Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-10-22 15:36:26 INFO
TEST-RUNNER
Test instance UlHdT8Y6RbjfON4 created
baseUrl
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8
variant
{
  "client_auth_type": "mtls",
  "fapi_auth_request_method": "by_value",
  "fapi_jarm_type": "oidc",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "jarm"
}
alias
openid-client-cSQQHKovF-Xm8TUu_rav8
description
openid-client v5.x FAPI1 Adv. MTLS, JARM (OIDC) RP
planId
YciZ5rRwyyBOk
config
{
  "alias": "openid-client-cSQQHKovF-Xm8TUu_rav8",
  "description": "openid-client v5.x FAPI1 Adv. MTLS, JARM (OIDC) RP",
  "server": {
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q",
          "d": "vtNHDK5wW5BcCXdxNN2A3Y4cppIh20yxbrfQcbkIJ4K1qOJzsIy45pAXF93f-iPAh6vF6KUk_au-1Xmfa15NKADYXjdgkZqHmfynet18z6nZz8f61wmwWpTccdvudsKtI20BtUsEqtHwGMf1G0rjjCWu1m5WmX3d1c5aTXChUTFd7u_nba7RFTnf8aHV-UR7NlpHwP0IPWqxY-KVjp-snnsiiwNXtOgywGa1feBTsQgyN_TWqFwkMY8EhBI4g-kdgeDGztROcMSeMOrKJIX8vKDDUZnb3irsie4cyPcZ3sVMtU8qQybnLjNAa-FIG2bOWcp-njUnTqbwJjDrsrtirQ",
          "p": "-i6LhNXZSoUxExTQXjpfaJjFY9fTR-Fiv1Mkk0i8E2vZU0G42PDhtwU1_tZ52x_ynK8pyjKOdfVAzpaBiEcqcBLK_HsEivjP98UStXiT32W9I_DZ32PYWgFtwyPiT_eslAb1o4RQrHIRxoE0O-vsg9xuiANbd_HKWtiMpvxqQ18",
          "q": "62GIHoKf2EovEN8DcTpQAe2dYHl7A8clKSWCsT5pYCza_T_goDjm4h77c3SBW8CUNmB6X06G8O9bSgzTNvKlRv61U1IInSD2_Whh5fbMB9tk13xFLa1XL4vt-aMH87rl2OtP_NiXxOnGzD1c6EZ6Qu0zjVGdQNfYA1OhFA06tLc",
          "dp": "wtZC48WjfuyxplmcWPX-3be0aihoK9-0hqoanvWTO1DPpI5XheQ69M0DGx8vMV71E986nXS4C9dfjEQcRuSdgUCxguXPSOezFxQMmPV5vA5Aud_V3aqlkJryP3oPwxVw-qtc2-as6U_A1iZDZrM6tAqUripnLsdIP23MRDPqEeM",
          "dq": "a_Z0ZOotPxvnsqlX_ttsTzYZ9WJDFlyFovXdmEa0NrTcTUS7V0JCRH1JgI9ztg4C7V4bQxPVuTVQfgqb5pwtSv8RVIJQCSJRp7H1FXG56_CptFz_rg_P6bMZGGO7BgQ34OMt8R-3nU5NLOkIcFHDSmdaOfuxUUivf_cf7v6Sask",
          "qi": "M1Z4QOS1MmdK1XFheLJCaaNvMfM7tqUWv9Hvg7eO4xfW_9fGq0oiUvj93Fo7qk-yo1gaJrP2650EhtUXA7BLPn3WN8Wt_duOZr7AS7SasRSLQ9t-p-BlskaqPQ9YWdKkCXLUlvPl27A8neo6uumMRc_TEKMGp30OwP8lD3hiRzU",
          "kty": "RSA",
          "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    }
  },
  "waitTimeoutSeconds": 2,
  "client": {
    "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "scope": "openid",
    "redirect_uri": "https://openid-client.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
          "kty": "RSA",
          "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
          ],
          "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
          "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr\r\nr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH\r\nTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA\r\n8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/\r\nUtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W\r\nmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei\r\nRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2\r\noFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP\r\nynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J\r\nwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl\r\n0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb\r\nOIWWqlirZGbuPjILzs0\u003d\r\n-----END CERTIFICATE-----\r\n"
  },
  "client2": {
    "client_id": "client2-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "scope": "openid",
    "redirect_uri": "https://openid-client2.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
          "kty": "RSA",
          "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
          "use": "sig",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
          ],
          "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
          "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
        },
        {
          "e": "AQAB",
          "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
          "kty": "RSA",
          "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
          "alg": "RSA-OAEP-256",
          "use": "enc"
        }
      ]
    },
    "id_token_encrypted_response_alg": "RSA-OAEP-256",
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiA\r\nEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tD\r\nANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk\r\n8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzV\r\nYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSS\r\nYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8Q\r\nmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQ\r\njFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VB\r\nNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682E\r\nl7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW\r\n5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR\r\n1RK/9JRIWBgAWEp58Kg\u003d\r\n-----END CERTIFICATE-----\r\n"
  }
}
testName
fapi1-advanced-final-client-test-invalid-missing-iss
2021-10-22 15:36:26 SUCCESS
GenerateServerConfigurationMTLS
Created server configuration
server
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-cSQQHKovF-Xm8TUu_rav8/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/userinfo"
}
issuer
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/
discoveryUrl
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/.well-known/openid-configuration
2021-10-22 15:36:26 SUCCESS
LoadServerJWKs
Parsed public and private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "-i6LhNXZSoUxExTQXjpfaJjFY9fTR-Fiv1Mkk0i8E2vZU0G42PDhtwU1_tZ52x_ynK8pyjKOdfVAzpaBiEcqcBLK_HsEivjP98UStXiT32W9I_DZ32PYWgFtwyPiT_eslAb1o4RQrHIRxoE0O-vsg9xuiANbd_HKWtiMpvxqQ18",
      "kty": "RSA",
      "q": "62GIHoKf2EovEN8DcTpQAe2dYHl7A8clKSWCsT5pYCza_T_goDjm4h77c3SBW8CUNmB6X06G8O9bSgzTNvKlRv61U1IInSD2_Whh5fbMB9tk13xFLa1XL4vt-aMH87rl2OtP_NiXxOnGzD1c6EZ6Qu0zjVGdQNfYA1OhFA06tLc",
      "d": "vtNHDK5wW5BcCXdxNN2A3Y4cppIh20yxbrfQcbkIJ4K1qOJzsIy45pAXF93f-iPAh6vF6KUk_au-1Xmfa15NKADYXjdgkZqHmfynet18z6nZz8f61wmwWpTccdvudsKtI20BtUsEqtHwGMf1G0rjjCWu1m5WmX3d1c5aTXChUTFd7u_nba7RFTnf8aHV-UR7NlpHwP0IPWqxY-KVjp-snnsiiwNXtOgywGa1feBTsQgyN_TWqFwkMY8EhBI4g-kdgeDGztROcMSeMOrKJIX8vKDDUZnb3irsie4cyPcZ3sVMtU8qQybnLjNAa-FIG2bOWcp-njUnTqbwJjDrsrtirQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "qi": "M1Z4QOS1MmdK1XFheLJCaaNvMfM7tqUWv9Hvg7eO4xfW_9fGq0oiUvj93Fo7qk-yo1gaJrP2650EhtUXA7BLPn3WN8Wt_duOZr7AS7SasRSLQ9t-p-BlskaqPQ9YWdKkCXLUlvPl27A8neo6uumMRc_TEKMGp30OwP8lD3hiRzU",
      "dp": "wtZC48WjfuyxplmcWPX-3be0aihoK9-0hqoanvWTO1DPpI5XheQ69M0DGx8vMV71E986nXS4C9dfjEQcRuSdgUCxguXPSOezFxQMmPV5vA5Aud_V3aqlkJryP3oPwxVw-qtc2-as6U_A1iZDZrM6tAqUripnLsdIP23MRDPqEeM",
      "alg": "PS256",
      "dq": "a_Z0ZOotPxvnsqlX_ttsTzYZ9WJDFlyFovXdmEa0NrTcTUS7V0JCRH1JgI9ztg4C7V4bQxPVuTVQfgqb5pwtSv8RVIJQCSJRp7H1FXG56_CptFz_rg_P6bMZGGO7BgQ34OMt8R-3nU5NLOkIcFHDSmdaOfuxUUivf_cf7v6Sask",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
server_encryption_keys
{}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "alg": "PS256",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
2021-10-22 15:36:26 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:36:26 SUCCESS
ExtractServerSigningAlg
Successfully extracted algorithm
signing_algorithm
PS256
2021-10-22 15:36:26 SUCCESS
AddTLSClientAuthToServerConfiguration
Added tls_client_auth for token_endpoint_auth_methods_supported
2021-10-22 15:36:26 SUCCESS
AddResponseTypeCodeToServerConfiguration
Added code as response type supported
response_types_supported
[
  "code"
]
2021-10-22 15:36:26 SUCCESS
AddJARMResponseModeToServerConfiguration
Added jwt as response_modes_supported
response_modes_supported
[
  "jwt"
]
2021-10-22 15:36:26 SUCCESS
AddAuthorizationSigningAlgValuesSupportedToServerConfiguration
Added authorization_signing_alg_values_supported to server configuration
alg_values
[
  "PS256"
]
2021-10-22 15:36:26 SUCCESS
FAPIAddTokenEndpointAuthSigningAlgValuesSupportedToServer
Set token_endpoint_auth_signing_alg_values_supported
values
[
  "PS256",
  "ES256"
]
2021-10-22 15:36:26 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-10-22 15:36:26 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "p": "-i6LhNXZSoUxExTQXjpfaJjFY9fTR-Fiv1Mkk0i8E2vZU0G42PDhtwU1_tZ52x_ynK8pyjKOdfVAzpaBiEcqcBLK_HsEivjP98UStXiT32W9I_DZ32PYWgFtwyPiT_eslAb1o4RQrHIRxoE0O-vsg9xuiANbd_HKWtiMpvxqQ18",
      "kty": "RSA",
      "q": "62GIHoKf2EovEN8DcTpQAe2dYHl7A8clKSWCsT5pYCza_T_goDjm4h77c3SBW8CUNmB6X06G8O9bSgzTNvKlRv61U1IInSD2_Whh5fbMB9tk13xFLa1XL4vt-aMH87rl2OtP_NiXxOnGzD1c6EZ6Qu0zjVGdQNfYA1OhFA06tLc",
      "d": "vtNHDK5wW5BcCXdxNN2A3Y4cppIh20yxbrfQcbkIJ4K1qOJzsIy45pAXF93f-iPAh6vF6KUk_au-1Xmfa15NKADYXjdgkZqHmfynet18z6nZz8f61wmwWpTccdvudsKtI20BtUsEqtHwGMf1G0rjjCWu1m5WmX3d1c5aTXChUTFd7u_nba7RFTnf8aHV-UR7NlpHwP0IPWqxY-KVjp-snnsiiwNXtOgywGa1feBTsQgyN_TWqFwkMY8EhBI4g-kdgeDGztROcMSeMOrKJIX8vKDDUZnb3irsie4cyPcZ3sVMtU8qQybnLjNAa-FIG2bOWcp-njUnTqbwJjDrsrtirQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "qi": "M1Z4QOS1MmdK1XFheLJCaaNvMfM7tqUWv9Hvg7eO4xfW_9fGq0oiUvj93Fo7qk-yo1gaJrP2650EhtUXA7BLPn3WN8Wt_duOZr7AS7SasRSLQ9t-p-BlskaqPQ9YWdKkCXLUlvPl27A8neo6uumMRc_TEKMGp30OwP8lD3hiRzU",
      "dp": "wtZC48WjfuyxplmcWPX-3be0aihoK9-0hqoanvWTO1DPpI5XheQ69M0DGx8vMV71E986nXS4C9dfjEQcRuSdgUCxguXPSOezFxQMmPV5vA5Aud_V3aqlkJryP3oPwxVw-qtc2-as6U_A1iZDZrM6tAqUripnLsdIP23MRDPqEeM",
      "alg": "PS256",
      "dq": "a_Z0ZOotPxvnsqlX_ttsTzYZ9WJDFlyFovXdmEa0NrTcTUS7V0JCRH1JgI9ztg4C7V4bQxPVuTVQfgqb5pwtSv8RVIJQCSJRp7H1FXG56_CptFz_rg_P6bMZGGO7BgQ34OMt8R-3nU5NLOkIcFHDSmdaOfuxUUivf_cf7v6Sask",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
2021-10-22 15:36:26 SUCCESS
LoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "email": "user@example.com",
  "email_verified": false
}
Verify configuration of first client
2021-10-22 15:36:26 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
scope
openid
redirect_uri
https://openid-client.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
      "kty": "RSA",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr
r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH
TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA
8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/
UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W
maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei
Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2
oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP
ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J
wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl
0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb
OIWWqlirZGbuPjILzs0=
-----END CERTIFICATE-----
2021-10-22 15:36:26 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:36:26 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
      "kty": "RSA",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM",
      "e": "AQAB",
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw"
    }
  ]
}
2021-10-22 15:36:26 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:36:26 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:36:26 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "qoT2bF_lYgUjEeCDMykHRnOrr_8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd_6SmUBuTpvaF220SxTuYh0z5Yl7Y_YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj_UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ-WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUsw",
      "kty": "RSA",
      "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOrr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaHTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+WmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGeiRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HPynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6JwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdbOIWWqlirZGbuPjILzs0\u003d"
      ],
      "x5t": "ea3merHrY6EaOJ6F_kLN28vGChs",
      "x5t#S256": "80pgCLBXt6cnVCvRfFio9Ekq9MsXe1L3YhPH8olWdKM"
    }
  ]
}
Verify configuration of second client
2021-10-22 15:36:26 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
client2-id-openid-client-cSQQHKovF-Xm8TUu_rav8
scope
openid
redirect_uri
https://openid-client2.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
      "kty": "RSA",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
    },
    {
      "e": "AQAB",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
      "kty": "RSA",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
id_token_encrypted_response_alg
RSA-OAEP-256
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiA
Ef+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tD
ANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk
8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzV
Yo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSS
YOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8Q
mauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQ
jFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VB
NhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682E
l7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW
5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR
1RK/9JRIWBgAWEp58Kg=
-----END CERTIFICATE-----
2021-10-22 15:36:26 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:36:26 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
      "kty": "RSA",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
    },
    {
      "e": "AQAB",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
      "kty": "RSA",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q",
      "e": "AQAB",
      "use": "sig",
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ"
    }
  ]
}
2021-10-22 15:36:26 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:36:26 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:36:26 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "0fF17qpPSGGBc4bW5OJURyiAEf-mmm37_iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW_G3t6XsWDDf9hr0zqJz_-tDANWGBRXiIXiYCzwF797kuDcuAc_25GX_WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c-MWuVSSy04OX4CigaJA-__3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V_nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJw",
      "kty": "RSA",
      "kid": "B1Np5HGTK2EfAURTwhfuY4iwdY8mTIKzfLAJW2v9y2U",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJPh18h+dqrWYVMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fF17qpPSGGBc4bW5OJURyiAEf+mmm37/iOgLGUd33Zf3PUOI03QCBMasJjsKf4CW/G3t6XsWDDf9hr0zqJz/+tDANWGBRXiIXiYCzwF797kuDcuAc/25GX/WhiLQYFMoyWeC6pFmYLbO324pzSocyWk8h2dKpxCYPRxp4J4S6mH9m0kf9r0jR7c+MWuVSSy04OX4CigaJA+//3NbHLTTyzVYo4Ca01kjlrkjAuIZGueZXt6P8sRFdv5ZpjnvZ3amfjS6i5V/nfzMXfvZ9HzKoSSYOJeJsMlg6nMjS310LVXYnMexrNpK2pOjLMJ3tVx1jlozKkxiG8umfGSD3yVJwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAG8QmauYIlQcAHkakQG2dd6H7aTj6WNRVSaAwQa1nlYQ62wGMwqKDT39INCE0PU1gfqQjFo4r2hAkwQ0j23sk+6NxfoZQOs1h5R5AUZMfoRX1NisVt54EaA2I0av+ZObK2VBNhmxNUxHAM0EXUiYjI1asXqJbgAo3gRJi5Sawc88V3M6ql8DWJaUXM6wfR39682El7Xe14YIFreCAdMzP00YjIR5UY+g3RTpNaPl1/ZwskF8tOa43nhMswZ9jiZONfyW5IrDJgXbCqb87+53bQlIw2V8o89Is6eQjgk3JtAs/35K11dZdQ8KqQA+4e5OQ8OR1RK/9JRIWBgAWEp58Kg\u003d"
      ],
      "x5t": "JH1LvrOOM5N7ow-YR36q2AwMgL0",
      "x5t#S256": "xM52Jgr-mas_4YgRs-ZgxoO7URBYrkdcerN2as2D32Q"
    },
    {
      "e": "AQAB",
      "n": "2GU8TXflgD8mkf_Ow_8KmGNnSEXh_rAIsbKMVFp00LGFQccsmuuJXwW-toGe57tH99Q_E5nU6pCYN3TQaxdQdYcKNYfC-9rpXZu6defwx1c2jnHPfT9v_8Fmn6goS1m7rv4FK9q6PXF9hiJhFKwIqUEu4fbDdCAk4T0v-M2zSuUqhj1NbhKpkXk0DwtruFoZ2qLBgZJTGPUsg4ektaKWQkFCZsl_OvFkouBx9OfbNoPIGLKMeBUWbwQ49lnV9FEFRnvhXFVRl0SwgiU6eTF6jSHvlv9ZkOfMHHjkeKMNWYpdzukS1-FHxFu9npOzN9erSK-vIN6LeaEFRLu0gOS0KQ",
      "kty": "RSA",
      "kid": "eEgY3LTuyBDhXG7vXSgnTODqVuphosftHSk8fSDToL4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
2021-10-22 15:36:26
fapi1-advanced-final-client-test-invalid-missing-iss
Setup Done
2021-10-22 15:36:27 INCOMING
fapi1-advanced-final-client-test-invalid-missing-iss
Incoming HTTP request to test instance UlHdT8Y6RbjfON4
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:36:27 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:36:27 OUTGOING
fapi1-advanced-final-client-test-invalid-missing-iss
Response to HTTP request to test instance UlHdT8Y6RbjfON4
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-cSQQHKovF-Xm8TUu_rav8/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/userinfo",
  "token_endpoint_auth_methods_supported": [
    "tls_client_auth"
  ],
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "jwt"
  ],
  "authorization_signing_alg_values_supported": [
    "PS256"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256",
    "ES256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-10-22 15:36:27 INCOMING
fapi1-advanced-final-client-test-invalid-missing-iss
Incoming HTTP request to test instance UlHdT8Y6RbjfON4
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "got (https://github.com/sindresorhus/got)",
  "accept-encoding": "gzip, deflate, br",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "scope": "openid",
  "response_type": "code",
  "redirect_uri": "https://openid-client.local/cb",
  "state": "_mZyfQJVJk1DmVCj3pxG_M6tpduNjQvpLTChyuryLvw",
  "nonce": "2GkjHIW3DOW_ekOYEH7tyaDNjf0XfpA57f8VfDOjm1s",
  "request": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJfbVp5ZlFKVkprMURtVkNqM3B4R19NNnRwZHVOalF2cExUQ2h5dXJ5THZ3Iiwibm9uY2UiOiIyR2tqSElXM0RPV19la09ZRUg3dHlhRE5qZjBYZnBBNTdmOFZmRE9qbTFzIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjJrR1A5TFlGckM3VVFEUFpsQ2R2dTE5ZE83SWgtWjRiWDB6TlpreVpxaW8iLCJpYXQiOjE2MzQ5MTY5ODcsImV4cCI6MTYzNDkxNzI4NywibmJmIjoxNjM0OTE2OTg3fQ.WojToHrrlUlFr6Ww2mUOezojXyTVik8s7R97m_Vx79dXXJV1sFYIGhjSbYZoN1-pM8XTjNv1GDydwV7BK0VhfjZ5N5KF3jvnAV076zxfcs3K1aBHlGk84I31SAfaG4GuksYpOfmQ2vqbQrbY5FFNeF4cKkyLYZYZCzqnrIVmqx5GoulD2hadptMUKVg2gYNv1cYW39LkNhjK_y-KqkD6HjzgjBRKw0pibxLhKnjtv5uNF0Rl4DHR8nE8zuwVvxlhnYeGm2KU8ZbbST4LCrQhY7_XwrQXHEx2l_dqvTC2UT9oGuRDn5WDXGcZxkk85qUQlZDFMaqLkpjWcQSfFpkHNg"
}
incoming_body
2021-10-22 15:36:27 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Authorization endpoint
2021-10-22 15:36:27 SUCCESS
ExtractRequestObject
Parsed request object
request_object
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJfbVp5ZlFKVkprMURtVkNqM3B4R19NNnRwZHVOalF2cExUQ2h5dXJ5THZ3Iiwibm9uY2UiOiIyR2tqSElXM0RPV19la09ZRUg3dHlhRE5qZjBYZnBBNTdmOFZmRE9qbTFzIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjJrR1A5TFlGckM3VVFEUFpsQ2R2dTE5ZE83SWgtWjRiWDB6TlpreVpxaW8iLCJpYXQiOjE2MzQ5MTY5ODcsImV4cCI6MTYzNDkxNzI4NywibmJmIjoxNjM0OTE2OTg3fQ.WojToHrrlUlFr6Ww2mUOezojXyTVik8s7R97m_Vx79dXXJV1sFYIGhjSbYZoN1-pM8XTjNv1GDydwV7BK0VhfjZ5N5KF3jvnAV076zxfcs3K1aBHlGk84I31SAfaG4GuksYpOfmQ2vqbQrbY5FFNeF4cKkyLYZYZCzqnrIVmqx5GoulD2hadptMUKVg2gYNv1cYW39LkNhjK_y-KqkD6HjzgjBRKw0pibxLhKnjtv5uNF0Rl4DHR8nE8zuwVvxlhnYeGm2KU8ZbbST4LCrQhY7_XwrQXHEx2l_dqvTC2UT9oGuRDn5WDXGcZxkk85qUQlZDFMaqLkpjWcQSfFpkHNg",
  "header": {
    "kid": "e78zT5CdjXzV5sS6tDOJr5DOA4KZRhX5Z45hbzrvn2Y",
    "typ": "oauth-authz-req+jwt",
    "alg": "PS256"
  },
  "claims": {
    "iss": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "response_type": "code",
    "nonce": "2GkjHIW3DOW_ekOYEH7tyaDNjf0XfpA57f8VfDOjm1s",
    "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
    "aud": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
    "nbf": 1634916987,
    "scope": "openid",
    "claims": {
      "id_token": {
        "acr": {
          "values": [
            "urn:openbanking:psd2:sca",
            "urn:openbanking:psd2:ca"
          ],
          "essential": true
        }
      }
    },
    "redirect_uri": "https://openid-client.local/cb",
    "state": "_mZyfQJVJk1DmVCj3pxG_M6tpduNjQvpLTChyuryLvw",
    "exp": 1634917287,
    "iat": 1634916987,
    "jti": "2kGP9LYFrC7UQDPZlCdvu19dO7Ih-Z4bX0zNZkyZqio"
  }
}
2021-10-22 15:36:27 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:36:27 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "scope": "openid",
  "response_type": "code",
  "redirect_uri": "https://openid-client.local/cb",
  "state": "_mZyfQJVJk1DmVCj3pxG_M6tpduNjQvpLTChyuryLvw",
  "nonce": "2GkjHIW3DOW_ekOYEH7tyaDNjf0XfpA57f8VfDOjm1s",
  "request": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJfbVp5ZlFKVkprMURtVkNqM3B4R19NNnRwZHVOalF2cExUQ2h5dXJ5THZ3Iiwibm9uY2UiOiIyR2tqSElXM0RPV19la09ZRUg3dHlhRE5qZjBYZnBBNTdmOFZmRE9qbTFzIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjJrR1A5TFlGckM3VVFEUFpsQ2R2dTE5ZE83SWgtWjRiWDB6TlpreVpxaW8iLCJpYXQiOjE2MzQ5MTY5ODcsImV4cCI6MTYzNDkxNzI4NywibmJmIjoxNjM0OTE2OTg3fQ.WojToHrrlUlFr6Ww2mUOezojXyTVik8s7R97m_Vx79dXXJV1sFYIGhjSbYZoN1-pM8XTjNv1GDydwV7BK0VhfjZ5N5KF3jvnAV076zxfcs3K1aBHlGk84I31SAfaG4GuksYpOfmQ2vqbQrbY5FFNeF4cKkyLYZYZCzqnrIVmqx5GoulD2hadptMUKVg2gYNv1cYW39LkNhjK_y-KqkD6HjzgjBRKw0pibxLhKnjtv5uNF0Rl4DHR8nE8zuwVvxlhnYeGm2KU8ZbbST4LCrQhY7_XwrQXHEx2l_dqvTC2UT9oGuRDn5WDXGcZxkk85qUQlZDFMaqLkpjWcQSfFpkHNg",
  "iss": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "aud": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "nbf": 1634916987,
  "claims": {
    "id_token": {
      "acr": {
        "values": [
          "urn:openbanking:psd2:sca",
          "urn:openbanking:psd2:ca"
        ],
        "essential": true
      }
    }
  },
  "exp": 1634917287,
  "iat": 1634916987,
  "jti": "2kGP9LYFrC7UQDPZlCdvu19dO7Ih-Z4bX0zNZkyZqio"
}
2021-10-22 15:36:27 SUCCESS
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
alg
PS256
2021-10-22 15:36:27 SUCCESS
FAPIValidateRequestObjectIdTokenACRClaims
Acr value in request object is as expected
received
[
  "urn:openbanking:psd2:sca",
  "urn:openbanking:psd2:ca"
]
2021-10-22 15:36:27 SUCCESS
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
exp
"Oct 22, 2021, 3:41:27 PM"
2021-10-22 15:36:27 SUCCESS
FAPI1AdvancedValidateRequestObjectNBFClaim
nbf claim is valid
nbf
"Oct 22, 2021, 3:36:27 PM"
now
"Oct 22, 2021, 3:36:27 PM"
2021-10-22 15:36:27
ValidateRequestObjectClaims
Request object does not contain a max_age claim
2021-10-22 15:36:27 SUCCESS
ValidateRequestObjectClaims
Request object claims passed all validation checks
2021-10-22 15:36:27 SUCCESS
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
numeric_claims
[
  "max_age"
]
2021-10-22 15:36:27 SUCCESS
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
2021-10-22 15:36:27 SUCCESS
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
2021-10-22 15:36:27 SUCCESS
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
request_object
eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJlNzh6VDVDZGpYelY1c1M2dERPSnI1RE9BNEtaUmhYNVo0NWhienJ2bjJZIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJfbVp5ZlFKVkprMURtVkNqM3B4R19NNnRwZHVOalF2cExUQ2h5dXJ5THZ3Iiwibm9uY2UiOiIyR2tqSElXM0RPV19la09ZRUg3dHlhRE5qZjBYZnBBNTdmOFZmRE9qbTFzIiwiY2xhaW1zIjp7ImlkX3Rva2VuIjp7ImFjciI6eyJlc3NlbnRpYWwiOnRydWUsInZhbHVlcyI6WyJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJ1cm46b3BlbmJhbmtpbmc6cHNkMjpjYSJdfX19LCJpc3MiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4LyIsImNsaWVudF9pZCI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWNTUVFIS292Ri1YbThUVXVfcmF2OCIsImp0aSI6IjJrR1A5TFlGckM3VVFEUFpsQ2R2dTE5ZE83SWgtWjRiWDB6TlpreVpxaW8iLCJpYXQiOjE2MzQ5MTY5ODcsImV4cCI6MTYzNDkxNzI4NywibmJmIjoxNjM0OTE2OTg3fQ.WojToHrrlUlFr6Ww2mUOezojXyTVik8s7R97m_Vx79dXXJV1sFYIGhjSbYZoN1-pM8XTjNv1GDydwV7BK0VhfjZ5N5KF3jvnAV076zxfcs3K1aBHlGk84I31SAfaG4GuksYpOfmQ2vqbQrbY5FFNeF4cKkyLYZYZCzqnrIVmqx5GoulD2hadptMUKVg2gYNv1cYW39LkNhjK_y-KqkD6HjzgjBRKw0pibxLhKnjtv5uNF0Rl4DHR8nE8zuwVvxlhnYeGm2KU8ZbbST4LCrQhY7_XwrQXHEx2l_dqvTC2UT9oGuRDn5WDXGcZxkk85qUQlZDFMaqLkpjWcQSfFpkHNg
request_object_signing_alg
PS256
jwk
Sun RSA public key, 2048 bits
  params: null
  modulus: 21526078141622829638920734706176806063201605661748740953272229190573245296207696896267678461499514362908771322040304050582067254902304538163087604811006505859500779410677360192222530528275473738024274812115025597428556107469388359750269933345202129604108692124054496657305568139218084668389876759601602006282195324081187925465763428150948585058861340830321641205281497108075697341036243658611675764314866577166407048998585883400028061025604810659257717080923530506023267608746056216697300265389559082041634632398174072069924999484327675952853740160214533825753601915118306041142950353876139425800114092008528476820659
  public exponent: 65537
2021-10-22 15:36:27 SUCCESS
EnsureMatchingRedirectUriInRequestObject
Redirect URI matched
actual
https://openid-client.local/cb
2021-10-22 15:36:27 SUCCESS
EnsureRequiredAuthorizationRequestParametersMatchRequestObject
Required http request parameters match request object claims
response_type
code
client_id
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
2021-10-22 15:36:27 SUCCESS
EnsureOptionalAuthorizationRequestParametersMatchRequestObject
All http request parameters and request object claims match
2021-10-22 15:36:27 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid
2021-10-22 15:36:27 SUCCESS
EnsureRequestedScopeIsEqualToConfiguredScope
Requested scopes match configured scopes
scope
openid
2021-10-22 15:36:27 SUCCESS
EnsureResponseTypeIsCode
Response type is expected value
expected
code
2021-10-22 15:36:27 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
2021-10-22 15:36:27 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
qDydv2oWTUapd1T9OTO9eufOSDQlOovC
2021-10-22 15:36:27 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
2GkjHIW3DOW_ekOYEH7tyaDNjf0XfpA57f8VfDOjm1s
2021-10-22 15:36:27 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://openid-client.local/cb",
  "state": "_mZyfQJVJk1DmVCj3pxG_M6tpduNjQvpLTChyuryLvw"
}
2021-10-22 15:36:27 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://openid-client.local/cb",
  "state": "_mZyfQJVJk1DmVCj3pxG_M6tpduNjQvpLTChyuryLvw",
  "code": "qDydv2oWTUapd1T9OTO9eufOSDQlOovC"
}
2021-10-22 15:36:27
GenerateJARMResponseClaims
Created JARM response claims
iss
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/
aud
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
code
qDydv2oWTUapd1T9OTO9eufOSDQlOovC
state
_mZyfQJVJk1DmVCj3pxG_M6tpduNjQvpLTChyuryLvw
exp
1634917587
2021-10-22 15:36:27 SUCCESS
SignJARMResponse
Signed the JARM response
jarm_response
eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJjb2RlIjoicUR5ZHYyb1dUVWFwZDFUOU9UTzlldWZPU0RRbE9vdkMiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjhcLyIsInN0YXRlIjoiX21aeWZRSlZKazFEbVZDajNweEdfTTZ0cGR1TmpRdnBMVENoeXVyeUx2dyIsImV4cCI6MTYzNDkxNzU4N30.f0E-Ai0uPRW5oltLGY-bGA07K-x4Dm-NS2TIo8Fg0RXLrXzAb8fucR7jhfKPAdCV_d_eIVrp0NELn3U0cwruYTgAoAXJAWBp4UWXObmtiSLPsUYNSLaItSU_F6bgRpDZ5DgkQrIf3pc3sROO02txGambQAKHcTydzO_IEHeNhuo5e3ucq3OnIo9VQF7NeBYYYg5_izyErPZeY_JFvQkqSKFDkEPk00CmCNK_8Sa4U1iJPS3Q4dA-ZJqP9v8yvnJ2LPF3twbz6T9lLJS8QPNbreyfuHN_-GKwpftqOWQnZJf0vCJyYemqky_ER6ml8Foub-ictFJnW6xIy4gw-2mETQ
2021-10-22 15:36:27 INFO
EncryptJARMResponse
Skipped evaluation due to missing required element: client authorization_encrypted_response_alg
path
authorization_encrypted_response_alg
mapped
object
client
2021-10-22 15:36:27
SendJARMResponseWitResponseModeQuery
Redirecting back to client
uri
https://openid-client.local/cb?response=eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJjb2RlIjoicUR5ZHYyb1dUVWFwZDFUOU9UTzlldWZPU0RRbE9vdkMiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjhcLyIsInN0YXRlIjoiX21aeWZRSlZKazFEbVZDajNweEdfTTZ0cGR1TmpRdnBMVENoeXVyeUx2dyIsImV4cCI6MTYzNDkxNzU4N30.f0E-Ai0uPRW5oltLGY-bGA07K-x4Dm-NS2TIo8Fg0RXLrXzAb8fucR7jhfKPAdCV_d_eIVrp0NELn3U0cwruYTgAoAXJAWBp4UWXObmtiSLPsUYNSLaItSU_F6bgRpDZ5DgkQrIf3pc3sROO02txGambQAKHcTydzO_IEHeNhuo5e3ucq3OnIo9VQF7NeBYYYg5_izyErPZeY_JFvQkqSKFDkEPk00CmCNK_8Sa4U1iJPS3Q4dA-ZJqP9v8yvnJ2LPF3twbz6T9lLJS8QPNbreyfuHN_-GKwpftqOWQnZJf0vCJyYemqky_ER6ml8Foub-ictFJnW6xIy4gw-2mETQ
2021-10-22 15:36:27 OUTGOING
fapi1-advanced-final-client-test-invalid-missing-iss
Response to HTTP request to test instance UlHdT8Y6RbjfON4
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://openid-client.local/cb?response=eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjgiLCJjb2RlIjoicUR5ZHYyb1dUVWFwZDFUOU9UTzlldWZPU0RRbE9vdkMiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1jU1FRSEtvdkYtWG04VFV1X3JhdjhcLyIsInN0YXRlIjoiX21aeWZRSlZKazFEbVZDajNweEdfTTZ0cGR1TmpRdnBMVENoeXVyeUx2dyIsImV4cCI6MTYzNDkxNzU4N30.f0E-Ai0uPRW5oltLGY-bGA07K-x4Dm-NS2TIo8Fg0RXLrXzAb8fucR7jhfKPAdCV_d_eIVrp0NELn3U0cwruYTgAoAXJAWBp4UWXObmtiSLPsUYNSLaItSU_F6bgRpDZ5DgkQrIf3pc3sROO02txGambQAKHcTydzO_IEHeNhuo5e3ucq3OnIo9VQF7NeBYYYg5_izyErPZeY_JFvQkqSKFDkEPk00CmCNK_8Sa4U1iJPS3Q4dA-ZJqP9v8yvnJ2LPF3twbz6T9lLJS8QPNbreyfuHN_-GKwpftqOWQnZJf0vCJyYemqky_ER6ml8Foub-ictFJnW6xIy4gw-2mETQ]
outgoing_path
authorize
2021-10-22 15:36:28 INCOMING
fapi1-advanced-final-client-test-invalid-missing-iss
Incoming HTTP request to test instance UlHdT8Y6RbjfON4
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:36:28 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:36:28 OUTGOING
fapi1-advanced-final-client-test-invalid-missing-iss
Response to HTTP request to test instance UlHdT8Y6RbjfON4
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "meY4sbKquBEWVDYy9xL92Dk4wNmsWI6PKYn_jwEMNQs",
      "alg": "PS256",
      "n": "5ggKvFjeQwvg1jUeJF-m7NEFmhZ2c0qVzREVhX63XslJBqKYb54tli4zVZ-hVejfszYYwrFF26SAjeeagMrHk51ABTJ-2T9fBSNwrryG5sAJ6jT8U8fGWPQr-T1yI2ysKVCuHwPicBIiCcQkWRILCssjvpxOhaoZmsW9QeJlH8L73plPvDvSh-3981sASTFXhj8ykvCgLEHuPM4hiJaYIeDP6n7bsds0ngnkffKlqnvjIftolVvFnNJBqmloL3bspPTq3ggZyVaLulYOoZDQcYgRPSUQ-bsBClrZz7vpLRgarZvKI-2lxHxRXTsxVmUIejNgyvKsa-wN0YzEPdr06Q"
    }
  ]
}
outgoing_path
jwks
2021-10-22 15:36:28 INCOMING
fapi1-advanced-final-client-test-invalid-missing-iss
Incoming HTTP request to test instance UlHdT8Y6RbjfON4
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA 8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/ UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2 oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl 0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb OIWWqlirZGbuPjILzs0\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "content-length": "175",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "code": "qDydv2oWTUapd1T9OTO9eufOSDQlOovC",
  "redirect_uri": "https://openid-client.local/cb",
  "client_id": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&code=qDydv2oWTUapd1T9OTO9eufOSDQlOovC&redirect_uri=https%3A%2F%2Fopenid-client.local%2Fcb&client_id=client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
2021-10-22 15:36:28 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Token endpoint
2021-10-22 15:36:28 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA 8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/ UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2 oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl 0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb OIWWqlirZGbuPjILzs0\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr\nr/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH\nTacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA\n8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/\nUtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W\nmaJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei\nRh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2\noFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP\nynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J\nwyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl\n0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb\nOIWWqlirZGbuPjILzs0\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:36:28 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:36:28 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJJ3fHIIM2oZ89MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoT2bF/lYgUjEeCDMykHRnOr
r/8BwqyXCXRHOmSMwXfKW63QwxoNSYcWtkvew73mo6uYICB64FVvRb0UfUeiugaH
TacvMNz2pfKtqjZzoWUd/6SmUBuTpvaF220SxTuYh0z5Yl7Y/YUKBjPOF3o1WcSA
8WBKjwT3UWk0K9QhO94TCjFx9vv4KuBk08vy8xyYWBkXrQTmLQYINZKFDSfzUdj/
UtKhAjRfi6T8MfoTUk4mcpygve8caY0x1tzW8j0GtuuuG5pbxdIAuz96jeSRvQ+W
maJpRkXYfXsRI0FpazZbo0NfhrijCQ0NtYhQz8BHFIZWUAbyFH9paMnsZ7LUswID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAGei
Rh0zwJVPpJjFhZ6k6xsgY1MzAbsvJiRArHfgl8czjDCN6NeyJFIbiPSG1bIqM7B2
oFmR//dYquctLm5yyClDk4OXLFDYFU+T91hL4cZJ2Z7UDvrtj4r2AWLdbbv9a9HP
ynhZYGYrLradwk9JpEIHiAOw5+COX7mzTfSYgJNpVEFc7Mk1QynNkTKm3wUbIW6J
wyvRkBO7WpG82CAU6rwwsuAIH3tKPSJkQLB+htC5eggyyR/1eWvumt16rL/pSKtl
0+1ew+7mZXWpCaZc9kLbPhX13LaX2EVhNNFCQ22aElFHRqaThH8lUqDikPrGRNdb
OIWWqlirZGbuPjILzs0=
-----END CERTIFICATE-----
2021-10-22 15:36:28 SUCCESS
EnsureNoClientAssertionSentToTokenEndpoint
Client did not send a client_assertion to token endpoint
2021-10-22 15:36:28 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
qDydv2oWTUapd1T9OTO9eufOSDQlOovC
2021-10-22 15:36:28 SUCCESS
ValidateRedirectUri
Found redirect uri
redirect_uri
https://openid-client.local/cb
2021-10-22 15:36:28 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
n6rvf89dhLu8fN8ap88TdfxgRvSA8tuLq3da7NgiomBVJ1Vy8o
2021-10-22 15:36:28 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
twxonCykoH8QNggcbpt7iQ
2021-10-22 15:36:28
CreateRefreshToken
Created refresh token
refresh_token
qdaVSHibmwSUGqxLrJYaxUhTFpuIhZwjPCVvrSIJjixeAlsucg2342580111#%%]^
2021-10-22 15:36:28 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/
sub
user-subject-1234531
aud
client-id-openid-client-cSQQHKovF-Xm8TUu_rav8
nonce
2GkjHIW3DOW_ekOYEH7tyaDNjf0XfpA57f8VfDOjm1s
iat
1634916988
exp
1634917288
2021-10-22 15:36:28 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
twxonCykoH8QNggcbpt7iQ
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-cSQQHKovF-Xm8TUu_rav8/",
  "sub": "user-subject-1234531",
  "aud": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "nonce": "2GkjHIW3DOW_ekOYEH7tyaDNjf0XfpA57f8VfDOjm1s",
  "iat": 1634916988,
  "exp": 1634917288,
  "at_hash": "twxonCykoH8QNggcbpt7iQ"
}
2021-10-22 15:36:28 SUCCESS
RemoveIssFromIdToken
Removed iss value from ID token claims
id_token_claims
{
  "sub": "user-subject-1234531",
  "aud": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "nonce": "2GkjHIW3DOW_ekOYEH7tyaDNjf0XfpA57f8VfDOjm1s",
  "iat": 1634916988,
  "exp": 1634917288,
  "at_hash": "twxonCykoH8QNggcbpt7iQ"
}
2021-10-22 15:36:28 SUCCESS
AddACRClaimToIdTokenClaims
Added acr value to id_token_claims
acr_value
urn:openbanking:psd2:sca
claims
{
  "sub": "user-subject-1234531",
  "aud": "client-id-openid-client-cSQQHKovF-Xm8TUu_rav8",
  "nonce": "2GkjHIW3DOW_ekOYEH7tyaDNjf0XfpA57f8VfDOjm1s",
  "iat": 1634916988,
  "exp": 1634917288,
  "at_hash": "twxonCykoH8QNggcbpt7iQ",
  "acr": "urn:openbanking:psd2:sca"
}
2021-10-22 15:36:28 SUCCESS
SignIdToken
Signed the ID token
id_token
eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoidHd4b25DeWtvSDhRTmdnY2JwdDdpUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4IiwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiZXhwIjoxNjM0OTE3Mjg4LCJub25jZSI6IjJHa2pISVczRE9XX2VrT1lFSDd0eWFETmpmMFhmcEE1N2Y4VmZET2ptMXMiLCJpYXQiOjE2MzQ5MTY5ODh9.1A_KY0vwEzK538JEen7FHdBpX6-apvQuh6kha87M844c4GeTOtpKUA_Ttq6W7sUQ387OMk85FgCuSQHAytWV-iV-bNCTdOxXV_YHGCKqOruxusqEgCYZD69r_T5qjRzlHEScABUkL5e2S7AEcWcZHJmHt2b0-f0gawJICGzFSmHZnqb8IqlXt9TOWKBhJ-Mjwd2T4JD4tfmv2tg1RI5VPkkjLFTXYINoe5zCQK0PF751l7QAyYYEIRLCRuVmPjqNccDy5A9gxXTS3-qc9Oo5X4S-UjGRzvOftme5ZfxkE2c96D0nzOHXiJ4-RSiahrdS8atL4JHfCaG3jpqhPEvvDA
2021-10-22 15:36:28 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
n6rvf89dhLu8fN8ap88TdfxgRvSA8tuLq3da7NgiomBVJ1Vy8o
token_type
Bearer
id_token
eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoidHd4b25DeWtvSDhRTmdnY2JwdDdpUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4IiwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiZXhwIjoxNjM0OTE3Mjg4LCJub25jZSI6IjJHa2pISVczRE9XX2VrT1lFSDd0eWFETmpmMFhmcEE1N2Y4VmZET2ptMXMiLCJpYXQiOjE2MzQ5MTY5ODh9.1A_KY0vwEzK538JEen7FHdBpX6-apvQuh6kha87M844c4GeTOtpKUA_Ttq6W7sUQ387OMk85FgCuSQHAytWV-iV-bNCTdOxXV_YHGCKqOruxusqEgCYZD69r_T5qjRzlHEScABUkL5e2S7AEcWcZHJmHt2b0-f0gawJICGzFSmHZnqb8IqlXt9TOWKBhJ-Mjwd2T4JD4tfmv2tg1RI5VPkkjLFTXYINoe5zCQK0PF751l7QAyYYEIRLCRuVmPjqNccDy5A9gxXTS3-qc9Oo5X4S-UjGRzvOftme5ZfxkE2c96D0nzOHXiJ4-RSiahrdS8atL4JHfCaG3jpqhPEvvDA
refresh_token
qdaVSHibmwSUGqxLrJYaxUhTFpuIhZwjPCVvrSIJjixeAlsucg2342580111#%%]^
scope
openid
2021-10-22 15:36:28 OUTGOING
fapi1-advanced-final-client-test-invalid-missing-iss
Response to HTTP request to test instance UlHdT8Y6RbjfON4
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "n6rvf89dhLu8fN8ap88TdfxgRvSA8tuLq3da7NgiomBVJ1Vy8o",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiJtZVk0c2JLcXVCRVdWRFl5OXhMOTJEazR3Tm1zV0k2UEtZbl9qd0VNTlFzIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoidHd4b25DeWtvSDhRTmdnY2JwdDdpUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtY1NRUUhLb3ZGLVhtOFRVdV9yYXY4IiwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiZXhwIjoxNjM0OTE3Mjg4LCJub25jZSI6IjJHa2pISVczRE9XX2VrT1lFSDd0eWFETmpmMFhmcEE1N2Y4VmZET2ptMXMiLCJpYXQiOjE2MzQ5MTY5ODh9.1A_KY0vwEzK538JEen7FHdBpX6-apvQuh6kha87M844c4GeTOtpKUA_Ttq6W7sUQ387OMk85FgCuSQHAytWV-iV-bNCTdOxXV_YHGCKqOruxusqEgCYZD69r_T5qjRzlHEScABUkL5e2S7AEcWcZHJmHt2b0-f0gawJICGzFSmHZnqb8IqlXt9TOWKBhJ-Mjwd2T4JD4tfmv2tg1RI5VPkkjLFTXYINoe5zCQK0PF751l7QAyYYEIRLCRuVmPjqNccDy5A9gxXTS3-qc9Oo5X4S-UjGRzvOftme5ZfxkE2c96D0nzOHXiJ4-RSiahrdS8atL4JHfCaG3jpqhPEvvDA",
  "refresh_token": "qdaVSHibmwSUGqxLrJYaxUhTFpuIhZwjPCVvrSIJjixeAlsucg2342580111#%%]^",
  "scope": "openid"
}
outgoing_path
token
2021-10-22 15:36:33 FINISHED
fapi1-advanced-final-client-test-invalid-missing-iss
Test has run to completion
testmodule_result
PASSED
2021-10-22 15:36:34
TEST-RUNNER
Alias has now been claimed by another test
alias
openid-client-cSQQHKovF-Xm8TUu_rav8
new_test_id
6RGg6LFXitkF6cu
Test Results