Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-10-22 15:36:02 INFO
TEST-RUNNER
Test instance kvF3hCjzgkOCO4y created
baseUrl
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8
variant
{
  "client_auth_type": "mtls",
  "fapi_auth_request_method": "by_value",
  "fapi_jarm_type": "oidc",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "jarm"
}
alias
openid-client-cSQQHKovF-Xm8TUu_rav8
description
openid-client v5.x FAPI1 Adv. MTLS, JARM (OIDC) RP
planId
YciZ5rRwyyBOk
config
{
  "alias": "openid-client-cSQQHKovF-Xm8TUu_rav8",
  "description": "openid-client v5.x FAPI1 Adv. MTLS, JARM (OIDC) RP",
  "server": {
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q",
          "d": "vtNHDK5wW5BcCXdxNN2A3Y4cppIh20yxbrfQcbkIJ4K1qOJzsIy45pAXF93f-iPAh6vF6KUk_au-1Xmfa15NKADYXjdgkZqHmfynet18z6nZz8f61wmwWpTccdvudsKtI20BtUsEqtHwGMf1G0rjjCWu1m5WmX3d1c5aTXChUTFd7u_nba7RFTnf8aHV-UR7NlpHwP0IPWqxY-KVjp-snnsiiwNXtOgywGa1feBTsQgyN_TWqFwkMY8EhBI4g-kdgeDGztROcMSeMOrKJIX8vKDDUZnb3irsie4cyPcZ3sVMtU8qQybnLjNAa-FIG2bOWcp-njUnTqbwJjDrsrtirQ",
          "p": "-i6LhNXZSoUxExTQXjpfaJjFY9fTR-Fiv1Mkk0i8E2vZU0G42PDhtwU1_tZ52x_ynK8pyjKOdfVAzpaBiEcqcBLK_HsEivjP98UStXiT32W9I_DZ32PYWgFtwyPiT_eslAb1o4RQrHIRxoE0O-vsg9xuiANbd_HKWtiMpvxqQ18",
          "q": "62GIHoKf2EovEN8DcTpQAe2dYHl7A8clKSWCsT5pYCza_T_goDjm4h77c3SBW8CUNmB6X06G8O9bSgzTNvKlRv61U1IInSD2_Whh5fbMB9tk13xFLa1XL4vt-aMH87rl2OtP_NiXxOnGzD1c6EZ6Qu0zjVGdQNfYA1OhFA06tLc",
          "dp": "wtZC48WjfuyxplmcWPX-3be0aihoK9-0hqoanvWTO1DPpI5XheQ69M0DGx8vMV71E986nXS4C9dfjEQcRuSdgUCxguXPSOezFxQMmPV5vA5Aud_V3aqlkJryP3oPwxVw-qtc2-as6U_A1iZDZrM6tAqUripnLsdIP23MRDPqEeM",
          "dq": "a_Z0ZOotPxvnsqlX_ttsTzYZ9WJDFlyFovXdmEa0NrTcTUS7V0JCRH1JgI9ztg4C7V4bQxPVuTVQfgqb5pwtSv8RVIJQCSJRp7H1FXG56_CptFz_rg_P6bMZGGO7BgQ34OMt8R-3nU5NLOkIcFHDSmdaOfuxUUivf_cf7v6Sask",
          "qi": "M1Z4QOS1MmdK1XFheLJCaaNvMfM7tqUWv9Hvg7eO4xfW_9fGq0oiUvj93Fo7qk-yo1gaJrP2650EhtUXA7BLPn3WN8Wt_duOZr7AS7SasRSLQ9t-p-BlskaqPQ9YWdKkCXLUlvPl27A8neo6uumMRc_TEKMGp30OwP8lD3hiRzU",
          "kty": "RSA",
          "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    }
  },
  "waitTimeoutSeconds": 2,
  "client": {
    "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "scope": "openid",
    "redirect_uri": "https://openid-client.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
          "kty": "RSA",
          "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
          ],
          "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
          "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr\r\nr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH\r\nTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA\r\n8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/\r\nUtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W\r\nmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei\r\nRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2\r\noFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP\r\nynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J\r\nwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl\r\n0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb\r\nOIWWqlirZGbuPjILzs0\u003d\r\n-----END CERTIFICATE-----\r\n"
  },
  "client2": {
    "client_id": "client2-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "scope": "openid",
    "redirect_uri": "https://openid-client2.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
          "kty": "RSA",
          "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
          "use": "sig",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
          ],
          "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
          "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
        },
        {
          "e": "AQAB",
          "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
          "kty": "RSA",
          "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
          "alg": "RSA-OAEP-256",
          "use": "enc"
        }
      ]
    },
    "id_token_encrypted_response_alg": "RSA-OAEP-256",
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiA\r\nEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tD\r\nANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk\r\n8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzV\r\nYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSS\r\nYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8Q\r\nmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQ\r\njFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VB\r\nNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682E\r\nl7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW\r\n5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR\r\n1RK/9JRIWBgAWEp58Kg\u003d\r\n-----END CERTIFICATE-----\r\n"
  }
}
testName
fapi1-advanced-final-client-test-invalid-missing-exp
2021-10-22 15:36:02 SUCCESS
GenerateServerConfigurationMTLS
Created server configuration
server
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-cSQQHKovF-Xm8TUu_rav8/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/userinfo"
}
issuer
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/
discoveryUrl
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/.well-known/openid-configuration
2021-10-22 15:36:02 SUCCESS
LoadServerJWKs
Parsed public and private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "-i6LhNXZSoUxExTQXjpfaJjFY9fTR-Fiv1Mkk0i8E2vZU0G42PDhtwU1_tZ52x_ynK8pyjKOdfVAzpaBiEcqcBLK_HsEivjP98UStXiT32W9I_DZ32PYWgFtwyPiT_eslAb1o4RQrHIRxoE0O-vsg9xuiANbd_HKWtiMpvxqQ18",
      "kty": "RSA",
      "q": "62GIHoKf2EovEN8DcTpQAe2dYHl7A8clKSWCsT5pYCza_T_goDjm4h77c3SBW8CUNmB6X06G8O9bSgzTNvKlRv61U1IInSD2_Whh5fbMB9tk13xFLa1XL4vt-aMH87rl2OtP_NiXxOnGzD1c6EZ6Qu0zjVGdQNfYA1OhFA06tLc",
      "d": "vtNHDK5wW5BcCXdxNN2A3Y4cppIh20yxbrfQcbkIJ4K1qOJzsIy45pAXF93f-iPAh6vF6KUk_au-1Xmfa15NKADYXjdgkZqHmfynet18z6nZz8f61wmwWpTccdvudsKtI20BtUsEqtHwGMf1G0rjjCWu1m5WmX3d1c5aTXChUTFd7u_nba7RFTnf8aHV-UR7NlpHwP0IPWqxY-KVjp-snnsiiwNXtOgywGa1feBTsQgyN_TWqFwkMY8EhBI4g-kdgeDGztROcMSeMOrKJIX8vKDDUZnb3irsie4cyPcZ3sVMtU8qQybnLjNAa-FIG2bOWcp-njUnTqbwJjDrsrtirQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "qi": "M1Z4QOS1MmdK1XFheLJCaaNvMfM7tqUWv9Hvg7eO4xfW_9fGq0oiUvj93Fo7qk-yo1gaJrP2650EhtUXA7BLPn3WN8Wt_duOZr7AS7SasRSLQ9t-p-BlskaqPQ9YWdKkCXLUlvPl27A8neo6uumMRc_TEKMGp30OwP8lD3hiRzU",
      "dp": "wtZC48WjfuyxplmcWPX-3be0aihoK9-0hqoanvWTO1DPpI5XheQ69M0DGx8vMV71E986nXS4C9dfjEQcRuSdgUCxguXPSOezFxQMmPV5vA5Aud_V3aqlkJryP3oPwxVw-qtc2-as6U_A1iZDZrM6tAqUripnLsdIP23MRDPqEeM",
      "alg": "PS256",
      "dq": "a_Z0ZOotPxvnsqlX_ttsTzYZ9WJDFlyFovXdmEa0NrTcTUS7V0JCRH1JgI9ztg4C7V4bQxPVuTVQfgqb5pwtSv8RVIJQCSJRp7H1FXG56_CptFz_rg_P6bMZGGO7BgQ34OMt8R-3nU5NLOkIcFHDSmdaOfuxUUivf_cf7v6Sask",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
server_encryption_keys
{}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "alg": "PS256",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
2021-10-22 15:36:02 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:36:02 SUCCESS
ExtractServerSigningAlg
Successfully extracted algorithm
signing_algorithm
PS256
2021-10-22 15:36:02 SUCCESS
AddTLSClientAuthToServerConfiguration
Added tls_client_auth for token_endpoint_auth_methods_supported
2021-10-22 15:36:02 SUCCESS
AddResponseTypeCodeToServerConfiguration
Added code as response type supported
response_types_supported
[
  "code"
]
2021-10-22 15:36:02 SUCCESS
AddJARMResponseModeToServerConfiguration
Added jwt as response_modes_supported
response_modes_supported
[
  "jwt"
]
2021-10-22 15:36:02 SUCCESS
AddAuthorizationSigningAlgValuesSupportedToServerConfiguration
Added authorization_signing_alg_values_supported to server configuration
alg_values
[
  "PS256"
]
2021-10-22 15:36:02 SUCCESS
FAPIAddTokenEndpointAuthSigningAlgValuesSupportedToServer
Set token_endpoint_auth_signing_alg_values_supported
values
[
  "PS256",
  "ES256"
]
2021-10-22 15:36:02 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-10-22 15:36:02 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "p": "-i6LhNXZSoUxExTQXjpfaJjFY9fTR-Fiv1Mkk0i8E2vZU0G42PDhtwU1_tZ52x_ynK8pyjKOdfVAzpaBiEcqcBLK_HsEivjP98UStXiT32W9I_DZ32PYWgFtwyPiT_eslAb1o4RQrHIRxoE0O-vsg9xuiANbd_HKWtiMpvxqQ18",
      "kty": "RSA",
      "q": "62GIHoKf2EovEN8DcTpQAe2dYHl7A8clKSWCsT5pYCza_T_goDjm4h77c3SBW8CUNmB6X06G8O9bSgzTNvKlRv61U1IInSD2_Whh5fbMB9tk13xFLa1XL4vt-aMH87rl2OtP_NiXxOnGzD1c6EZ6Qu0zjVGdQNfYA1OhFA06tLc",
      "d": "vtNHDK5wW5BcCXdxNN2A3Y4cppIh20yxbrfQcbkIJ4K1qOJzsIy45pAXF93f-iPAh6vF6KUk_au-1Xmfa15NKADYXjdgkZqHmfynet18z6nZz8f61wmwWpTccdvudsKtI20BtUsEqtHwGMf1G0rjjCWu1m5WmX3d1c5aTXChUTFd7u_nba7RFTnf8aHV-UR7NlpHwP0IPWqxY-KVjp-snnsiiwNXtOgywGa1feBTsQgyN_TWqFwkMY8EhBI4g-kdgeDGztROcMSeMOrKJIX8vKDDUZnb3irsie4cyPcZ3sVMtU8qQybnLjNAa-FIG2bOWcp-njUnTqbwJjDrsrtirQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "qi": "M1Z4QOS1MmdK1XFheLJCaaNvMfM7tqUWv9Hvg7eO4xfW_9fGq0oiUvj93Fo7qk-yo1gaJrP2650EhtUXA7BLPn3WN8Wt_duOZr7AS7SasRSLQ9t-p-BlskaqPQ9YWdKkCXLUlvPl27A8neo6uumMRc_TEKMGp30OwP8lD3hiRzU",
      "dp": "wtZC48WjfuyxplmcWPX-3be0aihoK9-0hqoanvWTO1DPpI5XheQ69M0DGx8vMV71E986nXS4C9dfjEQcRuSdgUCxguXPSOezFxQMmPV5vA5Aud_V3aqlkJryP3oPwxVw-qtc2-as6U_A1iZDZrM6tAqUripnLsdIP23MRDPqEeM",
      "alg": "PS256",
      "dq": "a_Z0ZOotPxvnsqlX_ttsTzYZ9WJDFlyFovXdmEa0NrTcTUS7V0JCRH1JgI9ztg4C7V4bQxPVuTVQfgqb5pwtSv8RVIJQCSJRp7H1FXG56_CptFz_rg_P6bMZGGO7BgQ34OMt8R-3nU5NLOkIcFHDSmdaOfuxUUivf_cf7v6Sask",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
2021-10-22 15:36:02 SUCCESS
LoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "email": "user@example.com",
  "email_verified": false
}
Verify configuration of first client
2021-10-22 15:36:02 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
scope
openid
redirect_uri
https://openid-client.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
      "kty": "RSA",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr
r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH
TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA
8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/
UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W
maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei
Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2
oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP
ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J
wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl
0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb
OIWWqlirZGbuPjILzs0=
-----END CERTIFICATE-----
2021-10-22 15:36:02 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:36:02 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
      "kty": "RSA",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM",
      "e": "AQAB",
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw"
    }
  ]
}
2021-10-22 15:36:02 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:36:02 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:36:02 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
      "kty": "RSA",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
    }
  ]
}
Verify configuration of second client
2021-10-22 15:36:02 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
client2-id-openid-client-cSQQHKovF-Xm8TUu_rav8
scope
openid
redirect_uri
https://openid-client2.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
      "kty": "RSA",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
    },
    {
      "e": "AQAB",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
      "kty": "RSA",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
id_token_encrypted_response_alg
RSA-OAEP-256
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiA
Ef+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tD
ANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk
8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzV
Yo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSS
YOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8Q
mauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQ
jFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VB
NhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682E
l7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW
5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR
1RK/9JRIWBgAWEp58Kg=
-----END CERTIFICATE-----
2021-10-22 15:36:02 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:36:02 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
      "kty": "RSA",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
    },
    {
      "e": "AQAB",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
      "kty": "RSA",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q",
      "e": "AQAB",
      "use": "sig",
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ"
    }
  ]
}
2021-10-22 15:36:02 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:36:02 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:36:02 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
      "kty": "RSA",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
    },
    {
      "e": "AQAB",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
      "kty": "RSA",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
2021-10-22 15:36:02
fapi1-advanced-final-client-test-invalid-missing-exp
Setup Done
2021-10-22 15:36:03 INCOMING
fapi1-advanced-final-client-test-invalid-missing-exp
Incoming HTTP request to test instance kvF3hCjzgkOCO4y
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:36:03 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:36:03 OUTGOING
fapi1-advanced-final-client-test-invalid-missing-exp
Response to HTTP request to test instance kvF3hCjzgkOCO4y
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-cSQQHKovF-Xm8TUu_rav8/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/userinfo",
  "token_endpoint_auth_methods_supported": [
    "tls_client_auth"
  ],
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "jwt"
  ],
  "authorization_signing_alg_values_supported": [
    "PS256"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256",
    "ES256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-10-22 15:36:03 INCOMING
fapi1-advanced-final-client-test-invalid-missing-exp
Incoming HTTP request to test instance kvF3hCjzgkOCO4y
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "got (https://github.com/sindresorhus/got)",
  "accept-encoding": "gzip, deflate, br",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "scope": "openid",
  "response_type": "code",
  "redirect_uri": "https://openid-client.local/cb",
  "state": "QfLbqhC1jcizfYfywsaQJRSRiDcIvJnlrPjc30eVjfM",
  "nonce": "y6ERQWF7x0iH6TytuTmkdRgJcP69uiXS8Ur4IguwviA",
  "request": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJRZkxicWhDMWpjaXpmWWZ5d3NhUUpSU1JpRGNJdkpubHJQamMzMGVWamZNIiwibm9uY2UiOiJ5NkVSUVdGN3gwaUg2VHl0dVRta2RSZ0pjUDY5dWlYUzhVcjRJZ3V3dmlBIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjczX3doalVaLVlvdkVIUWV5MWhleW53QTZvRlhHRzVISUFMWFRHc3dYcXMiLCJpYXQiOjE2MzQ5MTY5NjMsImV4cCI6MTYzNDkxNzI2MywibmJmIjoxNjM0OTE2OTYzfQ.ZmapZFp-qlgK5f9qnax-Uc7mss_6bB8UdHqrNlIXggKUE8tKam_yYLndrO4im7r6Lbc15GpG7ywQGAmz4jMZLyCCBjLEk2aY6c-Yq20xr5yUMRSqkUbhNCblO82L5g15hCtYBLo3MKV8Zn3PpUopQv74HcDgb7NPhxFzYGO0Su98GdZcrh42l1JbLAQ0kG17CEEZ28xPyqhcPmWIbWzDJdpKKoZivHJT3VAwqQihuSLoam0FkTaCMskTFY9iVgFtSeP4L5XJWHQFRMMRPkksPrajRgT5DdcL1khGFV47gGJdf9x-wYXflisUIDp4yT4Cb8hB5hCfRC7kmMBowxZQYw"
}
incoming_body
2021-10-22 15:36:03 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Authorization endpoint
2021-10-22 15:36:03 SUCCESS
ExtractRequestObject
Parsed request object
request_object
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJRZkxicWhDMWpjaXpmWWZ5d3NhUUpSU1JpRGNJdkpubHJQamMzMGVWamZNIiwibm9uY2UiOiJ5NkVSUVdGN3gwaUg2VHl0dVRta2RSZ0pjUDY5dWlYUzhVcjRJZ3V3dmlBIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjczX3doalVaLVlvdkVIUWV5MWhleW53QTZvRlhHRzVISUFMWFRHc3dYcXMiLCJpYXQiOjE2MzQ5MTY5NjMsImV4cCI6MTYzNDkxNzI2MywibmJmIjoxNjM0OTE2OTYzfQ.ZmapZFp-qlgK5f9qnax-Uc7mss_6bB8UdHqrNlIXggKUE8tKam_yYLndrO4im7r6Lbc15GpG7ywQGAmz4jMZLyCCBjLEk2aY6c-Yq20xr5yUMRSqkUbhNCblO82L5g15hCtYBLo3MKV8Zn3PpUopQv74HcDgb7NPhxFzYGO0Su98GdZcrh42l1JbLAQ0kG17CEEZ28xPyqhcPmWIbWzDJdpKKoZivHJT3VAwqQihuSLoam0FkTaCMskTFY9iVgFtSeP4L5XJWHQFRMMRPkksPrajRgT5DdcL1khGFV47gGJdf9x-wYXflisUIDp4yT4Cb8hB5hCfRC7kmMBowxZQYw",
  "header": {
    "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
    "typ": "oauth-authz-req+jwt",
    "alg": "PS256"
  },
  "claims": {
    "iss": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "response_type": "code",
    "nonce": "y6ERQWF7x0iH6TytuTmkdRgJcP69uiXS8Ur4IguwviA",
    "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "aud": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
    "nbf": 1634916963,
    "scope": "openid",
    "claims": {
      "id_token": {
        "acr": {
          "values": [
            "urn:openbanking:psd2:sca",
            "urn:openbanking:psd2:ca"
          ],
          "essential": true
        }
      }
    },
    "redirect_uri": "https://openid-client.local/cb",
    "state": "QfLbqhC1jcizfYfywsaQJRSRiDcIvJnlrPjc30eVjfM",
    "exp": 1634917263,
    "iat": 1634916963,
    "jti": "73_whjUZ-YovEHQey1heynwA6oFXGG5HIALXTGswXqs"
  }
}
2021-10-22 15:36:03 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:36:03 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "scope": "openid",
  "response_type": "code",
  "redirect_uri": "https://openid-client.local/cb",
  "state": "QfLbqhC1jcizfYfywsaQJRSRiDcIvJnlrPjc30eVjfM",
  "nonce": "y6ERQWF7x0iH6TytuTmkdRgJcP69uiXS8Ur4IguwviA",
  "request": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJRZkxicWhDMWpjaXpmWWZ5d3NhUUpSU1JpRGNJdkpubHJQamMzMGVWamZNIiwibm9uY2UiOiJ5NkVSUVdGN3gwaUg2VHl0dVRta2RSZ0pjUDY5dWlYUzhVcjRJZ3V3dmlBIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjczX3doalVaLVlvdkVIUWV5MWhleW53QTZvRlhHRzVISUFMWFRHc3dYcXMiLCJpYXQiOjE2MzQ5MTY5NjMsImV4cCI6MTYzNDkxNzI2MywibmJmIjoxNjM0OTE2OTYzfQ.ZmapZFp-qlgK5f9qnax-Uc7mss_6bB8UdHqrNlIXggKUE8tKam_yYLndrO4im7r6Lbc15GpG7ywQGAmz4jMZLyCCBjLEk2aY6c-Yq20xr5yUMRSqkUbhNCblO82L5g15hCtYBLo3MKV8Zn3PpUopQv74HcDgb7NPhxFzYGO0Su98GdZcrh42l1JbLAQ0kG17CEEZ28xPyqhcPmWIbWzDJdpKKoZivHJT3VAwqQihuSLoam0FkTaCMskTFY9iVgFtSeP4L5XJWHQFRMMRPkksPrajRgT5DdcL1khGFV47gGJdf9x-wYXflisUIDp4yT4Cb8hB5hCfRC7kmMBowxZQYw",
  "iss": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "aud": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "nbf": 1634916963,
  "claims": {
    "id_token": {
      "acr": {
        "values": [
          "urn:openbanking:psd2:sca",
          "urn:openbanking:psd2:ca"
        ],
        "essential": true
      }
    }
  },
  "exp": 1634917263,
  "iat": 1634916963,
  "jti": "73_whjUZ-YovEHQey1heynwA6oFXGG5HIALXTGswXqs"
}
2021-10-22 15:36:03 SUCCESS
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
alg
PS256
2021-10-22 15:36:03 SUCCESS
FAPIValidateRequestObjectIdTokenACRClaims
Acr value in request object is as expected
received
[
  "urn:openbanking:psd2:sca",
  "urn:openbanking:psd2:ca"
]
2021-10-22 15:36:03 SUCCESS
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
exp
"Oct 22, 2021, 3:41:03 PM"
2021-10-22 15:36:03 SUCCESS
FAPI1AdvancedValidateRequestObjectNBFClaim
nbf claim is valid
nbf
"Oct 22, 2021, 3:36:03 PM"
now
"Oct 22, 2021, 3:36:03 PM"
2021-10-22 15:36:03
ValidateRequestObjectClaims
Request object does not contain a max_age claim
2021-10-22 15:36:03 SUCCESS
ValidateRequestObjectClaims
Request object claims passed all validation checks
2021-10-22 15:36:03 SUCCESS
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
numeric_claims
[
  "max_age"
]
2021-10-22 15:36:03 SUCCESS
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
2021-10-22 15:36:03 SUCCESS
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
2021-10-22 15:36:03 SUCCESS
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
request_object
eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJRZkxicWhDMWpjaXpmWWZ5d3NhUUpSU1JpRGNJdkpubHJQamMzMGVWamZNIiwibm9uY2UiOiJ5NkVSUVdGN3gwaUg2VHl0dVRta2RSZ0pjUDY5dWlYUzhVcjRJZ3V3dmlBIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjczX3doalVaLVlvdkVIUWV5MWhleW53QTZvRlhHRzVISUFMWFRHc3dYcXMiLCJpYXQiOjE2MzQ5MTY5NjMsImV4cCI6MTYzNDkxNzI2MywibmJmIjoxNjM0OTE2OTYzfQ.ZmapZFp-qlgK5f9qnax-Uc7mss_6bB8UdHqrNlIXggKUE8tKam_yYLndrO4im7r6Lbc15GpG7ywQGAmz4jMZLyCCBjLEk2aY6c-Yq20xr5yUMRSqkUbhNCblO82L5g15hCtYBLo3MKV8Zn3PpUopQv74HcDgb7NPhxFzYGO0Su98GdZcrh42l1JbLAQ0kG17CEEZ28xPyqhcPmWIbWzDJdpKKoZivHJT3VAwqQihuSLoam0FkTaCMskTFY9iVgFtSeP4L5XJWHQFRMMRPkksPrajRgT5DdcL1khGFV47gGJdf9x-wYXflisUIDp4yT4Cb8hB5hCfRC7kmMBowxZQYw
request_object_signing_alg
PS256
jwk
Sun RSA public key, 2048 bits
  params: null
  modulus: 21526078141622829638920734706176806063201605661748740953272229190573245296207696896267678461499514362908771322040304050582067254902304538163087604811006505859500779410677360192222530528275473738024274812115025597428556107469388359750269933345202129604108692124054496657305568139218084668389876759601602006282195324081187925465763428150948585058861340830321641205281497108075697341036243658611675764314866577166407048998585883400028061025604810659257717080923530506023267608746056216697300265389559082041634632398174072069924999484327675952853740160214533825753601915118306041142950353876139425800114092008528476820659
  public exponent: 65537
2021-10-22 15:36:03 SUCCESS
EnsureMatchingRedirectUriInRequestObject
Redirect URI matched
actual
https://openid-client.local/cb
2021-10-22 15:36:03 SUCCESS
EnsureRequiredAuthorizationRequestParametersMatchRequestObject
Required http request parameters match request object claims
response_type
code
client_id
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
2021-10-22 15:36:03 SUCCESS
EnsureOptionalAuthorizationRequestParametersMatchRequestObject
All http request parameters and request object claims match
2021-10-22 15:36:03 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid
2021-10-22 15:36:03 SUCCESS
EnsureRequestedScopeIsEqualToConfiguredScope
Requested scopes match configured scopes
scope
openid
2021-10-22 15:36:03 SUCCESS
EnsureResponseTypeIsCode
Response type is expected value
expected
code
2021-10-22 15:36:03 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
2021-10-22 15:36:03 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
oC1K6yL6rl1It1D38nT06yeOocaDmiF0
2021-10-22 15:36:03 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
y6ERQWF7x0iH6TytuTmkdRgJcP69uiXS8Ur4IguwviA
2021-10-22 15:36:03 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://openid-client.local/cb",
  "state": "QfLbqhC1jcizfYfywsaQJRSRiDcIvJnlrPjc30eVjfM"
}
2021-10-22 15:36:03 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://openid-client.local/cb",
  "state": "QfLbqhC1jcizfYfywsaQJRSRiDcIvJnlrPjc30eVjfM",
  "code": "oC1K6yL6rl1It1D38nT06yeOocaDmiF0"
}
2021-10-22 15:36:03
GenerateJARMResponseClaims
Created JARM response claims
iss
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/
aud
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
code
oC1K6yL6rl1It1D38nT06yeOocaDmiF0
state
QfLbqhC1jcizfYfywsaQJRSRiDcIvJnlrPjc30eVjfM
exp
1634917563
2021-10-22 15:36:03 SUCCESS
SignJARMResponse
Signed the JARM response
jarm_response
eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJjb2RlIjoib0MxSzZ5TDZybDFJdDFEMzhuVDA2eWVPb2NhRG1pRjAiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjhcLyIsInN0YXRlIjoiUWZMYnFoQzFqY2l6ZllmeXdzYVFKUlNSaURjSXZKbmxyUGpjMzBlVmpmTSIsImV4cCI6MTYzNDkxNzU2M30.nxV-Rsq0I3JILsulNmGKTI7azd8eOpB0UlZpeowCHFZEi603RdIhElvS6qM4pDXFNVFf91-FQ1BTJRk7GHV33IH7iwefKxwPW_4AeeEK5l7sLdbVemggKL5OFlOxPYYYtAts4IQvS1APydAQrI0V2S7ykOSb45QvInRoph7gYNFpPBZmm2G6cUsvgTzCvegKvemfmxUxlLCc8LrqPcJGZXtpY97bjTJQtNnc9YQlYgsyR92HHN4rRRtUD8X9O7xguPmlC7gqF7R7zYiN7xmhpm9xCPtewt-uX8ypxMw0BXXI3eltlUz9OzuOTQVypppcGqAAhvs1pZuncTHE7eTZFw
2021-10-22 15:36:03 INFO
EncryptJARMResponse
Skipped evaluation due to missing required element: client authorization_encrypted_response_alg
path
authorization_encrypted_response_alg
mapped
object
client
2021-10-22 15:36:03
SendJARMResponseWitResponseModeQuery
Redirecting back to client
uri
https://openid-client.local/cb?response=eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJjb2RlIjoib0MxSzZ5TDZybDFJdDFEMzhuVDA2eWVPb2NhRG1pRjAiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjhcLyIsInN0YXRlIjoiUWZMYnFoQzFqY2l6ZllmeXdzYVFKUlNSaURjSXZKbmxyUGpjMzBlVmpmTSIsImV4cCI6MTYzNDkxNzU2M30.nxV-Rsq0I3JILsulNmGKTI7azd8eOpB0UlZpeowCHFZEi603RdIhElvS6qM4pDXFNVFf91-FQ1BTJRk7GHV33IH7iwefKxwPW_4AeeEK5l7sLdbVemggKL5OFlOxPYYYtAts4IQvS1APydAQrI0V2S7ykOSb45QvInRoph7gYNFpPBZmm2G6cUsvgTzCvegKvemfmxUxlLCc8LrqPcJGZXtpY97bjTJQtNnc9YQlYgsyR92HHN4rRRtUD8X9O7xguPmlC7gqF7R7zYiN7xmhpm9xCPtewt-uX8ypxMw0BXXI3eltlUz9OzuOTQVypppcGqAAhvs1pZuncTHE7eTZFw
2021-10-22 15:36:03 OUTGOING
fapi1-advanced-final-client-test-invalid-missing-exp
Response to HTTP request to test instance kvF3hCjzgkOCO4y
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://openid-client.local/cb?response=eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJjb2RlIjoib0MxSzZ5TDZybDFJdDFEMzhuVDA2eWVPb2NhRG1pRjAiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjhcLyIsInN0YXRlIjoiUWZMYnFoQzFqY2l6ZllmeXdzYVFKUlNSaURjSXZKbmxyUGpjMzBlVmpmTSIsImV4cCI6MTYzNDkxNzU2M30.nxV-Rsq0I3JILsulNmGKTI7azd8eOpB0UlZpeowCHFZEi603RdIhElvS6qM4pDXFNVFf91-FQ1BTJRk7GHV33IH7iwefKxwPW_4AeeEK5l7sLdbVemggKL5OFlOxPYYYtAts4IQvS1APydAQrI0V2S7ykOSb45QvInRoph7gYNFpPBZmm2G6cUsvgTzCvegKvemfmxUxlLCc8LrqPcJGZXtpY97bjTJQtNnc9YQlYgsyR92HHN4rRRtUD8X9O7xguPmlC7gqF7R7zYiN7xmhpm9xCPtewt-uX8ypxMw0BXXI3eltlUz9OzuOTQVypppcGqAAhvs1pZuncTHE7eTZFw]
outgoing_path
authorize
2021-10-22 15:36:04 INCOMING
fapi1-advanced-final-client-test-invalid-missing-exp
Incoming HTTP request to test instance kvF3hCjzgkOCO4y
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:36:04 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:36:04 OUTGOING
fapi1-advanced-final-client-test-invalid-missing-exp
Response to HTTP request to test instance kvF3hCjzgkOCO4y
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "alg": "PS256",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
outgoing_path
jwks
2021-10-22 15:36:05 INCOMING
fapi1-advanced-final-client-test-invalid-missing-exp
Incoming HTTP request to test instance kvF3hCjzgkOCO4y
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA 8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/ UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2 oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl 0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb OIWWqlirZGbuPjILzs0\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "content-length": "175",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "code": "oC1K6yL6rl1It1D38nT06yeOocaDmiF0",
  "redirect_uri": "https://openid-client.local/cb",
  "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&code=oC1K6yL6rl1It1D38nT06yeOocaDmiF0&redirect_uri=https%3A%2F%2Fopenid-client.local%2Fcb&client_id=client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
2021-10-22 15:36:05 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Token endpoint
2021-10-22 15:36:05 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA 8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/ UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2 oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl 0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb OIWWqlirZGbuPjILzs0\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr\nr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH\nTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA\n8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/\nUtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W\nmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei\nRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2\noFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP\nynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J\nwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl\n0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb\nOIWWqlirZGbuPjILzs0\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:36:05 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:36:05 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr
r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH
TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA
8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/
UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W
maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei
Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2
oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP
ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J
wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl
0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb
OIWWqlirZGbuPjILzs0=
-----END CERTIFICATE-----
2021-10-22 15:36:05 SUCCESS
EnsureNoClientAssertionSentToTokenEndpoint
Client did not send a client_assertion to token endpoint
2021-10-22 15:36:05 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
oC1K6yL6rl1It1D38nT06yeOocaDmiF0
2021-10-22 15:36:05 SUCCESS
ValidateRedirectUri
Found redirect uri
redirect_uri
https://openid-client.local/cb
2021-10-22 15:36:05 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
nFSUhVcLcbTGdN8tSjwsCzoetVufo0XUurhgcGDeFyMDhOYRTh
2021-10-22 15:36:05 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
flejbwzjVckENI7q9rx1jg
2021-10-22 15:36:05
CreateRefreshToken
Created refresh token
refresh_token
wqFdhMROzNvWHlWgIDjKrODYAbYliVXGSbueSAgekzZkzpMdVP0152944097`&(+-
2021-10-22 15:36:05 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/
sub
user-subject-1234531
aud
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
nonce
y6ERQWF7x0iH6TytuTmkdRgJcP69uiXS8Ur4IguwviA
iat
1634916965
exp
1634917265
2021-10-22 15:36:05 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
flejbwzjVckENI7q9rx1jg
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "sub": "user-subject-1234531",
  "aud": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "nonce": "y6ERQWF7x0iH6TytuTmkdRgJcP69uiXS8Ur4IguwviA",
  "iat": 1634916965,
  "exp": 1634917265,
  "at_hash": "flejbwzjVckENI7q9rx1jg"
}
2021-10-22 15:36:05 SUCCESS
RemoveExpFromIdToken
Removed exp value from ID token claims
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "sub": "user-subject-1234531",
  "aud": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "nonce": "y6ERQWF7x0iH6TytuTmkdRgJcP69uiXS8Ur4IguwviA",
  "iat": 1634916965,
  "at_hash": "flejbwzjVckENI7q9rx1jg"
}
2021-10-22 15:36:05 SUCCESS
AddACRClaimToIdTokenClaims
Added acr value to id_token_claims
acr_value
urn:openbanking:psd2:sca
claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "sub": "user-subject-1234531",
  "aud": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "nonce": "y6ERQWF7x0iH6TytuTmkdRgJcP69uiXS8Ur4IguwviA",
  "iat": 1634916965,
  "at_hash": "flejbwzjVckENI7q9rx1jg",
  "acr": "urn:openbanking:psd2:sca"
}
2021-10-22 15:36:05 SUCCESS
SignIdToken
Signed the ID token
id_token
eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiZmxlamJ3empWY2tFTkk3cTlyeDFqZyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4IiwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4XC8iLCJub25jZSI6Ink2RVJRV0Y3eDBpSDZUeXR1VG1rZFJnSmNQNjl1aVhTOFVyNElndXd2aUEiLCJpYXQiOjE2MzQ5MTY5NjV9.QGCQqKQRiqhHYFd-LVsFcStJOk8c4mgjQDVqCfv958sNZRaKfCVMqwoGi-JmFF1T8KYY69QJY_v-8P4_-_c1mhqWE0ZV2gbZrhKVi_M0SyY0rvL5nVzM93wBOWeADSxcv0eQdTER5-aCxeFd8kE5CkUjCGTFqdZ-PfBVWOKQ62KqsQYcoDv864EFK2Wk1xOyLvxyKbBFZSFZOHJblFylhdX3vnaYv_QSw9oRQnYYGMI7BOAeRJI39XSHwwMuqvrXcFdZCZ8blVBRiEXU1B5q8TtxnOuXq3aVp9npfZhuGDfrnKdGlDWPVCNnURY2qJAv3VrV4zzdA-6et_3OuCZHtg
2021-10-22 15:36:05 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
nFSUhVcLcbTGdN8tSjwsCzoetVufo0XUurhgcGDeFyMDhOYRTh
token_type
Bearer
id_token
eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiZmxlamJ3empWY2tFTkk3cTlyeDFqZyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4IiwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4XC8iLCJub25jZSI6Ink2RVJRV0Y3eDBpSDZUeXR1VG1rZFJnSmNQNjl1aVhTOFVyNElndXd2aUEiLCJpYXQiOjE2MzQ5MTY5NjV9.QGCQqKQRiqhHYFd-LVsFcStJOk8c4mgjQDVqCfv958sNZRaKfCVMqwoGi-JmFF1T8KYY69QJY_v-8P4_-_c1mhqWE0ZV2gbZrhKVi_M0SyY0rvL5nVzM93wBOWeADSxcv0eQdTER5-aCxeFd8kE5CkUjCGTFqdZ-PfBVWOKQ62KqsQYcoDv864EFK2Wk1xOyLvxyKbBFZSFZOHJblFylhdX3vnaYv_QSw9oRQnYYGMI7BOAeRJI39XSHwwMuqvrXcFdZCZ8blVBRiEXU1B5q8TtxnOuXq3aVp9npfZhuGDfrnKdGlDWPVCNnURY2qJAv3VrV4zzdA-6et_3OuCZHtg
refresh_token
wqFdhMROzNvWHlWgIDjKrODYAbYliVXGSbueSAgekzZkzpMdVP0152944097`&(+-
scope
openid
2021-10-22 15:36:05 OUTGOING
fapi1-advanced-final-client-test-invalid-missing-exp
Response to HTTP request to test instance kvF3hCjzgkOCO4y
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "nFSUhVcLcbTGdN8tSjwsCzoetVufo0XUurhgcGDeFyMDhOYRTh",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiZmxlamJ3empWY2tFTkk3cTlyeDFqZyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4IiwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4XC8iLCJub25jZSI6Ink2RVJRV0Y3eDBpSDZUeXR1VG1rZFJnSmNQNjl1aVhTOFVyNElndXd2aUEiLCJpYXQiOjE2MzQ5MTY5NjV9.QGCQqKQRiqhHYFd-LVsFcStJOk8c4mgjQDVqCfv958sNZRaKfCVMqwoGi-JmFF1T8KYY69QJY_v-8P4_-_c1mhqWE0ZV2gbZrhKVi_M0SyY0rvL5nVzM93wBOWeADSxcv0eQdTER5-aCxeFd8kE5CkUjCGTFqdZ-PfBVWOKQ62KqsQYcoDv864EFK2Wk1xOyLvxyKbBFZSFZOHJblFylhdX3vnaYv_QSw9oRQnYYGMI7BOAeRJI39XSHwwMuqvrXcFdZCZ8blVBRiEXU1B5q8TtxnOuXq3aVp9npfZhuGDfrnKdGlDWPVCNnURY2qJAv3VrV4zzdA-6et_3OuCZHtg",
  "refresh_token": "wqFdhMROzNvWHlWgIDjKrODYAbYliVXGSbueSAgekzZkzpMdVP0152944097`\u0026(+-",
  "scope": "openid"
}
outgoing_path
token
2021-10-22 15:36:10 FINISHED
fapi1-advanced-final-client-test-invalid-missing-exp
Test has run to completion
testmodule_result
PASSED
2021-10-22 15:36:10
TEST-RUNNER
Alias has now been claimed by another test
alias
openid-client-cSQQHKovF-Xm8TUu_rav8
new_test_id
KoSsvrBHyUXflYr
Test Results