeJqC7cjloOaoue8hzBgXhURWY0U1IrRwFi7r-ch6mn8yYWq8LjpZSooqtxW-NAa8KZng-htGy8I_vvPAqrgn_ttapwA-b4rLg2MmFGgi24lnjyqNTkhOEn7cN7wryaUKaORUQA5GdZslQ_Eh20TiKRcSrMv8wmyBAFs72Am49Bovwm3G-eOIAED7C2p9j8-oTV_zLbOGf7uA-RTa_k3olR0_5AhmrZeRf4KUW2yRCyixfAGQLy--T_3fR5UAmAEQUBOh2o1IFVGg5AMMv6-l_ZxYwv_6wQ-VpYGlFzZ5ur4pJ0z0utQ8cw&scope=openid+offline_access
2021-05-18 13:04:44 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 13:04:44 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1883",
  "set-cookie": "JSESSIONID\u003dnode01f88gow13ln6b13tqz0u09ciad268.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQx2iGN-ZbUKdlu4KKDxi9Rxy0f73TGbS4vBZmtRRyih72bNixx8SzMFAUVXchsogcqJviUeov4KZxpkiTQJec0951lCIs6rS2fKP81b61ohoK7_hszwgOq9UhBTtjmeWNJ4ESxw-TZvajO8NumPEKuFpzMLUIWy1qvn5Mn8zM3H3bfbsft-C0TXyad4i-AYlZiiCvPdcIHn7wvyiqST4JwqHef71m2OaiKyVvBN3N2XwlPMHn2qomEd7gvTGwLIHpUseE8nVQ9eAVhuCstb7FOCrlwjp6M98j2rjgcd1d5yjPnr4vbIeM6cv-ssG4A9gobCEBN0Nit4C_0cHTSZy4C9oaxfH6W8FnC_yXx4jbS6bbKe9saYuaQjHXOGvWLp8cuKl_fE1h6OsfSYiG95PFrG7cvKtH45VoGzB_vZ1TON7x5sFv7pd75uCRsCViyNHaw","refresh_token":"AAdzZWNyZXQxH-05RaRvEAuO4rZt4IaRGKVJ5_jEdADWUkWHXyM9SCIGdSlJveaa3tB0PgpHtJbuswh8fnpTrL2Kc9PH5Zp0w2PR8OSGXALELRmKIwNwbnvYClBnbQHIkHRHuNdLr1XsSbdcwcXBIacf-8tnHUVdz-j7xdNM4gBXTEGu6sAEX_0jbhtXqHW-dUlL_n3dLcVLT0MHSWBFs9nMsqYS46MXa07sBGN7mhGm5_if1hcy7YbLKFY_l215v8iHb4jZzNvs-kF2epTHfSAj8zFEo_2b8AplWymLfL7rWZMNZ6glfOhXI5QNaZA2omPdeHn6IrRUTuYt2S7VVt495hzizJr07jzODL01iXeWqzdk_RZHmcyVayDbatAxgHLN3K2NRlNSeQdudEPLWpM_JbjdSrUrJ_L4S5ZpmlmaeriVJK8--qu1tDr1JBsaQv3dAo6fwyoN","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiNWQzQ1NuZ2NFMFNlUk5xTFVXVFFjUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2ODQsImlhdCI6MTYyMTM0MzA4NCwibm9uY2UiOiJySGlCa3FsMXFPIn0.EEFNBRwKSTrGC0kpjQBhBjoobp9IxPa-Be7rvRoLJ7B83Wenn1jW5EcNlStm0XesqtEo7u5ysql3EOhird4E07Eeas8AgHRXvIStOG3nY8zy4LK8ccH6NaTOWXckB055cXrTPFPndpZzWJ98YhkUe1YxpinZ4aDwK2mTzZlMQTPdtUiKXyCBo5HORY7u_ZNTKp10Mq-OwxLe9iMSY6gGVnX7r1if0oPguUuxeGQTTmAI2kolRTYwi4t7gT9gC2aaQK-4WvtJnPvMhZ1QJK1eXntr_IhUiTqIz3KZDrayaIh3wPYTiaO6kiQIKefaxQwLmtGbL_7gNWkM8J4nPcTQhodxYWQHfU0AJqEMPVb_osCD2v-qvvbrSvHPra8eMBiQArV3dQRvg8X6evdW90IqixoljGpxkEc-AfnnwsH8QJpZqvbW4U2MO8Ip6TQFwfajpharY1qbrLYxAlC0WfuHLEzE9WJdoFoL0s7c9Blq02BPCYeiuT-XjI15aY9nDRrB","token_type":"Bearer","expires_in":600}
2021-05-18 13:04:44 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
access_token
AAdzZWNyZXQx2iGN-ZbUKdlu4KKDxi9Rxy0f73TGbS4vBZmtRRyih72bNixx8SzMFAUVXchsogcqJviUeov4KZxpkiTQJec0951lCIs6rS2fKP81b61ohoK7_hszwgOq9UhBTtjmeWNJ4ESxw-TZvajO8NumPEKuFpzMLUIWy1qvn5Mn8zM3H3bfbsft-C0TXyad4i-AYlZiiCvPdcIHn7wvyiqST4JwqHef71m2OaiKyVvBN3N2XwlPMHn2qomEd7gvTGwLIHpUseE8nVQ9eAVhuCstb7FOCrlwjp6M98j2rjgcd1d5yjPnr4vbIeM6cv-ssG4A9gobCEBN0Nit4C_0cHTSZy4C9oaxfH6W8FnC_yXx4jbS6bbKe9saYuaQjHXOGvWLp8cuKl_fE1h6OsfSYiG95PFrG7cvKtH45VoGzB_vZ1TON7x5sFv7pd75uCRsCViyNHaw
refresh_token
AAdzZWNyZXQxH-05RaRvEAuO4rZt4IaRGKVJ5_jEdADWUkWHXyM9SCIGdSlJveaa3tB0PgpHtJbuswh8fnpTrL2Kc9PH5Zp0w2PR8OSGXALELRmKIwNwbnvYClBnbQHIkHRHuNdLr1XsSbdcwcXBIacf-8tnHUVdz-j7xdNM4gBXTEGu6sAEX_0jbhtXqHW-dUlL_n3dLcVLT0MHSWBFs9nMsqYS46MXa07sBGN7mhGm5_if1hcy7YbLKFY_l215v8iHb4jZzNvs-kF2epTHfSAj8zFEo_2b8AplWymLfL7rWZMNZ6glfOhXI5QNaZA2omPdeHn6IrRUTuYt2S7VVt495hzizJr07jzODL01iXeWqzdk_RZHmcyVayDbatAxgHLN3K2NRlNSeQdudEPLWpM_JbjdSrUrJ_L4S5ZpmlmaeriVJK8--qu1tDr1JBsaQv3dAo6fwyoN
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiNWQzQ1NuZ2NFMFNlUk5xTFVXVFFjUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2ODQsImlhdCI6MTYyMTM0MzA4NCwibm9uY2UiOiJySGlCa3FsMXFPIn0.EEFNBRwKSTrGC0kpjQBhBjoobp9IxPa-Be7rvRoLJ7B83Wenn1jW5EcNlStm0XesqtEo7u5ysql3EOhird4E07Eeas8AgHRXvIStOG3nY8zy4LK8ccH6NaTOWXckB055cXrTPFPndpZzWJ98YhkUe1YxpinZ4aDwK2mTzZlMQTPdtUiKXyCBo5HORY7u_ZNTKp10Mq-OwxLe9iMSY6gGVnX7r1if0oPguUuxeGQTTmAI2kolRTYwi4t7gT9gC2aaQK-4WvtJnPvMhZ1QJK1eXntr_IhUiTqIz3KZDrayaIh3wPYTiaO6kiQIKefaxQwLmtGbL_7gNWkM8J4nPcTQhodxYWQHfU0AJqEMPVb_osCD2v-qvvbrSvHPra8eMBiQArV3dQRvg8X6evdW90IqixoljGpxkEc-AfnnwsH8QJpZqvbW4U2MO8Ip6TQFwfajpharY1qbrLYxAlC0WfuHLEzE9WJdoFoL0s7c9Blq02BPCYeiuT-XjI15aY9nDRrB
token_type
Bearer
expires_in
600
2021-05-18 13:04:44 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2021-05-18 13:04:44 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2021-05-18 13:04:44 SUCCESS
CheckTokenEndpointCacheHeaders
'pragma' and 'cache-control' headers in token endpoint response contain expected values.
cache_control_header
[
  "no-store",
  "no-store"
]
pragma_header
no-cache
2021-05-18 13:04:44 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-18 13:04:44 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQx2iGN-ZbUKdlu4KKDxi9Rxy0f73TGbS4vBZmtRRyih72bNixx8SzMFAUVXchsogcqJviUeov4KZxpkiTQJec0951lCIs6rS2fKP81b61ohoK7_hszwgOq9UhBTtjmeWNJ4ESxw-TZvajO8NumPEKuFpzMLUIWy1qvn5Mn8zM3H3bfbsft-C0TXyad4i-AYlZiiCvPdcIHn7wvyiqST4JwqHef71m2OaiKyVvBN3N2XwlPMHn2qomEd7gvTGwLIHpUseE8nVQ9eAVhuCstb7FOCrlwjp6M98j2rjgcd1d5yjPnr4vbIeM6cv-ssG4A9gobCEBN0Nit4C_0cHTSZy4C9oaxfH6W8FnC_yXx4jbS6bbKe9saYuaQjHXOGvWLp8cuKl_fE1h6OsfSYiG95PFrG7cvKtH45VoGzB_vZ1TON7x5sFv7pd75uCRsCViyNHaw
type
Bearer
2021-05-18 13:04:44 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2021-05-18 13:04:44 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
2708.158645174986
expected
96.0
2021-05-18 13:04:44 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2021-05-18 13:04:44 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-18 13:04:44 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-18 13:04:44 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
AAdzZWNyZXQx89MuFY-8LIayYO1d0TlzdtvkrU0vZyjTo-0I1Z9CvO38gbq7djUlfzzodMcPYKnhoPrqI0c0JwLzG9Vd_EjsaS8PX1LmteDNTRQFfK1HaPhRWh-XneXcv39v88rZnsc3yA9oJbIlfalR1DBX6Cdz8rh5wTDCKCFZH4fgoP1N_-zaKDxaVVH4YSb_QKqeJDUmm_SLJUodVFBe1-sLvXe3gmAWA9OM5OPllM_QsY8hudpta7CoDslycjolCD-2uA3Oed8MaNatI3lFyzVXGe6Bf9f1J3OKUCUPSO9c9M8G0tjLKoge7OSl6PcoVx7du7Jva20srD_JThLxKpftm_H-safOtDla8n4thafxInk_LSHW_g8ewqzsE46mOTAbaMOpcXB8iVK4lzPEt73_3fKI2PIDmEctMJhKhkLyvWpULDCmWDsGqTmkPVH_jb1VR5GENQ
second_access_token
AAdzZWNyZXQx2iGN-ZbUKdlu4KKDxi9Rxy0f73TGbS4vBZmtRRyih72bNixx8SzMFAUVXchsogcqJviUeov4KZxpkiTQJec0951lCIs6rS2fKP81b61ohoK7_hszwgOq9UhBTtjmeWNJ4ESxw-TZvajO8NumPEKuFpzMLUIWy1qvn5Mn8zM3H3bfbsft-C0TXyad4i-AYlZiiCvPdcIHn7wvyiqST4JwqHef71m2OaiKyVvBN3N2XwlPMHn2qomEd7gvTGwLIHpUseE8nVQ9eAVhuCstb7FOCrlwjp6M98j2rjgcd1d5yjPnr4vbIeM6cv-ssG4A9gobCEBN0Nit4C_0cHTSZy4C9oaxfH6W8FnC_yXx4jbS6bbKe9saYuaQjHXOGvWLp8cuKl_fE1h6OsfSYiG95PFrG7cvKtH45VoGzB_vZ1TON7x5sFv7pd75uCRsCViyNHaw
2021-05-18 13:04:44 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiNWQzQ1NuZ2NFMFNlUk5xTFVXVFFjUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2ODQsImlhdCI6MTYyMTM0MzA4NCwibm9uY2UiOiJySGlCa3FsMXFPIn0.EEFNBRwKSTrGC0kpjQBhBjoobp9IxPa-Be7rvRoLJ7B83Wenn1jW5EcNlStm0XesqtEo7u5ysql3EOhird4E07Eeas8AgHRXvIStOG3nY8zy4LK8ccH6NaTOWXckB055cXrTPFPndpZzWJ98YhkUe1YxpinZ4aDwK2mTzZlMQTPdtUiKXyCBo5HORY7u_ZNTKp10Mq-OwxLe9iMSY6gGVnX7r1if0oPguUuxeGQTTmAI2kolRTYwi4t7gT9gC2aaQK-4WvtJnPvMhZ1QJK1eXntr_IhUiTqIz3KZDrayaIh3wPYTiaO6kiQIKefaxQwLmtGbL_7gNWkM8J4nPcTQhodxYWQHfU0AJqEMPVb_osCD2v-qvvbrSvHPra8eMBiQArV3dQRvg8X6evdW90IqixoljGpxkEc-AfnnwsH8QJpZqvbW4U2MO8Ip6TQFwfajpharY1qbrLYxAlC0WfuHLEzE9WJdoFoL0s7c9Blq02BPCYeiuT-XjI15aY9nDRrB
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "5d3CSngcE0SeRNqLUWTQcQ",
  "sub": "teppo@funet.fi",
  "aud": "_a78702432425e376b504d8c5652eb9c1",
  "acr": "password",
  "auth_time": 1621342875,
  "iss": "https://testop.funet.fi",
  "exp": 1621346684,
  "iat": 1621343084,
  "nonce": "rHiBkql1qO"
}
2021-05-18 13:04:44 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxH-05RaRvEAuO4rZt4IaRGKVJ5_jEdADWUkWHXyM9SCIGdSlJveaa3tB0PgpHtJbuswh8fnpTrL2Kc9PH5Zp0w2PR8OSGXALELRmKIwNwbnvYClBnbQHIkHRHuNdLr1XsSbdcwcXBIacf-8tnHUVdz-j7xdNM4gBXTEGu6sAEX_0jbhtXqHW-dUlL_n3dLcVLT0MHSWBFs9nMsqYS46MXa07sBGN7mhGm5_if1hcy7YbLKFY_l215v8iHb4jZzNvs-kF2epTHfSAj8zFEo_2b8AplWymLfL7rWZMNZ6glfOhXI5QNaZA2omPdeHn6IrRUTuYt2S7VVt495hzizJr07jzODL01iXeWqzdk_RZHmcyVayDbatAxgHLN3K2NRlNSeQdudEPLWpM_JbjdSrUrJ_L4S5ZpmlmaeriVJK8--qu1tDr1JBsaQv3dAo6fwyoN
2021-05-18 13:04:44 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
3680
required
128
2021-05-18 13:04:44 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
2714.391505406152
expected
96.0
2021-05-18 13:04:44 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://testop.funet.fi",
  "second": "https://testop.funet.fi",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "teppo@funet.fi",
  "second": "teppo@funet.fi",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1621343082,
  "second": 1621343084,
  "note": "Values are expected to be different"
}
aud
{
  "first": "_a78702432425e376b504d8c5652eb9c1",
  "second": "_a78702432425e376b504d8c5652eb9c1",
  "note": "Values are expected to be equal"
}
auth_time
{
  "first": 1621342875,
  "second": 1621342875,
  "note": "Values are expected to be equal"
}
azp
Id tokens do not contain azp claims
Userinfo endpoint tests
2021-05-18 13:04:44
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/userinfo
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer AAdzZWNyZXQx2iGN-ZbUKdlu4KKDxi9Rxy0f73TGbS4vBZmtRRyih72bNixx8SzMFAUVXchsogcqJviUeov4KZxpkiTQJec0951lCIs6rS2fKP81b61ohoK7_hszwgOq9UhBTtjmeWNJ4ESxw-TZvajO8NumPEKuFpzMLUIWy1qvn5Mn8zM3H3bfbsft-C0TXyad4i-AYlZiiCvPdcIHn7wvyiqST4JwqHef71m2OaiKyVvBN3N2XwlPMHn2qomEd7gvTGwLIHpUseE8nVQ9eAVhuCstb7FOCrlwjp6M98j2rjgcd1d5yjPnr4vbIeM6cv-ssG4A9gobCEBN0Nit4C_0cHTSZy4C9oaxfH6W8FnC_yXx4jbS6bbKe9saYuaQjHXOGvWLp8cuKl_fE1h6OsfSYiG95PFrG7cvKtH45VoGzB_vZ1TON7x5sFv7pd75uCRsCViyNHaw",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2021-05-18 13:04:44 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 13:04:44 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode01ewwp3f99rzgxz563222qnxpv269.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"sub":"teppo@funet.fi"}
2021-05-18 13:04:44 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "date": "Tue, 18 May 2021 13:04:44 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode01ewwp3f99rzgxz563222qnxpv269.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
status_code
{
  "code": 200
}
body
{"sub":"teppo@funet.fi"}
Second client: Make request to authorization endpoint
2021-05-18 13:04:44 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
_df883bcd6eb665a67362e1cfdeaace76
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
2021-05-18 13:04:44
CreateRandomStateValue
Created state value
requested_state_length
10
state
z05a87LWLY
2021-05-18 13:04:44 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
_df883bcd6eb665a67362e1cfdeaace76
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
z05a87LWLY
2021-05-18 13:04:44
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
lZaOpRDVPq
2021-05-18 13:04:44 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
_df883bcd6eb665a67362e1cfdeaace76
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
z05a87LWLY
nonce
lZaOpRDVPq
2021-05-18 13:04:44 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
_df883bcd6eb665a67362e1cfdeaace76
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
z05a87LWLY
nonce
lZaOpRDVPq
response_type
code token
2021-05-18 13:04:44
SetAuthorizationEndpointRequestResponseModeToFormPost
Added response_mode parameter to request
client_id
_df883bcd6eb665a67362e1cfdeaace76
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
z05a87LWLY
nonce
lZaOpRDVPq
response_type
code token
response_mode
form_post
2021-05-18 13:04:44 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
client_id
_df883bcd6eb665a67362e1cfdeaace76
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
z05a87LWLY
nonce
lZaOpRDVPq
response_type
code token
response_mode
form_post
prompt
consent
2021-05-18 13:04:44 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_df883bcd6eb665a67362e1cfdeaace76&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=z05a87LWLY&nonce=lZaOpRDVPq&response_type=code%20token&response_mode=form_post&prompt=consent
2021-05-18 13:04:44 REDIRECT
oidcc-refresh-token
Redirecting to authorization endpoint
redirect_to
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_df883bcd6eb665a67362e1cfdeaace76&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=z05a87LWLY&nonce=lZaOpRDVPq&response_type=code%20token&response_mode=form_post&prompt=consent
2021-05-18 13:04:50 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance ikzGStnHUkDorsS
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "upgrade-insecure-requests": "1",
  "origin": "https://testop.funet.fi",
  "content-type": "application/x-www-form-urlencoded",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "JSESSIONID\u003d0A69521AC4D32FBDC4BB3D5DFD6F6645",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "994",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
callback
incoming_body_form_params
{
  "code": "AAdzZWNyZXQxi_0j_yYwwXiiiu5NwDtmD-8Ce8IZrago8Vq6DRob9rI_SJizR9Q2k2SUGh8AOKaJSCCRt7ANden6TeaIe3v2yLxyT4TOThWU4tP5KPvlndFDF1n1E_j-obOg6NJIg0j8WpdV50qUU3GbQ92zNjBy4ezgMP6JxPA6gvhBxrV2UAvoinvmgzrhapb3h4RgMY7QD8FdDa9-zY2zlQaW-GDKcfZxlVLeMEWe1j9k_gAmWWYCH9ftkt4GwM3_ByvMYBKpewS1uJ4xeVbz1wsE7QNUFaY365uUIQwLI4d6On66A_JYKmeh81d9mwJjLfaYi7OsxBMaCe7yTI2U9nNFcYPy1H7yAUEqzSJbTVLOmGSCIhCvWCWWOO6dEcj-MrOtguW6jT141zp7GvS_GHwf46rferahbTL-Wbs9XOWqMdTbHRPwUcJFm1FB00FIegXgyQHwWmI",
  "state": "z05a87LWLY",
  "access_token": "AAdzZWNyZXQxWCfsExsXLDAiozUnVxnjjIEYQ_AlkDy0qkkVx0SLLTtG8ye5aiTop1caqys2oafpDHz9uSuzo1yITQw4JZTi-sZ0-hgYwQNW1K-htVp6zs1gTdj-9itQEmBmxH6uErHrVqldig5g7JmYzvFSR-16aG2y4xQfcDTJIY-Bag9cEhvu34pbcaiqN1YSnK_h50obkURkTR335nHmKzNHb27KRgT59SLGTSkBeb78IH0l87_ygc5s0g1XHs0Pnc92HRhF9DQle2HyjFkpNAJAmq7nEiqSSvHxbOO4DDwpph_w9-lfzdyy0VxPCrsm4JfZ5m1W0fqMqu7dzi4ZV2yZv3IIzw1MyP8mvFBdFx7Vm1rewWUQ66lnUAePKPkJp3HDAD-oPCYE6OCPL7ZqjfCcHPsA3-pQrrVmTyo6Sl_nek3mqBuOtrv1vzypYM-aZXOl3JyGjg",
  "token_type": "Bearer",
  "expires_in": "600"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
code=AAdzZWNyZXQxi_0j_yYwwXiiiu5NwDtmD-8Ce8IZrago8Vq6DRob9rI_SJizR9Q2k2SUGh8AOKaJSCCRt7ANden6TeaIe3v2yLxyT4TOThWU4tP5KPvlndFDF1n1E_j-obOg6NJIg0j8WpdV50qUU3GbQ92zNjBy4ezgMP6JxPA6gvhBxrV2UAvoinvmgzrhapb3h4RgMY7QD8FdDa9-zY2zlQaW-GDKcfZxlVLeMEWe1j9k_gAmWWYCH9ftkt4GwM3_ByvMYBKpewS1uJ4xeVbz1wsE7QNUFaY365uUIQwLI4d6On66A_JYKmeh81d9mwJjLfaYi7OsxBMaCe7yTI2U9nNFcYPy1H7yAUEqzSJbTVLOmGSCIhCvWCWWOO6dEcj-MrOtguW6jT141zp7GvS_GHwf46rferahbTL-Wbs9XOWqMdTbHRPwUcJFm1FB00FIegXgyQHwWmI&state=z05a87LWLY&access_token=AAdzZWNyZXQxWCfsExsXLDAiozUnVxnjjIEYQ_AlkDy0qkkVx0SLLTtG8ye5aiTop1caqys2oafpDHz9uSuzo1yITQw4JZTi-sZ0-hgYwQNW1K-htVp6zs1gTdj-9itQEmBmxH6uErHrVqldig5g7JmYzvFSR-16aG2y4xQfcDTJIY-Bag9cEhvu34pbcaiqN1YSnK_h50obkURkTR335nHmKzNHb27KRgT59SLGTSkBeb78IH0l87_ygc5s0g1XHs0Pnc92HRhF9DQle2HyjFkpNAJAmq7nEiqSSvHxbOO4DDwpph_w9-lfzdyy0VxPCrsm4JfZ5m1W0fqMqu7dzi4ZV2yZv3IIzw1MyP8mvFBdFx7Vm1rewWUQ66lnUAePKPkJp3HDAD-oPCYE6OCPL7ZqjfCcHPsA3-pQrrVmTyo6Sl_nek3mqBuOtrv1vzypYM-aZXOl3JyGjg&token_type=Bearer&expires_in=600
2021-05-18 13:04:50 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/ugxqhRpX6KXwwHI0oeLp",
  "fullUrl": "https://www.certification.openid.net/test/a/3_0_1/implicit/ugxqhRpX6KXwwHI0oeLp"
}
2021-05-18 13:04:50 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance ikzGStnHUkDorsS
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/3_0_1/implicit/ugxqhRpX6KXwwHI0oeLp, returnUrl=/log-detail.html?log=ikzGStnHUkDorsS}]
outgoing_path
callback
2021-05-18 13:04:50 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance ikzGStnHUkDorsS
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/3_0_1/callback",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "__utma\u003d201319536.760360395.1526462956.1616416266.1620398155.50; __utmz\u003d201319536.1620398155.50.31.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d0A69521AC4D32FBDC4BB3D5DFD6F6645",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/ugxqhRpX6KXwwHI0oeLp
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-05-18 13:04:50 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance ikzGStnHUkDorsS
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/ugxqhRpX6KXwwHI0oeLp
2021-05-18 13:04:50 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2021-05-18 13:04:50 REDIRECT-IN
oidcc-refresh-token
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "upgrade-insecure-requests": "1",
  "origin": "https://testop.funet.fi",
  "content-type": "application/x-www-form-urlencoded",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "JSESSIONID\u003d0A69521AC4D32FBDC4BB3D5DFD6F6645",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "994",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
http_method
POST
url_fragment
{}
post_body
{
  "code": "AAdzZWNyZXQxi_0j_yYwwXiiiu5NwDtmD-8Ce8IZrago8Vq6DRob9rI_SJizR9Q2k2SUGh8AOKaJSCCRt7ANden6TeaIe3v2yLxyT4TOThWU4tP5KPvlndFDF1n1E_j-obOg6NJIg0j8WpdV50qUU3GbQ92zNjBy4ezgMP6JxPA6gvhBxrV2UAvoinvmgzrhapb3h4RgMY7QD8FdDa9-zY2zlQaW-GDKcfZxlVLeMEWe1j9k_gAmWWYCH9ftkt4GwM3_ByvMYBKpewS1uJ4xeVbz1wsE7QNUFaY365uUIQwLI4d6On66A_JYKmeh81d9mwJjLfaYi7OsxBMaCe7yTI2U9nNFcYPy1H7yAUEqzSJbTVLOmGSCIhCvWCWWOO6dEcj-MrOtguW6jT141zp7GvS_GHwf46rferahbTL-Wbs9XOWqMdTbHRPwUcJFm1FB00FIegXgyQHwWmI",
  "state": "z05a87LWLY",
  "access_token": "AAdzZWNyZXQxWCfsExsXLDAiozUnVxnjjIEYQ_AlkDy0qkkVx0SLLTtG8ye5aiTop1caqys2oafpDHz9uSuzo1yITQw4JZTi-sZ0-hgYwQNW1K-htVp6zs1gTdj-9itQEmBmxH6uErHrVqldig5g7JmYzvFSR-16aG2y4xQfcDTJIY-Bag9cEhvu34pbcaiqN1YSnK_h50obkURkTR335nHmKzNHb27KRgT59SLGTSkBeb78IH0l87_ygc5s0g1XHs0Pnc92HRhF9DQle2HyjFkpNAJAmq7nEiqSSvHxbOO4DDwpph_w9-lfzdyy0VxPCrsm4JfZ5m1W0fqMqu7dzi4ZV2yZv3IIzw1MyP8mvFBdFx7Vm1rewWUQ66lnUAePKPkJp3HDAD-oPCYE6OCPL7ZqjfCcHPsA3-pQrrVmTyo6Sl_nek3mqBuOtrv1vzypYM-aZXOl3JyGjg",
  "token_type": "Bearer",
  "expires_in": "600"
}
Second client: Verify authorization endpoint response
2021-05-18 13:04:50 SUCCESS
CheckCallbackHttpMethodIsPost
HTTP method used at redirect_uri is 'POST'
2021-05-18 13:04:50 SUCCESS
CheckCallbackContentTypeIsFormUrlEncoded
content-type header to redirect_uri has the expected value
content_type
application/x-www-form-urlencoded
expected
application/x-www-form-urlencoded
2021-05-18 13:04:50 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2021-05-18 13:04:50 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2021-05-18 13:04:50 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2021-05-18 13:04:50
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
2021-05-18 13:04:50 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2021-05-18 13:04:50 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
z05a87LWLY
2021-05-18 13:04:50 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
AAdzZWNyZXQxi_0j_yYwwXiiiu5NwDtmD-8Ce8IZrago8Vq6DRob9rI_SJizR9Q2k2SUGh8AOKaJSCCRt7ANden6TeaIe3v2yLxyT4TOThWU4tP5KPvlndFDF1n1E_j-obOg6NJIg0j8WpdV50qUU3GbQ92zNjBy4ezgMP6JxPA6gvhBxrV2UAvoinvmgzrhapb3h4RgMY7QD8FdDa9-zY2zlQaW-GDKcfZxlVLeMEWe1j9k_gAmWWYCH9ftkt4GwM3_ByvMYBKpewS1uJ4xeVbz1wsE7QNUFaY365uUIQwLI4d6On66A_JYKmeh81d9mwJjLfaYi7OsxBMaCe7yTI2U9nNFcYPy1H7yAUEqzSJbTVLOmGSCIhCvWCWWOO6dEcj-MrOtguW6jT141zp7GvS_GHwf46rferahbTL-Wbs9XOWqMdTbHRPwUcJFm1FB00FIegXgyQHwWmI
2021-05-18 13:04:50 SUCCESS
ExtractAccessTokenFromAuthorizationResponse
Extracted the access token
value
AAdzZWNyZXQxWCfsExsXLDAiozUnVxnjjIEYQ_AlkDy0qkkVx0SLLTtG8ye5aiTop1caqys2oafpDHz9uSuzo1yITQw4JZTi-sZ0-hgYwQNW1K-htVp6zs1gTdj-9itQEmBmxH6uErHrVqldig5g7JmYzvFSR-16aG2y4xQfcDTJIY-Bag9cEhvu34pbcaiqN1YSnK_h50obkURkTR335nHmKzNHb27KRgT59SLGTSkBeb78IH0l87_ygc5s0g1XHs0Pnc92HRhF9DQle2HyjFkpNAJAmq7nEiqSSvHxbOO4DDwpph_w9-lfzdyy0VxPCrsm4JfZ5m1W0fqMqu7dzi4ZV2yZv3IIzw1MyP8mvFBdFx7Vm1rewWUQ66lnUAePKPkJp3HDAD-oPCYE6OCPL7ZqjfCcHPsA3-pQrrVmTyo6Sl_nek3mqBuOtrv1vzypYM-aZXOl3JyGjg
type
Bearer
Second client: Userinfo endpoint tests
2021-05-18 13:04:50
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/userinfo
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer AAdzZWNyZXQxWCfsExsXLDAiozUnVxnjjIEYQ_AlkDy0qkkVx0SLLTtG8ye5aiTop1caqys2oafpDHz9uSuzo1yITQw4JZTi-sZ0-hgYwQNW1K-htVp6zs1gTdj-9itQEmBmxH6uErHrVqldig5g7JmYzvFSR-16aG2y4xQfcDTJIY-Bag9cEhvu34pbcaiqN1YSnK_h50obkURkTR335nHmKzNHb27KRgT59SLGTSkBeb78IH0l87_ygc5s0g1XHs0Pnc92HRhF9DQle2HyjFkpNAJAmq7nEiqSSvHxbOO4DDwpph_w9-lfzdyy0VxPCrsm4JfZ5m1W0fqMqu7dzi4ZV2yZv3IIzw1MyP8mvFBdFx7Vm1rewWUQ66lnUAePKPkJp3HDAD-oPCYE6OCPL7ZqjfCcHPsA3-pQrrVmTyo6Sl_nek3mqBuOtrv1vzypYM-aZXOl3JyGjg",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2021-05-18 13:04:50 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 13:04:50 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode0jcpj5dx75exawpwpnn8o15ww270.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"sub":"teppo@funet.fi"}
2021-05-18 13:04:50 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "date": "Tue, 18 May 2021 13:04:50 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode0jcpj5dx75exawpwpnn8o15ww270.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
status_code
{
  "code": 200
}
body
{"sub":"teppo@funet.fi"}
2021-05-18 13:04:50 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
AAdzZWNyZXQxi_0j_yYwwXiiiu5NwDtmD-8Ce8IZrago8Vq6DRob9rI_SJizR9Q2k2SUGh8AOKaJSCCRt7ANden6TeaIe3v2yLxyT4TOThWU4tP5KPvlndFDF1n1E_j-obOg6NJIg0j8WpdV50qUU3GbQ92zNjBy4ezgMP6JxPA6gvhBxrV2UAvoinvmgzrhapb3h4RgMY7QD8FdDa9-zY2zlQaW-GDKcfZxlVLeMEWe1j9k_gAmWWYCH9ftkt4GwM3_ByvMYBKpewS1uJ4xeVbz1wsE7QNUFaY365uUIQwLI4d6On66A_JYKmeh81d9mwJjLfaYi7OsxBMaCe7yTI2U9nNFcYPy1H7yAUEqzSJbTVLOmGSCIhCvWCWWOO6dEcj-MrOtguW6jT141zp7GvS_GHwf46rferahbTL-Wbs9XOWqMdTbHRPwUcJFm1FB00FIegXgyQHwWmI
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
2021-05-18 13:04:50 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2Ol9jMTZhZjI0ODIzMjFmN2VlN2Q1YzVkMTZjNWYyYzI0Yg==
2021-05-18 13:04:50
CallTokenEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2Ol9jMTZhZjI0ODIzMjFmN2VlN2Q1YzVkMTZjNWYyYzI0Yg\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "584"
}
request_body
grant_type=authorization_code&code=AAdzZWNyZXQxi_0j_yYwwXiiiu5NwDtmD-8Ce8IZrago8Vq6DRob9rI_SJizR9Q2k2SUGh8AOKaJSCCRt7ANden6TeaIe3v2yLxyT4TOThWU4tP5KPvlndFDF1n1E_j-obOg6NJIg0j8WpdV50qUU3GbQ92zNjBy4ezgMP6JxPA6gvhBxrV2UAvoinvmgzrhapb3h4RgMY7QD8FdDa9-zY2zlQaW-GDKcfZxlVLeMEWe1j9k_gAmWWYCH9ftkt4GwM3_ByvMYBKpewS1uJ4xeVbz1wsE7QNUFaY365uUIQwLI4d6On66A_JYKmeh81d9mwJjLfaYi7OsxBMaCe7yTI2U9nNFcYPy1H7yAUEqzSJbTVLOmGSCIhCvWCWWOO6dEcj-MrOtguW6jT141zp7GvS_GHwf46rferahbTL-Wbs9XOWqMdTbHRPwUcJFm1FB00FIegXgyQHwWmI&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2F3_0_1%2Fcallback
2021-05-18 13:04:51 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 13:04:51 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1886",
  "set-cookie": "JSESSIONID\u003dnode01x0kk0lzo1b8l12239rr6mghuh271.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQxFkPi9Fvem1GGSxHx7Ow_58-oufWvWQLaFUbvv2c7s6HWbckNYAhQJ3UQpOfEn9NCONMX6QtJlBBiY-mfzkkMTQIfl6vr8q5oBU3x7tglxf9JFnEzcduRGUdudRkIJzyOvS0N3vxm6WD22f9fi0JwydubzZ9LNLM43JAJjTwAKx4Ys6SDlOelM4TvzdSJ_0uBwoNL4nTBGjXvxr0UcRI_SGN9aEWQTVnB4bU-Zt4CDJtc3NJnVZ-Kot_pGddiKLzajwVwJLEARlNR6puGx4iswT4Bt2E7_QDtx02UGoJbXmu06JJDKxra2y07dl784xhN49ro0ZICDr5s5NCFzKM37QW8VRKfjYGBhxOkdSMrz-J5Yy1SQggzwnEo4WKJv1vBIxpBgxdmtyP1NowmNe1vqeeepv64_gXR0AfKck9h2Ky0JH8a8Fcl5qvODQxb9JY","refresh_token":"AAdzZWNyZXQxpujVVL8rkDZV9oy5Ow2dl--p_ke0LkJDjCzyGn257YDfWlCC6Dg978aXRjWpohmXo1KNV9yNLtykyrz24mkGs-z8zu5PqdvzxDxHiN7nusXjVHJN6LCVyARIvnZG4wqIvys-EeJER5qQ7MMs3qiZgNKG8gP8oHFNRxuwhXzPaWdWhJgPaGw0TtAa98d9bJ_OGKBmqtjCbcu25L1XNqtTeZBUM8g9KjpFvL5TUxXzziqu2t-wlL9anoKwObBRJxr7R-SkLDNjGwpIx1NboI5fM1c585UsgIRKXb9Ql42fu85moCw-AfN9R2JaXj-Is-OgwQc2EQFe4L1pA3j34PA6M2rPbR-6gTo3vUv8xU-k0SZ0kA7-cQNRCjVD542ZFk4YvA-ge9NLnj5eCApyslVFv9joI0SPy9FcD0It9xSX03XO54cFfHIp06Ggw1Fmgaqmnhao","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiaXpjYTBwNEl0djNXbGxiV3g4RkpwZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2OTEsImlhdCI6MTYyMTM0MzA5MSwibm9uY2UiOiJsWmFPcFJEVlBxIn0.H7SkeGB5_k5uULSBKX-U8lg8MZTn5ECMZvb46k-j6c8_G9t9LrcmtA4CtLiOSWmLCvUH0KKauWJha2tPusGhDDCi0aL_XW6Z2E6c3uWCMRZNfNBVZyQbJMb_5czLFPWAIZU-To1bibTjaXMFTKl3PSA95q5O0SwvDSAQqBDEgy6V4f6NvW89aBj7M9tXIFsPjOnnFPvd4pzHLLOkP0JUyktUkhCrDpmRH8sRQUkhsaKpfiBagkQeeOksiIoSa2rTB_7_9D_csog4sBfO6woOep_DIjRMnAyJFlvYmjeaWP2xG-snQtHLJ1R0ll2b6NZzX0JbU2TSjVsDdPHjifsyXMUQIOVO91lXS388vAUaUIIc3_y0NwfpjyYnyDg0O2D1FZBdH-DdtStfArL-hrcF1WsWXmyGEwZd-Gdrv2uiz37Fyqqc25X1iwtJn2tN44ZdOBQvMOvJ6xXxd5v4FB0qe6uhbYeugKcpQpvM5rlbKzKlubPiBkHqX3JN-kovx4bt","token_type":"Bearer","expires_in":600}
2021-05-18 13:04:51
CallTokenEndpoint
Token endpoint response
token_endpoint_response
{"access_token":"AAdzZWNyZXQxFkPi9Fvem1GGSxHx7Ow_58-oufWvWQLaFUbvv2c7s6HWbckNYAhQJ3UQpOfEn9NCONMX6QtJlBBiY-mfzkkMTQIfl6vr8q5oBU3x7tglxf9JFnEzcduRGUdudRkIJzyOvS0N3vxm6WD22f9fi0JwydubzZ9LNLM43JAJjTwAKx4Ys6SDlOelM4TvzdSJ_0uBwoNL4nTBGjXvxr0UcRI_SGN9aEWQTVnB4bU-Zt4CDJtc3NJnVZ-Kot_pGddiKLzajwVwJLEARlNR6puGx4iswT4Bt2E7_QDtx02UGoJbXmu06JJDKxra2y07dl784xhN49ro0ZICDr5s5NCFzKM37QW8VRKfjYGBhxOkdSMrz-J5Yy1SQggzwnEo4WKJv1vBIxpBgxdmtyP1NowmNe1vqeeepv64_gXR0AfKck9h2Ky0JH8a8Fcl5qvODQxb9JY","refresh_token":"AAdzZWNyZXQxpujVVL8rkDZV9oy5Ow2dl--p_ke0LkJDjCzyGn257YDfWlCC6Dg978aXRjWpohmXo1KNV9yNLtykyrz24mkGs-z8zu5PqdvzxDxHiN7nusXjVHJN6LCVyARIvnZG4wqIvys-EeJER5qQ7MMs3qiZgNKG8gP8oHFNRxuwhXzPaWdWhJgPaGw0TtAa98d9bJ_OGKBmqtjCbcu25L1XNqtTeZBUM8g9KjpFvL5TUxXzziqu2t-wlL9anoKwObBRJxr7R-SkLDNjGwpIx1NboI5fM1c585UsgIRKXb9Ql42fu85moCw-AfN9R2JaXj-Is-OgwQc2EQFe4L1pA3j34PA6M2rPbR-6gTo3vUv8xU-k0SZ0kA7-cQNRCjVD542ZFk4YvA-ge9NLnj5eCApyslVFv9joI0SPy9FcD0It9xSX03XO54cFfHIp06Ggw1Fmgaqmnhao","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiaXpjYTBwNEl0djNXbGxiV3g4RkpwZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2OTEsImlhdCI6MTYyMTM0MzA5MSwibm9uY2UiOiJsWmFPcFJEVlBxIn0.H7SkeGB5_k5uULSBKX-U8lg8MZTn5ECMZvb46k-j6c8_G9t9LrcmtA4CtLiOSWmLCvUH0KKauWJha2tPusGhDDCi0aL_XW6Z2E6c3uWCMRZNfNBVZyQbJMb_5czLFPWAIZU-To1bibTjaXMFTKl3PSA95q5O0SwvDSAQqBDEgy6V4f6NvW89aBj7M9tXIFsPjOnnFPvd4pzHLLOkP0JUyktUkhCrDpmRH8sRQUkhsaKpfiBagkQeeOksiIoSa2rTB_7_9D_csog4sBfO6woOep_DIjRMnAyJFlvYmjeaWP2xG-snQtHLJ1R0ll2b6NZzX0JbU2TSjVsDdPHjifsyXMUQIOVO91lXS388vAUaUIIc3_y0NwfpjyYnyDg0O2D1FZBdH-DdtStfArL-hrcF1WsWXmyGEwZd-Gdrv2uiz37Fyqqc25X1iwtJn2tN44ZdOBQvMOvJ6xXxd5v4FB0qe6uhbYeugKcpQpvM5rlbKzKlubPiBkHqX3JN-kovx4bt","token_type":"Bearer","expires_in":600}
2021-05-18 13:04:51 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
AAdzZWNyZXQxFkPi9Fvem1GGSxHx7Ow_58-oufWvWQLaFUbvv2c7s6HWbckNYAhQJ3UQpOfEn9NCONMX6QtJlBBiY-mfzkkMTQIfl6vr8q5oBU3x7tglxf9JFnEzcduRGUdudRkIJzyOvS0N3vxm6WD22f9fi0JwydubzZ9LNLM43JAJjTwAKx4Ys6SDlOelM4TvzdSJ_0uBwoNL4nTBGjXvxr0UcRI_SGN9aEWQTVnB4bU-Zt4CDJtc3NJnVZ-Kot_pGddiKLzajwVwJLEARlNR6puGx4iswT4Bt2E7_QDtx02UGoJbXmu06JJDKxra2y07dl784xhN49ro0ZICDr5s5NCFzKM37QW8VRKfjYGBhxOkdSMrz-J5Yy1SQggzwnEo4WKJv1vBIxpBgxdmtyP1NowmNe1vqeeepv64_gXR0AfKck9h2Ky0JH8a8Fcl5qvODQxb9JY
refresh_token
AAdzZWNyZXQxpujVVL8rkDZV9oy5Ow2dl--p_ke0LkJDjCzyGn257YDfWlCC6Dg978aXRjWpohmXo1KNV9yNLtykyrz24mkGs-z8zu5PqdvzxDxHiN7nusXjVHJN6LCVyARIvnZG4wqIvys-EeJER5qQ7MMs3qiZgNKG8gP8oHFNRxuwhXzPaWdWhJgPaGw0TtAa98d9bJ_OGKBmqtjCbcu25L1XNqtTeZBUM8g9KjpFvL5TUxXzziqu2t-wlL9anoKwObBRJxr7R-SkLDNjGwpIx1NboI5fM1c585UsgIRKXb9Ql42fu85moCw-AfN9R2JaXj-Is-OgwQc2EQFe4L1pA3j34PA6M2rPbR-6gTo3vUv8xU-k0SZ0kA7-cQNRCjVD542ZFk4YvA-ge9NLnj5eCApyslVFv9joI0SPy9FcD0It9xSX03XO54cFfHIp06Ggw1Fmgaqmnhao
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiaXpjYTBwNEl0djNXbGxiV3g4RkpwZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2OTEsImlhdCI6MTYyMTM0MzA5MSwibm9uY2UiOiJsWmFPcFJEVlBxIn0.H7SkeGB5_k5uULSBKX-U8lg8MZTn5ECMZvb46k-j6c8_G9t9LrcmtA4CtLiOSWmLCvUH0KKauWJha2tPusGhDDCi0aL_XW6Z2E6c3uWCMRZNfNBVZyQbJMb_5czLFPWAIZU-To1bibTjaXMFTKl3PSA95q5O0SwvDSAQqBDEgy6V4f6NvW89aBj7M9tXIFsPjOnnFPvd4pzHLLOkP0JUyktUkhCrDpmRH8sRQUkhsaKpfiBagkQeeOksiIoSa2rTB_7_9D_csog4sBfO6woOep_DIjRMnAyJFlvYmjeaWP2xG-snQtHLJ1R0ll2b6NZzX0JbU2TSjVsDdPHjifsyXMUQIOVO91lXS388vAUaUIIc3_y0NwfpjyYnyDg0O2D1FZBdH-DdtStfArL-hrcF1WsWXmyGEwZd-Gdrv2uiz37Fyqqc25X1iwtJn2tN44ZdOBQvMOvJ6xXxd5v4FB0qe6uhbYeugKcpQpvM5rlbKzKlubPiBkHqX3JN-kovx4bt
token_type
Bearer
expires_in
600
2021-05-18 13:04:51 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-18 13:04:51 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
AAdzZWNyZXQxFkPi9Fvem1GGSxHx7Ow_58-oufWvWQLaFUbvv2c7s6HWbckNYAhQJ3UQpOfEn9NCONMX6QtJlBBiY-mfzkkMTQIfl6vr8q5oBU3x7tglxf9JFnEzcduRGUdudRkIJzyOvS0N3vxm6WD22f9fi0JwydubzZ9LNLM43JAJjTwAKx4Ys6SDlOelM4TvzdSJ_0uBwoNL4nTBGjXvxr0UcRI_SGN9aEWQTVnB4bU-Zt4CDJtc3NJnVZ-Kot_pGddiKLzajwVwJLEARlNR6puGx4iswT4Bt2E7_QDtx02UGoJbXmu06JJDKxra2y07dl784xhN49ro0ZICDr5s5NCFzKM37QW8VRKfjYGBhxOkdSMrz-J5Yy1SQggzwnEo4WKJv1vBIxpBgxdmtyP1NowmNe1vqeeepv64_gXR0AfKck9h2Ky0JH8a8Fcl5qvODQxb9JY
2021-05-18 13:04:51 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQxFkPi9Fvem1GGSxHx7Ow_58-oufWvWQLaFUbvv2c7s6HWbckNYAhQJ3UQpOfEn9NCONMX6QtJlBBiY-mfzkkMTQIfl6vr8q5oBU3x7tglxf9JFnEzcduRGUdudRkIJzyOvS0N3vxm6WD22f9fi0JwydubzZ9LNLM43JAJjTwAKx4Ys6SDlOelM4TvzdSJ_0uBwoNL4nTBGjXvxr0UcRI_SGN9aEWQTVnB4bU-Zt4CDJtc3NJnVZ-Kot_pGddiKLzajwVwJLEARlNR6puGx4iswT4Bt2E7_QDtx02UGoJbXmu06JJDKxra2y07dl784xhN49ro0ZICDr5s5NCFzKM37QW8VRKfjYGBhxOkdSMrz-J5Yy1SQggzwnEo4WKJv1vBIxpBgxdmtyP1NowmNe1vqeeepv64_gXR0AfKck9h2Ky0JH8a8Fcl5qvODQxb9JY
type
Bearer
2021-05-18 13:04:51 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-18 13:04:51 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-18 13:04:51 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
AAdzZWNyZXQxpujVVL8rkDZV9oy5Ow2dl--p_ke0LkJDjCzyGn257YDfWlCC6Dg978aXRjWpohmXo1KNV9yNLtykyrz24mkGs-z8zu5PqdvzxDxHiN7nusXjVHJN6LCVyARIvnZG4wqIvys-EeJER5qQ7MMs3qiZgNKG8gP8oHFNRxuwhXzPaWdWhJgPaGw0TtAa98d9bJ_OGKBmqtjCbcu25L1XNqtTeZBUM8g9KjpFvL5TUxXzziqu2t-wlL9anoKwObBRJxr7R-SkLDNjGwpIx1NboI5fM1c585UsgIRKXb9Ql42fu85moCw-AfN9R2JaXj-Is-OgwQc2EQFe4L1pA3j34PA6M2rPbR-6gTo3vUv8xU-k0SZ0kA7-cQNRCjVD542ZFk4YvA-ge9NLnj5eCApyslVFv9joI0SPy9FcD0It9xSX03XO54cFfHIp06Ggw1Fmgaqmnhao
2021-05-18 13:04:51 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiaXpjYTBwNEl0djNXbGxiV3g4RkpwZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2OTEsImlhdCI6MTYyMTM0MzA5MSwibm9uY2UiOiJsWmFPcFJEVlBxIn0.H7SkeGB5_k5uULSBKX-U8lg8MZTn5ECMZvb46k-j6c8_G9t9LrcmtA4CtLiOSWmLCvUH0KKauWJha2tPusGhDDCi0aL_XW6Z2E6c3uWCMRZNfNBVZyQbJMb_5czLFPWAIZU-To1bibTjaXMFTKl3PSA95q5O0SwvDSAQqBDEgy6V4f6NvW89aBj7M9tXIFsPjOnnFPvd4pzHLLOkP0JUyktUkhCrDpmRH8sRQUkhsaKpfiBagkQeeOksiIoSa2rTB_7_9D_csog4sBfO6woOep_DIjRMnAyJFlvYmjeaWP2xG-snQtHLJ1R0ll2b6NZzX0JbU2TSjVsDdPHjifsyXMUQIOVO91lXS388vAUaUIIc3_y0NwfpjyYnyDg0O2D1FZBdH-DdtStfArL-hrcF1WsWXmyGEwZd-Gdrv2uiz37Fyqqc25X1iwtJn2tN44ZdOBQvMOvJ6xXxd5v4FB0qe6uhbYeugKcpQpvM5rlbKzKlubPiBkHqX3JN-kovx4bt
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "izca0p4Itv3WllbWx8FJpg",
  "sub": "teppo@funet.fi",
  "aud": "_df883bcd6eb665a67362e1cfdeaace76",
  "acr": "password",
  "auth_time": 1621342875,
  "iss": "https://testop.funet.fi",
  "exp": 1621346691,
  "iat": 1621343091,
  "nonce": "lZaOpRDVPq"
}
2021-05-18 13:04:51 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2021-05-18 13:04:51 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
lZaOpRDVPq
2021-05-18 13:04:51 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2021-05-18 13:04:51 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiaXpjYTBwNEl0djNXbGxiV3g4RkpwZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2OTEsImlhdCI6MTYyMTM0MzA5MSwibm9uY2UiOiJsWmFPcFJEVlBxIn0.H7SkeGB5_k5uULSBKX-U8lg8MZTn5ECMZvb46k-j6c8_G9t9LrcmtA4CtLiOSWmLCvUH0KKauWJha2tPusGhDDCi0aL_XW6Z2E6c3uWCMRZNfNBVZyQbJMb_5czLFPWAIZU-To1bibTjaXMFTKl3PSA95q5O0SwvDSAQqBDEgy6V4f6NvW89aBj7M9tXIFsPjOnnFPvd4pzHLLOkP0JUyktUkhCrDpmRH8sRQUkhsaKpfiBagkQeeOksiIoSa2rTB_7_9D_csog4sBfO6woOep_DIjRMnAyJFlvYmjeaWP2xG-snQtHLJ1R0ll2b6NZzX0JbU2TSjVsDdPHjifsyXMUQIOVO91lXS388vAUaUIIc3_y0NwfpjyYnyDg0O2D1FZBdH-DdtStfArL-hrcF1WsWXmyGEwZd-Gdrv2uiz37Fyqqc25X1iwtJn2tN44ZdOBQvMOvJ6xXxd5v4FB0qe6uhbYeugKcpQpvM5rlbKzKlubPiBkHqX3JN-kovx4bt
2021-05-18 13:04:51 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiaXpjYTBwNEl0djNXbGxiV3g4RkpwZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2OTEsImlhdCI6MTYyMTM0MzA5MSwibm9uY2UiOiJsWmFPcFJEVlBxIn0.H7SkeGB5_k5uULSBKX-U8lg8MZTn5ECMZvb46k-j6c8_G9t9LrcmtA4CtLiOSWmLCvUH0KKauWJha2tPusGhDDCi0aL_XW6Z2E6c3uWCMRZNfNBVZyQbJMb_5czLFPWAIZU-To1bibTjaXMFTKl3PSA95q5O0SwvDSAQqBDEgy6V4f6NvW89aBj7M9tXIFsPjOnnFPvd4pzHLLOkP0JUyktUkhCrDpmRH8sRQUkhsaKpfiBagkQeeOksiIoSa2rTB_7_9D_csog4sBfO6woOep_DIjRMnAyJFlvYmjeaWP2xG-snQtHLJ1R0ll2b6NZzX0JbU2TSjVsDdPHjifsyXMUQIOVO91lXS388vAUaUIIc3_y0NwfpjyYnyDg0O2D1FZBdH-DdtStfArL-hrcF1WsWXmyGEwZd-Gdrv2uiz37Fyqqc25X1iwtJn2tN44ZdOBQvMOvJ6xXxd5v4FB0qe6uhbYeugKcpQpvM5rlbKzKlubPiBkHqX3JN-kovx4bt
2021-05-18 13:04:51 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
teppo@funet.fi
2021-05-18 13:04:51 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxpujVVL8rkDZV9oy5Ow2dl--p_ke0LkJDjCzyGn257YDfWlCC6Dg978aXRjWpohmXo1KNV9yNLtykyrz24mkGs-z8zu5PqdvzxDxHiN7nusXjVHJN6LCVyARIvnZG4wqIvys-EeJER5qQ7MMs3qiZgNKG8gP8oHFNRxuwhXzPaWdWhJgPaGw0TtAa98d9bJ_OGKBmqtjCbcu25L1XNqtTeZBUM8g9KjpFvL5TUxXzziqu2t-wlL9anoKwObBRJxr7R-SkLDNjGwpIx1NboI5fM1c585UsgIRKXb9Ql42fu85moCw-AfN9R2JaXj-Is-OgwQc2EQFe4L1pA3j34PA6M2rPbR-6gTo3vUv8xU-k0SZ0kA7-cQNRCjVD542ZFk4YvA-ge9NLnj5eCApyslVFv9joI0SPy9FcD0It9xSX03XO54cFfHIp06Ggw1Fmgaqmnhao
2021-05-18 13:04:51 SUCCESS
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
supported_grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2021-05-18 13:04:51 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Second client: Refresh Token Request
2021-05-18 13:04:51 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxpujVVL8rkDZV9oy5Ow2dl--p_ke0LkJDjCzyGn257YDfWlCC6Dg978aXRjWpohmXo1KNV9yNLtykyrz24mkGs-z8zu5PqdvzxDxHiN7nusXjVHJN6LCVyARIvnZG4wqIvys-EeJER5qQ7MMs3qiZgNKG8gP8oHFNRxuwhXzPaWdWhJgPaGw0TtAa98d9bJ_OGKBmqtjCbcu25L1XNqtTeZBUM8g9KjpFvL5TUxXzziqu2t-wlL9anoKwObBRJxr7R-SkLDNjGwpIx1NboI5fM1c585UsgIRKXb9Ql42fu85moCw-AfN9R2JaXj-Is-OgwQc2EQFe4L1pA3j34PA6M2rPbR-6gTo3vUv8xU-k0SZ0kA7-cQNRCjVD542ZFk4YvA-ge9NLnj5eCApyslVFv9joI0SPy9FcD0It9xSX03XO54cFfHIp06Ggw1Fmgaqmnhao
2021-05-18 13:04:51 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2Ol9jMTZhZjI0ODIzMjFmN2VlN2Q1YzVkMTZjNWYyYzI0Yg==
2021-05-18 13:04:51 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2021-05-18 13:04:52 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2021-05-18 13:04:52
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2Ol9jMTZhZjI0ODIzMjFmN2VlN2Q1YzVkMTZjNWYyYzI0Yg\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "503"
}
request_body
grant_type=refresh_token&refresh_token=AAdzZWNyZXQxpujVVL8rkDZV9oy5Ow2dl--p_ke0LkJDjCzyGn257YDfWlCC6Dg978aXRjWpohmXo1KNV9yNLtykyrz24mkGs-z8zu5PqdvzxDxHiN7nusXjVHJN6LCVyARIvnZG4wqIvys-EeJER5qQ7MMs3qiZgNKG8gP8oHFNRxuwhXzPaWdWhJgPaGw0TtAa98d9bJ_OGKBmqtjCbcu25L1XNqtTeZBUM8g9KjpFvL5TUxXzziqu2t-wlL9anoKwObBRJxr7R-SkLDNjGwpIx1NboI5fM1c585UsgIRKXb9Ql42fu85moCw-AfN9R2JaXj-Is-OgwQc2EQFe4L1pA3j34PA6M2rPbR-6gTo3vUv8xU-k0SZ0kA7-cQNRCjVD542ZFk4YvA-ge9NLnj5eCApyslVFv9joI0SPy9FcD0It9xSX03XO54cFfHIp06Ggw1Fmgaqmnhao
2021-05-18 13:04:53 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 13:04:52 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1889",
  "set-cookie": "JSESSIONID\u003dnode0vorxw9annq3a41ucz942khoz272.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQxbUsYr_sNpwBSINPi4RSCQJBBBbgbgOcd09ATj-kAPVQ2-o9728XbunYc6zdWR0QyASH-FzQ-cdzS2AkVemxWo-Y3bCcOvOFwtSdp8XbixrdZ7E9bO_YCJYBcRL-RqR4r3DSV_8dNyL48CHKYUlb2L0lJ167-RlTJ3z98lLsbQmGDoo3gYo7w1-JiKTrvbkhzVCORW5qRkP2-oq3QngX2zkrkCWiISv9OAiHcaMNs8Gxde6U5zTkmot2IXlKK5Ln288bsWcfpRiB1gjvNgTkhcT9Q4C0xvCliU5ICmZeHzZHNAclrv7LWyliTTKCLxV1eHWlEkiWEcL9EgEIYeTwh1oW7Jylr2U1tIkVzxw169o9F_vmLsucQlJWrhAUiyTSk_VPnLWbm4tjWdfsL5hBh4cz6oEcJPdaoV-GEUz6N3nrTHfgt25Snk6g2D_enfIYIJA","refresh_token":"AAdzZWNyZXQxB7kb3fOqHY6OxtvLyK164dNceM-ysKEi3hKW7gPgLRdR2HQ8Qh5QY_h5NllKHdbEsE8Bc-u0nqh0Dj0WLKDfvXggB3mU7tZR_yYcd2SDTHPRav_4M9TxEXeqNw7VUGQaHUTreCjLBBj7-3cimnldSOBKDFV5Be1Esg0HTMpDfFuc2qJFG3ht70YfyjAqh0xLFQeluA1QpeyzrgFtSWFvxRBlo1U52uWOjJsFMjJVRDrVUdGPVrqXjhX1hi-elp_g9fM6ATZbve_8JcEk3K5qftqsWfaWA3pqDudIXHN_WUvr384_8kE0MOFjVDFqD_Tm4gKinsG1bapWFoc8lUFPZr5jtx7M2wioIf0rsyljxMc-btC9Mp8H-VifWVGeh24TL7MGTFyN0j-EnGxpRiN1OaTs5VQKrzq0R8soY6Z6Cf9WovVCjKX_wqoCJtZVNLxix0O5","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiT3NPRU1oTVZUYk5rQXJtVFFYcnhfUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2OTIsImlhdCI6MTYyMTM0MzA5Miwibm9uY2UiOiJsWmFPcFJEVlBxIn0.n-FT3wF9VwYeSphAxbLWfcjnpfDx6rkkv3aatU7VM_O0VQw1AIcEdsnQats4bFLqdy0n-g1j7w6PipVS0AtA2isJnmf1xcNonBEKfr94zSckCMYZUphZ03VZxTucMfx_P94RK_2VZbQ8GJEU7QmYH5j8mH15OoiMl_o8O-H9tJUfNXNoZjgeS0J-T_Bg5-_T-2oG30nUfqlGTXVGJhk3TloIFf52v3B_cNNsF4mUQssLRLlJ0jC87YVHs0uePcZaBoOySARLFgGA7RNOOWBpQbvlLv9h6OZLrfvtUF2A_45R_2RU51JTvxLkJmV_n-HpUjH0Gm9JWfHQHnLD7FaFbAnpLvbpBK0G4GvOU8HCFbPzJk0IdBwAFLvf5CEvw_BKhZ6kGU7dssEOfOwixuVPvLjExQ58Kue5Q2vBu5BwoJTWt-9WtYZ9swywaOt4vXxSX9dFAjONhFCIxXDY5ZLCuYf4xOvIrycuMz3vh4BgyKVX8CvmjZtsS7hX_36SiPvy","token_type":"Bearer","expires_in":600}
2021-05-18 13:04:53 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
access_token
AAdzZWNyZXQxbUsYr_sNpwBSINPi4RSCQJBBBbgbgOcd09ATj-kAPVQ2-o9728XbunYc6zdWR0QyASH-FzQ-cdzS2AkVemxWo-Y3bCcOvOFwtSdp8XbixrdZ7E9bO_YCJYBcRL-RqR4r3DSV_8dNyL48CHKYUlb2L0lJ167-RlTJ3z98lLsbQmGDoo3gYo7w1-JiKTrvbkhzVCORW5qRkP2-oq3QngX2zkrkCWiISv9OAiHcaMNs8Gxde6U5zTkmot2IXlKK5Ln288bsWcfpRiB1gjvNgTkhcT9Q4C0xvCliU5ICmZeHzZHNAclrv7LWyliTTKCLxV1eHWlEkiWEcL9EgEIYeTwh1oW7Jylr2U1tIkVzxw169o9F_vmLsucQlJWrhAUiyTSk_VPnLWbm4tjWdfsL5hBh4cz6oEcJPdaoV-GEUz6N3nrTHfgt25Snk6g2D_enfIYIJA
refresh_token
AAdzZWNyZXQxB7kb3fOqHY6OxtvLyK164dNceM-ysKEi3hKW7gPgLRdR2HQ8Qh5QY_h5NllKHdbEsE8Bc-u0nqh0Dj0WLKDfvXggB3mU7tZR_yYcd2SDTHPRav_4M9TxEXeqNw7VUGQaHUTreCjLBBj7-3cimnldSOBKDFV5Be1Esg0HTMpDfFuc2qJFG3ht70YfyjAqh0xLFQeluA1QpeyzrgFtSWFvxRBlo1U52uWOjJsFMjJVRDrVUdGPVrqXjhX1hi-elp_g9fM6ATZbve_8JcEk3K5qftqsWfaWA3pqDudIXHN_WUvr384_8kE0MOFjVDFqD_Tm4gKinsG1bapWFoc8lUFPZr5jtx7M2wioIf0rsyljxMc-btC9Mp8H-VifWVGeh24TL7MGTFyN0j-EnGxpRiN1OaTs5VQKrzq0R8soY6Z6Cf9WovVCjKX_wqoCJtZVNLxix0O5
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiT3NPRU1oTVZUYk5rQXJtVFFYcnhfUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2OTIsImlhdCI6MTYyMTM0MzA5Miwibm9uY2UiOiJsWmFPcFJEVlBxIn0.n-FT3wF9VwYeSphAxbLWfcjnpfDx6rkkv3aatU7VM_O0VQw1AIcEdsnQats4bFLqdy0n-g1j7w6PipVS0AtA2isJnmf1xcNonBEKfr94zSckCMYZUphZ03VZxTucMfx_P94RK_2VZbQ8GJEU7QmYH5j8mH15OoiMl_o8O-H9tJUfNXNoZjgeS0J-T_Bg5-_T-2oG30nUfqlGTXVGJhk3TloIFf52v3B_cNNsF4mUQssLRLlJ0jC87YVHs0uePcZaBoOySARLFgGA7RNOOWBpQbvlLv9h6OZLrfvtUF2A_45R_2RU51JTvxLkJmV_n-HpUjH0Gm9JWfHQHnLD7FaFbAnpLvbpBK0G4GvOU8HCFbPzJk0IdBwAFLvf5CEvw_BKhZ6kGU7dssEOfOwixuVPvLjExQ58Kue5Q2vBu5BwoJTWt-9WtYZ9swywaOt4vXxSX9dFAjONhFCIxXDY5ZLCuYf4xOvIrycuMz3vh4BgyKVX8CvmjZtsS7hX_36SiPvy
token_type
Bearer
expires_in
600
2021-05-18 13:04:53 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2021-05-18 13:04:53 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2021-05-18 13:04:53 SUCCESS
CheckTokenEndpointCacheHeaders
'pragma' and 'cache-control' headers in token endpoint response contain expected values.
cache_control_header
[
  "no-store",
  "no-store"
]
pragma_header
no-cache
2021-05-18 13:04:53 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-18 13:04:53 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQxbUsYr_sNpwBSINPi4RSCQJBBBbgbgOcd09ATj-kAPVQ2-o9728XbunYc6zdWR0QyASH-FzQ-cdzS2AkVemxWo-Y3bCcOvOFwtSdp8XbixrdZ7E9bO_YCJYBcRL-RqR4r3DSV_8dNyL48CHKYUlb2L0lJ167-RlTJ3z98lLsbQmGDoo3gYo7w1-JiKTrvbkhzVCORW5qRkP2-oq3QngX2zkrkCWiISv9OAiHcaMNs8Gxde6U5zTkmot2IXlKK5Ln288bsWcfpRiB1gjvNgTkhcT9Q4C0xvCliU5ICmZeHzZHNAclrv7LWyliTTKCLxV1eHWlEkiWEcL9EgEIYeTwh1oW7Jylr2U1tIkVzxw169o9F_vmLsucQlJWrhAUiyTSk_VPnLWbm4tjWdfsL5hBh4cz6oEcJPdaoV-GEUz6N3nrTHfgt25Snk6g2D_enfIYIJA
type
Bearer
2021-05-18 13:04:53 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2021-05-18 13:04:53 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
2713.8384681164193
expected
96.0
2021-05-18 13:04:53 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2021-05-18 13:04:53 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-18 13:04:53 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-18 13:04:53 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
AAdzZWNyZXQxFkPi9Fvem1GGSxHx7Ow_58-oufWvWQLaFUbvv2c7s6HWbckNYAhQJ3UQpOfEn9NCONMX6QtJlBBiY-mfzkkMTQIfl6vr8q5oBU3x7tglxf9JFnEzcduRGUdudRkIJzyOvS0N3vxm6WD22f9fi0JwydubzZ9LNLM43JAJjTwAKx4Ys6SDlOelM4TvzdSJ_0uBwoNL4nTBGjXvxr0UcRI_SGN9aEWQTVnB4bU-Zt4CDJtc3NJnVZ-Kot_pGddiKLzajwVwJLEARlNR6puGx4iswT4Bt2E7_QDtx02UGoJbXmu06JJDKxra2y07dl784xhN49ro0ZICDr5s5NCFzKM37QW8VRKfjYGBhxOkdSMrz-J5Yy1SQggzwnEo4WKJv1vBIxpBgxdmtyP1NowmNe1vqeeepv64_gXR0AfKck9h2Ky0JH8a8Fcl5qvODQxb9JY
second_access_token
AAdzZWNyZXQxbUsYr_sNpwBSINPi4RSCQJBBBbgbgOcd09ATj-kAPVQ2-o9728XbunYc6zdWR0QyASH-FzQ-cdzS2AkVemxWo-Y3bCcOvOFwtSdp8XbixrdZ7E9bO_YCJYBcRL-RqR4r3DSV_8dNyL48CHKYUlb2L0lJ167-RlTJ3z98lLsbQmGDoo3gYo7w1-JiKTrvbkhzVCORW5qRkP2-oq3QngX2zkrkCWiISv9OAiHcaMNs8Gxde6U5zTkmot2IXlKK5Ln288bsWcfpRiB1gjvNgTkhcT9Q4C0xvCliU5ICmZeHzZHNAclrv7LWyliTTKCLxV1eHWlEkiWEcL9EgEIYeTwh1oW7Jylr2U1tIkVzxw169o9F_vmLsucQlJWrhAUiyTSk_VPnLWbm4tjWdfsL5hBh4cz6oEcJPdaoV-GEUz6N3nrTHfgt25Snk6g2D_enfIYIJA
2021-05-18 13:04:53 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiT3NPRU1oTVZUYk5rQXJtVFFYcnhfUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2RmODgzYmNkNmViNjY1YTY3MzYyZTFjZmRlYWFjZTc2IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDI4NzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDY2OTIsImlhdCI6MTYyMTM0MzA5Miwibm9uY2UiOiJsWmFPcFJEVlBxIn0.n-FT3wF9VwYeSphAxbLWfcjnpfDx6rkkv3aatU7VM_O0VQw1AIcEdsnQats4bFLqdy0n-g1j7w6PipVS0AtA2isJnmf1xcNonBEKfr94zSckCMYZUphZ03VZxTucMfx_P94RK_2VZbQ8GJEU7QmYH5j8mH15OoiMl_o8O-H9tJUfNXNoZjgeS0J-T_Bg5-_T-2oG30nUfqlGTXVGJhk3TloIFf52v3B_cNNsF4mUQssLRLlJ0jC87YVHs0uePcZaBoOySARLFgGA7RNOOWBpQbvlLv9h6OZLrfvtUF2A_45R_2RU51JTvxLkJmV_n-HpUjH0Gm9JWfHQHnLD7FaFbAnpLvbpBK0G4GvOU8HCFbPzJk0IdBwAFLvf5CEvw_BKhZ6kGU7dssEOfOwixuVPvLjExQ58Kue5Q2vBu5BwoJTWt-9WtYZ9swywaOt4vXxSX9dFAjONhFCIxXDY5ZLCuYf4xOvIrycuMz3vh4BgyKVX8CvmjZtsS7hX_36SiPvy
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "OsOEMhMVTbNkArmTQXrx_Q",
  "sub": "teppo@funet.fi",
  "aud": "_df883bcd6eb665a67362e1cfdeaace76",
  "acr": "password",
  "auth_time": 1621342875,
  "iss": "https://testop.funet.fi",
  "exp": 1621346692,
  "iat": 1621343092,
  "nonce": "lZaOpRDVPq"
}
2021-05-18 13:04:53 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxB7kb3fOqHY6OxtvLyK164dNceM-ysKEi3hKW7gPgLRdR2HQ8Qh5QY_h5NllKHdbEsE8Bc-u0nqh0Dj0WLKDfvXggB3mU7tZR_yYcd2SDTHPRav_4M9TxEXeqNw7VUGQaHUTreCjLBBj7-3cimnldSOBKDFV5Be1Esg0HTMpDfFuc2qJFG3ht70YfyjAqh0xLFQeluA1QpeyzrgFtSWFvxRBlo1U52uWOjJsFMjJVRDrVUdGPVrqXjhX1hi-elp_g9fM6ATZbve_8JcEk3K5qftqsWfaWA3pqDudIXHN_WUvr384_8kE0MOFjVDFqD_Tm4gKinsG1bapWFoc8lUFPZr5jtx7M2wioIf0rsyljxMc-btC9Mp8H-VifWVGeh24TL7MGTFyN0j-EnGxpRiN1OaTs5VQKrzq0R8soY6Z6Cf9WovVCjKX_wqoCJtZVNLxix0O5
2021-05-18 13:04:53 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
3712
required
128
2021-05-18 13:04:53 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
2745.134483561496
expected
96.0
2021-05-18 13:04:53 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://testop.funet.fi",
  "second": "https://testop.funet.fi",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "teppo@funet.fi",
  "second": "teppo@funet.fi",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1621343091,
  "second": 1621343092,
  "note": "Values are expected to be different"
}
aud
{
  "first": "_df883bcd6eb665a67362e1cfdeaace76",
  "second": "_df883bcd6eb665a67362e1cfdeaace76",
  "note": "Values are expected to be equal"
}
auth_time
{
  "first": 1621342875,
  "second": 1621342875,
  "note": "Values are expected to be equal"
}
azp
Id tokens do not contain azp claims
Second client: Userinfo endpoint tests
2021-05-18 13:04:53
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/userinfo
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer AAdzZWNyZXQxbUsYr_sNpwBSINPi4RSCQJBBBbgbgOcd09ATj-kAPVQ2-o9728XbunYc6zdWR0QyASH-FzQ-cdzS2AkVemxWo-Y3bCcOvOFwtSdp8XbixrdZ7E9bO_YCJYBcRL-RqR4r3DSV_8dNyL48CHKYUlb2L0lJ167-RlTJ3z98lLsbQmGDoo3gYo7w1-JiKTrvbkhzVCORW5qRkP2-oq3QngX2zkrkCWiISv9OAiHcaMNs8Gxde6U5zTkmot2IXlKK5Ln288bsWcfpRiB1gjvNgTkhcT9Q4C0xvCliU5ICmZeHzZHNAclrv7LWyliTTKCLxV1eHWlEkiWEcL9EgEIYeTwh1oW7Jylr2U1tIkVzxw169o9F_vmLsucQlJWrhAUiyTSk_VPnLWbm4tjWdfsL5hBh4cz6oEcJPdaoV-GEUz6N3nrTHfgt25Snk6g2D_enfIYIJA",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2021-05-18 13:04:53 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 13:04:53 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode03y8m7tqbra1n1ca2amcjd4f41273.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"sub":"teppo@funet.fi"}
2021-05-18 13:04:53 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "date": "Tue, 18 May 2021 13:04:53 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode03y8m7tqbra1n1ca2amcjd4f41273.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
status_code
{
  "code": 200
}
body
{"sub":"teppo@funet.fi"}
Attempting to use refresh_token issued to client 2 with client 1
2021-05-18 13:04:53 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxB7kb3fOqHY6OxtvLyK164dNceM-ysKEi3hKW7gPgLRdR2HQ8Qh5QY_h5NllKHdbEsE8Bc-u0nqh0Dj0WLKDfvXggB3mU7tZR_yYcd2SDTHPRav_4M9TxEXeqNw7VUGQaHUTreCjLBBj7-3cimnldSOBKDFV5Be1Esg0HTMpDfFuc2qJFG3ht70YfyjAqh0xLFQeluA1QpeyzrgFtSWFvxRBlo1U52uWOjJsFMjJVRDrVUdGPVrqXjhX1hi-elp_g9fM6ATZbve_8JcEk3K5qftqsWfaWA3pqDudIXHN_WUvr384_8kE0MOFjVDFqD_Tm4gKinsG1bapWFoc8lUFPZr5jtx7M2wioIf0rsyljxMc-btC9Mp8H-VifWVGeh24TL7MGTFyN0j-EnGxpRiN1OaTs5VQKrzq0R8soY6Z6Cf9WovVCjKX_wqoCJtZVNLxix0O5
2021-05-18 13:04:53 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid offline_access' to token endpoint request
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxB7kb3fOqHY6OxtvLyK164dNceM-ysKEi3hKW7gPgLRdR2HQ8Qh5QY_h5NllKHdbEsE8Bc-u0nqh0Dj0WLKDfvXggB3mU7tZR_yYcd2SDTHPRav_4M9TxEXeqNw7VUGQaHUTreCjLBBj7-3cimnldSOBKDFV5Be1Esg0HTMpDfFuc2qJFG3ht70YfyjAqh0xLFQeluA1QpeyzrgFtSWFvxRBlo1U52uWOjJsFMjJVRDrVUdGPVrqXjhX1hi-elp_g9fM6ATZbve_8JcEk3K5qftqsWfaWA3pqDudIXHN_WUvr384_8kE0MOFjVDFqD_Tm4gKinsG1bapWFoc8lUFPZr5jtx7M2wioIf0rsyljxMc-btC9Mp8H-VifWVGeh24TL7MGTFyN0j-EnGxpRiN1OaTs5VQKrzq0R8soY6Z6Cf9WovVCjKX_wqoCJtZVNLxix0O5
scope
openid offline_access
2021-05-18 13:04:53 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxOl82ZTc5MDViY2NlNDEwNjZiZjM4MDQ0MzU1NmY0ZjE2NA==
2021-05-18 13:04:53
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2E3ODcwMjQzMjQyNWUzNzZiNTA0ZDhjNTY1MmViOWMxOl82ZTc5MDViY2NlNDEwNjZiZjM4MDQ0MzU1NmY0ZjE2NA\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "531"
}
request_body
grant_type=refresh_token&refresh_token=AAdzZWNyZXQxB7kb3fOqHY6OxtvLyK164dNceM-ysKEi3hKW7gPgLRdR2HQ8Qh5QY_h5NllKHdbEsE8Bc-u0nqh0Dj0WLKDfvXggB3mU7tZR_yYcd2SDTHPRav_4M9TxEXeqNw7VUGQaHUTreCjLBBj7-3cimnldSOBKDFV5Be1Esg0HTMpDfFuc2qJFG3ht70YfyjAqh0xLFQeluA1QpeyzrgFtSWFvxRBlo1U52uWOjJsFMjJVRDrVUdGPVrqXjhX1hi-elp_g9fM6ATZbve_8JcEk3K5qftqsWfaWA3pqDudIXHN_WUvr384_8kE0MOFjVDFqD_Tm4gKinsG1bapWFoc8lUFPZr5jtx7M2wioIf0rsyljxMc-btC9Mp8H-VifWVGeh24TL7MGTFyN0j-EnGxpRiN1OaTs5VQKrzq0R8soY6Z6Cf9WovVCjKX_wqoCJtZVNLxix0O5&scope=openid+offline_access
2021-05-18 13:04:54 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
400 BAD_REQUEST
response_status_text
Bad Request
response_headers
{
  "date": "Tue, 18 May 2021 13:04:54 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "61",
  "set-cookie": "JSESSIONID\u003dnode0n0xxjqhllr4e7pi2iv5gj8i1274.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "connection": "close"
}
response_body
{"error_description":"Invalid grant","error":"invalid_grant"}
2021-05-18 13:04:54 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
error_description
Invalid grant
error
invalid_grant
2021-05-18 13:04:54 SUCCESS
ValidateErrorFromTokenEndpointResponseError
Token endpoint response error returned valid 'error' field
error
invalid_grant
2021-05-18 13:04:54 SUCCESS
CheckTokenEndpointHttpStatus400
Token endpoint http status code was 400
2021-05-18 13:04:54 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2021-05-18 13:04:54 SUCCESS
CheckErrorFromTokenEndpointResponseErrorInvalidGrant
Token Endpoint response error returned expected 'error' of 'invalid_grant'
error
invalid_grant
2021-05-18 13:04:54 FINISHED
oidcc-refresh-token
Test has run to completion
testmodule_result
PASSED
Unregister dynamically registered client
2021-05-18 13:04:54 INFO
UnregisterDynamicallyRegisteredClient
Skipped evaluation due to missing required string: registration_client_uri
expected
registration_client_uri
Second client: Unregister dynamically registered client
2021-05-18 13:04:54 INFO
UnregisterDynamicallyRegisteredClient
Skipped evaluation due to missing required string: registration_client_uri
expected
registration_client_uri
2021-05-18 13:04:56
TEST-RUNNER
Alias has now been claimed by another test
alias
3_0_1
new_test_id
W2PgHDYuRjahdR6
Test Results