Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-05-18 12:51:32 INFO
TEST-RUNNER
Test instance QfxU6CArAlB9lWI created
baseUrl
https://www.certification.openid.net/test/a/3_0_1
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code id_token",
  "server_metadata": "discovery",
  "response_mode": "form_post",
  "client_registration": "dynamic_client"
}
alias
3_0_1
description
Tests with 3.0.1
planId
E4quepq4WIIbY
config
{
  "alias": "3_0_1",
  "description": "Tests with 3.0.1",
  "server": {
    "discoveryUrl": "https://testop.funet.fi/.well-known/openid-configuration"
  },
  "client": {
    "client_id": "cert1",
    "client_secret": "changeit",
    "client_name": "second-cert-client"
  },
  "client_secret_post": {
    "client_id": "cert1_post",
    "client_secret": "changeit"
  },
  "client2": {
    "client_id": "cert2",
    "client_secret": "changeit",
    "client_name": "third-cert-client"
  }
}
testName
oidcc-refresh-token
2021-05-18 12:51:32 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
2021-05-18 12:51:32
GetDynamicServerConfiguration
HTTP request
request_uri
https://testop.funet.fi/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-05-18 12:51:33 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 12:51:33 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "2259",
  "set-cookie": "JSESSIONID\u003dnode0rpr0sy7cjnih1q0u6sb0dc5p430.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"authorization_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/authorize","token_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/token","registration_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/register","issuer":"https:\/\/testop.funet.fi","jwks_uri":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/keyset","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"grant_types_supported":["authorization_code","implicit","refresh_token"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"request_object_signing_alg_values_supported":["none","RS256","RS384","RS512","HS256","HS384","HS512","ES256","ES384","ES512"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"subject_types_supported":["public","pairwise"],"userinfo_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/userinfo","acr_values_supported":["password"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"display_values_supported":["page"],"claims_supported":["aud","iss","sub","iat","exp","acr","auth_time","email","email_verified","address","phone","phone_number_verified","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"claims_parameter_supported":true}
2021-05-18 12:51:33
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string
{"authorization_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/authorize","token_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/token","registration_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/register","issuer":"https:\/\/testop.funet.fi","jwks_uri":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/keyset","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["query","fragment","form_post"],"grant_types_supported":["authorization_code","implicit","refresh_token"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"request_object_signing_alg_values_supported":["none","RS256","RS384","RS512","HS256","HS384","HS512","ES256","ES384","ES512"],"request_parameter_supported":true,"request_uri_parameter_supported":true,"subject_types_supported":["public","pairwise"],"userinfo_endpoint":"https:\/\/testop.funet.fi\/idp\/profile\/oidc\/userinfo","acr_values_supported":["password"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["RS256","RS384","RS512","ES256","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"display_values_supported":["page"],"claims_supported":["aud","iss","sub","iat","exp","acr","auth_time","email","email_verified","address","phone","phone_number_verified","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"claims_parameter_supported":true}
2021-05-18 12:51:33 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
authorization_endpoint
https://testop.funet.fi/idp/profile/oidc/authorize
token_endpoint
https://testop.funet.fi/idp/profile/oidc/token
registration_endpoint
https://testop.funet.fi/idp/profile/oidc/register
issuer
https://testop.funet.fi
jwks_uri
https://testop.funet.fi/idp/profile/oidc/keyset
scopes_supported
[
  "openid",
  "profile",
  "email",
  "address",
  "phone",
  "offline_access"
]
response_types_supported
[
  "code",
  "id_token",
  "id_token token",
  "code id_token",
  "code token",
  "code id_token token"
]
response_modes_supported
[
  "query",
  "fragment",
  "form_post"
]
grant_types_supported
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
token_endpoint_auth_methods_supported
[
  "client_secret_basic",
  "client_secret_post",
  "client_secret_jwt",
  "private_key_jwt"
]
request_object_signing_alg_values_supported
[
  "none",
  "RS256",
  "RS384",
  "RS512",
  "HS256",
  "HS384",
  "HS512",
  "ES256",
  "ES384",
  "ES512"
]
request_parameter_supported
true
request_uri_parameter_supported
true
subject_types_supported
[
  "public",
  "pairwise"
]
userinfo_endpoint
https://testop.funet.fi/idp/profile/oidc/userinfo
acr_values_supported
[
  "password"
]
id_token_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "HS256",
  "HS384",
  "HS512"
]
id_token_encryption_alg_values_supported
[
  "RSA1_5",
  "RSA-OAEP",
  "RSA-OAEP-256",
  "A128KW",
  "A192KW",
  "A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW"
]
id_token_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A192CBC-HS384",
  "A256CBC-HS512",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
userinfo_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "ES256",
  "HS256",
  "HS384",
  "HS512"
]
userinfo_encryption_alg_values_supported
[
  "RSA1_5",
  "RSA-OAEP",
  "RSA-OAEP-256",
  "A128KW",
  "A192KW",
  "A256KW",
  "A128GCMKW",
  "A192GCMKW",
  "A256GCMKW"
]
userinfo_encryption_enc_values_supported
[
  "A128CBC-HS256",
  "A192CBC-HS384",
  "A256CBC-HS512",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
display_values_supported
[
  "page"
]
claims_supported
[
  "aud",
  "iss",
  "sub",
  "iat",
  "exp",
  "acr",
  "auth_time",
  "email",
  "email_verified",
  "address",
  "phone",
  "phone_number_verified",
  "name",
  "family_name",
  "given_name",
  "middle_name",
  "nickname",
  "preferred_username",
  "profile",
  "picture",
  "website",
  "gender",
  "birthdate",
  "zoneinfo",
  "locale",
  "updated_at"
]
claims_parameter_supported
true
2021-05-18 12:51:33 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-05-18 12:51:33 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
authorization_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
token_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "testop.funet.fi",
  "testPort": 443
}
2021-05-18 12:51:33
FetchServerKeys
Fetching server key
jwks_uri
https://testop.funet.fi/idp/profile/oidc/keyset
2021-05-18 12:51:33
FetchServerKeys
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/keyset
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2021-05-18 12:51:34 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 12:51:34 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "1146",
  "set-cookie": "JSESSIONID\u003dnode01swecg0rkhzgc1k4s74n0cmmy731.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"keys":[{"kty":"RSA","e":"AQAB","kid":"testKeyFromPEM","n":"sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"},{"kty":"EC","use":"sig","crv":"P-256","kid":"defaultECSign","x":"U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA","y":"CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"},{"kty":"RSA","e":"AQAB","use":"enc","kid":"defaultRSAEnc","n":"io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"}]}
2021-05-18 12:51:34
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kty":"RSA","e":"AQAB","kid":"testKeyFromPEM","n":"sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"},{"kty":"EC","use":"sig","crv":"P-256","kid":"defaultECSign","x":"U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA","y":"CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"},{"kty":"RSA","e":"AQAB","use":"enc","kid":"defaultRSAEnc","n":"io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"}]}
2021-05-18 12:51:34 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "testKeyFromPEM",
      "n": "sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "defaultECSign",
      "x": "U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA",
      "y": "CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "defaultRSAEnc",
      "n": "io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"
    }
  ]
}
2021-05-18 12:51:34 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "testKeyFromPEM",
      "n": "sUwJI3yF_zMx080vfwS_z-YVKgg17hE5pcmdiMAJVut4FPnK140MKeSo6wxaG-c0_TSi2guXrZstasntQ8xTDZkGwUb7rKR-bpPZmaCkHVHgLSqm-Z1Ir5K0ZGBjt6Y_7iMyMqYnCmr0LPX_I9AJ2q1JmTSozqEPRrc_tuTADxfx4DsV6rx0bR8HDA-DJo-cC0f6CrbIOzMVPwnPL_KG-SqsAU53gPzveK-bb96uvcDQXCdZb3VvR0DFztNZ7oqlj6NxBEwZnQ_asBjbHp-aqz7BtU3JxYVhmrvOrnR9D2NOsaFeRmdZyVR3Y8tHcgq3azSkZO_C4CTj8tGZMFQwWRf3H2BmlI5S1jQTqT9JVZh2ZvUM0IDRDqKdXEDQsazNisA-gBCaBJT-cdbYnDGRysAChpSjai_B69ZbrDPMoXse2CfIMfjEOPelyHdqhS-kFw4870WC84yqS7wP1-lQC4kMNS7ur1lNZ48AhAoN8a3y3I7a0S1QeKajw2pbp8w1"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "defaultECSign",
      "x": "U4iJnTvOjR4Rv6qejzcvwKOI8J9GLOiTNi-KIMHMrUA",
      "y": "CEs5qiF8dNkLpPsKUKC9ws3g8CzuidaiIkJssnh4kvo"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "defaultRSAEnc",
      "n": "io79tMj-af26JsDZj4NoxcXCESDvqSfMOSrwGIksKLE9I206MWHtCGHFLorBcv7DEX6cC8Ml6HN4wqI8gZ9X-6rGlCNCT9XA77sBOdMChm4HyXR3D7PihimGRKHYakn0Kd4LrVSQlkoX_w2c4E2AIbXR-vvMuMbHEV5jsba4S7I616sptHVd9oQLEbzrwhbQShTuEOCIbzjVtrmOZ8S14HqVQIZmSQINTRG3YsCKAxlY5bRrCb8rjMx6cawsLdv5cxTO1YkJiWJPHrq_dPTWypy1t1smw3aD7uE98g1RCZGYA6r6KaS775Uu-mSa4vncQjeb9V8lgonHnwN18iddNw"
    }
  ]
}
2021-05-18 12:51:34 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-05-18 12:51:34 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2021-05-18 12:51:34 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-18 12:51:34 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-05-18 12:51:34 SUCCESS
GetDynamicClientConfiguration
Created dynamic_client_registration_template object from the client configuration.
client_id
cert1
client_secret
changeit
client_name
second-cert-client
2021-05-18 12:51:34 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "2YfflSbVLDkvFy2YiU39Fq42hl1eX8Gqa6pT5MsdMq9xjxXhXmTSc406xfkxQtU4kWbmNqCRzVIkrvWEMvQ0XlED3WUM9V-k285VFMUp7mYaOAu4-yH8eY2dH6KXovIsBzZV50oMaB_AqwfeZjGXilLuGI8Arx31viOkMFzTaTs",
      "kty": "RSA",
      "q": "zn4MUt3EgEuRH3urK3v68x5QLy8LHADShWlvQN6D_3mJQurTyNpANewNyEt90uos_QBnKqYIGLO86qo9m6J4FGldivddZPQ05mkqJWQToIOGVjiAiMNE1wJnSpFq0iS5idHO1XON0udXjFLC5lEczC1wa-xH-_jy77kMqCX6dgM",
      "d": "EohGCjN4E9KO6htfPAWH-O99Fabih5QIXa06j2cpolElw_UgK4uTLHO-haOI7DmXJJvvpVi9LAMdAUJdSXw9r31JPMLXFn08bn_52rSZj2ywEsdQf2YL-O2gvkouYTZrxt5GH-suukLN6SIBlT9pc8b0O80Yczxs5qh6B2RwI0FysuGb9xLNkcOvs-tmmDWTEblt5-KuNa_Botqrt0rB1OPZw5sMGEeuCl567qhV477CJgbXmsNclPYOTgyTeiSK9rLo55uNCNq3V9HFPndd_vBI7de1F8JOb_si2yoCms4a4n-Xs5V-12yA72BEN6tRaZy35doNnIvy3Mv_03DMiQ",
      "e": "AQAB",
      "use": "sig",
      "qi": "Dc0Ovrc9vzENG7O5FIWgp1QuLjnKLl2ZuaGzzz5Eikjns9Jwy9YDyr4kWCSpSnpk59X32aeSG4WNJBnZbnT2yIo_VpuLe40_08G0syMD5vQdiHGPyAbVhqKVS20XJWVjeVBXRn2lrxgBPRZsdCrtKRGY7bMzhbPgIiaaXYaqaHY",
      "dp": "meDb8I5_zcDF5weCF97rYdfrCjGSSPqeq3rZzcdA6FHjaux3eGap2MPXB6S3jCd41KKNx6befPfWq01SLxlA0ldM_Jg3CnyWCkdzODYg61uewHbKbBwmlXXv6CkES2g0bQWqzuo6zI1ppZLzaCc8o8T2WLkQKtBuvgpIY03G33E",
      "alg": "RS256",
      "dq": "Nb4mtPaVKxL_3WLRhQrKoLYWBoHG8W3hXOm5E_gWAMsAB5OYtWDgb2hVmfjT8a4TMXIGZ9o4pz04gRb32-boO9_EgeOpwhmxHvrmBj9KwG8a6pvgEDhKVW-BtK2uUK1QQOeDXpipo-ekKJhts4YO6bE13lDr10_O4seV3Lmtu0M",
      "n": "r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"
    }
  ]
}
2021-05-18 12:51:34 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-18 12:51:34 SUCCESS
CreateDynamicRegistrationRequest
Created dynamic registration request
client_name
second-cert-client QfxU6CArAlB9lWI
2021-05-18 12:51:34
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2021-05-18 12:51:34
AddImplicitGrantTypeToDynamicRegistrationRequest
Added 'implicit' to 'grant_types'
grant_types
[
  "authorization_code",
  "implicit"
]
2021-05-18 12:51:34
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client QfxU6CArAlB9lWI",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"
      }
    ]
  }
}
2021-05-18 12:51:34
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client QfxU6CArAlB9lWI",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic"
}
2021-05-18 12:51:34
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client QfxU6CArAlB9lWI",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code id_token"
  ]
}
2021-05-18 12:51:34
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client QfxU6CArAlB9lWI",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code id_token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ]
}
2021-05-18 12:51:34
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "second-cert-client QfxU6CArAlB9lWI",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code id_token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2021-05-18 12:51:34
AddRefreshTokenGrantTypeToDynamicRegistrationRequest
Added 'refresh_token' to 'grant_types'
grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2021-05-18 12:51:34
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/register
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "737"
}
request_body
{"client_name":"second-cert-client QfxU6CArAlB9lWI","grant_types":["authorization_code","implicit","refresh_token"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"}]},"token_endpoint_auth_method":"client_secret_basic","response_types":["code id_token"],"redirect_uris":["https://www.certification.openid.net/test/a/3_0_1/callback"],"contacts":["certification@oidf.org"]}
2021-05-18 12:51:34 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "date": "Tue, 18 May 2021 12:51:34 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1062",
  "set-cookie": "JSESSIONID\u003dnode0n5xjhksnee1pm9mp6h0iahdn32.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"grant_types":["implicit","refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_c39f397a32405fab376276ed675b5445","client_secret_expires_at":1652878294,"scope":"openid profile email address phone offline_access","client_id_issued_at":1621342294,"client_secret":"_8601f6ef9568181c1b06338869296136","client_name":"second-cert-client QfxU6CArAlB9lWI","contacts":["certification@oidf.org"],"response_types":["code id_token"],"id_token_signed_response_alg":"RS256"}
2021-05-18 12:51:34
CallDynamicRegistrationEndpoint
Registration endpoint response
dynamic_registration_response
{"grant_types":["implicit","refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_c39f397a32405fab376276ed675b5445","client_secret_expires_at":1652878294,"scope":"openid profile email address phone offline_access","client_id_issued_at":1621342294,"client_secret":"_8601f6ef9568181c1b06338869296136","client_name":"second-cert-client QfxU6CArAlB9lWI","contacts":["certification@oidf.org"],"response_types":["code id_token"],"id_token_signed_response_alg":"RS256"}
2021-05-18 12:51:34
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
grant_types
[
  "implicit",
  "refresh_token",
  "authorization_code"
]
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "r3ZxQtkahylNBjlM1FBT-EmZFHzc9Oz9B9NVKNHPFqmu-RR-XE0smmc4Vw-zqDhW6y5jA-86iSU-OFbudtj9GvW-1jYjZ8mrE3fp6LeYmE6usMI18sewE-HiHUBNWN0ytxICvnCHHgNoqTvKt1PBsJMMArZDnj94A7_SbnM5KkzhEFy8xcG2vzszd0219T7yLXEF7OMDzHjsJNwrSGFnZz-PVp0HamjFglOf_Q6Fz4ulNuP2mcaf1xVsgg4MrGuxpV6CHuRGOTaYOSpaMpU5744PHzDSWtct4fT8mFdJ_y34BCq8ahBfKFsFkdqbuhauHONrDtipjvDxDT6805ltsQ"
    }
  ]
}
subject_type
public
application_type
web
redirect_uris
[
  "https://www.certification.openid.net/test/a/3_0_1/callback"
]
token_endpoint_auth_method
client_secret_basic
client_id
_c39f397a32405fab376276ed675b5445
client_secret_expires_at
1652878294
scope
openid profile email address phone offline_access
client_id_issued_at
1621342294
client_secret
_8601f6ef9568181c1b06338869296136
client_name
second-cert-client QfxU6CArAlB9lWI
contacts
[
  "certification@oidf.org"
]
response_types
[
  "code id_token"
]
id_token_signed_response_alg
RS256
2021-05-18 12:51:34
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2021-05-18 12:51:34
SetScopeInClientConfigurationToOpenIdOfflineAccessIfServerSupportsOfflineAccess
Set scope in client configuration to "openid offline_access"as 'scope_supported' contains 'offline_access'
scope
openid offline_access
2021-05-18 12:51:34 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
Contents of 'token_endpoint_auth_methods_supported' in discovery document matches expectations.
actual
[
  "client_secret_basic",
  "client_secret_post",
  "client_secret_jwt",
  "private_key_jwt"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2021-05-18 12:51:34 SUCCESS
GetDynamicClient2Configuration
Found a dynamic_client_registration_template object
client_id
cert2
client_secret
changeit
client_name
third-cert-client
2021-05-18 12:51:34 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "-6pClAob-BHchUHM9IjLTgDOWqgOD8CCw9xodbLWoyFOf40NIQqpFjHQlUPvJpHwg_JJibvU1MScGHs3kXw-ufyRJzXSY2s4KwkPuk0CjhlfT1LtdjsglEkkRkOIzvgdUPkJnINN2p13D77Qn7vJpJGiqfTfLo0wZ4YBG08-2ZE",
      "kty": "RSA",
      "q": "qu5ii11XnHqF46Inynyn-b5olWue0OeOMj1ZaXVs-oNMTya9pmtwQlcQCoVxwn6fY6YEMZqFfBpJPqAv5-si8keuh1tKiMoqQbRGT6gmLzPAeNqxdNhPpbJGcVjJ8I5URWpFePUV-JUtFLvxuqUu0whd8fnCwTj3aSO8hRSpuI0",
      "d": "OO5XYWyslvkOkZsI6fudlp9UnvkfZLLO2HALM-OAyo-piI2zpPqayUr6HZ_9sRl7TFSUCAxP7porYRBi76YIITmQ19uKdRLRXuUaRXZakfT4ZCd6xnmd22PK2B63OpxM6Psi5uA3XDAijj5DQhYJ051iCBbTV_MH3xTAB-XyVhwK2A7flqzFMUDW75qeKuW2ZTphTXMqXfwjGmenVbXbH-ya_mHWGu5_DzOCaWXkUMGgaZ44QvLdca8b6HG9jr0_i10XtljajakMiGYCg6TGvy3De79pbgfgQbg6oheAjORdQUfDGRDmj5JxP6RTu3syN_IHn4-xyiR0Pz-YR92lAQ",
      "e": "AQAB",
      "use": "sig",
      "qi": "eUoIGTGrNqT3ovVUeG3VQGXwSo8EilcnoYhYDNY7Ba9Hymnl5DjZ8J2nMJym4PDRRV8JXQPpZqrmCbng4QC2DoI584c8HCmytjP1N-Fi6Ce7qPaNw49FJwEi9pdwF80aj-gtj2CmPOHPNTj9IXjYjPvGFiaSf0ucP8SLciDPu_o",
      "dp": "gmSBAnsKasm2XETvkHOgAtZgFJCmWHsCRcDZTsJOe08ygNvwRYJkgV9mFzCPpIhQ-cx7VaXAbE1CI10UOYkKZwr5mjtEusY-3-1d_MUR4dY7j7oD1xJjmvEanl03cSUU63NdC37sw6x6l-nh5iFCJMZgZXa-fDwjLEA-KowwoEE",
      "alg": "RS256",
      "dq": "PcY7fQx17kplevgOk2Jrvplu6JllYzBcNpHvb2qNwReUi4J_xdZMUt1uIa9KhrUGW5gTKe4jUc-aKvTve0yCa7c2PxriG_-cN_Sz-HPXoPV-GO9IdOb8GfEM_kfNa4-0qwWWJ_nDP_yBt12ZJhAulPwQH7RZC0XQPII6zonCML0",
      "n": "qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"
    }
  ]
}
2021-05-18 12:51:34 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-05-18 12:51:34 SUCCESS
CreateDynamicRegistrationRequest
Created dynamic registration request
client_name
third-cert-client QfxU6CArAlB9lWI
2021-05-18 12:51:34
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2021-05-18 12:51:34
AddImplicitGrantTypeToDynamicRegistrationRequest
Added 'implicit' to 'grant_types'
grant_types
[
  "authorization_code",
  "implicit"
]
2021-05-18 12:51:34
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client QfxU6CArAlB9lWI",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"
      }
    ]
  }
}
2021-05-18 12:51:34
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client QfxU6CArAlB9lWI",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic"
}
2021-05-18 12:51:34
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client QfxU6CArAlB9lWI",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code id_token"
  ]
}
2021-05-18 12:51:34
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client QfxU6CArAlB9lWI",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code id_token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ]
}
2021-05-18 12:51:34
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "third-cert-client QfxU6CArAlB9lWI",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code id_token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/3_0_1/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2021-05-18 12:51:34
AddRefreshTokenGrantTypeToDynamicRegistrationRequest
Added 'refresh_token' to 'grant_types'
grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2021-05-18 12:51:34
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/register
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "736"
}
request_body
{"client_name":"third-cert-client QfxU6CArAlB9lWI","grant_types":["authorization_code","implicit","refresh_token"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"}]},"token_endpoint_auth_method":"client_secret_basic","response_types":["code id_token"],"redirect_uris":["https://www.certification.openid.net/test/a/3_0_1/callback"],"contacts":["certification@oidf.org"]}
2021-05-18 12:51:35 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "date": "Tue, 18 May 2021 12:51:35 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1061",
  "set-cookie": "JSESSIONID\u003dnode0jfx604eg15wm1y1jj5me32gog33.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"grant_types":["implicit","refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_f3136305348f068854a60f37469ef109","client_secret_expires_at":1652878295,"scope":"openid profile email address phone offline_access","client_id_issued_at":1621342295,"client_secret":"_e4e0901f329bb828460a7c1672fe5489","client_name":"third-cert-client QfxU6CArAlB9lWI","contacts":["certification@oidf.org"],"response_types":["code id_token"],"id_token_signed_response_alg":"RS256"}
2021-05-18 12:51:35
CallDynamicRegistrationEndpoint
Registration endpoint response
dynamic_registration_response
{"grant_types":["implicit","refresh_token","authorization_code"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"}]},"subject_type":"public","application_type":"web","redirect_uris":["https:\/\/www.certification.openid.net\/test\/a\/3_0_1\/callback"],"token_endpoint_auth_method":"client_secret_basic","client_id":"_f3136305348f068854a60f37469ef109","client_secret_expires_at":1652878295,"scope":"openid profile email address phone offline_access","client_id_issued_at":1621342295,"client_secret":"_e4e0901f329bb828460a7c1672fe5489","client_name":"third-cert-client QfxU6CArAlB9lWI","contacts":["certification@oidf.org"],"response_types":["code id_token"],"id_token_signed_response_alg":"RS256"}
2021-05-18 12:51:35
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
grant_types
[
  "implicit",
  "refresh_token",
  "authorization_code"
]
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "qAlpYGMJxd1Kgs8BfM0I7THMa7SITJS5hfWejWHerj0D1IxWu36u1NqjQ5Y-dMLCl4quMbgOVIMW9TSqouY3s6YAekNENyAgTV47beftR52clTxbGu_0b5_HIr6kv4WZCJ_jnVgEwTpTFepXiR-LKBE4jrLKz-FgLhQwejBbc8oiyu7oOAvn6BcOLovlCjL198OUh_GXS9wH1tN2cH-UHfvTq96RvjAmp58b_gxxPCp1faG753m6BpBFcFN7cES8vNqsWMN26e5fGvwM7aI9yPTUsY0VkSus-OLP5TbI-97F6IJHbOgWKpUGexmlmEDkSpch-AhhPru-EvrRxrcM3Q"
    }
  ]
}
subject_type
public
application_type
web
redirect_uris
[
  "https://www.certification.openid.net/test/a/3_0_1/callback"
]
token_endpoint_auth_method
client_secret_basic
client_id
_f3136305348f068854a60f37469ef109
client_secret_expires_at
1652878295
scope
openid profile email address phone offline_access
client_id_issued_at
1621342295
client_secret
_e4e0901f329bb828460a7c1672fe5489
client_name
third-cert-client QfxU6CArAlB9lWI
contacts
[
  "certification@oidf.org"
]
response_types
[
  "code id_token"
]
id_token_signed_response_alg
RS256
2021-05-18 12:51:35
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2021-05-18 12:51:35
SetScopeInClientConfigurationToOpenIdOfflineAccessIfServerSupportsOfflineAccess
Set scope in client configuration to "openid offline_access"as 'scope_supported' contains 'offline_access'
scope
openid offline_access
2021-05-18 12:51:35 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
Contents of 'token_endpoint_auth_methods_supported' in discovery document matches expectations.
actual
[
  "client_secret_basic",
  "client_secret_post",
  "client_secret_jwt",
  "private_key_jwt"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2021-05-18 12:51:35 SUCCESS
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
protected_resource_url
https://testop.funet.fi/idp/profile/oidc/userinfo
2021-05-18 12:51:35
oidcc-refresh-token
Setup Done
Make request to authorization endpoint
2021-05-18 12:51:35 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
_c39f397a32405fab376276ed675b5445
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
2021-05-18 12:51:35
CreateRandomStateValue
Created state value
requested_state_length
10
state
NnV76ahyJH
2021-05-18 12:51:35 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
_c39f397a32405fab376276ed675b5445
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
NnV76ahyJH
2021-05-18 12:51:35
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
FokWgjADyW
2021-05-18 12:51:35 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
_c39f397a32405fab376276ed675b5445
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
NnV76ahyJH
nonce
FokWgjADyW
2021-05-18 12:51:35 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
_c39f397a32405fab376276ed675b5445
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
NnV76ahyJH
nonce
FokWgjADyW
response_type
code id_token
2021-05-18 12:51:35
SetAuthorizationEndpointRequestResponseModeToFormPost
Added response_mode parameter to request
client_id
_c39f397a32405fab376276ed675b5445
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
NnV76ahyJH
nonce
FokWgjADyW
response_type
code id_token
response_mode
form_post
2021-05-18 12:51:35 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
client_id
_c39f397a32405fab376276ed675b5445
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
NnV76ahyJH
nonce
FokWgjADyW
response_type
code id_token
response_mode
form_post
prompt
consent
2021-05-18 12:51:35 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_c39f397a32405fab376276ed675b5445&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=NnV76ahyJH&nonce=FokWgjADyW&response_type=code%20id_token&response_mode=form_post&prompt=consent
2021-05-18 12:51:35 REDIRECT
oidcc-refresh-token
Redirecting to authorization endpoint
redirect_to
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_c39f397a32405fab376276ed675b5445&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=NnV76ahyJH&nonce=FokWgjADyW&response_type=code%20id_token&response_mode=form_post&prompt=consent
2021-05-18 12:51:41 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance QfxU6CArAlB9lWI
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "upgrade-insecure-requests": "1",
  "origin": "https://testop.funet.fi",
  "content-type": "application/x-www-form-urlencoded",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "JSESSIONID\u003d013E7B68534FD78C46A4EEB59EEEA426",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "1363",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
callback
incoming_body_form_params
{
  "code": "AAdzZWNyZXQxg4UNitTeyuNxDM_SdXd7ODTvIbOMZYLlrAcpdfqiULtXapHGpIZpseG_mf22r8ZBuTrMRUQ_x3afWiJmmK-_9l1HUUbBsQP7w4F8B46p1w7pbtcexTvM_wvNL6rS323jYlkGnJFzUCaARfN6NYIOR5RuH3QyKfk6-wur4VgpauG53hmtJGA6SIXW79c8V-IhNKXbXE6saozugTvZKgX-_YVft0JLMeELM1P8ZSRCXfML00eFJS7MapRGabejR47O0PKEQie20g3FzJ910UaCjER9Wo4CcI5UM-N2INHT5nGqU6tZhRiHvIid-iVa8_FuwyLjHtJOoZVIbHPVkchvVDHps50Hqqw1tjpEZOUspmrk4AtR-9qFrQJAtJl-YXSQrdJHd2upZQfwLkChuCSpHY9UynBvIUabswZe4ucHmuoPBDP9L3z73_SeuspRKqPU",
  "state": "NnV76ahyJH",
  "id_token": "eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9jMzlmMzk3YTMyNDA1ZmFiMzc2Mjc2ZWQ2NzViNTQ0NSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiRUMwa2c2UTBxckNhd1V6UTQ5WS1tUSIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkwMCwiaWF0IjoxNjIxMzQyMzAwLCJub25jZSI6IkZva1dnakFEeVcifQ.JKWn3FUAqXx_f3lEz8EGbgtKZFqpfWp8ncltXFsbphsums0rBpelHB3iP27w3fECEow1J2lOem0nRWPXkAPP5zRMnDwbRqRrSquY4yxwC30y00zd2CXB_n7Z5WeW8B0eLS1OIpPUdPyxi7idRI2eeNmfs48xDngtnIl818xjzdFMeSzv0IsXTHm--0aepCt60lGYDFRcNuFVLp9SYNafUYXhXBd1jmDR5urSLsUnLnZ9uIiPOz2DExr90NFmz406Llz8O47KAi-7sOZmRIOUUvpbkxlYvqf1ODTbbebjw0vW20T4UWDqNTGsDNQm2KTqpEO9B_OAes1PxzU1WFfpAug86MLjdd3WpRM-Sge_LH-JNIlSfXLourj_CtIvtqdzwjg-4NAGjhYF-CZC_ZU2kPI8CqlRGwE7UOPYVtLeIQli9y0-O0XuyvkSK1bqNpqYZdrM2E4vzgbyHcM5Ok_iVwnVXTOVBAY7zEJt1DA3Fl5gCWS07i0TIUbjMtvg9qku"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
code=AAdzZWNyZXQxg4UNitTeyuNxDM_SdXd7ODTvIbOMZYLlrAcpdfqiULtXapHGpIZpseG_mf22r8ZBuTrMRUQ_x3afWiJmmK-_9l1HUUbBsQP7w4F8B46p1w7pbtcexTvM_wvNL6rS323jYlkGnJFzUCaARfN6NYIOR5RuH3QyKfk6-wur4VgpauG53hmtJGA6SIXW79c8V-IhNKXbXE6saozugTvZKgX-_YVft0JLMeELM1P8ZSRCXfML00eFJS7MapRGabejR47O0PKEQie20g3FzJ910UaCjER9Wo4CcI5UM-N2INHT5nGqU6tZhRiHvIid-iVa8_FuwyLjHtJOoZVIbHPVkchvVDHps50Hqqw1tjpEZOUspmrk4AtR-9qFrQJAtJl-YXSQrdJHd2upZQfwLkChuCSpHY9UynBvIUabswZe4ucHmuoPBDP9L3z73_SeuspRKqPU&state=NnV76ahyJH&id_token=eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9jMzlmMzk3YTMyNDA1ZmFiMzc2Mjc2ZWQ2NzViNTQ0NSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiRUMwa2c2UTBxckNhd1V6UTQ5WS1tUSIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkwMCwiaWF0IjoxNjIxMzQyMzAwLCJub25jZSI6IkZva1dnakFEeVcifQ.JKWn3FUAqXx_f3lEz8EGbgtKZFqpfWp8ncltXFsbphsums0rBpelHB3iP27w3fECEow1J2lOem0nRWPXkAPP5zRMnDwbRqRrSquY4yxwC30y00zd2CXB_n7Z5WeW8B0eLS1OIpPUdPyxi7idRI2eeNmfs48xDngtnIl818xjzdFMeSzv0IsXTHm--0aepCt60lGYDFRcNuFVLp9SYNafUYXhXBd1jmDR5urSLsUnLnZ9uIiPOz2DExr90NFmz406Llz8O47KAi-7sOZmRIOUUvpbkxlYvqf1ODTbbebjw0vW20T4UWDqNTGsDNQm2KTqpEO9B_OAes1PxzU1WFfpAug86MLjdd3WpRM-Sge_LH-JNIlSfXLourj_CtIvtqdzwjg-4NAGjhYF-CZC_ZU2kPI8CqlRGwE7UOPYVtLeIQli9y0-O0XuyvkSK1bqNpqYZdrM2E4vzgbyHcM5Ok_iVwnVXTOVBAY7zEJt1DA3Fl5gCWS07i0TIUbjMtvg9qku
2021-05-18 12:51:41 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/Ntkv0JBHFy1e7Huntv44",
  "fullUrl": "https://www.certification.openid.net/test/a/3_0_1/implicit/Ntkv0JBHFy1e7Huntv44"
}
2021-05-18 12:51:41 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance QfxU6CArAlB9lWI
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/3_0_1/implicit/Ntkv0JBHFy1e7Huntv44, returnUrl=/log-detail.html?log=QfxU6CArAlB9lWI}]
outgoing_path
callback
2021-05-18 12:51:41 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance QfxU6CArAlB9lWI
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/3_0_1/callback",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "__utma\u003d201319536.760360395.1526462956.1616416266.1620398155.50; __utmz\u003d201319536.1620398155.50.31.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d013E7B68534FD78C46A4EEB59EEEA426",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/Ntkv0JBHFy1e7Huntv44
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-05-18 12:51:41 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance QfxU6CArAlB9lWI
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/Ntkv0JBHFy1e7Huntv44
2021-05-18 12:51:41 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2021-05-18 12:51:41 REDIRECT-IN
oidcc-refresh-token
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "upgrade-insecure-requests": "1",
  "origin": "https://testop.funet.fi",
  "content-type": "application/x-www-form-urlencoded",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "JSESSIONID\u003d013E7B68534FD78C46A4EEB59EEEA426",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "1363",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
http_method
POST
url_fragment
{}
post_body
{
  "code": "AAdzZWNyZXQxg4UNitTeyuNxDM_SdXd7ODTvIbOMZYLlrAcpdfqiULtXapHGpIZpseG_mf22r8ZBuTrMRUQ_x3afWiJmmK-_9l1HUUbBsQP7w4F8B46p1w7pbtcexTvM_wvNL6rS323jYlkGnJFzUCaARfN6NYIOR5RuH3QyKfk6-wur4VgpauG53hmtJGA6SIXW79c8V-IhNKXbXE6saozugTvZKgX-_YVft0JLMeELM1P8ZSRCXfML00eFJS7MapRGabejR47O0PKEQie20g3FzJ910UaCjER9Wo4CcI5UM-N2INHT5nGqU6tZhRiHvIid-iVa8_FuwyLjHtJOoZVIbHPVkchvVDHps50Hqqw1tjpEZOUspmrk4AtR-9qFrQJAtJl-YXSQrdJHd2upZQfwLkChuCSpHY9UynBvIUabswZe4ucHmuoPBDP9L3z73_SeuspRKqPU",
  "state": "NnV76ahyJH",
  "id_token": "eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9jMzlmMzk3YTMyNDA1ZmFiMzc2Mjc2ZWQ2NzViNTQ0NSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiRUMwa2c2UTBxckNhd1V6UTQ5WS1tUSIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkwMCwiaWF0IjoxNjIxMzQyMzAwLCJub25jZSI6IkZva1dnakFEeVcifQ.JKWn3FUAqXx_f3lEz8EGbgtKZFqpfWp8ncltXFsbphsums0rBpelHB3iP27w3fECEow1J2lOem0nRWPXkAPP5zRMnDwbRqRrSquY4yxwC30y00zd2CXB_n7Z5WeW8B0eLS1OIpPUdPyxi7idRI2eeNmfs48xDngtnIl818xjzdFMeSzv0IsXTHm--0aepCt60lGYDFRcNuFVLp9SYNafUYXhXBd1jmDR5urSLsUnLnZ9uIiPOz2DExr90NFmz406Llz8O47KAi-7sOZmRIOUUvpbkxlYvqf1ODTbbebjw0vW20T4UWDqNTGsDNQm2KTqpEO9B_OAes1PxzU1WFfpAug86MLjdd3WpRM-Sge_LH-JNIlSfXLourj_CtIvtqdzwjg-4NAGjhYF-CZC_ZU2kPI8CqlRGwE7UOPYVtLeIQli9y0-O0XuyvkSK1bqNpqYZdrM2E4vzgbyHcM5Ok_iVwnVXTOVBAY7zEJt1DA3Fl5gCWS07i0TIUbjMtvg9qku"
}
Verify authorization endpoint response
2021-05-18 12:51:41 SUCCESS
CheckCallbackHttpMethodIsPost
HTTP method used at redirect_uri is 'POST'
2021-05-18 12:51:41 SUCCESS
CheckCallbackContentTypeIsFormUrlEncoded
content-type header to redirect_uri has the expected value
content_type
application/x-www-form-urlencoded
expected
application/x-www-form-urlencoded
2021-05-18 12:51:41 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2021-05-18 12:51:41 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2021-05-18 12:51:41 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2021-05-18 12:51:41
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
2021-05-18 12:51:41 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2021-05-18 12:51:41 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
NnV76ahyJH
2021-05-18 12:51:41 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
AAdzZWNyZXQxg4UNitTeyuNxDM_SdXd7ODTvIbOMZYLlrAcpdfqiULtXapHGpIZpseG_mf22r8ZBuTrMRUQ_x3afWiJmmK-_9l1HUUbBsQP7w4F8B46p1w7pbtcexTvM_wvNL6rS323jYlkGnJFzUCaARfN6NYIOR5RuH3QyKfk6-wur4VgpauG53hmtJGA6SIXW79c8V-IhNKXbXE6saozugTvZKgX-_YVft0JLMeELM1P8ZSRCXfML00eFJS7MapRGabejR47O0PKEQie20g3FzJ910UaCjER9Wo4CcI5UM-N2INHT5nGqU6tZhRiHvIid-iVa8_FuwyLjHtJOoZVIbHPVkchvVDHps50Hqqw1tjpEZOUspmrk4AtR-9qFrQJAtJl-YXSQrdJHd2upZQfwLkChuCSpHY9UynBvIUabswZe4ucHmuoPBDP9L3z73_SeuspRKqPU
2021-05-18 12:51:41 SUCCESS
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9jMzlmMzk3YTMyNDA1ZmFiMzc2Mjc2ZWQ2NzViNTQ0NSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiRUMwa2c2UTBxckNhd1V6UTQ5WS1tUSIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkwMCwiaWF0IjoxNjIxMzQyMzAwLCJub25jZSI6IkZva1dnakFEeVcifQ.JKWn3FUAqXx_f3lEz8EGbgtKZFqpfWp8ncltXFsbphsums0rBpelHB3iP27w3fECEow1J2lOem0nRWPXkAPP5zRMnDwbRqRrSquY4yxwC30y00zd2CXB_n7Z5WeW8B0eLS1OIpPUdPyxi7idRI2eeNmfs48xDngtnIl818xjzdFMeSzv0IsXTHm--0aepCt60lGYDFRcNuFVLp9SYNafUYXhXBd1jmDR5urSLsUnLnZ9uIiPOz2DExr90NFmz406Llz8O47KAi-7sOZmRIOUUvpbkxlYvqf1ODTbbebjw0vW20T4UWDqNTGsDNQm2KTqpEO9B_OAes1PxzU1WFfpAug86MLjdd3WpRM-Sge_LH-JNIlSfXLourj_CtIvtqdzwjg-4NAGjhYF-CZC_ZU2kPI8CqlRGwE7UOPYVtLeIQli9y0-O0XuyvkSK1bqNpqYZdrM2E4vzgbyHcM5Ok_iVwnVXTOVBAY7zEJt1DA3Fl5gCWS07i0TIUbjMtvg9qku
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "sub": "teppo@funet.fi",
  "aud": "_c39f397a32405fab376276ed675b5445",
  "acr": "password",
  "c_hash": "EC0kg6Q0qrCawUzQ49Y-mQ",
  "auth_time": 1621341941,
  "iss": "https://testop.funet.fi",
  "exp": 1621345900,
  "iat": 1621342300,
  "nonce": "FokWgjADyW"
}
2021-05-18 12:51:41 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2021-05-18 12:51:41 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
FokWgjADyW
2021-05-18 12:51:41 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2021-05-18 12:51:41 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9jMzlmMzk3YTMyNDA1ZmFiMzc2Mjc2ZWQ2NzViNTQ0NSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiRUMwa2c2UTBxckNhd1V6UTQ5WS1tUSIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkwMCwiaWF0IjoxNjIxMzQyMzAwLCJub25jZSI6IkZva1dnakFEeVcifQ.JKWn3FUAqXx_f3lEz8EGbgtKZFqpfWp8ncltXFsbphsums0rBpelHB3iP27w3fECEow1J2lOem0nRWPXkAPP5zRMnDwbRqRrSquY4yxwC30y00zd2CXB_n7Z5WeW8B0eLS1OIpPUdPyxi7idRI2eeNmfs48xDngtnIl818xjzdFMeSzv0IsXTHm--0aepCt60lGYDFRcNuFVLp9SYNafUYXhXBd1jmDR5urSLsUnLnZ9uIiPOz2DExr90NFmz406Llz8O47KAi-7sOZmRIOUUvpbkxlYvqf1ODTbbebjw0vW20T4UWDqNTGsDNQm2KTqpEO9B_OAes1PxzU1WFfpAug86MLjdd3WpRM-Sge_LH-JNIlSfXLourj_CtIvtqdzwjg-4NAGjhYF-CZC_ZU2kPI8CqlRGwE7UOPYVtLeIQli9y0-O0XuyvkSK1bqNpqYZdrM2E4vzgbyHcM5Ok_iVwnVXTOVBAY7zEJt1DA3Fl5gCWS07i0TIUbjMtvg9qku
2021-05-18 12:51:41 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9jMzlmMzk3YTMyNDA1ZmFiMzc2Mjc2ZWQ2NzViNTQ0NSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiRUMwa2c2UTBxckNhd1V6UTQ5WS1tUSIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkwMCwiaWF0IjoxNjIxMzQyMzAwLCJub25jZSI6IkZva1dnakFEeVcifQ.JKWn3FUAqXx_f3lEz8EGbgtKZFqpfWp8ncltXFsbphsums0rBpelHB3iP27w3fECEow1J2lOem0nRWPXkAPP5zRMnDwbRqRrSquY4yxwC30y00zd2CXB_n7Z5WeW8B0eLS1OIpPUdPyxi7idRI2eeNmfs48xDngtnIl818xjzdFMeSzv0IsXTHm--0aepCt60lGYDFRcNuFVLp9SYNafUYXhXBd1jmDR5urSLsUnLnZ9uIiPOz2DExr90NFmz406Llz8O47KAi-7sOZmRIOUUvpbkxlYvqf1ODTbbebjw0vW20T4UWDqNTGsDNQm2KTqpEO9B_OAes1PxzU1WFfpAug86MLjdd3WpRM-Sge_LH-JNIlSfXLourj_CtIvtqdzwjg-4NAGjhYF-CZC_ZU2kPI8CqlRGwE7UOPYVtLeIQli9y0-O0XuyvkSK1bqNpqYZdrM2E4vzgbyHcM5Ok_iVwnVXTOVBAY7zEJt1DA3Fl5gCWS07i0TIUbjMtvg9qku
2021-05-18 12:51:41 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
teppo@funet.fi
2021-05-18 12:51:41 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
AAdzZWNyZXQxg4UNitTeyuNxDM_SdXd7ODTvIbOMZYLlrAcpdfqiULtXapHGpIZpseG_mf22r8ZBuTrMRUQ_x3afWiJmmK-_9l1HUUbBsQP7w4F8B46p1w7pbtcexTvM_wvNL6rS323jYlkGnJFzUCaARfN6NYIOR5RuH3QyKfk6-wur4VgpauG53hmtJGA6SIXW79c8V-IhNKXbXE6saozugTvZKgX-_YVft0JLMeELM1P8ZSRCXfML00eFJS7MapRGabejR47O0PKEQie20g3FzJ910UaCjER9Wo4CcI5UM-N2INHT5nGqU6tZhRiHvIid-iVa8_FuwyLjHtJOoZVIbHPVkchvVDHps50Hqqw1tjpEZOUspmrk4AtR-9qFrQJAtJl-YXSQrdJHd2upZQfwLkChuCSpHY9UynBvIUabswZe4ucHmuoPBDP9L3z73_SeuspRKqPU
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
2021-05-18 12:51:41 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1Ol84NjAxZjZlZjk1NjgxODFjMWIwNjMzODg2OTI5NjEzNg==
2021-05-18 12:51:41
CallTokenEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1Ol84NjAxZjZlZjk1NjgxODFjMWIwNjMzODg2OTI5NjEzNg\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "581"
}
request_body
grant_type=authorization_code&code=AAdzZWNyZXQxg4UNitTeyuNxDM_SdXd7ODTvIbOMZYLlrAcpdfqiULtXapHGpIZpseG_mf22r8ZBuTrMRUQ_x3afWiJmmK-_9l1HUUbBsQP7w4F8B46p1w7pbtcexTvM_wvNL6rS323jYlkGnJFzUCaARfN6NYIOR5RuH3QyKfk6-wur4VgpauG53hmtJGA6SIXW79c8V-IhNKXbXE6saozugTvZKgX-_YVft0JLMeELM1P8ZSRCXfML00eFJS7MapRGabejR47O0PKEQie20g3FzJ910UaCjER9Wo4CcI5UM-N2INHT5nGqU6tZhRiHvIid-iVa8_FuwyLjHtJOoZVIbHPVkchvVDHps50Hqqw1tjpEZOUspmrk4AtR-9qFrQJAtJl-YXSQrdJHd2upZQfwLkChuCSpHY9UynBvIUabswZe4ucHmuoPBDP9L3z73_SeuspRKqPU&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2F3_0_1%2Fcallback
2021-05-18 12:51:42 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 12:51:42 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1886",
  "set-cookie": "JSESSIONID\u003dnode0113ujjr786sjlih9qox8xfvd934.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQxdJ34cxB5R3KOur5IYPJwYSvwSqKUN4zAhoR-yL7nXcUBoxZeQQk_BWBr0WBmF57aLGfahWMROKq3YfxIYX4afhVrPweZsSK7Q3YjCLPwa7Nw8cLii2eP6xLyIweFhepXeK6tu6_pn7njDdYBt0Oc2tuDsYmqQO7yrZnvjqE9bKQyz0qHG1VrW4P_kf9aVcvPOjA8uKh07wi9SSZMUuC8oRlAQ4Ef6kr0tu4BI8sArrnmCCqdfuwwo1atT-nY38tRfUaoZyiQj5t-xKpKEBYeyzR-NQGPTBrykG8YKC6R37BkZ5EkmuttUXNFhod9198bVJ7kB89dZx3i-Ce-yxeJdgWBg4k2XuxbEWqZEM53wR85neIAQ7yCe7YztgJbURPfRVTeP03R5_9xOupxHTK3tVnCOLqedokkG_BvkAyqrTB5kA3asCVNidD2RUNS9f8","refresh_token":"AAdzZWNyZXQxgAuLv-j8B_Y9d7fkLibbaYbcPz8JKtCLx3SP4yG0OgYUjJP_jWted85Lret2LopFDb8xM7cDP6iblOGcPDE7DFK6haRTl4CBClsROkWrQLu5Gr5ZYorm-j0ndMaITLvo8ZuCr1M0RmAIY2wOydOt1orWr_XN3OekszVjCNe-soILW0kWYQe-YKd7X4Svu8_i7BC7HyqZUB71jXdTlcy6dauU8ZUdhjyVnDn7IOgeZEHipYePTOgbs_gJzRCNqXeZjujtGD21NgcH0RjbxK6k2vutikkRizT4fHJw9KJboVE6vNPWfembzscMDYJm-rCobxEup8usAkN_bpPMnT0pih58oatVsew_IPEkPJhDn-o5gNKtoVd9KeTiLK9WkKR6YSP97Cmm9JhZRj3DqNLaKCkVjmrhNbeSJi1WY_pICCPNtAjjLVZ5YmxIzuUNo_bBe0br","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiV1B3ZDlLaUdXNFlPSWg0R1VVZTBIZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MDIsImlhdCI6MTYyMTM0MjMwMiwibm9uY2UiOiJGb2tXZ2pBRHlXIn0.D9e9fuAzfZ37H_OrTkkDJIxbrhGAWAVroxpf6hAM5kls74A_VOaTW63snuDcQg5lgpCTreQyymMRpI7xFWkGf5WlKvj2Kdad9Yx7bXKAjE_KMZByBSo5vB5TwYKONFsbLsgYL24FiILT2eD_QeDwBg0GWSv63-feQcMX8ndZMP8r7fMWvN-up3H5uHo37otVwj-gSs-rlbjRl6inLaQBvwyE5UQmYHB_5PVnGiDCMb8rzeNsmn4xc9detMhBa2U9bfC1IWEsTAdIhGnd440mPhYopCPl-xyzHyXjuq8qk0s_uVsWW62McL-b2E5unHJRP5irTP3bwV_FV9zUEni2Es4KE2SynM8f9XPHmVRqK1FvxVGn3_fOn6tMRYL5HCygjpsTaNzGFfuahRxh0GALD3BP_MtHbNuZ4_H1xwM58vlxDA4JntLuBYcVmNgFyuhPDpwnEJidAf-x_hKeirmS-dQTO06roS7T6qgohKzu0uW4gUClMcRMEwaoKJMbSyzz","token_type":"Bearer","expires_in":600}
2021-05-18 12:51:42
CallTokenEndpoint
Token endpoint response
token_endpoint_response
{"access_token":"AAdzZWNyZXQxdJ34cxB5R3KOur5IYPJwYSvwSqKUN4zAhoR-yL7nXcUBoxZeQQk_BWBr0WBmF57aLGfahWMROKq3YfxIYX4afhVrPweZsSK7Q3YjCLPwa7Nw8cLii2eP6xLyIweFhepXeK6tu6_pn7njDdYBt0Oc2tuDsYmqQO7yrZnvjqE9bKQyz0qHG1VrW4P_kf9aVcvPOjA8uKh07wi9SSZMUuC8oRlAQ4Ef6kr0tu4BI8sArrnmCCqdfuwwo1atT-nY38tRfUaoZyiQj5t-xKpKEBYeyzR-NQGPTBrykG8YKC6R37BkZ5EkmuttUXNFhod9198bVJ7kB89dZx3i-Ce-yxeJdgWBg4k2XuxbEWqZEM53wR85neIAQ7yCe7YztgJbURPfRVTeP03R5_9xOupxHTK3tVnCOLqedokkG_BvkAyqrTB5kA3asCVNidD2RUNS9f8","refresh_token":"AAdzZWNyZXQxgAuLv-j8B_Y9d7fkLibbaYbcPz8JKtCLx3SP4yG0OgYUjJP_jWted85Lret2LopFDb8xM7cDP6iblOGcPDE7DFK6haRTl4CBClsROkWrQLu5Gr5ZYorm-j0ndMaITLvo8ZuCr1M0RmAIY2wOydOt1orWr_XN3OekszVjCNe-soILW0kWYQe-YKd7X4Svu8_i7BC7HyqZUB71jXdTlcy6dauU8ZUdhjyVnDn7IOgeZEHipYePTOgbs_gJzRCNqXeZjujtGD21NgcH0RjbxK6k2vutikkRizT4fHJw9KJboVE6vNPWfembzscMDYJm-rCobxEup8usAkN_bpPMnT0pih58oatVsew_IPEkPJhDn-o5gNKtoVd9KeTiLK9WkKR6YSP97Cmm9JhZRj3DqNLaKCkVjmrhNbeSJi1WY_pICCPNtAjjLVZ5YmxIzuUNo_bBe0br","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiV1B3ZDlLaUdXNFlPSWg0R1VVZTBIZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MDIsImlhdCI6MTYyMTM0MjMwMiwibm9uY2UiOiJGb2tXZ2pBRHlXIn0.D9e9fuAzfZ37H_OrTkkDJIxbrhGAWAVroxpf6hAM5kls74A_VOaTW63snuDcQg5lgpCTreQyymMRpI7xFWkGf5WlKvj2Kdad9Yx7bXKAjE_KMZByBSo5vB5TwYKONFsbLsgYL24FiILT2eD_QeDwBg0GWSv63-feQcMX8ndZMP8r7fMWvN-up3H5uHo37otVwj-gSs-rlbjRl6inLaQBvwyE5UQmYHB_5PVnGiDCMb8rzeNsmn4xc9detMhBa2U9bfC1IWEsTAdIhGnd440mPhYopCPl-xyzHyXjuq8qk0s_uVsWW62McL-b2E5unHJRP5irTP3bwV_FV9zUEni2Es4KE2SynM8f9XPHmVRqK1FvxVGn3_fOn6tMRYL5HCygjpsTaNzGFfuahRxh0GALD3BP_MtHbNuZ4_H1xwM58vlxDA4JntLuBYcVmNgFyuhPDpwnEJidAf-x_hKeirmS-dQTO06roS7T6qgohKzu0uW4gUClMcRMEwaoKJMbSyzz","token_type":"Bearer","expires_in":600}
2021-05-18 12:51:42 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
AAdzZWNyZXQxdJ34cxB5R3KOur5IYPJwYSvwSqKUN4zAhoR-yL7nXcUBoxZeQQk_BWBr0WBmF57aLGfahWMROKq3YfxIYX4afhVrPweZsSK7Q3YjCLPwa7Nw8cLii2eP6xLyIweFhepXeK6tu6_pn7njDdYBt0Oc2tuDsYmqQO7yrZnvjqE9bKQyz0qHG1VrW4P_kf9aVcvPOjA8uKh07wi9SSZMUuC8oRlAQ4Ef6kr0tu4BI8sArrnmCCqdfuwwo1atT-nY38tRfUaoZyiQj5t-xKpKEBYeyzR-NQGPTBrykG8YKC6R37BkZ5EkmuttUXNFhod9198bVJ7kB89dZx3i-Ce-yxeJdgWBg4k2XuxbEWqZEM53wR85neIAQ7yCe7YztgJbURPfRVTeP03R5_9xOupxHTK3tVnCOLqedokkG_BvkAyqrTB5kA3asCVNidD2RUNS9f8
refresh_token
AAdzZWNyZXQxgAuLv-j8B_Y9d7fkLibbaYbcPz8JKtCLx3SP4yG0OgYUjJP_jWted85Lret2LopFDb8xM7cDP6iblOGcPDE7DFK6haRTl4CBClsROkWrQLu5Gr5ZYorm-j0ndMaITLvo8ZuCr1M0RmAIY2wOydOt1orWr_XN3OekszVjCNe-soILW0kWYQe-YKd7X4Svu8_i7BC7HyqZUB71jXdTlcy6dauU8ZUdhjyVnDn7IOgeZEHipYePTOgbs_gJzRCNqXeZjujtGD21NgcH0RjbxK6k2vutikkRizT4fHJw9KJboVE6vNPWfembzscMDYJm-rCobxEup8usAkN_bpPMnT0pih58oatVsew_IPEkPJhDn-o5gNKtoVd9KeTiLK9WkKR6YSP97Cmm9JhZRj3DqNLaKCkVjmrhNbeSJi1WY_pICCPNtAjjLVZ5YmxIzuUNo_bBe0br
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiV1B3ZDlLaUdXNFlPSWg0R1VVZTBIZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MDIsImlhdCI6MTYyMTM0MjMwMiwibm9uY2UiOiJGb2tXZ2pBRHlXIn0.D9e9fuAzfZ37H_OrTkkDJIxbrhGAWAVroxpf6hAM5kls74A_VOaTW63snuDcQg5lgpCTreQyymMRpI7xFWkGf5WlKvj2Kdad9Yx7bXKAjE_KMZByBSo5vB5TwYKONFsbLsgYL24FiILT2eD_QeDwBg0GWSv63-feQcMX8ndZMP8r7fMWvN-up3H5uHo37otVwj-gSs-rlbjRl6inLaQBvwyE5UQmYHB_5PVnGiDCMb8rzeNsmn4xc9detMhBa2U9bfC1IWEsTAdIhGnd440mPhYopCPl-xyzHyXjuq8qk0s_uVsWW62McL-b2E5unHJRP5irTP3bwV_FV9zUEni2Es4KE2SynM8f9XPHmVRqK1FvxVGn3_fOn6tMRYL5HCygjpsTaNzGFfuahRxh0GALD3BP_MtHbNuZ4_H1xwM58vlxDA4JntLuBYcVmNgFyuhPDpwnEJidAf-x_hKeirmS-dQTO06roS7T6qgohKzu0uW4gUClMcRMEwaoKJMbSyzz
token_type
Bearer
expires_in
600
2021-05-18 12:51:42 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-18 12:51:42 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
AAdzZWNyZXQxdJ34cxB5R3KOur5IYPJwYSvwSqKUN4zAhoR-yL7nXcUBoxZeQQk_BWBr0WBmF57aLGfahWMROKq3YfxIYX4afhVrPweZsSK7Q3YjCLPwa7Nw8cLii2eP6xLyIweFhepXeK6tu6_pn7njDdYBt0Oc2tuDsYmqQO7yrZnvjqE9bKQyz0qHG1VrW4P_kf9aVcvPOjA8uKh07wi9SSZMUuC8oRlAQ4Ef6kr0tu4BI8sArrnmCCqdfuwwo1atT-nY38tRfUaoZyiQj5t-xKpKEBYeyzR-NQGPTBrykG8YKC6R37BkZ5EkmuttUXNFhod9198bVJ7kB89dZx3i-Ce-yxeJdgWBg4k2XuxbEWqZEM53wR85neIAQ7yCe7YztgJbURPfRVTeP03R5_9xOupxHTK3tVnCOLqedokkG_BvkAyqrTB5kA3asCVNidD2RUNS9f8
2021-05-18 12:51:42 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQxdJ34cxB5R3KOur5IYPJwYSvwSqKUN4zAhoR-yL7nXcUBoxZeQQk_BWBr0WBmF57aLGfahWMROKq3YfxIYX4afhVrPweZsSK7Q3YjCLPwa7Nw8cLii2eP6xLyIweFhepXeK6tu6_pn7njDdYBt0Oc2tuDsYmqQO7yrZnvjqE9bKQyz0qHG1VrW4P_kf9aVcvPOjA8uKh07wi9SSZMUuC8oRlAQ4Ef6kr0tu4BI8sArrnmCCqdfuwwo1atT-nY38tRfUaoZyiQj5t-xKpKEBYeyzR-NQGPTBrykG8YKC6R37BkZ5EkmuttUXNFhod9198bVJ7kB89dZx3i-Ce-yxeJdgWBg4k2XuxbEWqZEM53wR85neIAQ7yCe7YztgJbURPfRVTeP03R5_9xOupxHTK3tVnCOLqedokkG_BvkAyqrTB5kA3asCVNidD2RUNS9f8
type
Bearer
2021-05-18 12:51:42 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-18 12:51:42 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-18 12:51:42 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
AAdzZWNyZXQxgAuLv-j8B_Y9d7fkLibbaYbcPz8JKtCLx3SP4yG0OgYUjJP_jWted85Lret2LopFDb8xM7cDP6iblOGcPDE7DFK6haRTl4CBClsROkWrQLu5Gr5ZYorm-j0ndMaITLvo8ZuCr1M0RmAIY2wOydOt1orWr_XN3OekszVjCNe-soILW0kWYQe-YKd7X4Svu8_i7BC7HyqZUB71jXdTlcy6dauU8ZUdhjyVnDn7IOgeZEHipYePTOgbs_gJzRCNqXeZjujtGD21NgcH0RjbxK6k2vutikkRizT4fHJw9KJboVE6vNPWfembzscMDYJm-rCobxEup8usAkN_bpPMnT0pih58oatVsew_IPEkPJhDn-o5gNKtoVd9KeTiLK9WkKR6YSP97Cmm9JhZRj3DqNLaKCkVjmrhNbeSJi1WY_pICCPNtAjjLVZ5YmxIzuUNo_bBe0br
2021-05-18 12:51:42 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiV1B3ZDlLaUdXNFlPSWg0R1VVZTBIZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MDIsImlhdCI6MTYyMTM0MjMwMiwibm9uY2UiOiJGb2tXZ2pBRHlXIn0.D9e9fuAzfZ37H_OrTkkDJIxbrhGAWAVroxpf6hAM5kls74A_VOaTW63snuDcQg5lgpCTreQyymMRpI7xFWkGf5WlKvj2Kdad9Yx7bXKAjE_KMZByBSo5vB5TwYKONFsbLsgYL24FiILT2eD_QeDwBg0GWSv63-feQcMX8ndZMP8r7fMWvN-up3H5uHo37otVwj-gSs-rlbjRl6inLaQBvwyE5UQmYHB_5PVnGiDCMb8rzeNsmn4xc9detMhBa2U9bfC1IWEsTAdIhGnd440mPhYopCPl-xyzHyXjuq8qk0s_uVsWW62McL-b2E5unHJRP5irTP3bwV_FV9zUEni2Es4KE2SynM8f9XPHmVRqK1FvxVGn3_fOn6tMRYL5HCygjpsTaNzGFfuahRxh0GALD3BP_MtHbNuZ4_H1xwM58vlxDA4JntLuBYcVmNgFyuhPDpwnEJidAf-x_hKeirmS-dQTO06roS7T6qgohKzu0uW4gUClMcRMEwaoKJMbSyzz
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "WPwd9KiGW4YOIh4GUUe0Hg",
  "sub": "teppo@funet.fi",
  "aud": "_c39f397a32405fab376276ed675b5445",
  "acr": "password",
  "auth_time": 1621341941,
  "iss": "https://testop.funet.fi",
  "exp": 1621345902,
  "iat": 1621342302,
  "nonce": "FokWgjADyW"
}
2021-05-18 12:51:42 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2021-05-18 12:51:42 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
FokWgjADyW
2021-05-18 12:51:42 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2021-05-18 12:51:42 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiV1B3ZDlLaUdXNFlPSWg0R1VVZTBIZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MDIsImlhdCI6MTYyMTM0MjMwMiwibm9uY2UiOiJGb2tXZ2pBRHlXIn0.D9e9fuAzfZ37H_OrTkkDJIxbrhGAWAVroxpf6hAM5kls74A_VOaTW63snuDcQg5lgpCTreQyymMRpI7xFWkGf5WlKvj2Kdad9Yx7bXKAjE_KMZByBSo5vB5TwYKONFsbLsgYL24FiILT2eD_QeDwBg0GWSv63-feQcMX8ndZMP8r7fMWvN-up3H5uHo37otVwj-gSs-rlbjRl6inLaQBvwyE5UQmYHB_5PVnGiDCMb8rzeNsmn4xc9detMhBa2U9bfC1IWEsTAdIhGnd440mPhYopCPl-xyzHyXjuq8qk0s_uVsWW62McL-b2E5unHJRP5irTP3bwV_FV9zUEni2Es4KE2SynM8f9XPHmVRqK1FvxVGn3_fOn6tMRYL5HCygjpsTaNzGFfuahRxh0GALD3BP_MtHbNuZ4_H1xwM58vlxDA4JntLuBYcVmNgFyuhPDpwnEJidAf-x_hKeirmS-dQTO06roS7T6qgohKzu0uW4gUClMcRMEwaoKJMbSyzz
2021-05-18 12:51:42 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiV1B3ZDlLaUdXNFlPSWg0R1VVZTBIZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MDIsImlhdCI6MTYyMTM0MjMwMiwibm9uY2UiOiJGb2tXZ2pBRHlXIn0.D9e9fuAzfZ37H_OrTkkDJIxbrhGAWAVroxpf6hAM5kls74A_VOaTW63snuDcQg5lgpCTreQyymMRpI7xFWkGf5WlKvj2Kdad9Yx7bXKAjE_KMZByBSo5vB5TwYKONFsbLsgYL24FiILT2eD_QeDwBg0GWSv63-feQcMX8ndZMP8r7fMWvN-up3H5uHo37otVwj-gSs-rlbjRl6inLaQBvwyE5UQmYHB_5PVnGiDCMb8rzeNsmn4xc9detMhBa2U9bfC1IWEsTAdIhGnd440mPhYopCPl-xyzHyXjuq8qk0s_uVsWW62McL-b2E5unHJRP5irTP3bwV_FV9zUEni2Es4KE2SynM8f9XPHmVRqK1FvxVGn3_fOn6tMRYL5HCygjpsTaNzGFfuahRxh0GALD3BP_MtHbNuZ4_H1xwM58vlxDA4JntLuBYcVmNgFyuhPDpwnEJidAf-x_hKeirmS-dQTO06roS7T6qgohKzu0uW4gUClMcRMEwaoKJMbSyzz
2021-05-18 12:51:42 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
teppo@funet.fi
2021-05-18 12:51:42 SUCCESS
VerifyIdTokenSubConsistentHybridFlow
authorization endpoint and token endpoint id_token have same sub
sub_auth_endpoint
teppo@funet.fi
sub_token_endpoint
teppo@funet.fi
2021-05-18 12:51:42 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxgAuLv-j8B_Y9d7fkLibbaYbcPz8JKtCLx3SP4yG0OgYUjJP_jWted85Lret2LopFDb8xM7cDP6iblOGcPDE7DFK6haRTl4CBClsROkWrQLu5Gr5ZYorm-j0ndMaITLvo8ZuCr1M0RmAIY2wOydOt1orWr_XN3OekszVjCNe-soILW0kWYQe-YKd7X4Svu8_i7BC7HyqZUB71jXdTlcy6dauU8ZUdhjyVnDn7IOgeZEHipYePTOgbs_gJzRCNqXeZjujtGD21NgcH0RjbxK6k2vutikkRizT4fHJw9KJboVE6vNPWfembzscMDYJm-rCobxEup8usAkN_bpPMnT0pih58oatVsew_IPEkPJhDn-o5gNKtoVd9KeTiLK9WkKR6YSP97Cmm9JhZRj3DqNLaKCkVjmrhNbeSJi1WY_pICCPNtAjjLVZ5YmxIzuUNo_bBe0br
2021-05-18 12:51:42 SUCCESS
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
supported_grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2021-05-18 12:51:42 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Refresh Token Request
2021-05-18 12:51:42 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxgAuLv-j8B_Y9d7fkLibbaYbcPz8JKtCLx3SP4yG0OgYUjJP_jWted85Lret2LopFDb8xM7cDP6iblOGcPDE7DFK6haRTl4CBClsROkWrQLu5Gr5ZYorm-j0ndMaITLvo8ZuCr1M0RmAIY2wOydOt1orWr_XN3OekszVjCNe-soILW0kWYQe-YKd7X4Svu8_i7BC7HyqZUB71jXdTlcy6dauU8ZUdhjyVnDn7IOgeZEHipYePTOgbs_gJzRCNqXeZjujtGD21NgcH0RjbxK6k2vutikkRizT4fHJw9KJboVE6vNPWfembzscMDYJm-rCobxEup8usAkN_bpPMnT0pih58oatVsew_IPEkPJhDn-o5gNKtoVd9KeTiLK9WkKR6YSP97Cmm9JhZRj3DqNLaKCkVjmrhNbeSJi1WY_pICCPNtAjjLVZ5YmxIzuUNo_bBe0br
2021-05-18 12:51:42 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid offline_access' to token endpoint request
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxgAuLv-j8B_Y9d7fkLibbaYbcPz8JKtCLx3SP4yG0OgYUjJP_jWted85Lret2LopFDb8xM7cDP6iblOGcPDE7DFK6haRTl4CBClsROkWrQLu5Gr5ZYorm-j0ndMaITLvo8ZuCr1M0RmAIY2wOydOt1orWr_XN3OekszVjCNe-soILW0kWYQe-YKd7X4Svu8_i7BC7HyqZUB71jXdTlcy6dauU8ZUdhjyVnDn7IOgeZEHipYePTOgbs_gJzRCNqXeZjujtGD21NgcH0RjbxK6k2vutikkRizT4fHJw9KJboVE6vNPWfembzscMDYJm-rCobxEup8usAkN_bpPMnT0pih58oatVsew_IPEkPJhDn-o5gNKtoVd9KeTiLK9WkKR6YSP97Cmm9JhZRj3DqNLaKCkVjmrhNbeSJi1WY_pICCPNtAjjLVZ5YmxIzuUNo_bBe0br
scope
openid offline_access
2021-05-18 12:51:42 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1Ol84NjAxZjZlZjk1NjgxODFjMWIwNjMzODg2OTI5NjEzNg==
2021-05-18 12:51:42 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2021-05-18 12:51:43 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2021-05-18 12:51:43
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1Ol84NjAxZjZlZjk1NjgxODFjMWIwNjMzODg2OTI5NjEzNg\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "531"
}
request_body
grant_type=refresh_token&refresh_token=AAdzZWNyZXQxgAuLv-j8B_Y9d7fkLibbaYbcPz8JKtCLx3SP4yG0OgYUjJP_jWted85Lret2LopFDb8xM7cDP6iblOGcPDE7DFK6haRTl4CBClsROkWrQLu5Gr5ZYorm-j0ndMaITLvo8ZuCr1M0RmAIY2wOydOt1orWr_XN3OekszVjCNe-soILW0kWYQe-YKd7X4Svu8_i7BC7HyqZUB71jXdTlcy6dauU8ZUdhjyVnDn7IOgeZEHipYePTOgbs_gJzRCNqXeZjujtGD21NgcH0RjbxK6k2vutikkRizT4fHJw9KJboVE6vNPWfembzscMDYJm-rCobxEup8usAkN_bpPMnT0pih58oatVsew_IPEkPJhDn-o5gNKtoVd9KeTiLK9WkKR6YSP97Cmm9JhZRj3DqNLaKCkVjmrhNbeSJi1WY_pICCPNtAjjLVZ5YmxIzuUNo_bBe0br&scope=openid+offline_access
2021-05-18 12:51:43 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 12:51:43 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1884",
  "set-cookie": "JSESSIONID\u003dnode01mrxcipybv8xq1blcp75ojxujo35.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQxLMygORMhetiJEPvBsEgBuwnhJCHro8NhWekm_YlpzAIbek-I27Dv1PHeL23zL6-6p9qH5zkEQU6z7fS-IqA0DkAgoFr8hqDFPdphBXGEXPkImdKx0efRZ-SE-3UX4AtNuLB_4M0O95qFvTh81HMXU9d8bwTS7BU3qciVdP30j1ol-IGLsyT_K6AjFXEUON8kLLdnfdjOLMmEQX8TiwM4ld8ZpNzzPInH5vQWZjTdMnj-1Jf5EoYEu8uTBAfEArFEPJhpRwFPVoljROio3XkvKEWXfUnCgxvZic2_muaM9uejRf9lGtiR20D8u1M2lKgDdBqTCDG5yIyIGQSP1zW-wkMhQ_zI1V_WfOIHrneQBpT3m8ic3Sri0VF7QZAfWmtx_OQKX3dSVm21TqpPf6WRhIVU5vlSyMKkYPequEXlnqyXKuKS1BWxFyO0hwooIw","refresh_token":"AAdzZWNyZXQxGHXKsAqciww5KiAshrYicnXeyaB9yGuD4ir4krnUI4B8VmO11QLFvVTHk0QD-QxUzvbHS08zTvqcPMFfP1xG6J1Jwr80njBlQpHc0hvc3979qyIO3cJD9-KK6IOMlGOqvHKvXYOCF_wNH12sitqHoZqhFSp9WS-bXzVCoviswdtBJsWPxalFecm8gWnCEnmpOhCfjPTt92mJhMGsKCjDypiRFV3LVtePcYSTjeEyUn8khXYRT4rjwk1jjXd_Ltp2hc_ueQKeb7Pa2PA_AsxMyUkbUjC0Xu1IXX2Iid11BsqOs1Sc0J_PGeY8350jJE4cGQ0mXWgsE5RCDrSdfa91EGNzM4ECPtcWsIECe7ytGjWCNAgPEix5KIEFgk069OV5KsM1mb6EQiONSFRe_520m2X_bL-s8-IEPbzJvTn4Xnl1yNTMpr82rARsALQ4C-I31AI","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoic0JaTF9MTzdRbWlEVk1Vdld4bDQ4ZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MDMsImlhdCI6MTYyMTM0MjMwMywibm9uY2UiOiJGb2tXZ2pBRHlXIn0.KDVG9L54OFWz-T5q_e8pL_Q6q94av-xe1JlXy3XmLbGGip9GrWPMb5wgyPj2UiUpm7tKVcHpAwYobgWCH8dEGpGmT48HOp9Wd3vnYodLpZu6V6TngGsKBoo_JY06-2gQFa2ONdikQjYLU5Ig8dIJD4amDJ2UInAtMN-L9CWy9jqHD0MaTVAUGk4m1vr1HbTjJBD1vEHg3CUh49KgztnDNklzLJ08C7AIsWmivJYGOx6tLDs45_zq__WGUVVaORhTF_JbxTuVgP0wgR0OTvCWOEGRenlUg7yQ_KtT3SCcRjBjJ0WAp270WFYzVcLpyiPBIPsrUfceS3-g2KzpTOBP8AkyZuWQAYjN9Mee6dIF4Z1m7VuqkskwWAA6Pu8vlL7TnZvWw4IyfmXJQ2S2DfpCB2xJu3ZAArW8E_n9ZMlM4NWkJwTNNMpZVgareW4CvRUo69SHW3HOi24jz0-1CLcAnuOUf5a8jn5fjJwyhDWKkvzDsjLe3K5oAozgGtEFXccK","token_type":"Bearer","expires_in":600}
2021-05-18 12:51:43 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
access_token
AAdzZWNyZXQxLMygORMhetiJEPvBsEgBuwnhJCHro8NhWekm_YlpzAIbek-I27Dv1PHeL23zL6-6p9qH5zkEQU6z7fS-IqA0DkAgoFr8hqDFPdphBXGEXPkImdKx0efRZ-SE-3UX4AtNuLB_4M0O95qFvTh81HMXU9d8bwTS7BU3qciVdP30j1ol-IGLsyT_K6AjFXEUON8kLLdnfdjOLMmEQX8TiwM4ld8ZpNzzPInH5vQWZjTdMnj-1Jf5EoYEu8uTBAfEArFEPJhpRwFPVoljROio3XkvKEWXfUnCgxvZic2_muaM9uejRf9lGtiR20D8u1M2lKgDdBqTCDG5yIyIGQSP1zW-wkMhQ_zI1V_WfOIHrneQBpT3m8ic3Sri0VF7QZAfWmtx_OQKX3dSVm21TqpPf6WRhIVU5vlSyMKkYPequEXlnqyXKuKS1BWxFyO0hwooIw
refresh_token
AAdzZWNyZXQxGHXKsAqciww5KiAshrYicnXeyaB9yGuD4ir4krnUI4B8VmO11QLFvVTHk0QD-QxUzvbHS08zTvqcPMFfP1xG6J1Jwr80njBlQpHc0hvc3979qyIO3cJD9-KK6IOMlGOqvHKvXYOCF_wNH12sitqHoZqhFSp9WS-bXzVCoviswdtBJsWPxalFecm8gWnCEnmpOhCfjPTt92mJhMGsKCjDypiRFV3LVtePcYSTjeEyUn8khXYRT4rjwk1jjXd_Ltp2hc_ueQKeb7Pa2PA_AsxMyUkbUjC0Xu1IXX2Iid11BsqOs1Sc0J_PGeY8350jJE4cGQ0mXWgsE5RCDrSdfa91EGNzM4ECPtcWsIECe7ytGjWCNAgPEix5KIEFgk069OV5KsM1mb6EQiONSFRe_520m2X_bL-s8-IEPbzJvTn4Xnl1yNTMpr82rARsALQ4C-I31AI
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoic0JaTF9MTzdRbWlEVk1Vdld4bDQ4ZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MDMsImlhdCI6MTYyMTM0MjMwMywibm9uY2UiOiJGb2tXZ2pBRHlXIn0.KDVG9L54OFWz-T5q_e8pL_Q6q94av-xe1JlXy3XmLbGGip9GrWPMb5wgyPj2UiUpm7tKVcHpAwYobgWCH8dEGpGmT48HOp9Wd3vnYodLpZu6V6TngGsKBoo_JY06-2gQFa2ONdikQjYLU5Ig8dIJD4amDJ2UInAtMN-L9CWy9jqHD0MaTVAUGk4m1vr1HbTjJBD1vEHg3CUh49KgztnDNklzLJ08C7AIsWmivJYGOx6tLDs45_zq__WGUVVaORhTF_JbxTuVgP0wgR0OTvCWOEGRenlUg7yQ_KtT3SCcRjBjJ0WAp270WFYzVcLpyiPBIPsrUfceS3-g2KzpTOBP8AkyZuWQAYjN9Mee6dIF4Z1m7VuqkskwWAA6Pu8vlL7TnZvWw4IyfmXJQ2S2DfpCB2xJu3ZAArW8E_n9ZMlM4NWkJwTNNMpZVgareW4CvRUo69SHW3HOi24jz0-1CLcAnuOUf5a8jn5fjJwyhDWKkvzDsjLe3K5oAozgGtEFXccK
token_type
Bearer
expires_in
600
2021-05-18 12:51:43 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2021-05-18 12:51:43 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2021-05-18 12:51:43 SUCCESS
CheckTokenEndpointCacheHeaders
'pragma' and 'cache-control' headers in token endpoint response contain expected values.
cache_control_header
[
  "no-store",
  "no-store"
]
pragma_header
no-cache
2021-05-18 12:51:43 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-18 12:51:43 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQxLMygORMhetiJEPvBsEgBuwnhJCHro8NhWekm_YlpzAIbek-I27Dv1PHeL23zL6-6p9qH5zkEQU6z7fS-IqA0DkAgoFr8hqDFPdphBXGEXPkImdKx0efRZ-SE-3UX4AtNuLB_4M0O95qFvTh81HMXU9d8bwTS7BU3qciVdP30j1ol-IGLsyT_K6AjFXEUON8kLLdnfdjOLMmEQX8TiwM4ld8ZpNzzPInH5vQWZjTdMnj-1Jf5EoYEu8uTBAfEArFEPJhpRwFPVoljROio3XkvKEWXfUnCgxvZic2_muaM9uejRf9lGtiR20D8u1M2lKgDdBqTCDG5yIyIGQSP1zW-wkMhQ_zI1V_WfOIHrneQBpT3m8ic3Sri0VF7QZAfWmtx_OQKX3dSVm21TqpPf6WRhIVU5vlSyMKkYPequEXlnqyXKuKS1BWxFyO0hwooIw
type
Bearer
2021-05-18 12:51:43 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2021-05-18 12:51:43 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
2700.4059889181235
expected
96.0
2021-05-18 12:51:43 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2021-05-18 12:51:43 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-18 12:51:43 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-18 12:51:43 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
AAdzZWNyZXQxdJ34cxB5R3KOur5IYPJwYSvwSqKUN4zAhoR-yL7nXcUBoxZeQQk_BWBr0WBmF57aLGfahWMROKq3YfxIYX4afhVrPweZsSK7Q3YjCLPwa7Nw8cLii2eP6xLyIweFhepXeK6tu6_pn7njDdYBt0Oc2tuDsYmqQO7yrZnvjqE9bKQyz0qHG1VrW4P_kf9aVcvPOjA8uKh07wi9SSZMUuC8oRlAQ4Ef6kr0tu4BI8sArrnmCCqdfuwwo1atT-nY38tRfUaoZyiQj5t-xKpKEBYeyzR-NQGPTBrykG8YKC6R37BkZ5EkmuttUXNFhod9198bVJ7kB89dZx3i-Ce-yxeJdgWBg4k2XuxbEWqZEM53wR85neIAQ7yCe7YztgJbURPfRVTeP03R5_9xOupxHTK3tVnCOLqedokkG_BvkAyqrTB5kA3asCVNidD2RUNS9f8
second_access_token
AAdzZWNyZXQxLMygORMhetiJEPvBsEgBuwnhJCHro8NhWekm_YlpzAIbek-I27Dv1PHeL23zL6-6p9qH5zkEQU6z7fS-IqA0DkAgoFr8hqDFPdphBXGEXPkImdKx0efRZ-SE-3UX4AtNuLB_4M0O95qFvTh81HMXU9d8bwTS7BU3qciVdP30j1ol-IGLsyT_K6AjFXEUON8kLLdnfdjOLMmEQX8TiwM4ld8ZpNzzPInH5vQWZjTdMnj-1Jf5EoYEu8uTBAfEArFEPJhpRwFPVoljROio3XkvKEWXfUnCgxvZic2_muaM9uejRf9lGtiR20D8u1M2lKgDdBqTCDG5yIyIGQSP1zW-wkMhQ_zI1V_WfOIHrneQBpT3m8ic3Sri0VF7QZAfWmtx_OQKX3dSVm21TqpPf6WRhIVU5vlSyMKkYPequEXlnqyXKuKS1BWxFyO0hwooIw
2021-05-18 12:51:43 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoic0JaTF9MTzdRbWlEVk1Vdld4bDQ4ZyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MDMsImlhdCI6MTYyMTM0MjMwMywibm9uY2UiOiJGb2tXZ2pBRHlXIn0.KDVG9L54OFWz-T5q_e8pL_Q6q94av-xe1JlXy3XmLbGGip9GrWPMb5wgyPj2UiUpm7tKVcHpAwYobgWCH8dEGpGmT48HOp9Wd3vnYodLpZu6V6TngGsKBoo_JY06-2gQFa2ONdikQjYLU5Ig8dIJD4amDJ2UInAtMN-L9CWy9jqHD0MaTVAUGk4m1vr1HbTjJBD1vEHg3CUh49KgztnDNklzLJ08C7AIsWmivJYGOx6tLDs45_zq__WGUVVaORhTF_JbxTuVgP0wgR0OTvCWOEGRenlUg7yQ_KtT3SCcRjBjJ0WAp270WFYzVcLpyiPBIPsrUfceS3-g2KzpTOBP8AkyZuWQAYjN9Mee6dIF4Z1m7VuqkskwWAA6Pu8vlL7TnZvWw4IyfmXJQ2S2DfpCB2xJu3ZAArW8E_n9ZMlM4NWkJwTNNMpZVgareW4CvRUo69SHW3HOi24jz0-1CLcAnuOUf5a8jn5fjJwyhDWKkvzDsjLe3K5oAozgGtEFXccK
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "sBZL_LO7QmiDVMUvWxl48g",
  "sub": "teppo@funet.fi",
  "aud": "_c39f397a32405fab376276ed675b5445",
  "acr": "password",
  "auth_time": 1621341941,
  "iss": "https://testop.funet.fi",
  "exp": 1621345903,
  "iat": 1621342303,
  "nonce": "FokWgjADyW"
}
2021-05-18 12:51:43 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxGHXKsAqciww5KiAshrYicnXeyaB9yGuD4ir4krnUI4B8VmO11QLFvVTHk0QD-QxUzvbHS08zTvqcPMFfP1xG6J1Jwr80njBlQpHc0hvc3979qyIO3cJD9-KK6IOMlGOqvHKvXYOCF_wNH12sitqHoZqhFSp9WS-bXzVCoviswdtBJsWPxalFecm8gWnCEnmpOhCfjPTt92mJhMGsKCjDypiRFV3LVtePcYSTjeEyUn8khXYRT4rjwk1jjXd_Ltp2hc_ueQKeb7Pa2PA_AsxMyUkbUjC0Xu1IXX2Iid11BsqOs1Sc0J_PGeY8350jJE4cGQ0mXWgsE5RCDrSdfa91EGNzM4ECPtcWsIECe7ytGjWCNAgPEix5KIEFgk069OV5KsM1mb6EQiONSFRe_520m2X_bL-s8-IEPbzJvTn4Xnl1yNTMpr82rARsALQ4C-I31AI
2021-05-18 12:51:43 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
3704
required
128
2021-05-18 12:51:43 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
2732.98828120858
expected
96.0
2021-05-18 12:51:43 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://testop.funet.fi",
  "second": "https://testop.funet.fi",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "teppo@funet.fi",
  "second": "teppo@funet.fi",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1621342302,
  "second": 1621342303,
  "note": "Values are expected to be different"
}
aud
{
  "first": "_c39f397a32405fab376276ed675b5445",
  "second": "_c39f397a32405fab376276ed675b5445",
  "note": "Values are expected to be equal"
}
auth_time
{
  "first": 1621341941,
  "second": 1621341941,
  "note": "Values are expected to be equal"
}
azp
Id tokens do not contain azp claims
Userinfo endpoint tests
2021-05-18 12:51:43
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/userinfo
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer AAdzZWNyZXQxLMygORMhetiJEPvBsEgBuwnhJCHro8NhWekm_YlpzAIbek-I27Dv1PHeL23zL6-6p9qH5zkEQU6z7fS-IqA0DkAgoFr8hqDFPdphBXGEXPkImdKx0efRZ-SE-3UX4AtNuLB_4M0O95qFvTh81HMXU9d8bwTS7BU3qciVdP30j1ol-IGLsyT_K6AjFXEUON8kLLdnfdjOLMmEQX8TiwM4ld8ZpNzzPInH5vQWZjTdMnj-1Jf5EoYEu8uTBAfEArFEPJhpRwFPVoljROio3XkvKEWXfUnCgxvZic2_muaM9uejRf9lGtiR20D8u1M2lKgDdBqTCDG5yIyIGQSP1zW-wkMhQ_zI1V_WfOIHrneQBpT3m8ic3Sri0VF7QZAfWmtx_OQKX3dSVm21TqpPf6WRhIVU5vlSyMKkYPequEXlnqyXKuKS1BWxFyO0hwooIw",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2021-05-18 12:51:44 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 12:51:44 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode01eyh7iuw5hw771qhqf1w1imipm36.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"sub":"teppo@funet.fi"}
2021-05-18 12:51:44 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "date": "Tue, 18 May 2021 12:51:44 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode01eyh7iuw5hw771qhqf1w1imipm36.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
status_code
{
  "code": 200
}
body
{"sub":"teppo@funet.fi"}
Second client: Make request to authorization endpoint
2021-05-18 12:51:44 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
_f3136305348f068854a60f37469ef109
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
2021-05-18 12:51:44
CreateRandomStateValue
Created state value
requested_state_length
10
state
peiFNPIQwY
2021-05-18 12:51:44 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
_f3136305348f068854a60f37469ef109
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
peiFNPIQwY
2021-05-18 12:51:44
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
xViiktvClm
2021-05-18 12:51:44 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
_f3136305348f068854a60f37469ef109
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
peiFNPIQwY
nonce
xViiktvClm
2021-05-18 12:51:44 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
_f3136305348f068854a60f37469ef109
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
peiFNPIQwY
nonce
xViiktvClm
response_type
code id_token
2021-05-18 12:51:44
SetAuthorizationEndpointRequestResponseModeToFormPost
Added response_mode parameter to request
client_id
_f3136305348f068854a60f37469ef109
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
peiFNPIQwY
nonce
xViiktvClm
response_type
code id_token
response_mode
form_post
2021-05-18 12:51:44 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
client_id
_f3136305348f068854a60f37469ef109
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
scope
openid offline_access
state
peiFNPIQwY
nonce
xViiktvClm
response_type
code id_token
response_mode
form_post
prompt
consent
2021-05-18 12:51:44 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_f3136305348f068854a60f37469ef109&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=peiFNPIQwY&nonce=xViiktvClm&response_type=code%20id_token&response_mode=form_post&prompt=consent
2021-05-18 12:51:44 REDIRECT
oidcc-refresh-token
Redirecting to authorization endpoint
redirect_to
https://testop.funet.fi/idp/profile/oidc/authorize?client_id=_f3136305348f068854a60f37469ef109&redirect_uri=https://www.certification.openid.net/test/a/3_0_1/callback&scope=openid%20offline_access&state=peiFNPIQwY&nonce=xViiktvClm&response_type=code%20id_token&response_mode=form_post&prompt=consent
2021-05-18 12:51:50 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance QfxU6CArAlB9lWI
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "upgrade-insecure-requests": "1",
  "origin": "https://testop.funet.fi",
  "content-type": "application/x-www-form-urlencoded",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "JSESSIONID\u003d013E7B68534FD78C46A4EEB59EEEA426",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "1362",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
callback
incoming_body_form_params
{
  "code": "AAdzZWNyZXQxeAyvinFw7ee1XfnfuFdnb0d7g-wuzj0VflNE7iuqzW3NVZMrKKOBhopBknbHQqtcybnzMET7ziYoigfUTaHSf1X-zfJDtDu9AHigeV1jhFIQvq9zzFgW_WhzNootRUYnoRAzh3CSPBzD1V5rv2PV1nH8r0mtWHIdJ0zzqrb7fC5301F0-pf7ZSo2BnDD7s7-CDsoMRIwfPxZkSz-6dXuP34j11A01BIIJOBPe_ZGBiAilTn_Hh1QqUsnGS9rh0HHPUg3VJTJJkXja-kK59p9NcEPOayCiax1XUNKvoZ1KsM8Kqv7D3tCHbTO9-O9vvDWJ1_aL_8N08CRz8lCKqDZAXlfCOQlVrFXmuBNp2nMMZFt-T7H8OSNsNdm9xeOhygko6-JaqhMkUkK7BW55FdWI3k8jg51jkzirMzEpCHjLecIhRJTJ1aXoxGyKpilj9o",
  "state": "peiFNPIQwY",
  "id_token": "eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9mMzEzNjMwNTM0OGYwNjg4NTRhNjBmMzc0NjllZjEwOSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiQlhfbWhkdEJSX2d6aWUtNk1PcVRndyIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkxMCwiaWF0IjoxNjIxMzQyMzEwLCJub25jZSI6InhWaWlrdHZDbG0ifQ.dQQe3_9li-VaNJ-ZRRox7dXDoKfneKItokv-YO2vI0-SwHhRijtP5wU1M5AmBtCmSdBzxgpgw9GP1nQgRUuREMh-COirzzGGIFUHLJRKq0AfQABGZRJHAo0FRc_EvzAQ2C4ZFnFIxE6vkLNeorEawjgPsSJKUexruky1r2xJNcAHRZwz1GMK-sjKd1QL5stlV_to7V0qc5_h9ju5HVM2ZETebAV5G5zDHvyz-S6fGBQ5JJ8nr-8tfZSdHcWqmI-4UVicFni118MT-crgm9EOP78HxNidWy7f-2F7QkH9RZXZj4dtorwYznltUSxKzZue0MWb9mtW0Fwe9Y00b-dovMiegLxtvdUDcnxTFdoqqIQxgZ8hnnBOm35LrjEFBAqNOSNQh-JrcV1HQ0h6MoR1G5LDEGVgMBL-sPAbLnrOJ_udMIQLD2davPrOit0nkgOFcduC8hkubT_LaO4iNG9FybM8QdIkq2LvJnYs6JFHQB3tDTmWMqht1ZJnhQkbeprQ"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
code=AAdzZWNyZXQxeAyvinFw7ee1XfnfuFdnb0d7g-wuzj0VflNE7iuqzW3NVZMrKKOBhopBknbHQqtcybnzMET7ziYoigfUTaHSf1X-zfJDtDu9AHigeV1jhFIQvq9zzFgW_WhzNootRUYnoRAzh3CSPBzD1V5rv2PV1nH8r0mtWHIdJ0zzqrb7fC5301F0-pf7ZSo2BnDD7s7-CDsoMRIwfPxZkSz-6dXuP34j11A01BIIJOBPe_ZGBiAilTn_Hh1QqUsnGS9rh0HHPUg3VJTJJkXja-kK59p9NcEPOayCiax1XUNKvoZ1KsM8Kqv7D3tCHbTO9-O9vvDWJ1_aL_8N08CRz8lCKqDZAXlfCOQlVrFXmuBNp2nMMZFt-T7H8OSNsNdm9xeOhygko6-JaqhMkUkK7BW55FdWI3k8jg51jkzirMzEpCHjLecIhRJTJ1aXoxGyKpilj9o&state=peiFNPIQwY&id_token=eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9mMzEzNjMwNTM0OGYwNjg4NTRhNjBmMzc0NjllZjEwOSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiQlhfbWhkdEJSX2d6aWUtNk1PcVRndyIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkxMCwiaWF0IjoxNjIxMzQyMzEwLCJub25jZSI6InhWaWlrdHZDbG0ifQ.dQQe3_9li-VaNJ-ZRRox7dXDoKfneKItokv-YO2vI0-SwHhRijtP5wU1M5AmBtCmSdBzxgpgw9GP1nQgRUuREMh-COirzzGGIFUHLJRKq0AfQABGZRJHAo0FRc_EvzAQ2C4ZFnFIxE6vkLNeorEawjgPsSJKUexruky1r2xJNcAHRZwz1GMK-sjKd1QL5stlV_to7V0qc5_h9ju5HVM2ZETebAV5G5zDHvyz-S6fGBQ5JJ8nr-8tfZSdHcWqmI-4UVicFni118MT-crgm9EOP78HxNidWy7f-2F7QkH9RZXZj4dtorwYznltUSxKzZue0MWb9mtW0Fwe9Y00b-dovMiegLxtvdUDcnxTFdoqqIQxgZ8hnnBOm35LrjEFBAqNOSNQh-JrcV1HQ0h6MoR1G5LDEGVgMBL-sPAbLnrOJ_udMIQLD2davPrOit0nkgOFcduC8hkubT_LaO4iNG9FybM8QdIkq2LvJnYs6JFHQB3tDTmWMqht1ZJnhQkbeprQ
2021-05-18 12:51:50 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/9Sv19KLEVKYWzqse0uGE",
  "fullUrl": "https://www.certification.openid.net/test/a/3_0_1/implicit/9Sv19KLEVKYWzqse0uGE"
}
2021-05-18 12:51:50 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance QfxU6CArAlB9lWI
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/3_0_1/implicit/9Sv19KLEVKYWzqse0uGE, returnUrl=/log-detail.html?log=QfxU6CArAlB9lWI}]
outgoing_path
callback
2021-05-18 12:51:50 INCOMING
oidcc-refresh-token
Incoming HTTP request to test instance QfxU6CArAlB9lWI
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/3_0_1/callback",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "__utma\u003d201319536.760360395.1526462956.1616416266.1620398155.50; __utmz\u003d201319536.1620398155.50.31.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d013E7B68534FD78C46A4EEB59EEEA426",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "0",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/9Sv19KLEVKYWzqse0uGE
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-05-18 12:51:50 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance QfxU6CArAlB9lWI
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/9Sv19KLEVKYWzqse0uGE
2021-05-18 12:51:50 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2021-05-18 12:51:50 REDIRECT-IN
oidcc-refresh-token
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "upgrade-insecure-requests": "1",
  "origin": "https://testop.funet.fi",
  "content-type": "application/x-www-form-urlencoded",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-dest": "document",
  "referer": "https://testop.funet.fi/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-GB,en-US;q\u003d0.9,en;q\u003d0.8,fi;q\u003d0.7",
  "cookie": "JSESSIONID\u003d013E7B68534FD78C46A4EEB59EEEA426",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "content-length": "1362",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
http_method
POST
url_fragment
{}
post_body
{
  "code": "AAdzZWNyZXQxeAyvinFw7ee1XfnfuFdnb0d7g-wuzj0VflNE7iuqzW3NVZMrKKOBhopBknbHQqtcybnzMET7ziYoigfUTaHSf1X-zfJDtDu9AHigeV1jhFIQvq9zzFgW_WhzNootRUYnoRAzh3CSPBzD1V5rv2PV1nH8r0mtWHIdJ0zzqrb7fC5301F0-pf7ZSo2BnDD7s7-CDsoMRIwfPxZkSz-6dXuP34j11A01BIIJOBPe_ZGBiAilTn_Hh1QqUsnGS9rh0HHPUg3VJTJJkXja-kK59p9NcEPOayCiax1XUNKvoZ1KsM8Kqv7D3tCHbTO9-O9vvDWJ1_aL_8N08CRz8lCKqDZAXlfCOQlVrFXmuBNp2nMMZFt-T7H8OSNsNdm9xeOhygko6-JaqhMkUkK7BW55FdWI3k8jg51jkzirMzEpCHjLecIhRJTJ1aXoxGyKpilj9o",
  "state": "peiFNPIQwY",
  "id_token": "eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9mMzEzNjMwNTM0OGYwNjg4NTRhNjBmMzc0NjllZjEwOSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiQlhfbWhkdEJSX2d6aWUtNk1PcVRndyIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkxMCwiaWF0IjoxNjIxMzQyMzEwLCJub25jZSI6InhWaWlrdHZDbG0ifQ.dQQe3_9li-VaNJ-ZRRox7dXDoKfneKItokv-YO2vI0-SwHhRijtP5wU1M5AmBtCmSdBzxgpgw9GP1nQgRUuREMh-COirzzGGIFUHLJRKq0AfQABGZRJHAo0FRc_EvzAQ2C4ZFnFIxE6vkLNeorEawjgPsSJKUexruky1r2xJNcAHRZwz1GMK-sjKd1QL5stlV_to7V0qc5_h9ju5HVM2ZETebAV5G5zDHvyz-S6fGBQ5JJ8nr-8tfZSdHcWqmI-4UVicFni118MT-crgm9EOP78HxNidWy7f-2F7QkH9RZXZj4dtorwYznltUSxKzZue0MWb9mtW0Fwe9Y00b-dovMiegLxtvdUDcnxTFdoqqIQxgZ8hnnBOm35LrjEFBAqNOSNQh-JrcV1HQ0h6MoR1G5LDEGVgMBL-sPAbLnrOJ_udMIQLD2davPrOit0nkgOFcduC8hkubT_LaO4iNG9FybM8QdIkq2LvJnYs6JFHQB3tDTmWMqht1ZJnhQkbeprQ"
}
Second client: Verify authorization endpoint response
2021-05-18 12:51:50 SUCCESS
CheckCallbackHttpMethodIsPost
HTTP method used at redirect_uri is 'POST'
2021-05-18 12:51:50 SUCCESS
CheckCallbackContentTypeIsFormUrlEncoded
content-type header to redirect_uri has the expected value
content_type
application/x-www-form-urlencoded
expected
application/x-www-form-urlencoded
2021-05-18 12:51:50 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2021-05-18 12:51:50 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2021-05-18 12:51:50 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2021-05-18 12:51:50
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
2021-05-18 12:51:50 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2021-05-18 12:51:50 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
peiFNPIQwY
2021-05-18 12:51:50 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
AAdzZWNyZXQxeAyvinFw7ee1XfnfuFdnb0d7g-wuzj0VflNE7iuqzW3NVZMrKKOBhopBknbHQqtcybnzMET7ziYoigfUTaHSf1X-zfJDtDu9AHigeV1jhFIQvq9zzFgW_WhzNootRUYnoRAzh3CSPBzD1V5rv2PV1nH8r0mtWHIdJ0zzqrb7fC5301F0-pf7ZSo2BnDD7s7-CDsoMRIwfPxZkSz-6dXuP34j11A01BIIJOBPe_ZGBiAilTn_Hh1QqUsnGS9rh0HHPUg3VJTJJkXja-kK59p9NcEPOayCiax1XUNKvoZ1KsM8Kqv7D3tCHbTO9-O9vvDWJ1_aL_8N08CRz8lCKqDZAXlfCOQlVrFXmuBNp2nMMZFt-T7H8OSNsNdm9xeOhygko6-JaqhMkUkK7BW55FdWI3k8jg51jkzirMzEpCHjLecIhRJTJ1aXoxGyKpilj9o
2021-05-18 12:51:50 SUCCESS
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9mMzEzNjMwNTM0OGYwNjg4NTRhNjBmMzc0NjllZjEwOSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiQlhfbWhkdEJSX2d6aWUtNk1PcVRndyIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkxMCwiaWF0IjoxNjIxMzQyMzEwLCJub25jZSI6InhWaWlrdHZDbG0ifQ.dQQe3_9li-VaNJ-ZRRox7dXDoKfneKItokv-YO2vI0-SwHhRijtP5wU1M5AmBtCmSdBzxgpgw9GP1nQgRUuREMh-COirzzGGIFUHLJRKq0AfQABGZRJHAo0FRc_EvzAQ2C4ZFnFIxE6vkLNeorEawjgPsSJKUexruky1r2xJNcAHRZwz1GMK-sjKd1QL5stlV_to7V0qc5_h9ju5HVM2ZETebAV5G5zDHvyz-S6fGBQ5JJ8nr-8tfZSdHcWqmI-4UVicFni118MT-crgm9EOP78HxNidWy7f-2F7QkH9RZXZj4dtorwYznltUSxKzZue0MWb9mtW0Fwe9Y00b-dovMiegLxtvdUDcnxTFdoqqIQxgZ8hnnBOm35LrjEFBAqNOSNQh-JrcV1HQ0h6MoR1G5LDEGVgMBL-sPAbLnrOJ_udMIQLD2davPrOit0nkgOFcduC8hkubT_LaO4iNG9FybM8QdIkq2LvJnYs6JFHQB3tDTmWMqht1ZJnhQkbeprQ
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "sub": "teppo@funet.fi",
  "aud": "_f3136305348f068854a60f37469ef109",
  "acr": "password",
  "c_hash": "BX_mhdtBR_gzie-6MOqTgw",
  "auth_time": 1621341941,
  "iss": "https://testop.funet.fi",
  "exp": 1621345910,
  "iat": 1621342310,
  "nonce": "xViiktvClm"
}
2021-05-18 12:51:50 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2021-05-18 12:51:50 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
xViiktvClm
2021-05-18 12:51:50 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2021-05-18 12:51:50 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9mMzEzNjMwNTM0OGYwNjg4NTRhNjBmMzc0NjllZjEwOSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiQlhfbWhkdEJSX2d6aWUtNk1PcVRndyIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkxMCwiaWF0IjoxNjIxMzQyMzEwLCJub25jZSI6InhWaWlrdHZDbG0ifQ.dQQe3_9li-VaNJ-ZRRox7dXDoKfneKItokv-YO2vI0-SwHhRijtP5wU1M5AmBtCmSdBzxgpgw9GP1nQgRUuREMh-COirzzGGIFUHLJRKq0AfQABGZRJHAo0FRc_EvzAQ2C4ZFnFIxE6vkLNeorEawjgPsSJKUexruky1r2xJNcAHRZwz1GMK-sjKd1QL5stlV_to7V0qc5_h9ju5HVM2ZETebAV5G5zDHvyz-S6fGBQ5JJ8nr-8tfZSdHcWqmI-4UVicFni118MT-crgm9EOP78HxNidWy7f-2F7QkH9RZXZj4dtorwYznltUSxKzZue0MWb9mtW0Fwe9Y00b-dovMiegLxtvdUDcnxTFdoqqIQxgZ8hnnBOm35LrjEFBAqNOSNQh-JrcV1HQ0h6MoR1G5LDEGVgMBL-sPAbLnrOJ_udMIQLD2davPrOit0nkgOFcduC8hkubT_LaO4iNG9FybM8QdIkq2LvJnYs6JFHQB3tDTmWMqht1ZJnhQkbeprQ
2021-05-18 12:51:50 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ0ZXBwb0BmdW5ldC5maSIsImF1ZCI6Il9mMzEzNjMwNTM0OGYwNjg4NTRhNjBmMzc0NjllZjEwOSIsImFjciI6InBhc3N3b3JkIiwiY19oYXNoIjoiQlhfbWhkdEJSX2d6aWUtNk1PcVRndyIsImF1dGhfdGltZSI6MTYyMTM0MTk0MSwiaXNzIjoiaHR0cHM6XC9cL3Rlc3RvcC5mdW5ldC5maSIsImV4cCI6MTYyMTM0NTkxMCwiaWF0IjoxNjIxMzQyMzEwLCJub25jZSI6InhWaWlrdHZDbG0ifQ.dQQe3_9li-VaNJ-ZRRox7dXDoKfneKItokv-YO2vI0-SwHhRijtP5wU1M5AmBtCmSdBzxgpgw9GP1nQgRUuREMh-COirzzGGIFUHLJRKq0AfQABGZRJHAo0FRc_EvzAQ2C4ZFnFIxE6vkLNeorEawjgPsSJKUexruky1r2xJNcAHRZwz1GMK-sjKd1QL5stlV_to7V0qc5_h9ju5HVM2ZETebAV5G5zDHvyz-S6fGBQ5JJ8nr-8tfZSdHcWqmI-4UVicFni118MT-crgm9EOP78HxNidWy7f-2F7QkH9RZXZj4dtorwYznltUSxKzZue0MWb9mtW0Fwe9Y00b-dovMiegLxtvdUDcnxTFdoqqIQxgZ8hnnBOm35LrjEFBAqNOSNQh-JrcV1HQ0h6MoR1G5LDEGVgMBL-sPAbLnrOJ_udMIQLD2davPrOit0nkgOFcduC8hkubT_LaO4iNG9FybM8QdIkq2LvJnYs6JFHQB3tDTmWMqht1ZJnhQkbeprQ
2021-05-18 12:51:50 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
teppo@funet.fi
2021-05-18 12:51:50 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
AAdzZWNyZXQxeAyvinFw7ee1XfnfuFdnb0d7g-wuzj0VflNE7iuqzW3NVZMrKKOBhopBknbHQqtcybnzMET7ziYoigfUTaHSf1X-zfJDtDu9AHigeV1jhFIQvq9zzFgW_WhzNootRUYnoRAzh3CSPBzD1V5rv2PV1nH8r0mtWHIdJ0zzqrb7fC5301F0-pf7ZSo2BnDD7s7-CDsoMRIwfPxZkSz-6dXuP34j11A01BIIJOBPe_ZGBiAilTn_Hh1QqUsnGS9rh0HHPUg3VJTJJkXja-kK59p9NcEPOayCiax1XUNKvoZ1KsM8Kqv7D3tCHbTO9-O9vvDWJ1_aL_8N08CRz8lCKqDZAXlfCOQlVrFXmuBNp2nMMZFt-T7H8OSNsNdm9xeOhygko6-JaqhMkUkK7BW55FdWI3k8jg51jkzirMzEpCHjLecIhRJTJ1aXoxGyKpilj9o
redirect_uri
https://www.certification.openid.net/test/a/3_0_1/callback
2021-05-18 12:51:50 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5Ol9lNGUwOTAxZjMyOWJiODI4NDYwYTdjMTY3MmZlNTQ4OQ==
2021-05-18 12:51:50
CallTokenEndpoint
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5Ol9lNGUwOTAxZjMyOWJiODI4NDYwYTdjMTY3MmZlNTQ4OQ\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "580"
}
request_body
grant_type=authorization_code&code=AAdzZWNyZXQxeAyvinFw7ee1XfnfuFdnb0d7g-wuzj0VflNE7iuqzW3NVZMrKKOBhopBknbHQqtcybnzMET7ziYoigfUTaHSf1X-zfJDtDu9AHigeV1jhFIQvq9zzFgW_WhzNootRUYnoRAzh3CSPBzD1V5rv2PV1nH8r0mtWHIdJ0zzqrb7fC5301F0-pf7ZSo2BnDD7s7-CDsoMRIwfPxZkSz-6dXuP34j11A01BIIJOBPe_ZGBiAilTn_Hh1QqUsnGS9rh0HHPUg3VJTJJkXja-kK59p9NcEPOayCiax1XUNKvoZ1KsM8Kqv7D3tCHbTO9-O9vvDWJ1_aL_8N08CRz8lCKqDZAXlfCOQlVrFXmuBNp2nMMZFt-T7H8OSNsNdm9xeOhygko6-JaqhMkUkK7BW55FdWI3k8jg51jkzirMzEpCHjLecIhRJTJ1aXoxGyKpilj9o&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2F3_0_1%2Fcallback
2021-05-18 12:51:51 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 12:51:51 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1878",
  "set-cookie": "JSESSIONID\u003dnode01a9ef4si93g2o1kan1ke0gvj6u37.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQxUHBFr867ZqGGt3limHD4zXPFD3DSyiK-5-o1T888Dl7dlO8fQnwlXaXKjeTcI7OBt1YUHaGQVoTZJP4B7ihgtCGxE8R3XymE8crQjZHtWaDXSLPaOPht6W6e87NeAjq7ixiPVzwarUsMikq1L5BbG56a3lZPUnbZ-nDyQqCmPxyP4xXe8V7f7i5mQG4YWHgiDEqxPNw-6h1O1YJEcLxOPMMeVLXg_cqDmNdSFUjHBtBGdcgzvVbXpWDpJoEaYtNDAiqveWeGyzbR1R0AE447cvz_ezeRJ5OVOlprahIz40yZsx8vvBb7J1jpnTRE2eKEe7PNFx_sp87bthKioZBsSgf1m4VaJt7CDJnV42rWc0Mg2kNmoCF4LLreQ9JUMKPAQ0osn4VPPavBZ_AlXGosfTchN-YmsJwNw_PPtrsCabPQIYthp3sIWPCXL1uc","refresh_token":"AAdzZWNyZXQxkmxjIPl6bkmdvsDi6INrn8c63NwRPM21MZ_FQC9RJuH0LWRroelACA1a99MNy1A3s7v35gR-NsXmj0DvJIP5DMzsc1VwTykArxIKcmOgE2MRNqch1NQ92sJq1ldr0mx1hsN1rgJAvioOuFhWRpInfu-OEBZ793KpKccXZ0rxh9YkFW1azzzvw8FaQOyckj46aQkSUhNiLwlvzTyp28d3WFn8_hFWIXxwlZmOgiVcjrn02ZepGfieAGhWu4n9iqtFjXFoc_6dUQYdqEOhaB-GaQ7kCDib6fSRHN059Ywtz6ekKa4_6LGGe99ESjFE4anukigBPgG3jqYkXCnIE4i7GeipxLTvKSfTf7r9k_47dIOG5URhMvR1iE-GpWgecN_EMLT9amc9o7OE2y2jWls6jtC8uC8_WvRkf7-Z-ddL13Kyieyd1ObXatsl-Rx6W0U","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoicWFzTFY0TWFhM2ZIR2F3NTdxTE0zdyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MTEsImlhdCI6MTYyMTM0MjMxMSwibm9uY2UiOiJ4Vmlpa3R2Q2xtIn0.kDNSybavPyyMzkK21R9YQ4pc_VHAVzeFma3zjAyy5gCHjMxQVpr-JK-XBM8DHA2P_x5-pUVywNzAosc9lTSO2-RaSDemtzoWpeXB3azhBn7XiAhSpnqPWfmA6aNkdedEDlAuUfXAK7q0JhAt2-TaSX3p6aB15TV5UuJy6u7_FOOmJ4bmzpj6L9Ohb3_MWG80bgXjBkiZKsj8YgVgFQxV12DXro_9BD8r4hBYHRRdIaVNR1lHqZbs8J6nAYNkkhsmPhAwLgWo090GWqPJkZ4hIMcKl5h2PGYkWPqqkcicaNj0YHHr5n1xPoRSILVPgiPl1iNAFimEEC71aVB63weBBlU2URCbC-kp7KwqTu9SuBOx0QQ_vqg3rx_RDy_QNh3RU4Cg1MXuce3xOnc7yevXD1I5I0Ti19dhEWGFB1R8aNzjXkwr5JSgHex8z2eLN9l5gDFoXzueK5fp8wwvM0kwbdibpKVAcIo8lM2Rxuc9sG05ErBF6YuLsOSUkqKMCjNN","token_type":"Bearer","expires_in":600}
2021-05-18 12:51:51
CallTokenEndpoint
Token endpoint response
token_endpoint_response
{"access_token":"AAdzZWNyZXQxUHBFr867ZqGGt3limHD4zXPFD3DSyiK-5-o1T888Dl7dlO8fQnwlXaXKjeTcI7OBt1YUHaGQVoTZJP4B7ihgtCGxE8R3XymE8crQjZHtWaDXSLPaOPht6W6e87NeAjq7ixiPVzwarUsMikq1L5BbG56a3lZPUnbZ-nDyQqCmPxyP4xXe8V7f7i5mQG4YWHgiDEqxPNw-6h1O1YJEcLxOPMMeVLXg_cqDmNdSFUjHBtBGdcgzvVbXpWDpJoEaYtNDAiqveWeGyzbR1R0AE447cvz_ezeRJ5OVOlprahIz40yZsx8vvBb7J1jpnTRE2eKEe7PNFx_sp87bthKioZBsSgf1m4VaJt7CDJnV42rWc0Mg2kNmoCF4LLreQ9JUMKPAQ0osn4VPPavBZ_AlXGosfTchN-YmsJwNw_PPtrsCabPQIYthp3sIWPCXL1uc","refresh_token":"AAdzZWNyZXQxkmxjIPl6bkmdvsDi6INrn8c63NwRPM21MZ_FQC9RJuH0LWRroelACA1a99MNy1A3s7v35gR-NsXmj0DvJIP5DMzsc1VwTykArxIKcmOgE2MRNqch1NQ92sJq1ldr0mx1hsN1rgJAvioOuFhWRpInfu-OEBZ793KpKccXZ0rxh9YkFW1azzzvw8FaQOyckj46aQkSUhNiLwlvzTyp28d3WFn8_hFWIXxwlZmOgiVcjrn02ZepGfieAGhWu4n9iqtFjXFoc_6dUQYdqEOhaB-GaQ7kCDib6fSRHN059Ywtz6ekKa4_6LGGe99ESjFE4anukigBPgG3jqYkXCnIE4i7GeipxLTvKSfTf7r9k_47dIOG5URhMvR1iE-GpWgecN_EMLT9amc9o7OE2y2jWls6jtC8uC8_WvRkf7-Z-ddL13Kyieyd1ObXatsl-Rx6W0U","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoicWFzTFY0TWFhM2ZIR2F3NTdxTE0zdyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MTEsImlhdCI6MTYyMTM0MjMxMSwibm9uY2UiOiJ4Vmlpa3R2Q2xtIn0.kDNSybavPyyMzkK21R9YQ4pc_VHAVzeFma3zjAyy5gCHjMxQVpr-JK-XBM8DHA2P_x5-pUVywNzAosc9lTSO2-RaSDemtzoWpeXB3azhBn7XiAhSpnqPWfmA6aNkdedEDlAuUfXAK7q0JhAt2-TaSX3p6aB15TV5UuJy6u7_FOOmJ4bmzpj6L9Ohb3_MWG80bgXjBkiZKsj8YgVgFQxV12DXro_9BD8r4hBYHRRdIaVNR1lHqZbs8J6nAYNkkhsmPhAwLgWo090GWqPJkZ4hIMcKl5h2PGYkWPqqkcicaNj0YHHr5n1xPoRSILVPgiPl1iNAFimEEC71aVB63weBBlU2URCbC-kp7KwqTu9SuBOx0QQ_vqg3rx_RDy_QNh3RU4Cg1MXuce3xOnc7yevXD1I5I0Ti19dhEWGFB1R8aNzjXkwr5JSgHex8z2eLN9l5gDFoXzueK5fp8wwvM0kwbdibpKVAcIo8lM2Rxuc9sG05ErBF6YuLsOSUkqKMCjNN","token_type":"Bearer","expires_in":600}
2021-05-18 12:51:51 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
AAdzZWNyZXQxUHBFr867ZqGGt3limHD4zXPFD3DSyiK-5-o1T888Dl7dlO8fQnwlXaXKjeTcI7OBt1YUHaGQVoTZJP4B7ihgtCGxE8R3XymE8crQjZHtWaDXSLPaOPht6W6e87NeAjq7ixiPVzwarUsMikq1L5BbG56a3lZPUnbZ-nDyQqCmPxyP4xXe8V7f7i5mQG4YWHgiDEqxPNw-6h1O1YJEcLxOPMMeVLXg_cqDmNdSFUjHBtBGdcgzvVbXpWDpJoEaYtNDAiqveWeGyzbR1R0AE447cvz_ezeRJ5OVOlprahIz40yZsx8vvBb7J1jpnTRE2eKEe7PNFx_sp87bthKioZBsSgf1m4VaJt7CDJnV42rWc0Mg2kNmoCF4LLreQ9JUMKPAQ0osn4VPPavBZ_AlXGosfTchN-YmsJwNw_PPtrsCabPQIYthp3sIWPCXL1uc
refresh_token
AAdzZWNyZXQxkmxjIPl6bkmdvsDi6INrn8c63NwRPM21MZ_FQC9RJuH0LWRroelACA1a99MNy1A3s7v35gR-NsXmj0DvJIP5DMzsc1VwTykArxIKcmOgE2MRNqch1NQ92sJq1ldr0mx1hsN1rgJAvioOuFhWRpInfu-OEBZ793KpKccXZ0rxh9YkFW1azzzvw8FaQOyckj46aQkSUhNiLwlvzTyp28d3WFn8_hFWIXxwlZmOgiVcjrn02ZepGfieAGhWu4n9iqtFjXFoc_6dUQYdqEOhaB-GaQ7kCDib6fSRHN059Ywtz6ekKa4_6LGGe99ESjFE4anukigBPgG3jqYkXCnIE4i7GeipxLTvKSfTf7r9k_47dIOG5URhMvR1iE-GpWgecN_EMLT9amc9o7OE2y2jWls6jtC8uC8_WvRkf7-Z-ddL13Kyieyd1ObXatsl-Rx6W0U
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoicWFzTFY0TWFhM2ZIR2F3NTdxTE0zdyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MTEsImlhdCI6MTYyMTM0MjMxMSwibm9uY2UiOiJ4Vmlpa3R2Q2xtIn0.kDNSybavPyyMzkK21R9YQ4pc_VHAVzeFma3zjAyy5gCHjMxQVpr-JK-XBM8DHA2P_x5-pUVywNzAosc9lTSO2-RaSDemtzoWpeXB3azhBn7XiAhSpnqPWfmA6aNkdedEDlAuUfXAK7q0JhAt2-TaSX3p6aB15TV5UuJy6u7_FOOmJ4bmzpj6L9Ohb3_MWG80bgXjBkiZKsj8YgVgFQxV12DXro_9BD8r4hBYHRRdIaVNR1lHqZbs8J6nAYNkkhsmPhAwLgWo090GWqPJkZ4hIMcKl5h2PGYkWPqqkcicaNj0YHHr5n1xPoRSILVPgiPl1iNAFimEEC71aVB63weBBlU2URCbC-kp7KwqTu9SuBOx0QQ_vqg3rx_RDy_QNh3RU4Cg1MXuce3xOnc7yevXD1I5I0Ti19dhEWGFB1R8aNzjXkwr5JSgHex8z2eLN9l5gDFoXzueK5fp8wwvM0kwbdibpKVAcIo8lM2Rxuc9sG05ErBF6YuLsOSUkqKMCjNN
token_type
Bearer
expires_in
600
2021-05-18 12:51:51 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-18 12:51:51 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
AAdzZWNyZXQxUHBFr867ZqGGt3limHD4zXPFD3DSyiK-5-o1T888Dl7dlO8fQnwlXaXKjeTcI7OBt1YUHaGQVoTZJP4B7ihgtCGxE8R3XymE8crQjZHtWaDXSLPaOPht6W6e87NeAjq7ixiPVzwarUsMikq1L5BbG56a3lZPUnbZ-nDyQqCmPxyP4xXe8V7f7i5mQG4YWHgiDEqxPNw-6h1O1YJEcLxOPMMeVLXg_cqDmNdSFUjHBtBGdcgzvVbXpWDpJoEaYtNDAiqveWeGyzbR1R0AE447cvz_ezeRJ5OVOlprahIz40yZsx8vvBb7J1jpnTRE2eKEe7PNFx_sp87bthKioZBsSgf1m4VaJt7CDJnV42rWc0Mg2kNmoCF4LLreQ9JUMKPAQ0osn4VPPavBZ_AlXGosfTchN-YmsJwNw_PPtrsCabPQIYthp3sIWPCXL1uc
2021-05-18 12:51:51 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQxUHBFr867ZqGGt3limHD4zXPFD3DSyiK-5-o1T888Dl7dlO8fQnwlXaXKjeTcI7OBt1YUHaGQVoTZJP4B7ihgtCGxE8R3XymE8crQjZHtWaDXSLPaOPht6W6e87NeAjq7ixiPVzwarUsMikq1L5BbG56a3lZPUnbZ-nDyQqCmPxyP4xXe8V7f7i5mQG4YWHgiDEqxPNw-6h1O1YJEcLxOPMMeVLXg_cqDmNdSFUjHBtBGdcgzvVbXpWDpJoEaYtNDAiqveWeGyzbR1R0AE447cvz_ezeRJ5OVOlprahIz40yZsx8vvBb7J1jpnTRE2eKEe7PNFx_sp87bthKioZBsSgf1m4VaJt7CDJnV42rWc0Mg2kNmoCF4LLreQ9JUMKPAQ0osn4VPPavBZ_AlXGosfTchN-YmsJwNw_PPtrsCabPQIYthp3sIWPCXL1uc
type
Bearer
2021-05-18 12:51:51 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-18 12:51:51 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-18 12:51:51 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
AAdzZWNyZXQxkmxjIPl6bkmdvsDi6INrn8c63NwRPM21MZ_FQC9RJuH0LWRroelACA1a99MNy1A3s7v35gR-NsXmj0DvJIP5DMzsc1VwTykArxIKcmOgE2MRNqch1NQ92sJq1ldr0mx1hsN1rgJAvioOuFhWRpInfu-OEBZ793KpKccXZ0rxh9YkFW1azzzvw8FaQOyckj46aQkSUhNiLwlvzTyp28d3WFn8_hFWIXxwlZmOgiVcjrn02ZepGfieAGhWu4n9iqtFjXFoc_6dUQYdqEOhaB-GaQ7kCDib6fSRHN059Ywtz6ekKa4_6LGGe99ESjFE4anukigBPgG3jqYkXCnIE4i7GeipxLTvKSfTf7r9k_47dIOG5URhMvR1iE-GpWgecN_EMLT9amc9o7OE2y2jWls6jtC8uC8_WvRkf7-Z-ddL13Kyieyd1ObXatsl-Rx6W0U
2021-05-18 12:51:51 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoicWFzTFY0TWFhM2ZIR2F3NTdxTE0zdyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MTEsImlhdCI6MTYyMTM0MjMxMSwibm9uY2UiOiJ4Vmlpa3R2Q2xtIn0.kDNSybavPyyMzkK21R9YQ4pc_VHAVzeFma3zjAyy5gCHjMxQVpr-JK-XBM8DHA2P_x5-pUVywNzAosc9lTSO2-RaSDemtzoWpeXB3azhBn7XiAhSpnqPWfmA6aNkdedEDlAuUfXAK7q0JhAt2-TaSX3p6aB15TV5UuJy6u7_FOOmJ4bmzpj6L9Ohb3_MWG80bgXjBkiZKsj8YgVgFQxV12DXro_9BD8r4hBYHRRdIaVNR1lHqZbs8J6nAYNkkhsmPhAwLgWo090GWqPJkZ4hIMcKl5h2PGYkWPqqkcicaNj0YHHr5n1xPoRSILVPgiPl1iNAFimEEC71aVB63weBBlU2URCbC-kp7KwqTu9SuBOx0QQ_vqg3rx_RDy_QNh3RU4Cg1MXuce3xOnc7yevXD1I5I0Ti19dhEWGFB1R8aNzjXkwr5JSgHex8z2eLN9l5gDFoXzueK5fp8wwvM0kwbdibpKVAcIo8lM2Rxuc9sG05ErBF6YuLsOSUkqKMCjNN
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "qasLV4Maa3fHGaw57qLM3w",
  "sub": "teppo@funet.fi",
  "aud": "_f3136305348f068854a60f37469ef109",
  "acr": "password",
  "auth_time": 1621341941,
  "iss": "https://testop.funet.fi",
  "exp": 1621345911,
  "iat": 1621342311,
  "nonce": "xViiktvClm"
}
2021-05-18 12:51:51 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2021-05-18 12:51:51 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
xViiktvClm
2021-05-18 12:51:51 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2021-05-18 12:51:51 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoicWFzTFY0TWFhM2ZIR2F3NTdxTE0zdyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MTEsImlhdCI6MTYyMTM0MjMxMSwibm9uY2UiOiJ4Vmlpa3R2Q2xtIn0.kDNSybavPyyMzkK21R9YQ4pc_VHAVzeFma3zjAyy5gCHjMxQVpr-JK-XBM8DHA2P_x5-pUVywNzAosc9lTSO2-RaSDemtzoWpeXB3azhBn7XiAhSpnqPWfmA6aNkdedEDlAuUfXAK7q0JhAt2-TaSX3p6aB15TV5UuJy6u7_FOOmJ4bmzpj6L9Ohb3_MWG80bgXjBkiZKsj8YgVgFQxV12DXro_9BD8r4hBYHRRdIaVNR1lHqZbs8J6nAYNkkhsmPhAwLgWo090GWqPJkZ4hIMcKl5h2PGYkWPqqkcicaNj0YHHr5n1xPoRSILVPgiPl1iNAFimEEC71aVB63weBBlU2URCbC-kp7KwqTu9SuBOx0QQ_vqg3rx_RDy_QNh3RU4Cg1MXuce3xOnc7yevXD1I5I0Ti19dhEWGFB1R8aNzjXkwr5JSgHex8z2eLN9l5gDFoXzueK5fp8wwvM0kwbdibpKVAcIo8lM2Rxuc9sG05ErBF6YuLsOSUkqKMCjNN
2021-05-18 12:51:51 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoicWFzTFY0TWFhM2ZIR2F3NTdxTE0zdyIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MTEsImlhdCI6MTYyMTM0MjMxMSwibm9uY2UiOiJ4Vmlpa3R2Q2xtIn0.kDNSybavPyyMzkK21R9YQ4pc_VHAVzeFma3zjAyy5gCHjMxQVpr-JK-XBM8DHA2P_x5-pUVywNzAosc9lTSO2-RaSDemtzoWpeXB3azhBn7XiAhSpnqPWfmA6aNkdedEDlAuUfXAK7q0JhAt2-TaSX3p6aB15TV5UuJy6u7_FOOmJ4bmzpj6L9Ohb3_MWG80bgXjBkiZKsj8YgVgFQxV12DXro_9BD8r4hBYHRRdIaVNR1lHqZbs8J6nAYNkkhsmPhAwLgWo090GWqPJkZ4hIMcKl5h2PGYkWPqqkcicaNj0YHHr5n1xPoRSILVPgiPl1iNAFimEEC71aVB63weBBlU2URCbC-kp7KwqTu9SuBOx0QQ_vqg3rx_RDy_QNh3RU4Cg1MXuce3xOnc7yevXD1I5I0Ti19dhEWGFB1R8aNzjXkwr5JSgHex8z2eLN9l5gDFoXzueK5fp8wwvM0kwbdibpKVAcIo8lM2Rxuc9sG05ErBF6YuLsOSUkqKMCjNN
2021-05-18 12:51:51 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
teppo@funet.fi
2021-05-18 12:51:51 SUCCESS
VerifyIdTokenSubConsistentHybridFlow
authorization endpoint and token endpoint id_token have same sub
sub_auth_endpoint
teppo@funet.fi
sub_token_endpoint
teppo@funet.fi
2021-05-18 12:51:51 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxkmxjIPl6bkmdvsDi6INrn8c63NwRPM21MZ_FQC9RJuH0LWRroelACA1a99MNy1A3s7v35gR-NsXmj0DvJIP5DMzsc1VwTykArxIKcmOgE2MRNqch1NQ92sJq1ldr0mx1hsN1rgJAvioOuFhWRpInfu-OEBZ793KpKccXZ0rxh9YkFW1azzzvw8FaQOyckj46aQkSUhNiLwlvzTyp28d3WFn8_hFWIXxwlZmOgiVcjrn02ZepGfieAGhWu4n9iqtFjXFoc_6dUQYdqEOhaB-GaQ7kCDib6fSRHN059Ywtz6ekKa4_6LGGe99ESjFE4anukigBPgG3jqYkXCnIE4i7GeipxLTvKSfTf7r9k_47dIOG5URhMvR1iE-GpWgecN_EMLT9amc9o7OE2y2jWls6jtC8uC8_WvRkf7-Z-ddL13Kyieyd1ObXatsl-Rx6W0U
2021-05-18 12:51:51 SUCCESS
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
supported_grant_types
[
  "authorization_code",
  "implicit",
  "refresh_token"
]
2021-05-18 12:51:51 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Second client: Refresh Token Request
2021-05-18 12:51:51 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxkmxjIPl6bkmdvsDi6INrn8c63NwRPM21MZ_FQC9RJuH0LWRroelACA1a99MNy1A3s7v35gR-NsXmj0DvJIP5DMzsc1VwTykArxIKcmOgE2MRNqch1NQ92sJq1ldr0mx1hsN1rgJAvioOuFhWRpInfu-OEBZ793KpKccXZ0rxh9YkFW1azzzvw8FaQOyckj46aQkSUhNiLwlvzTyp28d3WFn8_hFWIXxwlZmOgiVcjrn02ZepGfieAGhWu4n9iqtFjXFoc_6dUQYdqEOhaB-GaQ7kCDib6fSRHN059Ywtz6ekKa4_6LGGe99ESjFE4anukigBPgG3jqYkXCnIE4i7GeipxLTvKSfTf7r9k_47dIOG5URhMvR1iE-GpWgecN_EMLT9amc9o7OE2y2jWls6jtC8uC8_WvRkf7-Z-ddL13Kyieyd1ObXatsl-Rx6W0U
2021-05-18 12:51:51 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5Ol9lNGUwOTAxZjMyOWJiODI4NDYwYTdjMTY3MmZlNTQ4OQ==
2021-05-18 12:51:51 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2021-05-18 12:51:52 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2021-05-18 12:51:52
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5Ol9lNGUwOTAxZjMyOWJiODI4NDYwYTdjMTY3MmZlNTQ4OQ\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "498"
}
request_body
grant_type=refresh_token&refresh_token=AAdzZWNyZXQxkmxjIPl6bkmdvsDi6INrn8c63NwRPM21MZ_FQC9RJuH0LWRroelACA1a99MNy1A3s7v35gR-NsXmj0DvJIP5DMzsc1VwTykArxIKcmOgE2MRNqch1NQ92sJq1ldr0mx1hsN1rgJAvioOuFhWRpInfu-OEBZ793KpKccXZ0rxh9YkFW1azzzvw8FaQOyckj46aQkSUhNiLwlvzTyp28d3WFn8_hFWIXxwlZmOgiVcjrn02ZepGfieAGhWu4n9iqtFjXFoc_6dUQYdqEOhaB-GaQ7kCDib6fSRHN059Ywtz6ekKa4_6LGGe99ESjFE4anukigBPgG3jqYkXCnIE4i7GeipxLTvKSfTf7r9k_47dIOG5URhMvR1iE-GpWgecN_EMLT9amc9o7OE2y2jWls6jtC8uC8_WvRkf7-Z-ddL13Kyieyd1ObXatsl-Rx6W0U
2021-05-18 12:51:52 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 12:51:52 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "1881",
  "set-cookie": "JSESSIONID\u003dnode0m1clskxeornd8i3tbaplmo2838.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"AAdzZWNyZXQxwHyd7VLhP959MMhTTmbk-9xlCCjXWdxg3Ffykwmf0sF9S5fvFuG6G71IazboJ4xHd6L4Fyi7KG3mUcYq3Aop5d5_gO7DmaaoJwDlYF7N_oD5TuYSz4OHcnIfBMi4cpYhxYyoGuH8IJQ4QrfzbLNNGGYzy6JJ9uScEzLmuF7Ahh6V2_hzqOlAO2WQDFykRwz-BZ_WJZYvX23V4P3ogK39fTH_n4EGdzH85gduhQGy7jPoDIXF0qZers1BzrcKGqiO6EBMUwewM8wkUdnp-cIC3ATjvaOTOnoZoNE1oDek5R-KvdO9pSew6l3yjrESPQL_uvq4Hn_E_NFjzUTvbYzK5sKw1UbInDgqzeDJNYj-vMTE9W4A264IfaqODlPE-q8OTG174Q_NNmu4SlqBvT8QxP33FpMSK_pQNphbGiChDUslvOM1TvzeAbxjdsEpBvU","refresh_token":"AAdzZWNyZXQxBwG42viP1fiOe6kVdPyUHcgjLvaCFoEtm8thAfEgwSgM6D19syC41OsPzW5DC92SkUMXGYADRjnbTiatO58duGQ9PK7QXiNWAMREyXeO3rVJUbgplU7Ibr9WFiehJXcG26Dq8u_sbSFZZ6HmuUQzQzZuN5qEdZIMcIVhDwAMmpZAlKr5Dt3aQfAO4hPhNhH8gaO5KOWNsHhcq1XS4cU2tvAuRFwBlx0RjRnSTcLg4VLaZ7OtZkzlz5PQiNLyBAdwQiLVMD-nhyHXvukwvLp0hchy8v7F0XbhagNv9IaR8TpTJZPky8Rq0UjpJKO8T_QjTJr-nv9wppAylvXAUd2mOFRiOT5wdgwsG_BofFDY3UlCOFtxyhanfqOqhukt1FGmWurOjFouozqU2Ipn9yfMitLroPL9KT_eQVcNb29hN6av9j5tLi3MAkWtpalpzgo","id_token":"eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiUjkweHZBeU5kd3dzRVRwNk9adVVqUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MTIsImlhdCI6MTYyMTM0MjMxMiwibm9uY2UiOiJ4Vmlpa3R2Q2xtIn0.cZXrxiX5qSuILeuWQhA4RpS6-DZGqIL2MEksMhIqjreR2SX_6uxZvWfhWND97AU9Y03W2RtwgKZ_yxH8ezinjcImEtLn99po0ZvIq3cYZiDnp70eh6NnS84MBvF-U4HzZW8Lrf97PGPjqWH7zz-OzTKmGURSlXX9W5r7kZsIIJupIHHPB_iTeDlzKISvMPFaYdje3v8c01tGcR4PcsKorWJ2222a0yN-U0D4RbSPyrfDu8Aoqv7FvLb73Dz6ApmMcCuY0nB_n03TyMaj51t_Fs6UA5qyVG4STGck8fSyfVe_16PLWuJZOBX9-sXC_Lz-r6L9CsCrr9f0rLhYFA79e3_gfOzK6WWoYvmidlB9i6uplf2s-jW2Ycoz_TXlBNZMrzuCTcVKFW3QdlnDrd9DVs2rn997IlwRzg1p-YEG7Z-7SKeGbnKTt1t4haGNfly-SbkSAaVICyICWntOzzeMo4i4S-crg2vwZfSwtNdGLcxJQHsgZeYnCc39gg2hQixu","token_type":"Bearer","expires_in":600}
2021-05-18 12:51:52 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
access_token
AAdzZWNyZXQxwHyd7VLhP959MMhTTmbk-9xlCCjXWdxg3Ffykwmf0sF9S5fvFuG6G71IazboJ4xHd6L4Fyi7KG3mUcYq3Aop5d5_gO7DmaaoJwDlYF7N_oD5TuYSz4OHcnIfBMi4cpYhxYyoGuH8IJQ4QrfzbLNNGGYzy6JJ9uScEzLmuF7Ahh6V2_hzqOlAO2WQDFykRwz-BZ_WJZYvX23V4P3ogK39fTH_n4EGdzH85gduhQGy7jPoDIXF0qZers1BzrcKGqiO6EBMUwewM8wkUdnp-cIC3ATjvaOTOnoZoNE1oDek5R-KvdO9pSew6l3yjrESPQL_uvq4Hn_E_NFjzUTvbYzK5sKw1UbInDgqzeDJNYj-vMTE9W4A264IfaqODlPE-q8OTG174Q_NNmu4SlqBvT8QxP33FpMSK_pQNphbGiChDUslvOM1TvzeAbxjdsEpBvU
refresh_token
AAdzZWNyZXQxBwG42viP1fiOe6kVdPyUHcgjLvaCFoEtm8thAfEgwSgM6D19syC41OsPzW5DC92SkUMXGYADRjnbTiatO58duGQ9PK7QXiNWAMREyXeO3rVJUbgplU7Ibr9WFiehJXcG26Dq8u_sbSFZZ6HmuUQzQzZuN5qEdZIMcIVhDwAMmpZAlKr5Dt3aQfAO4hPhNhH8gaO5KOWNsHhcq1XS4cU2tvAuRFwBlx0RjRnSTcLg4VLaZ7OtZkzlz5PQiNLyBAdwQiLVMD-nhyHXvukwvLp0hchy8v7F0XbhagNv9IaR8TpTJZPky8Rq0UjpJKO8T_QjTJr-nv9wppAylvXAUd2mOFRiOT5wdgwsG_BofFDY3UlCOFtxyhanfqOqhukt1FGmWurOjFouozqU2Ipn9yfMitLroPL9KT_eQVcNb29hN6av9j5tLi3MAkWtpalpzgo
id_token
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiUjkweHZBeU5kd3dzRVRwNk9adVVqUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MTIsImlhdCI6MTYyMTM0MjMxMiwibm9uY2UiOiJ4Vmlpa3R2Q2xtIn0.cZXrxiX5qSuILeuWQhA4RpS6-DZGqIL2MEksMhIqjreR2SX_6uxZvWfhWND97AU9Y03W2RtwgKZ_yxH8ezinjcImEtLn99po0ZvIq3cYZiDnp70eh6NnS84MBvF-U4HzZW8Lrf97PGPjqWH7zz-OzTKmGURSlXX9W5r7kZsIIJupIHHPB_iTeDlzKISvMPFaYdje3v8c01tGcR4PcsKorWJ2222a0yN-U0D4RbSPyrfDu8Aoqv7FvLb73Dz6ApmMcCuY0nB_n03TyMaj51t_Fs6UA5qyVG4STGck8fSyfVe_16PLWuJZOBX9-sXC_Lz-r6L9CsCrr9f0rLhYFA79e3_gfOzK6WWoYvmidlB9i6uplf2s-jW2Ycoz_TXlBNZMrzuCTcVKFW3QdlnDrd9DVs2rn997IlwRzg1p-YEG7Z-7SKeGbnKTt1t4haGNfly-SbkSAaVICyICWntOzzeMo4i4S-crg2vwZfSwtNdGLcxJQHsgZeYnCc39gg2hQixu
token_type
Bearer
expires_in
600
2021-05-18 12:51:52 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2021-05-18 12:51:52 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2021-05-18 12:51:52 SUCCESS
CheckTokenEndpointCacheHeaders
'pragma' and 'cache-control' headers in token endpoint response contain expected values.
cache_control_header
[
  "no-store",
  "no-store"
]
pragma_header
no-cache
2021-05-18 12:51:52 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2021-05-18 12:51:52 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
AAdzZWNyZXQxwHyd7VLhP959MMhTTmbk-9xlCCjXWdxg3Ffykwmf0sF9S5fvFuG6G71IazboJ4xHd6L4Fyi7KG3mUcYq3Aop5d5_gO7DmaaoJwDlYF7N_oD5TuYSz4OHcnIfBMi4cpYhxYyoGuH8IJQ4QrfzbLNNGGYzy6JJ9uScEzLmuF7Ahh6V2_hzqOlAO2WQDFykRwz-BZ_WJZYvX23V4P3ogK39fTH_n4EGdzH85gduhQGy7jPoDIXF0qZers1BzrcKGqiO6EBMUwewM8wkUdnp-cIC3ATjvaOTOnoZoNE1oDek5R-KvdO9pSew6l3yjrESPQL_uvq4Hn_E_NFjzUTvbYzK5sKw1UbInDgqzeDJNYj-vMTE9W4A264IfaqODlPE-q8OTG174Q_NNmu4SlqBvT8QxP33FpMSK_pQNphbGiChDUslvOM1TvzeAbxjdsEpBvU
type
Bearer
2021-05-18 12:51:52 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2021-05-18 12:51:52 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
2704.4328964414535
expected
96.0
2021-05-18 12:51:52 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2021-05-18 12:51:52 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
600
2021-05-18 12:51:52 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
600
2021-05-18 12:51:52 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
AAdzZWNyZXQxUHBFr867ZqGGt3limHD4zXPFD3DSyiK-5-o1T888Dl7dlO8fQnwlXaXKjeTcI7OBt1YUHaGQVoTZJP4B7ihgtCGxE8R3XymE8crQjZHtWaDXSLPaOPht6W6e87NeAjq7ixiPVzwarUsMikq1L5BbG56a3lZPUnbZ-nDyQqCmPxyP4xXe8V7f7i5mQG4YWHgiDEqxPNw-6h1O1YJEcLxOPMMeVLXg_cqDmNdSFUjHBtBGdcgzvVbXpWDpJoEaYtNDAiqveWeGyzbR1R0AE447cvz_ezeRJ5OVOlprahIz40yZsx8vvBb7J1jpnTRE2eKEe7PNFx_sp87bthKioZBsSgf1m4VaJt7CDJnV42rWc0Mg2kNmoCF4LLreQ9JUMKPAQ0osn4VPPavBZ_AlXGosfTchN-YmsJwNw_PPtrsCabPQIYthp3sIWPCXL1uc
second_access_token
AAdzZWNyZXQxwHyd7VLhP959MMhTTmbk-9xlCCjXWdxg3Ffykwmf0sF9S5fvFuG6G71IazboJ4xHd6L4Fyi7KG3mUcYq3Aop5d5_gO7DmaaoJwDlYF7N_oD5TuYSz4OHcnIfBMi4cpYhxYyoGuH8IJQ4QrfzbLNNGGYzy6JJ9uScEzLmuF7Ahh6V2_hzqOlAO2WQDFykRwz-BZ_WJZYvX23V4P3ogK39fTH_n4EGdzH85gduhQGy7jPoDIXF0qZers1BzrcKGqiO6EBMUwewM8wkUdnp-cIC3ATjvaOTOnoZoNE1oDek5R-KvdO9pSew6l3yjrESPQL_uvq4Hn_E_NFjzUTvbYzK5sKw1UbInDgqzeDJNYj-vMTE9W4A264IfaqODlPE-q8OTG174Q_NNmu4SlqBvT8QxP33FpMSK_pQNphbGiChDUslvOM1TvzeAbxjdsEpBvU
2021-05-18 12:51:52 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJ0ZXN0S2V5RnJvbVBFTSIsImFsZyI6IlJTMjU2In0.eyJhdF9oYXNoIjoiUjkweHZBeU5kd3dzRVRwNk9adVVqUSIsInN1YiI6InRlcHBvQGZ1bmV0LmZpIiwiYXVkIjoiX2YzMTM2MzA1MzQ4ZjA2ODg1NGE2MGYzNzQ2OWVmMTA5IiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE2MjEzNDE5NDEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE2MjEzNDU5MTIsImlhdCI6MTYyMTM0MjMxMiwibm9uY2UiOiJ4Vmlpa3R2Q2xtIn0.cZXrxiX5qSuILeuWQhA4RpS6-DZGqIL2MEksMhIqjreR2SX_6uxZvWfhWND97AU9Y03W2RtwgKZ_yxH8ezinjcImEtLn99po0ZvIq3cYZiDnp70eh6NnS84MBvF-U4HzZW8Lrf97PGPjqWH7zz-OzTKmGURSlXX9W5r7kZsIIJupIHHPB_iTeDlzKISvMPFaYdje3v8c01tGcR4PcsKorWJ2222a0yN-U0D4RbSPyrfDu8Aoqv7FvLb73Dz6ApmMcCuY0nB_n03TyMaj51t_Fs6UA5qyVG4STGck8fSyfVe_16PLWuJZOBX9-sXC_Lz-r6L9CsCrr9f0rLhYFA79e3_gfOzK6WWoYvmidlB9i6uplf2s-jW2Ycoz_TXlBNZMrzuCTcVKFW3QdlnDrd9DVs2rn997IlwRzg1p-YEG7Z-7SKeGbnKTt1t4haGNfly-SbkSAaVICyICWntOzzeMo4i4S-crg2vwZfSwtNdGLcxJQHsgZeYnCc39gg2hQixu
header
{
  "kid": "testKeyFromPEM",
  "alg": "RS256"
}
claims
{
  "at_hash": "R90xvAyNdwwsETp6OZuUjQ",
  "sub": "teppo@funet.fi",
  "aud": "_f3136305348f068854a60f37469ef109",
  "acr": "password",
  "auth_time": 1621341941,
  "iss": "https://testop.funet.fi",
  "exp": 1621345912,
  "iat": 1621342312,
  "nonce": "xViiktvClm"
}
2021-05-18 12:51:52 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
AAdzZWNyZXQxBwG42viP1fiOe6kVdPyUHcgjLvaCFoEtm8thAfEgwSgM6D19syC41OsPzW5DC92SkUMXGYADRjnbTiatO58duGQ9PK7QXiNWAMREyXeO3rVJUbgplU7Ibr9WFiehJXcG26Dq8u_sbSFZZ6HmuUQzQzZuN5qEdZIMcIVhDwAMmpZAlKr5Dt3aQfAO4hPhNhH8gaO5KOWNsHhcq1XS4cU2tvAuRFwBlx0RjRnSTcLg4VLaZ7OtZkzlz5PQiNLyBAdwQiLVMD-nhyHXvukwvLp0hchy8v7F0XbhagNv9IaR8TpTJZPky8Rq0UjpJKO8T_QjTJr-nv9wppAylvXAUd2mOFRiOT5wdgwsG_BofFDY3UlCOFtxyhanfqOqhukt1FGmWurOjFouozqU2Ipn9yfMitLroPL9KT_eQVcNb29hN6av9j5tLi3MAkWtpalpzgo
2021-05-18 12:51:52 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
3672
required
128
2021-05-18 12:51:52 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
2706.69007078808
expected
96.0
2021-05-18 12:51:52 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://testop.funet.fi",
  "second": "https://testop.funet.fi",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "teppo@funet.fi",
  "second": "teppo@funet.fi",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1621342311,
  "second": 1621342312,
  "note": "Values are expected to be different"
}
aud
{
  "first": "_f3136305348f068854a60f37469ef109",
  "second": "_f3136305348f068854a60f37469ef109",
  "note": "Values are expected to be equal"
}
auth_time
{
  "first": 1621341941,
  "second": 1621341941,
  "note": "Values are expected to be equal"
}
azp
Id tokens do not contain azp claims
Second client: Userinfo endpoint tests
2021-05-18 12:51:53
CallProtectedResourceWithBearerToken
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/userinfo
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer AAdzZWNyZXQxwHyd7VLhP959MMhTTmbk-9xlCCjXWdxg3Ffykwmf0sF9S5fvFuG6G71IazboJ4xHd6L4Fyi7KG3mUcYq3Aop5d5_gO7DmaaoJwDlYF7N_oD5TuYSz4OHcnIfBMi4cpYhxYyoGuH8IJQ4QrfzbLNNGGYzy6JJ9uScEzLmuF7Ahh6V2_hzqOlAO2WQDFykRwz-BZ_WJZYvX23V4P3ogK39fTH_n4EGdzH85gduhQGy7jPoDIXF0qZers1BzrcKGqiO6EBMUwewM8wkUdnp-cIC3ATjvaOTOnoZoNE1oDek5R-KvdO9pSew6l3yjrESPQL_uvq4Hn_E_NFjzUTvbYzK5sKw1UbInDgqzeDJNYj-vMTE9W4A264IfaqODlPE-q8OTG174Q_NNmu4SlqBvT8QxP33FpMSK_pQNphbGiChDUslvOM1TvzeAbxjdsEpBvU",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
2021-05-18 12:51:53 RESPONSE
CallProtectedResourceWithBearerToken
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "date": "Tue, 18 May 2021 12:51:53 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode02h3powtveg4f1ew7e7x1khhlv39.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"sub":"teppo@funet.fi"}
2021-05-18 12:51:53 SUCCESS
CallProtectedResourceWithBearerToken
Got a response from the resource endpoint
headers
{
  "date": "Tue, 18 May 2021 12:51:53 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": "no-store",
  "content-type": "application/json;charset\u003dutf-8",
  "content-length": "24",
  "set-cookie": "JSESSIONID\u003dnode02h3powtveg4f1ew7e7x1khhlv39.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
status_code
{
  "code": 200
}
body
{"sub":"teppo@funet.fi"}
Attempting to use refresh_token issued to client 2 with client 1
2021-05-18 12:51:53 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxBwG42viP1fiOe6kVdPyUHcgjLvaCFoEtm8thAfEgwSgM6D19syC41OsPzW5DC92SkUMXGYADRjnbTiatO58duGQ9PK7QXiNWAMREyXeO3rVJUbgplU7Ibr9WFiehJXcG26Dq8u_sbSFZZ6HmuUQzQzZuN5qEdZIMcIVhDwAMmpZAlKr5Dt3aQfAO4hPhNhH8gaO5KOWNsHhcq1XS4cU2tvAuRFwBlx0RjRnSTcLg4VLaZ7OtZkzlz5PQiNLyBAdwQiLVMD-nhyHXvukwvLp0hchy8v7F0XbhagNv9IaR8TpTJZPky8Rq0UjpJKO8T_QjTJr-nv9wppAylvXAUd2mOFRiOT5wdgwsG_BofFDY3UlCOFtxyhanfqOqhukt1FGmWurOjFouozqU2Ipn9yfMitLroPL9KT_eQVcNb29hN6av9j5tLi3MAkWtpalpzgo
2021-05-18 12:51:53 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid offline_access' to token endpoint request
grant_type
refresh_token
refresh_token
AAdzZWNyZXQxBwG42viP1fiOe6kVdPyUHcgjLvaCFoEtm8thAfEgwSgM6D19syC41OsPzW5DC92SkUMXGYADRjnbTiatO58duGQ9PK7QXiNWAMREyXeO3rVJUbgplU7Ibr9WFiehJXcG26Dq8u_sbSFZZ6HmuUQzQzZuN5qEdZIMcIVhDwAMmpZAlKr5Dt3aQfAO4hPhNhH8gaO5KOWNsHhcq1XS4cU2tvAuRFwBlx0RjRnSTcLg4VLaZ7OtZkzlz5PQiNLyBAdwQiLVMD-nhyHXvukwvLp0hchy8v7F0XbhagNv9IaR8TpTJZPky8Rq0UjpJKO8T_QjTJr-nv9wppAylvXAUd2mOFRiOT5wdgwsG_BofFDY3UlCOFtxyhanfqOqhukt1FGmWurOjFouozqU2Ipn9yfMitLroPL9KT_eQVcNb29hN6av9j5tLi3MAkWtpalpzgo
scope
openid offline_access
2021-05-18 12:51:53 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic X2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1Ol84NjAxZjZlZjk1NjgxODFjMWIwNjMzODg2OTI5NjEzNg==
2021-05-18 12:51:53
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://testop.funet.fi/idp/profile/oidc/token
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Basic X2MzOWYzOTdhMzI0MDVmYWIzNzYyNzZlZDY3NWI1NDQ1Ol84NjAxZjZlZjk1NjgxODFjMWIwNjMzODg2OTI5NjEzNg\u003d\u003d",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "526"
}
request_body
grant_type=refresh_token&refresh_token=AAdzZWNyZXQxBwG42viP1fiOe6kVdPyUHcgjLvaCFoEtm8thAfEgwSgM6D19syC41OsPzW5DC92SkUMXGYADRjnbTiatO58duGQ9PK7QXiNWAMREyXeO3rVJUbgplU7Ibr9WFiehJXcG26Dq8u_sbSFZZ6HmuUQzQzZuN5qEdZIMcIVhDwAMmpZAlKr5Dt3aQfAO4hPhNhH8gaO5KOWNsHhcq1XS4cU2tvAuRFwBlx0RjRnSTcLg4VLaZ7OtZkzlz5PQiNLyBAdwQiLVMD-nhyHXvukwvLp0hchy8v7F0XbhagNv9IaR8TpTJZPky8Rq0UjpJKO8T_QjTJr-nv9wppAylvXAUd2mOFRiOT5wdgwsG_BofFDY3UlCOFtxyhanfqOqhukt1FGmWurOjFouozqU2Ipn9yfMitLroPL9KT_eQVcNb29hN6av9j5tLi3MAkWtpalpzgo&scope=openid+offline_access
2021-05-18 12:51:54 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
400 BAD_REQUEST
response_status_text
Bad Request
response_headers
{
  "date": "Tue, 18 May 2021 12:51:54 GMT",
  "server": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16",
  "expires": "",
  "cache-control": [
    "no-store",
    "no-store"
  ],
  "content-type": "application/json;charset\u003dutf-8",
  "pragma": "no-cache",
  "content-length": "61",
  "set-cookie": "JSESSIONID\u003dnode01c81qk1rjkebgjevyuee0h5lb40.node0;Path\u003d/idp;Secure;HttpOnly",
  "access-control-allow-origin": "*",
  "connection": "close"
}
response_body
{"error_description":"Invalid grant","error":"invalid_grant"}
2021-05-18 12:51:54 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
error_description
Invalid grant
error
invalid_grant
2021-05-18 12:51:54 SUCCESS
ValidateErrorFromTokenEndpointResponseError
Token endpoint response error returned valid 'error' field
error
invalid_grant
2021-05-18 12:51:54 SUCCESS
CheckTokenEndpointHttpStatus400
Token endpoint http status code was 400
2021-05-18 12:51:54 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2021-05-18 12:51:54 SUCCESS
CheckErrorFromTokenEndpointResponseErrorInvalidGrant
Token Endpoint response error returned expected 'error' of 'invalid_grant'
error
invalid_grant
2021-05-18 12:51:54 FINISHED
oidcc-refresh-token
Test has run to completion
testmodule_result
PASSED
Unregister dynamically registered client
2021-05-18 12:51:54 INFO
UnregisterDynamicallyRegisteredClient
Skipped evaluation due to missing required string: registration_client_uri
expected
registration_client_uri
Second client: Unregister dynamically registered client
2021-05-18 12:51:54 INFO
UnregisterDynamicallyRegisteredClient
Skipped evaluation due to missing required string: registration_client_uri
expected
registration_client_uri
2021-05-18 12:51:58
TEST-RUNNER
Alias has now been claimed by another test
alias
3_0_1
new_test_id
lONZzZYG901mdsB
Test Results