Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-10-22 15:36:42 INFO
TEST-RUNNER
Test instance qp0rZBFLfFN1D6J created
baseUrl
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8
variant
{
  "client_auth_type": "mtls",
  "fapi_auth_request_method": "by_value",
  "fapi_jarm_type": "oidc",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "jarm"
}
alias
openid-client-cSQQHKovF-Xm8TUu_rav8
description
openid-client v5.x FAPI1 Adv. MTLS, JARM (OIDC) RP
planId
YciZ5rRwyyBOk
config
{
  "alias": "openid-client-cSQQHKovF-Xm8TUu_rav8",
  "description": "openid-client v5.x FAPI1 Adv. MTLS, JARM (OIDC) RP",
  "server": {
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q",
          "d": "vtNHDK5wW5BcCXdxNN2A3Y4cppIh20yxbrfQcbkIJ4K1qOJzsIy45pAXF93f-iPAh6vF6KUk_au-1Xmfa15NKADYXjdgkZqHmfynet18z6nZz8f61wmwWpTccdvudsKtI20BtUsEqtHwGMf1G0rjjCWu1m5WmX3d1c5aTXChUTFd7u_nba7RFTnf8aHV-UR7NlpHwP0IPWqxY-KVjp-snnsiiwNXtOgywGa1feBTsQgyN_TWqFwkMY8EhBI4g-kdgeDGztROcMSeMOrKJIX8vKDDUZnb3irsie4cyPcZ3sVMtU8qQybnLjNAa-FIG2bOWcp-njUnTqbwJjDrsrtirQ",
          "p": "-i6LhNXZSoUxExTQXjpfaJjFY9fTR-Fiv1Mkk0i8E2vZU0G42PDhtwU1_tZ52x_ynK8pyjKOdfVAzpaBiEcqcBLK_HsEivjP98UStXiT32W9I_DZ32PYWgFtwyPiT_eslAb1o4RQrHIRxoE0O-vsg9xuiANbd_HKWtiMpvxqQ18",
          "q": "62GIHoKf2EovEN8DcTpQAe2dYHl7A8clKSWCsT5pYCza_T_goDjm4h77c3SBW8CUNmB6X06G8O9bSgzTNvKlRv61U1IInSD2_Whh5fbMB9tk13xFLa1XL4vt-aMH87rl2OtP_NiXxOnGzD1c6EZ6Qu0zjVGdQNfYA1OhFA06tLc",
          "dp": "wtZC48WjfuyxplmcWPX-3be0aihoK9-0hqoanvWTO1DPpI5XheQ69M0DGx8vMV71E986nXS4C9dfjEQcRuSdgUCxguXPSOezFxQMmPV5vA5Aud_V3aqlkJryP3oPwxVw-qtc2-as6U_A1iZDZrM6tAqUripnLsdIP23MRDPqEeM",
          "dq": "a_Z0ZOotPxvnsqlX_ttsTzYZ9WJDFlyFovXdmEa0NrTcTUS7V0JCRH1JgI9ztg4C7V4bQxPVuTVQfgqb5pwtSv8RVIJQCSJRp7H1FXG56_CptFz_rg_P6bMZGGO7BgQ34OMt8R-3nU5NLOkIcFHDSmdaOfuxUUivf_cf7v6Sask",
          "qi": "M1Z4QOS1MmdK1XFheLJCaaNvMfM7tqUWv9Hvg7eO4xfW_9fGq0oiUvj93Fo7qk-yo1gaJrP2650EhtUXA7BLPn3WN8Wt_duOZr7AS7SasRSLQ9t-p-BlskaqPQ9YWdKkCXLUlvPl27A8neo6uumMRc_TEKMGp30OwP8lD3hiRzU",
          "kty": "RSA",
          "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    }
  },
  "waitTimeoutSeconds": 2,
  "client": {
    "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "scope": "openid",
    "redirect_uri": "https://openid-client.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
          "kty": "RSA",
          "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
          ],
          "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
          "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr\r\nr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH\r\nTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA\r\n8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/\r\nUtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W\r\nmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei\r\nRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2\r\noFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP\r\nynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J\r\nwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl\r\n0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb\r\nOIWWqlirZGbuPjILzs0\u003d\r\n-----END CERTIFICATE-----\r\n"
  },
  "client2": {
    "client_id": "client2-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "scope": "openid",
    "redirect_uri": "https://openid-client2.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
          "kty": "RSA",
          "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
          "use": "sig",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
          ],
          "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
          "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
        },
        {
          "e": "AQAB",
          "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
          "kty": "RSA",
          "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
          "alg": "RSA-OAEP-256",
          "use": "enc"
        }
      ]
    },
    "id_token_encrypted_response_alg": "RSA-OAEP-256",
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiA\r\nEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tD\r\nANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk\r\n8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzV\r\nYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSS\r\nYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8Q\r\nmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQ\r\njFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VB\r\nNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682E\r\nl7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW\r\n5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR\r\n1RK/9JRIWBgAWEp58Kg\u003d\r\n-----END CERTIFICATE-----\r\n"
  }
}
testName
fapi1-advanced-final-client-test-valid-aud-as-array
2021-10-22 15:36:42 SUCCESS
GenerateServerConfigurationMTLS
Created server configuration
server
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-cSQQHKovF-Xm8TUu_rav8/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/userinfo"
}
issuer
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/
discoveryUrl
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/.well-known/openid-configuration
2021-10-22 15:36:42 SUCCESS
LoadServerJWKs
Parsed public and private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "-i6LhNXZSoUxExTQXjpfaJjFY9fTR-Fiv1Mkk0i8E2vZU0G42PDhtwU1_tZ52x_ynK8pyjKOdfVAzpaBiEcqcBLK_HsEivjP98UStXiT32W9I_DZ32PYWgFtwyPiT_eslAb1o4RQrHIRxoE0O-vsg9xuiANbd_HKWtiMpvxqQ18",
      "kty": "RSA",
      "q": "62GIHoKf2EovEN8DcTpQAe2dYHl7A8clKSWCsT5pYCza_T_goDjm4h77c3SBW8CUNmB6X06G8O9bSgzTNvKlRv61U1IInSD2_Whh5fbMB9tk13xFLa1XL4vt-aMH87rl2OtP_NiXxOnGzD1c6EZ6Qu0zjVGdQNfYA1OhFA06tLc",
      "d": "vtNHDK5wW5BcCXdxNN2A3Y4cppIh20yxbrfQcbkIJ4K1qOJzsIy45pAXF93f-iPAh6vF6KUk_au-1Xmfa15NKADYXjdgkZqHmfynet18z6nZz8f61wmwWpTccdvudsKtI20BtUsEqtHwGMf1G0rjjCWu1m5WmX3d1c5aTXChUTFd7u_nba7RFTnf8aHV-UR7NlpHwP0IPWqxY-KVjp-snnsiiwNXtOgywGa1feBTsQgyN_TWqFwkMY8EhBI4g-kdgeDGztROcMSeMOrKJIX8vKDDUZnb3irsie4cyPcZ3sVMtU8qQybnLjNAa-FIG2bOWcp-njUnTqbwJjDrsrtirQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "qi": "M1Z4QOS1MmdK1XFheLJCaaNvMfM7tqUWv9Hvg7eO4xfW_9fGq0oiUvj93Fo7qk-yo1gaJrP2650EhtUXA7BLPn3WN8Wt_duOZr7AS7SasRSLQ9t-p-BlskaqPQ9YWdKkCXLUlvPl27A8neo6uumMRc_TEKMGp30OwP8lD3hiRzU",
      "dp": "wtZC48WjfuyxplmcWPX-3be0aihoK9-0hqoanvWTO1DPpI5XheQ69M0DGx8vMV71E986nXS4C9dfjEQcRuSdgUCxguXPSOezFxQMmPV5vA5Aud_V3aqlkJryP3oPwxVw-qtc2-as6U_A1iZDZrM6tAqUripnLsdIP23MRDPqEeM",
      "alg": "PS256",
      "dq": "a_Z0ZOotPxvnsqlX_ttsTzYZ9WJDFlyFovXdmEa0NrTcTUS7V0JCRH1JgI9ztg4C7V4bQxPVuTVQfgqb5pwtSv8RVIJQCSJRp7H1FXG56_CptFz_rg_P6bMZGGO7BgQ34OMt8R-3nU5NLOkIcFHDSmdaOfuxUUivf_cf7v6Sask",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
server_encryption_keys
{}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "alg": "PS256",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
2021-10-22 15:36:42 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:36:42 SUCCESS
ExtractServerSigningAlg
Successfully extracted algorithm
signing_algorithm
PS256
2021-10-22 15:36:42 SUCCESS
AddTLSClientAuthToServerConfiguration
Added tls_client_auth for token_endpoint_auth_methods_supported
2021-10-22 15:36:42 SUCCESS
AddResponseTypeCodeToServerConfiguration
Added code as response type supported
response_types_supported
[
  "code"
]
2021-10-22 15:36:42 SUCCESS
AddJARMResponseModeToServerConfiguration
Added jwt as response_modes_supported
response_modes_supported
[
  "jwt"
]
2021-10-22 15:36:42 SUCCESS
AddAuthorizationSigningAlgValuesSupportedToServerConfiguration
Added authorization_signing_alg_values_supported to server configuration
alg_values
[
  "PS256"
]
2021-10-22 15:36:42 SUCCESS
FAPIAddTokenEndpointAuthSigningAlgValuesSupportedToServer
Set token_endpoint_auth_signing_alg_values_supported
values
[
  "PS256",
  "ES256"
]
2021-10-22 15:36:42 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-10-22 15:36:42 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "p": "-i6LhNXZSoUxExTQXjpfaJjFY9fTR-Fiv1Mkk0i8E2vZU0G42PDhtwU1_tZ52x_ynK8pyjKOdfVAzpaBiEcqcBLK_HsEivjP98UStXiT32W9I_DZ32PYWgFtwyPiT_eslAb1o4RQrHIRxoE0O-vsg9xuiANbd_HKWtiMpvxqQ18",
      "kty": "RSA",
      "q": "62GIHoKf2EovEN8DcTpQAe2dYHl7A8clKSWCsT5pYCza_T_goDjm4h77c3SBW8CUNmB6X06G8O9bSgzTNvKlRv61U1IInSD2_Whh5fbMB9tk13xFLa1XL4vt-aMH87rl2OtP_NiXxOnGzD1c6EZ6Qu0zjVGdQNfYA1OhFA06tLc",
      "d": "vtNHDK5wW5BcCXdxNN2A3Y4cppIh20yxbrfQcbkIJ4K1qOJzsIy45pAXF93f-iPAh6vF6KUk_au-1Xmfa15NKADYXjdgkZqHmfynet18z6nZz8f61wmwWpTccdvudsKtI20BtUsEqtHwGMf1G0rjjCWu1m5WmX3d1c5aTXChUTFd7u_nba7RFTnf8aHV-UR7NlpHwP0IPWqxY-KVjp-snnsiiwNXtOgywGa1feBTsQgyN_TWqFwkMY8EhBI4g-kdgeDGztROcMSeMOrKJIX8vKDDUZnb3irsie4cyPcZ3sVMtU8qQybnLjNAa-FIG2bOWcp-njUnTqbwJjDrsrtirQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "qi": "M1Z4QOS1MmdK1XFheLJCaaNvMfM7tqUWv9Hvg7eO4xfW_9fGq0oiUvj93Fo7qk-yo1gaJrP2650EhtUXA7BLPn3WN8Wt_duOZr7AS7SasRSLQ9t-p-BlskaqPQ9YWdKkCXLUlvPl27A8neo6uumMRc_TEKMGp30OwP8lD3hiRzU",
      "dp": "wtZC48WjfuyxplmcWPX-3be0aihoK9-0hqoanvWTO1DPpI5XheQ69M0DGx8vMV71E986nXS4C9dfjEQcRuSdgUCxguXPSOezFxQMmPV5vA5Aud_V3aqlkJryP3oPwxVw-qtc2-as6U_A1iZDZrM6tAqUripnLsdIP23MRDPqEeM",
      "alg": "PS256",
      "dq": "a_Z0ZOotPxvnsqlX_ttsTzYZ9WJDFlyFovXdmEa0NrTcTUS7V0JCRH1JgI9ztg4C7V4bQxPVuTVQfgqb5pwtSv8RVIJQCSJRp7H1FXG56_CptFz_rg_P6bMZGGO7BgQ34OMt8R-3nU5NLOkIcFHDSmdaOfuxUUivf_cf7v6Sask",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
2021-10-22 15:36:42 SUCCESS
LoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "email": "user@example.com",
  "email_verified": false
}
Verify configuration of first client
2021-10-22 15:36:42 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
scope
openid
redirect_uri
https://openid-client.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
      "kty": "RSA",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr
r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH
TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA
8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/
UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W
maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei
Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2
oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP
ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J
wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl
0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb
OIWWqlirZGbuPjILzs0=
-----END CERTIFICATE-----
2021-10-22 15:36:42 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:36:42 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
      "kty": "RSA",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM",
      "e": "AQAB",
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw"
    }
  ]
}
2021-10-22 15:36:42 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:36:42 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:36:42 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
      "kty": "RSA",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
    }
  ]
}
Verify configuration of second client
2021-10-22 15:36:42 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
client2-id-openid-client-cSQQHKovF-Xm8TUu_rav8
scope
openid
redirect_uri
https://openid-client2.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
      "kty": "RSA",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
    },
    {
      "e": "AQAB",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
      "kty": "RSA",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
id_token_encrypted_response_alg
RSA-OAEP-256
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiA
Ef+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tD
ANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk
8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzV
Yo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSS
YOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8Q
mauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQ
jFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VB
NhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682E
l7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW
5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR
1RK/9JRIWBgAWEp58Kg=
-----END CERTIFICATE-----
2021-10-22 15:36:42 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:36:42 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
      "kty": "RSA",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
    },
    {
      "e": "AQAB",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
      "kty": "RSA",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q",
      "e": "AQAB",
      "use": "sig",
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ"
    }
  ]
}
2021-10-22 15:36:42 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:36:42 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:36:42 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
      "kty": "RSA",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
    },
    {
      "e": "AQAB",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
      "kty": "RSA",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
2021-10-22 15:36:42
fapi1-advanced-final-client-test-valid-aud-as-array
Setup Done
2021-10-22 15:36:42 INCOMING
fapi1-advanced-final-client-test-valid-aud-as-array
Incoming HTTP request to test instance qp0rZBFLfFN1D6J
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:36:42 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:36:43 OUTGOING
fapi1-advanced-final-client-test-valid-aud-as-array
Response to HTTP request to test instance qp0rZBFLfFN1D6J
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-cSQQHKovF-Xm8TUu_rav8/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/userinfo",
  "token_endpoint_auth_methods_supported": [
    "tls_client_auth"
  ],
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "jwt"
  ],
  "authorization_signing_alg_values_supported": [
    "PS256"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256",
    "ES256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-10-22 15:36:43 INCOMING
fapi1-advanced-final-client-test-valid-aud-as-array
Incoming HTTP request to test instance qp0rZBFLfFN1D6J
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "got (https://github.com/sindresorhus/got)",
  "accept-encoding": "gzip, deflate, br",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "scope": "openid",
  "response_type": "code",
  "redirect_uri": "https://openid-client.local/cb",
  "state": "nQPoEWYSczHAzRq_C5hYqxkGjJgk34fb5rq0PzetCWs",
  "nonce": "5-n7qbAEyHEl0UlhLI7_sJ-AkhJL0DZIjsfW5OE7z-c",
  "request": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJuUVBvRVdZU2N6SEF6UnFfQzVoWXF4a0dqSmdrMzRmYjVycTBQemV0Q1dzIiwibm9uY2UiOiI1LW43cWJBRXlIRWwwVWxoTEk3X3NKLUFraEpMMERaSWpzZlc1T0U3ei1jIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjZrb0hXSXljemJycEZsQU12b240VjJ5LXJLa19WNzN1dGpoNmlsMjFvZkUiLCJpYXQiOjE2MzQ5MTcwMDMsImV4cCI6MTYzNDkxNzMwMywibmJmIjoxNjM0OTE3MDAzfQ.IXl9Pc2vs-aOEGe9OTXgC-P1GrxeO00Df9zRN0g623st47nIzmIyR_HaYyrYIejHf8mCUqxlFC9A7Wrp153rsp8-hykBA97JFlJnKFKGuH7wjCH9hu3CcFrVRwVd_1rW4GrMeIGhAzP-lojz1oYcFCeBtLUf9CuggEbk6uuH_FCAQGFVnesjFwbQUi2Qbvy0lDzJF_p4sQqwARdoUZm1hynYAVjEIEWM_uQb74NTz6yPuLtpIlVkKk8NnK9FSV_LGsyzIKi4OSpfmsAuuyckt12elF7INUbiAYXpDNYWLVZCH_2zlwYLvpl-WEM4oRqZTGvf970ye32X2v6cSakBmQ"
}
incoming_body
2021-10-22 15:36:43 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Authorization endpoint
2021-10-22 15:36:43 SUCCESS
ExtractRequestObject
Parsed request object
request_object
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJuUVBvRVdZU2N6SEF6UnFfQzVoWXF4a0dqSmdrMzRmYjVycTBQemV0Q1dzIiwibm9uY2UiOiI1LW43cWJBRXlIRWwwVWxoTEk3X3NKLUFraEpMMERaSWpzZlc1T0U3ei1jIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjZrb0hXSXljemJycEZsQU12b240VjJ5LXJLa19WNzN1dGpoNmlsMjFvZkUiLCJpYXQiOjE2MzQ5MTcwMDMsImV4cCI6MTYzNDkxNzMwMywibmJmIjoxNjM0OTE3MDAzfQ.IXl9Pc2vs-aOEGe9OTXgC-P1GrxeO00Df9zRN0g623st47nIzmIyR_HaYyrYIejHf8mCUqxlFC9A7Wrp153rsp8-hykBA97JFlJnKFKGuH7wjCH9hu3CcFrVRwVd_1rW4GrMeIGhAzP-lojz1oYcFCeBtLUf9CuggEbk6uuH_FCAQGFVnesjFwbQUi2Qbvy0lDzJF_p4sQqwARdoUZm1hynYAVjEIEWM_uQb74NTz6yPuLtpIlVkKk8NnK9FSV_LGsyzIKi4OSpfmsAuuyckt12elF7INUbiAYXpDNYWLVZCH_2zlwYLvpl-WEM4oRqZTGvf970ye32X2v6cSakBmQ",
  "header": {
    "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
    "typ": "oauth-authz-req+jwt",
    "alg": "PS256"
  },
  "claims": {
    "iss": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "response_type": "code",
    "nonce": "5-n7qbAEyHEl0UlhLI7_sJ-AkhJL0DZIjsfW5OE7z-c",
    "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "aud": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
    "nbf": 1634917003,
    "scope": "openid",
    "claims": {
      "id_token": {
        "acr": {
          "values": [
            "urn:openbanking:psd2:sca",
            "urn:openbanking:psd2:ca"
          ],
          "essential": true
        }
      }
    },
    "redirect_uri": "https://openid-client.local/cb",
    "state": "nQPoEWYSczHAzRq_C5hYqxkGjJgk34fb5rq0PzetCWs",
    "exp": 1634917303,
    "iat": 1634917003,
    "jti": "6koHWIyczbrpFlAMvon4V2y-rKk_V73utjh6il21ofE"
  }
}
2021-10-22 15:36:43 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:36:43 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "scope": "openid",
  "response_type": "code",
  "redirect_uri": "https://openid-client.local/cb",
  "state": "nQPoEWYSczHAzRq_C5hYqxkGjJgk34fb5rq0PzetCWs",
  "nonce": "5-n7qbAEyHEl0UlhLI7_sJ-AkhJL0DZIjsfW5OE7z-c",
  "request": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJuUVBvRVdZU2N6SEF6UnFfQzVoWXF4a0dqSmdrMzRmYjVycTBQemV0Q1dzIiwibm9uY2UiOiI1LW43cWJBRXlIRWwwVWxoTEk3X3NKLUFraEpMMERaSWpzZlc1T0U3ei1jIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjZrb0hXSXljemJycEZsQU12b240VjJ5LXJLa19WNzN1dGpoNmlsMjFvZkUiLCJpYXQiOjE2MzQ5MTcwMDMsImV4cCI6MTYzNDkxNzMwMywibmJmIjoxNjM0OTE3MDAzfQ.IXl9Pc2vs-aOEGe9OTXgC-P1GrxeO00Df9zRN0g623st47nIzmIyR_HaYyrYIejHf8mCUqxlFC9A7Wrp153rsp8-hykBA97JFlJnKFKGuH7wjCH9hu3CcFrVRwVd_1rW4GrMeIGhAzP-lojz1oYcFCeBtLUf9CuggEbk6uuH_FCAQGFVnesjFwbQUi2Qbvy0lDzJF_p4sQqwARdoUZm1hynYAVjEIEWM_uQb74NTz6yPuLtpIlVkKk8NnK9FSV_LGsyzIKi4OSpfmsAuuyckt12elF7INUbiAYXpDNYWLVZCH_2zlwYLvpl-WEM4oRqZTGvf970ye32X2v6cSakBmQ",
  "iss": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "aud": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "nbf": 1634917003,
  "claims": {
    "id_token": {
      "acr": {
        "values": [
          "urn:openbanking:psd2:sca",
          "urn:openbanking:psd2:ca"
        ],
        "essential": true
      }
    }
  },
  "exp": 1634917303,
  "iat": 1634917003,
  "jti": "6koHWIyczbrpFlAMvon4V2y-rKk_V73utjh6il21ofE"
}
2021-10-22 15:36:43 SUCCESS
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
alg
PS256
2021-10-22 15:36:43 SUCCESS
FAPIValidateRequestObjectIdTokenACRClaims
Acr value in request object is as expected
received
[
  "urn:openbanking:psd2:sca",
  "urn:openbanking:psd2:ca"
]
2021-10-22 15:36:43 SUCCESS
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
exp
"Oct 22, 2021, 3:41:43 PM"
2021-10-22 15:36:43 SUCCESS
FAPI1AdvancedValidateRequestObjectNBFClaim
nbf claim is valid
nbf
"Oct 22, 2021, 3:36:43 PM"
now
"Oct 22, 2021, 3:36:43 PM"
2021-10-22 15:36:43
ValidateRequestObjectClaims
Request object does not contain a max_age claim
2021-10-22 15:36:43 SUCCESS
ValidateRequestObjectClaims
Request object claims passed all validation checks
2021-10-22 15:36:43 SUCCESS
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
numeric_claims
[
  "max_age"
]
2021-10-22 15:36:43 SUCCESS
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
2021-10-22 15:36:43 SUCCESS
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
2021-10-22 15:36:43 SUCCESS
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
request_object
eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJuUVBvRVdZU2N6SEF6UnFfQzVoWXF4a0dqSmdrMzRmYjVycTBQemV0Q1dzIiwibm9uY2UiOiI1LW43cWJBRXlIRWwwVWxoTEk3X3NKLUFraEpMMERaSWpzZlc1T0U3ei1jIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjZrb0hXSXljemJycEZsQU12b240VjJ5LXJLa19WNzN1dGpoNmlsMjFvZkUiLCJpYXQiOjE2MzQ5MTcwMDMsImV4cCI6MTYzNDkxNzMwMywibmJmIjoxNjM0OTE3MDAzfQ.IXl9Pc2vs-aOEGe9OTXgC-P1GrxeO00Df9zRN0g623st47nIzmIyR_HaYyrYIejHf8mCUqxlFC9A7Wrp153rsp8-hykBA97JFlJnKFKGuH7wjCH9hu3CcFrVRwVd_1rW4GrMeIGhAzP-lojz1oYcFCeBtLUf9CuggEbk6uuH_FCAQGFVnesjFwbQUi2Qbvy0lDzJF_p4sQqwARdoUZm1hynYAVjEIEWM_uQb74NTz6yPuLtpIlVkKk8NnK9FSV_LGsyzIKi4OSpfmsAuuyckt12elF7INUbiAYXpDNYWLVZCH_2zlwYLvpl-WEM4oRqZTGvf970ye32X2v6cSakBmQ
request_object_signing_alg
PS256
jwk
Sun RSA public key, 2048 bits
  params: null
  modulus: 21526078141622829638920734706176806063201605661748740953272229190573245296207696896267678461499514362908771322040304050582067254902304538163087604811006505859500779410677360192222530528275473738024274812115025597428556107469388359750269933345202129604108692124054496657305568139218084668389876759601602006282195324081187925465763428150948585058861340830321641205281497108075697341036243658611675764314866577166407048998585883400028061025604810659257717080923530506023267608746056216697300265389559082041634632398174072069924999484327675952853740160214533825753601915118306041142950353876139425800114092008528476820659
  public exponent: 65537
2021-10-22 15:36:43 SUCCESS
EnsureMatchingRedirectUriInRequestObject
Redirect URI matched
actual
https://openid-client.local/cb
2021-10-22 15:36:43 SUCCESS
EnsureRequiredAuthorizationRequestParametersMatchRequestObject
Required http request parameters match request object claims
response_type
code
client_id
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
2021-10-22 15:36:43 SUCCESS
EnsureOptionalAuthorizationRequestParametersMatchRequestObject
All http request parameters and request object claims match
2021-10-22 15:36:43 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid
2021-10-22 15:36:43 SUCCESS
EnsureRequestedScopeIsEqualToConfiguredScope
Requested scopes match configured scopes
scope
openid
2021-10-22 15:36:43 SUCCESS
EnsureResponseTypeIsCode
Response type is expected value
expected
code
2021-10-22 15:36:43 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
2021-10-22 15:36:43 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
3NxmUgw6ssMQ7D9G1iqX68ihLk9xiriz
2021-10-22 15:36:43 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
5-n7qbAEyHEl0UlhLI7_sJ-AkhJL0DZIjsfW5OE7z-c
2021-10-22 15:36:43 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://openid-client.local/cb",
  "state": "nQPoEWYSczHAzRq_C5hYqxkGjJgk34fb5rq0PzetCWs"
}
2021-10-22 15:36:43 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://openid-client.local/cb",
  "state": "nQPoEWYSczHAzRq_C5hYqxkGjJgk34fb5rq0PzetCWs",
  "code": "3NxmUgw6ssMQ7D9G1iqX68ihLk9xiriz"
}
2021-10-22 15:36:43
GenerateJARMResponseClaims
Created JARM response claims
iss
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/
aud
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
code
3NxmUgw6ssMQ7D9G1iqX68ihLk9xiriz
state
nQPoEWYSczHAzRq_C5hYqxkGjJgk34fb5rq0PzetCWs
exp
1634917603
2021-10-22 15:36:43 SUCCESS
SignJARMResponse
Signed the JARM response
jarm_response
eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJjb2RlIjoiM054bVVndzZzc01RN0Q5RzFpcVg2OGloTGs5eGlyaXoiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjhcLyIsInN0YXRlIjoiblFQb0VXWVNjekhBelJxX0M1aFlxeGtHakpnazM0ZmI1cnEwUHpldENXcyIsImV4cCI6MTYzNDkxNzYwM30.mbLLw7p7F8fynv29BkJ-jhyIN_JZbEphMf3kCL7Q1bqm1vNYVHWwSU3I-LrygTsMaZKzfJAFWcuNywzIwx6ZMEKQCGPnzxcUp7xW2ViHjFBjXG3qwZKFgHFXrG6_KAAf0awtReBgEjdz_TnaFTILobiy6mj3Hx7LpChYC5cgsiw7yFb8Oono1XgPAlq-J5npu7cTmCHhOw3jDSOcqlwueMOz2fs7v02k9SWBP6x-wJZfZBTrD8jtOcoVS-rgHe9eN7mP-OfV3G08qeOInta8SkS5q7We1CAJPs7_OcvB_8IsAIcRT1j_ucPxTJPzcP2H1KQNmeFOquXUxS33JDRGOg
2021-10-22 15:36:43 INFO
EncryptJARMResponse
Skipped evaluation due to missing required element: client authorization_encrypted_response_alg
path
authorization_encrypted_response_alg
mapped
object
client
2021-10-22 15:36:43
SendJARMResponseWitResponseModeQuery
Redirecting back to client
uri
https://openid-client.local/cb?response=eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJjb2RlIjoiM054bVVndzZzc01RN0Q5RzFpcVg2OGloTGs5eGlyaXoiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjhcLyIsInN0YXRlIjoiblFQb0VXWVNjekhBelJxX0M1aFlxeGtHakpnazM0ZmI1cnEwUHpldENXcyIsImV4cCI6MTYzNDkxNzYwM30.mbLLw7p7F8fynv29BkJ-jhyIN_JZbEphMf3kCL7Q1bqm1vNYVHWwSU3I-LrygTsMaZKzfJAFWcuNywzIwx6ZMEKQCGPnzxcUp7xW2ViHjFBjXG3qwZKFgHFXrG6_KAAf0awtReBgEjdz_TnaFTILobiy6mj3Hx7LpChYC5cgsiw7yFb8Oono1XgPAlq-J5npu7cTmCHhOw3jDSOcqlwueMOz2fs7v02k9SWBP6x-wJZfZBTrD8jtOcoVS-rgHe9eN7mP-OfV3G08qeOInta8SkS5q7We1CAJPs7_OcvB_8IsAIcRT1j_ucPxTJPzcP2H1KQNmeFOquXUxS33JDRGOg
2021-10-22 15:36:43 OUTGOING
fapi1-advanced-final-client-test-valid-aud-as-array
Response to HTTP request to test instance qp0rZBFLfFN1D6J
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://openid-client.local/cb?response=eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJjb2RlIjoiM054bVVndzZzc01RN0Q5RzFpcVg2OGloTGs5eGlyaXoiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjhcLyIsInN0YXRlIjoiblFQb0VXWVNjekhBelJxX0M1aFlxeGtHakpnazM0ZmI1cnEwUHpldENXcyIsImV4cCI6MTYzNDkxNzYwM30.mbLLw7p7F8fynv29BkJ-jhyIN_JZbEphMf3kCL7Q1bqm1vNYVHWwSU3I-LrygTsMaZKzfJAFWcuNywzIwx6ZMEKQCGPnzxcUp7xW2ViHjFBjXG3qwZKFgHFXrG6_KAAf0awtReBgEjdz_TnaFTILobiy6mj3Hx7LpChYC5cgsiw7yFb8Oono1XgPAlq-J5npu7cTmCHhOw3jDSOcqlwueMOz2fs7v02k9SWBP6x-wJZfZBTrD8jtOcoVS-rgHe9eN7mP-OfV3G08qeOInta8SkS5q7We1CAJPs7_OcvB_8IsAIcRT1j_ucPxTJPzcP2H1KQNmeFOquXUxS33JDRGOg]
outgoing_path
authorize
2021-10-22 15:36:43 INCOMING
fapi1-advanced-final-client-test-valid-aud-as-array
Incoming HTTP request to test instance qp0rZBFLfFN1D6J
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:36:43 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:36:43 OUTGOING
fapi1-advanced-final-client-test-valid-aud-as-array
Response to HTTP request to test instance qp0rZBFLfFN1D6J
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "alg": "PS256",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
outgoing_path
jwks
2021-10-22 15:36:44 INCOMING
fapi1-advanced-final-client-test-valid-aud-as-array
Incoming HTTP request to test instance qp0rZBFLfFN1D6J
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA 8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/ UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2 oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl 0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb OIWWqlirZGbuPjILzs0\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "content-length": "175",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "code": "3NxmUgw6ssMQ7D9G1iqX68ihLk9xiriz",
  "redirect_uri": "https://openid-client.local/cb",
  "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&code=3NxmUgw6ssMQ7D9G1iqX68ihLk9xiriz&redirect_uri=https%3A%2F%2Fopenid-client.local%2Fcb&client_id=client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
2021-10-22 15:36:44 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Token endpoint
2021-10-22 15:36:44 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA 8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/ UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2 oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl 0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb OIWWqlirZGbuPjILzs0\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr\nr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH\nTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA\n8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/\nUtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W\nmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei\nRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2\noFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP\nynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J\nwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl\n0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb\nOIWWqlirZGbuPjILzs0\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:36:44 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:36:44 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr
r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH
TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA
8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/
UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W
maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei
Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2
oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP
ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J
wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl
0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb
OIWWqlirZGbuPjILzs0=
-----END CERTIFICATE-----
2021-10-22 15:36:44 SUCCESS
EnsureNoClientAssertionSentToTokenEndpoint
Client did not send a client_assertion to token endpoint
2021-10-22 15:36:44 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
3NxmUgw6ssMQ7D9G1iqX68ihLk9xiriz
2021-10-22 15:36:44 SUCCESS
ValidateRedirectUri
Found redirect uri
redirect_uri
https://openid-client.local/cb
2021-10-22 15:36:44 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
dPbJzTPUCZShvhpkhwEFaxidEkQDAZP4G88lfWiT78XWUJfIe0
2021-10-22 15:36:44 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
V8HPt6Wt4LXHXuMDabn4cw
2021-10-22 15:36:44
CreateRefreshToken
Created refresh token
refresh_token
DoHbHPejLGOGJhlJhgVuuhQrDLiWmtJjdlgmOZCTRkTKmKChWx7271585697-$[{,
2021-10-22 15:36:44 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/
sub
user-subject-1234531
aud
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
nonce
5-n7qbAEyHEl0UlhLI7_sJ-AkhJL0DZIjsfW5OE7z-c
iat
1634917004
exp
1634917304
2021-10-22 15:36:44 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
V8HPt6Wt4LXHXuMDabn4cw
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "sub": "user-subject-1234531",
  "aud": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "nonce": "5-n7qbAEyHEl0UlhLI7_sJ-AkhJL0DZIjsfW5OE7z-c",
  "iat": 1634917004,
  "exp": 1634917304,
  "at_hash": "V8HPt6Wt4LXHXuMDabn4cw"
}
2021-10-22 15:36:44 SUCCESS
AddAudValueAsArrayToIdToken
Added the aud value as an array to ID token claims
aud
[
  "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8"
]
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "sub": "user-subject-1234531",
  "aud": [
    "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8"
  ],
  "nonce": "5-n7qbAEyHEl0UlhLI7_sJ-AkhJL0DZIjsfW5OE7z-c",
  "iat": 1634917004,
  "exp": 1634917304,
  "at_hash": "V8HPt6Wt4LXHXuMDabn4cw"
}
2021-10-22 15:36:44 SUCCESS
AddACRClaimToIdTokenClaims
Added acr value to id_token_claims
acr_value
urn:openbanking:psd2:sca
claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "sub": "user-subject-1234531",
  "aud": [
    "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8"
  ],
  "nonce": "5-n7qbAEyHEl0UlhLI7_sJ-AkhJL0DZIjsfW5OE7z-c",
  "iat": 1634917004,
  "exp": 1634917304,
  "at_hash": "V8HPt6Wt4LXHXuMDabn4cw",
  "acr": "urn:openbanking:psd2:sca"
}
2021-10-22 15:36:44 SUCCESS
SignIdToken
Signed the ID token
id_token
eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiVjhIUHQ2V3Q0TFhIWHVNRGFibjRjdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4IiwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4XC8iLCJleHAiOjE2MzQ5MTczMDQsIm5vbmNlIjoiNS1uN3FiQUV5SEVsMFVsaExJN19zSi1Ba2hKTDBEWklqc2ZXNU9FN3otYyIsImlhdCI6MTYzNDkxNzAwNH0.fgiH40D-0OIy9mIYQMNFFbZhPzy5zpBum6ZUlQMw7Dal2oB5FrTDaZka7bmMfaq-97wnpp7UTqunV4IpL_QL8B6EcJgRM-SzNd22_pwk2rluoNfyOCGA4ZCPHn3femrslMDym6KYm3m51z1e-Be4mcaDNW1WbTnbi0m-stnzKw25kNeLzs7FNZ0wtzXExPpmzGGuypaSB-y98jD9eRNXYzq0D5T6MB3DzXOgtGjfo0x0054jIZdUUHQJJg51RuwJfKsBApAac6a7imbtONoi7RhNqj5sWKXyQoNQlLx7OpHVZxr7gJRa1U5xnnSVMbJVEf9oSBCmUO1UxoRkqwgW1Q
2021-10-22 15:36:44 SUCCESS
SignIdTokenBypassingNimbusChecks
Signed the ID token
id_token
eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjpbImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCJdLCJub25jZSI6IjUtbjdxYkFFeUhFbDBVbGhMSTdfc0otQWtoSkwwRFpJanNmVzVPRTd6LWMiLCJpYXQiOjE2MzQ5MTcwMDQsImV4cCI6MTYzNDkxNzMwNCwiYXRfaGFzaCI6IlY4SFB0Nld0NExYSFh1TURhYm40Y3ciLCJhY3IiOiJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EifQ.EsoOxgN7TOD-nBRHu0EjLh8ZPOirupoXt0RLDcv9bPoRPtqtHAyEHnE4JPtui9pZ4HH3I6OmHDXZeTIUH5kvNtVA-jYe7CA9Fr_YN4_btt9fnimje_fwUnMWnhVbbgG_XjvHCyG2bc7hLmobF866iavatWOlwh6dbWEoDTuYAUetL51sGQdyokt-lMe25_RcBndOE9aMi2yGwu9-ebyf1kuV0n6RinMRjHAHnKN-QxWeo1HTNu8SHyDXx0NtuAQUGBjj-D6YZEA38k210AaxjFGmM9le9udHpMuZPDiYqviWHgeCvNE8gKrtQ5lbtB2_Ofw_AkLueNFKI0bTGIwc6A
2021-10-22 15:36:44 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
dPbJzTPUCZShvhpkhwEFaxidEkQDAZP4G88lfWiT78XWUJfIe0
token_type
Bearer
id_token
eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjpbImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCJdLCJub25jZSI6IjUtbjdxYkFFeUhFbDBVbGhMSTdfc0otQWtoSkwwRFpJanNmVzVPRTd6LWMiLCJpYXQiOjE2MzQ5MTcwMDQsImV4cCI6MTYzNDkxNzMwNCwiYXRfaGFzaCI6IlY4SFB0Nld0NExYSFh1TURhYm40Y3ciLCJhY3IiOiJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EifQ.EsoOxgN7TOD-nBRHu0EjLh8ZPOirupoXt0RLDcv9bPoRPtqtHAyEHnE4JPtui9pZ4HH3I6OmHDXZeTIUH5kvNtVA-jYe7CA9Fr_YN4_btt9fnimje_fwUnMWnhVbbgG_XjvHCyG2bc7hLmobF866iavatWOlwh6dbWEoDTuYAUetL51sGQdyokt-lMe25_RcBndOE9aMi2yGwu9-ebyf1kuV0n6RinMRjHAHnKN-QxWeo1HTNu8SHyDXx0NtuAQUGBjj-D6YZEA38k210AaxjFGmM9le9udHpMuZPDiYqviWHgeCvNE8gKrtQ5lbtB2_Ofw_AkLueNFKI0bTGIwc6A
refresh_token
DoHbHPejLGOGJhlJhgVuuhQrDLiWmtJjdlgmOZCTRkTKmKChWx7271585697-$[{,
scope
openid
2021-10-22 15:36:44 OUTGOING
fapi1-advanced-final-client-test-valid-aud-as-array
Response to HTTP request to test instance qp0rZBFLfFN1D6J
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "dPbJzTPUCZShvhpkhwEFaxidEkQDAZP4G88lfWiT78XWUJfIe0",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJpc3MiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjpbImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCJdLCJub25jZSI6IjUtbjdxYkFFeUhFbDBVbGhMSTdfc0otQWtoSkwwRFpJanNmVzVPRTd6LWMiLCJpYXQiOjE2MzQ5MTcwMDQsImV4cCI6MTYzNDkxNzMwNCwiYXRfaGFzaCI6IlY4SFB0Nld0NExYSFh1TURhYm40Y3ciLCJhY3IiOiJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EifQ.EsoOxgN7TOD-nBRHu0EjLh8ZPOirupoXt0RLDcv9bPoRPtqtHAyEHnE4JPtui9pZ4HH3I6OmHDXZeTIUH5kvNtVA-jYe7CA9Fr_YN4_btt9fnimje_fwUnMWnhVbbgG_XjvHCyG2bc7hLmobF866iavatWOlwh6dbWEoDTuYAUetL51sGQdyokt-lMe25_RcBndOE9aMi2yGwu9-ebyf1kuV0n6RinMRjHAHnKN-QxWeo1HTNu8SHyDXx0NtuAQUGBjj-D6YZEA38k210AaxjFGmM9le9udHpMuZPDiYqviWHgeCvNE8gKrtQ5lbtB2_Ofw_AkLueNFKI0bTGIwc6A",
  "refresh_token": "DoHbHPejLGOGJhlJhgVuuhQrDLiWmtJjdlgmOZCTRkTKmKChWx7271585697-$[{,",
  "scope": "openid"
}
outgoing_path
token
2021-10-22 15:36:45 INCOMING
fapi1-advanced-final-client-test-valid-aud-as-array
Incoming HTTP request to test instance qp0rZBFLfFN1D6J
incoming_headers
{
  "host": "www.certification.openid.net",
  "authorization": "Bearer dPbJzTPUCZShvhpkhwEFaxidEkQDAZP4G88lfWiT78XWUJfIe0",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA 8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/ UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2 oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl 0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb OIWWqlirZGbuPjILzs0\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
open-banking/v1.1/accounts
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:36:45 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Accounts endpoint
2021-10-22 15:36:45 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA 8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/ UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2 oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl 0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb OIWWqlirZGbuPjILzs0\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr\nr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH\nTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA\n8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/\nUtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W\nmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei\nRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2\noFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP\nynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J\nwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl\n0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb\nOIWWqlirZGbuPjILzs0\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:36:45 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:36:45 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr
r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH
TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA
8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/
UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W
maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei
Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2
oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP
ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J
wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl
0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb
OIWWqlirZGbuPjILzs0=
-----END CERTIFICATE-----
2021-10-22 15:36:45 SUCCESS
EnsureBearerAccessTokenNotInParams
Client correctly did not send access token in query parameters or form body
2021-10-22 15:36:45 SUCCESS
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
access_token
dPbJzTPUCZShvhpkhwEFaxidEkQDAZP4G88lfWiT78XWUJfIe0
2021-10-22 15:36:45 SUCCESS
RequireBearerAccessToken
Found access token in request
actual
dPbJzTPUCZShvhpkhwEFaxidEkQDAZP4G88lfWiT78XWUJfIe0
2021-10-22 15:36:45 INFO
ExtractFapiDateHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-auth-date
path
headers.x-fapi-auth-date
mapped
object
incoming_request
2021-10-22 15:36:45 INFO
ExtractFapiIpAddressHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-customer-ip-address
path
headers.x-fapi-customer-ip-address
mapped
object
incoming_request
2021-10-22 15:36:45 INFO
ExtractFapiInteractionIdHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-interaction-id
path
headers.x-fapi-interaction-id
mapped
object
incoming_request
2021-10-22 15:36:45 SUCCESS
CreateFapiInteractionIdIfNeeded
Created new FAPI interaction ID
fapi_interaction_id
f2e66a46-d064-472b-917c-3a1dd229ab60
2021-10-22 15:36:45 SUCCESS
CreateFAPIAccountEndpointResponse
Created account response object
accounts_endpoint_response
{
  "conformance-test-finished": "true"
}
accounts_endpoint_response_headers
{
  "x-fapi-interaction-id": "f2e66a46-d064-472b-917c-3a1dd229ab60",
  "content-type": "application/json; charset\u003dUTF-8"
}
2021-10-22 15:36:45
ClearAccessTokenFromRequest
Condition ran but did not log anything
2021-10-22 15:36:45 OUTGOING
fapi1-advanced-final-client-test-valid-aud-as-array
Response to HTTP request to test instance qp0rZBFLfFN1D6J
outgoing_status_code
200
outgoing_headers
{
  "x-fapi-interaction-id": [
    "f2e66a46-d064-472b-917c-3a1dd229ab60"
  ],
  "content-type": [
    "application/json; charset\u003dUTF-8"
  ]
}
outgoing_body
{
  "conformance-test-finished": "true"
}
outgoing_path
open-banking/v1.1/accounts
2021-10-22 15:36:45 FINISHED
fapi1-advanced-final-client-test-valid-aud-as-array
Test has run to completion
testmodule_result
PASSED
2021-10-22 15:36:45
TEST-RUNNER
Alias has now been claimed by another test
alias
openid-client-cSQQHKovF-Xm8TUu_rav8
new_test_id
aIpMGr8dD1j2VWc
Test Results