Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-10-22 15:35:04 INFO
TEST-RUNNER
Test instance WU3OjM6vDfQBAvr created
baseUrl
https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi
variant
{
  "client_auth_type": "mtls",
  "fapi_auth_request_method": "pushed",
  "fapi_jarm_type": "oidc",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "plain_response"
}
alias
openid-client-19x_eSCK1zeMp5IBU8EXi
description
openid-client v5.x FAPI1 Adv. MTLS, PAR RP
planId
E1lVQvBJBSVet
config
{
  "alias": "openid-client-19x_eSCK1zeMp5IBU8EXi",
  "description": "openid-client v5.x FAPI1 Adv. MTLS, PAR RP",
  "server": {
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "wlkAv4Ub0vsZF0x5oaTCuZSO5h0SiMtjLGjpQhh_aYzav3-W46SiBicNknvaKOWrSvBszc4o1whOkqP-0ryAcrK5YJVei3GrtYUygeH0eCXFOnCZo8njKgrrXIa6PzhfhR692SJrI2hDTTdpOM6dninOfAdTHCeB1pESVUyaY6TUXeeFf7cNKAFG3TfH-ZPvQIylc_olmBKX4nUk8HcTJudTfUJ9NFd0DBLroC5cWgz1Q9LR7kJsuZ5aN-tfaZENQ7mUItW16cjgHHS3ChwFyuwY0AB3-2Ei1EW40DfhjDxEZpTAO9pDsWJUAbs9mb4rL8piYDGNDgWy82NXxXZr4w",
          "d": "qixWvFxoTagygzUid8iV_Pu42INyXDeDIjrGrGpY_moojG_DBpd8i9icSLyL_S2FfHvjOZ4gIpGSg1J36bzG2CforEp-W6lvyeTUoefhMWcZOJ-p2EIJ2CFxjzYlVQAem6icYcmCeKFt9OnlB6nbV8eRlwau3kM1rFSg8fG-aio67yByb-rsJQp8kA6gjyijRsbX3-J7-eMWB3J7fEZ7zZGLLWop1NQuV8q29yWwdp94P0fV1K46AUGf1O2niLIuCgargdF0psWVoD8F2B0gKvcuxCGsldAJ_QqqD4ztlMxAsMe8pHlWoSqbO2vYLcHmSHQgKoLxPqKXinY8-1t8GQ",
          "p": "_vbs_b5I30x9tVMrvLezYFNHjppgJo4JPmqwZZa5uMYyY0iTNYtuzcwtS-8ZUI1MzvvlIjikzh6EP_8MFs-SaBlsQ_Fgq5HT2zzdYQyyag7GK_MUZ8Jw_7PZrjjtyYjuZfj05KKyPjs2uOdnWY5JVmv3q4MSZEQLNlSUGwn-v2c",
          "q": "wyMOhuEsh4RJq3Jl3q7aGeWlNINXFt-JDsKMMKL-1k1kpgyXXy7l0yRIU54FgDunWve2j2LxQfE5nqNupvl2pBNosW31cAUWNA8l48tNGcYd_FZNV-IfUG7k7qHgK0AYpVN3leo9xe7vhIC361YBYdmYjDsN16pz31gbSbvV7iU",
          "dp": "BujKI1Y0w1hfT7qhRMv1oHahScwFLwZKWdaqURZ0kf1NAEPHOXw91HXkBFrGZNhvbGyHGRZP4QYSr2lJ-pRFc2y88lpoND4Pb7GGjkq5ywX7eNVtiCJMzaEiFQaV6xA65aiJemiuS-Fu6jPbKSIh-qWSYKN8rBrr8tz35oOu06E",
          "dq": "HsdLxkiD_ogGGq27lakcq5MGQMcqmGf_tT1IYW-EJIcmhe5cfd3m0Cvb4Jx_H5_JINcLi4g-p3kF7pi2nk2gwfZxv_KpENcsjl-JSWnKqnMOTbvLDT6UU9p5743GzuuYN5N3vESrI6oxS0QGPm9dXnK01gGGiGrRRfweqb2f26U",
          "qi": "FwLnMc8OOUA_OKV5sGLdcIbWrWzYg6L5Qz0cNMI4ifuXdOU9meSVIx0hk_vFdkMRCVVN5hWJgScDSwGAq6_fTWQB44j3AsSoizu74aMkrQplm3uWJswEDHkCtzVmI2RxDJ1XjkWwzETbKuSaLTT_qlPkt_pHkIzUmIB6940vDbk",
          "kty": "RSA",
          "kid": "8JhwzHIHy0b7khZhteCdMypvWERx3s9emYsXmPBgmCQ",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    }
  },
  "waitTimeoutSeconds": 2,
  "client": {
    "client_id": "client-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
    "scope": "openid",
    "redirect_uri": "https://openid-client.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "7OvMThFjpNroR-Ec8a_b9jvfZy2qfZa-pz8uKmdRKTp8EjMm_nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl-Izgd_SDR8nfqY_MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI-pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus_95rvi7dC7SJ46WS2NjL83_Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGw",
          "kty": "RSA",
          "kid": "jIODs9qk6MnlyOLp_kZZyLewyRT5fcuYd6Pys0eRlsw",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvfZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIeCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwko4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIVwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3uQ+250YJ4f7wDTgvK1Y\u003d"
          ],
          "x5t": "2FzncZ0KUeSLhxcHMA9gFdtbCGQ",
          "x5t#S256": "yrwtej1ilpOSQRBiEHIKZhLJTgz0m6fBAA_4ykKC2G8"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvf\r\nZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88w\r\nCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPo\r\nT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyN\r\nL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VH\r\ngY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2\r\nboMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIe\r\nCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwk\r\no4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIV\r\nwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt\r\n0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3\r\nuQ+250YJ4f7wDTgvK1Y\u003d\r\n-----END CERTIFICATE-----\r\n"
  },
  "client2": {
    "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
    "scope": "openid",
    "redirect_uri": "https://openid-client2.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "1_YcRpQa9LgXhb3E7Fy0M_2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3_4tI7YFqRb5Jlhw7au4cs47NY4qkQ-aZQ_sBhvwdDFyMwKbGPQFV-5A_kWdB2TqPSiSui99IL-9EvFrq_HgN34KO70-kSQjXMkYBw-VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf_SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX_NOgbi8fiB_s-fkn21TNE8Rf0pWsAV-MlUszJ2VTT0SJHdBpRwMDByPxJzr-xJRw",
          "kty": "RSA",
          "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
          "use": "sig",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/NOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNyYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4Ia2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIhIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAdwinxMEcYkV0E840v9E0\u003d"
          ],
          "x5t": "cWa8bD4VQXYYlMSfEJWqLmRdM0I",
          "x5t#S256": "lBDh5y9jfhCArwzI6P_XEWuxVaPFT2XAM9zjhWx4uZU"
        },
        {
          "e": "AQAB",
          "n": "s7VUd-v9_RSLaiLo_c22-Lb39wS9dmpAC_EE2XAnzHaBNoiA6K32QbcUDy8FghRPrJ-TIWN9IgLIO1rfGxp30PGQjcBc5x7yRcuOM0PlLiRH6gUCPitVZq2kvIf4B30Mxl6t320aWM2FHe1Tv8in4LjqBP6MrXzzCwqnDC3Zpgj652kCfOBFRXrurTezHaA23r54T2iInW-XfOD5bjKeFx6OWy9eBTibB3kqf4d_bxmB5qLMY_9A6G0px000icguFRqAUjOLUFKwaGep8qOOLCwXDq3_vft3ZiNGwTgQGUn28IAfjoHcc5gZGO176JnvsygDCzZuvkh32_6o4H-_jw",
          "kty": "RSA",
          "kid": "OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4",
          "alg": "RSA-OAEP-256",
          "use": "enc"
        }
      ]
    },
    "id_token_encrypted_response_alg": "RSA-OAEP-256",
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z\r\nlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs\r\nW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A\r\n/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8\r\nsusKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N\r\nOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy\r\nYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I\r\na2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh\r\nIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON\r\n+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+\r\nxyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd\r\nwinxMEcYkV0E840v9E0\u003d\r\n-----END CERTIFICATE-----\r\n"
  }
}
testName
fapi1-advanced-final-client-test-encrypted-idtoken-usingrsa15
2021-10-22 15:35:04 SUCCESS
GenerateServerConfigurationMTLS
Created server configuration
server
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-19x_eSCK1zeMp5IBU8EXi/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/userinfo"
}
issuer
https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/
discoveryUrl
https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/.well-known/openid-configuration
2021-10-22 15:35:04 SUCCESS
LoadServerJWKs
Parsed public and private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "_vbs_b5I30x9tVMrvLezYFNHjppgJo4JPmqwZZa5uMYyY0iTNYtuzcwtS-8ZUI1MzvvlIjikzh6EP_8MFs-SaBlsQ_Fgq5HT2zzdYQyyag7GK_MUZ8Jw_7PZrjjtyYjuZfj05KKyPjs2uOdnWY5JVmv3q4MSZEQLNlSUGwn-v2c",
      "kty": "RSA",
      "q": "wyMOhuEsh4RJq3Jl3q7aGeWlNINXFt-JDsKMMKL-1k1kpgyXXy7l0yRIU54FgDunWve2j2LxQfE5nqNupvl2pBNosW31cAUWNA8l48tNGcYd_FZNV-IfUG7k7qHgK0AYpVN3leo9xe7vhIC361YBYdmYjDsN16pz31gbSbvV7iU",
      "d": "qixWvFxoTagygzUid8iV_Pu42INyXDeDIjrGrGpY_moojG_DBpd8i9icSLyL_S2FfHvjOZ4gIpGSg1J36bzG2CforEp-W6lvyeTUoefhMWcZOJ-p2EIJ2CFxjzYlVQAem6icYcmCeKFt9OnlB6nbV8eRlwau3kM1rFSg8fG-aio67yByb-rsJQp8kA6gjyijRsbX3-J7-eMWB3J7fEZ7zZGLLWop1NQuV8q29yWwdp94P0fV1K46AUGf1O2niLIuCgargdF0psWVoD8F2B0gKvcuxCGsldAJ_QqqD4ztlMxAsMe8pHlWoSqbO2vYLcHmSHQgKoLxPqKXinY8-1t8GQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "8JhwzHIHy0b7khZhteCdMypvWERx3s9emYsXmPBgmCQ",
      "qi": "FwLnMc8OOUA_OKV5sGLdcIbWrWzYg6L5Qz0cNMI4ifuXdOU9meSVIx0hk_vFdkMRCVVN5hWJgScDSwGAq6_fTWQB44j3AsSoizu74aMkrQplm3uWJswEDHkCtzVmI2RxDJ1XjkWwzETbKuSaLTT_qlPkt_pHkIzUmIB6940vDbk",
      "dp": "BujKI1Y0w1hfT7qhRMv1oHahScwFLwZKWdaqURZ0kf1NAEPHOXw91HXkBFrGZNhvbGyHGRZP4QYSr2lJ-pRFc2y88lpoND4Pb7GGjkq5ywX7eNVtiCJMzaEiFQaV6xA65aiJemiuS-Fu6jPbKSIh-qWSYKN8rBrr8tz35oOu06E",
      "alg": "PS256",
      "dq": "HsdLxkiD_ogGGq27lakcq5MGQMcqmGf_tT1IYW-EJIcmhe5cfd3m0Cvb4Jx_H5_JINcLi4g-p3kF7pi2nk2gwfZxv_KpENcsjl-JSWnKqnMOTbvLDT6UU9p5743GzuuYN5N3vESrI6oxS0QGPm9dXnK01gGGiGrRRfweqb2f26U",
      "n": "wlkAv4Ub0vsZF0x5oaTCuZSO5h0SiMtjLGjpQhh_aYzav3-W46SiBicNknvaKOWrSvBszc4o1whOkqP-0ryAcrK5YJVei3GrtYUygeH0eCXFOnCZo8njKgrrXIa6PzhfhR692SJrI2hDTTdpOM6dninOfAdTHCeB1pESVUyaY6TUXeeFf7cNKAFG3TfH-ZPvQIylc_olmBKX4nUk8HcTJudTfUJ9NFd0DBLroC5cWgz1Q9LR7kJsuZ5aN-tfaZENQ7mUItW16cjgHHS3ChwFyuwY0AB3-2Ei1EW40DfhjDxEZpTAO9pDsWJUAbs9mb4rL8piYDGNDgWy82NXxXZr4w"
    }
  ]
}
server_encryption_keys
{}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "8JhwzHIHy0b7khZhteCdMypvWERx3s9emYsXmPBgmCQ",
      "alg": "PS256",
      "n": "wlkAv4Ub0vsZF0x5oaTCuZSO5h0SiMtjLGjpQhh_aYzav3-W46SiBicNknvaKOWrSvBszc4o1whOkqP-0ryAcrK5YJVei3GrtYUygeH0eCXFOnCZo8njKgrrXIa6PzhfhR692SJrI2hDTTdpOM6dninOfAdTHCeB1pESVUyaY6TUXeeFf7cNKAFG3TfH-ZPvQIylc_olmBKX4nUk8HcTJudTfUJ9NFd0DBLroC5cWgz1Q9LR7kJsuZ5aN-tfaZENQ7mUItW16cjgHHS3ChwFyuwY0AB3-2Ei1EW40DfhjDxEZpTAO9pDsWJUAbs9mb4rL8piYDGNDgWy82NXxXZr4w"
    }
  ]
}
2021-10-22 15:35:04 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:35:04 SUCCESS
ExtractServerSigningAlg
Successfully extracted algorithm
signing_algorithm
PS256
2021-10-22 15:35:04 SUCCESS
AddTLSClientAuthToServerConfiguration
Added tls_client_auth for token_endpoint_auth_methods_supported
2021-10-22 15:35:04
AddPushedAuthorizationRequestEndpointToServerConfig
Added pushed_authorization_request_endpoint to server configuration
endpoint
https://www.certification.openid.net/test-mtls/a/openid-client-19x_eSCK1zeMp5IBU8EXi/par
2021-10-22 15:35:04
AddRequirePushedAuthorizationRequestsToServerConfig
Added require_pushed_authorization_requests to server configuration
value
true
2021-10-22 15:35:04 SUCCESS
AddResponseTypeCodeIdTokenToServerConfiguration
Added code id_token as response type supported
response_types_supported
[
  "code id_token"
]
2021-10-22 15:35:04 SUCCESS
FAPIAddTokenEndpointAuthSigningAlgValuesSupportedToServer
Set token_endpoint_auth_signing_alg_values_supported
values
[
  "PS256",
  "ES256"
]
2021-10-22 15:35:04 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-10-22 15:35:04 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "p": "_vbs_b5I30x9tVMrvLezYFNHjppgJo4JPmqwZZa5uMYyY0iTNYtuzcwtS-8ZUI1MzvvlIjikzh6EP_8MFs-SaBlsQ_Fgq5HT2zzdYQyyag7GK_MUZ8Jw_7PZrjjtyYjuZfj05KKyPjs2uOdnWY5JVmv3q4MSZEQLNlSUGwn-v2c",
      "kty": "RSA",
      "q": "wyMOhuEsh4RJq3Jl3q7aGeWlNINXFt-JDsKMMKL-1k1kpgyXXy7l0yRIU54FgDunWve2j2LxQfE5nqNupvl2pBNosW31cAUWNA8l48tNGcYd_FZNV-IfUG7k7qHgK0AYpVN3leo9xe7vhIC361YBYdmYjDsN16pz31gbSbvV7iU",
      "d": "qixWvFxoTagygzUid8iV_Pu42INyXDeDIjrGrGpY_moojG_DBpd8i9icSLyL_S2FfHvjOZ4gIpGSg1J36bzG2CforEp-W6lvyeTUoefhMWcZOJ-p2EIJ2CFxjzYlVQAem6icYcmCeKFt9OnlB6nbV8eRlwau3kM1rFSg8fG-aio67yByb-rsJQp8kA6gjyijRsbX3-J7-eMWB3J7fEZ7zZGLLWop1NQuV8q29yWwdp94P0fV1K46AUGf1O2niLIuCgargdF0psWVoD8F2B0gKvcuxCGsldAJ_QqqD4ztlMxAsMe8pHlWoSqbO2vYLcHmSHQgKoLxPqKXinY8-1t8GQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "8JhwzHIHy0b7khZhteCdMypvWERx3s9emYsXmPBgmCQ",
      "qi": "FwLnMc8OOUA_OKV5sGLdcIbWrWzYg6L5Qz0cNMI4ifuXdOU9meSVIx0hk_vFdkMRCVVN5hWJgScDSwGAq6_fTWQB44j3AsSoizu74aMkrQplm3uWJswEDHkCtzVmI2RxDJ1XjkWwzETbKuSaLTT_qlPkt_pHkIzUmIB6940vDbk",
      "dp": "BujKI1Y0w1hfT7qhRMv1oHahScwFLwZKWdaqURZ0kf1NAEPHOXw91HXkBFrGZNhvbGyHGRZP4QYSr2lJ-pRFc2y88lpoND4Pb7GGjkq5ywX7eNVtiCJMzaEiFQaV6xA65aiJemiuS-Fu6jPbKSIh-qWSYKN8rBrr8tz35oOu06E",
      "alg": "PS256",
      "dq": "HsdLxkiD_ogGGq27lakcq5MGQMcqmGf_tT1IYW-EJIcmhe5cfd3m0Cvb4Jx_H5_JINcLi4g-p3kF7pi2nk2gwfZxv_KpENcsjl-JSWnKqnMOTbvLDT6UU9p5743GzuuYN5N3vESrI6oxS0QGPm9dXnK01gGGiGrRRfweqb2f26U",
      "n": "wlkAv4Ub0vsZF0x5oaTCuZSO5h0SiMtjLGjpQhh_aYzav3-W46SiBicNknvaKOWrSvBszc4o1whOkqP-0ryAcrK5YJVei3GrtYUygeH0eCXFOnCZo8njKgrrXIa6PzhfhR692SJrI2hDTTdpOM6dninOfAdTHCeB1pESVUyaY6TUXeeFf7cNKAFG3TfH-ZPvQIylc_olmBKX4nUk8HcTJudTfUJ9NFd0DBLroC5cWgz1Q9LR7kJsuZ5aN-tfaZENQ7mUItW16cjgHHS3ChwFyuwY0AB3-2Ei1EW40DfhjDxEZpTAO9pDsWJUAbs9mb4rL8piYDGNDgWy82NXxXZr4w"
    }
  ]
}
2021-10-22 15:35:04 SUCCESS
LoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "email": "user@example.com",
  "email_verified": false
}
Verify configuration of first client
2021-10-22 15:35:04 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
client-id-openid-client-19x_eSCK1zeMp5IBU8EXi
scope
openid
redirect_uri
https://openid-client.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "7OvMThFjpNroR-Ec8a_b9jvfZy2qfZa-pz8uKmdRKTp8EjMm_nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl-Izgd_SDR8nfqY_MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI-pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus_95rvi7dC7SJ46WS2NjL83_Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGw",
      "kty": "RSA",
      "kid": "jIODs9qk6MnlyOLp_kZZyLewyRT5fcuYd6Pys0eRlsw",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvfZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIeCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwko4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIVwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3uQ+250YJ4f7wDTgvK1Y\u003d"
      ],
      "x5t": "2FzncZ0KUeSLhxcHMA9gFdtbCGQ",
      "x5t#S256": "yrwtej1ilpOSQRBiEHIKZhLJTgz0m6fBAA_4ykKC2G8"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvf
Zy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88w
Ct79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPo
T1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyN
L78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VH
gY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2
boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIe
CuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwk
o4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIV
wA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt
0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3
uQ+250YJ4f7wDTgvK1Y=
-----END CERTIFICATE-----
2021-10-22 15:35:04 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:35:04 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "7OvMThFjpNroR-Ec8a_b9jvfZy2qfZa-pz8uKmdRKTp8EjMm_nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl-Izgd_SDR8nfqY_MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI-pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus_95rvi7dC7SJ46WS2NjL83_Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGw",
      "kty": "RSA",
      "kid": "jIODs9qk6MnlyOLp_kZZyLewyRT5fcuYd6Pys0eRlsw",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvfZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIeCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwko4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIVwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3uQ+250YJ4f7wDTgvK1Y\u003d"
      ],
      "x5t": "2FzncZ0KUeSLhxcHMA9gFdtbCGQ",
      "x5t#S256": "yrwtej1ilpOSQRBiEHIKZhLJTgz0m6fBAA_4ykKC2G8"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "yrwtej1ilpOSQRBiEHIKZhLJTgz0m6fBAA_4ykKC2G8",
      "e": "AQAB",
      "x5t": "2FzncZ0KUeSLhxcHMA9gFdtbCGQ",
      "kid": "jIODs9qk6MnlyOLp_kZZyLewyRT5fcuYd6Pys0eRlsw",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvfZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIeCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwko4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIVwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3uQ+250YJ4f7wDTgvK1Y\u003d"
      ],
      "n": "7OvMThFjpNroR-Ec8a_b9jvfZy2qfZa-pz8uKmdRKTp8EjMm_nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl-Izgd_SDR8nfqY_MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI-pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus_95rvi7dC7SJ46WS2NjL83_Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGw"
    }
  ]
}
2021-10-22 15:35:04 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:35:04 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:35:04 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "7OvMThFjpNroR-Ec8a_b9jvfZy2qfZa-pz8uKmdRKTp8EjMm_nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl-Izgd_SDR8nfqY_MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI-pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus_95rvi7dC7SJ46WS2NjL83_Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGw",
      "kty": "RSA",
      "kid": "jIODs9qk6MnlyOLp_kZZyLewyRT5fcuYd6Pys0eRlsw",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvfZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIeCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwko4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIVwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3uQ+250YJ4f7wDTgvK1Y\u003d"
      ],
      "x5t": "2FzncZ0KUeSLhxcHMA9gFdtbCGQ",
      "x5t#S256": "yrwtej1ilpOSQRBiEHIKZhLJTgz0m6fBAA_4ykKC2G8"
    }
  ]
}
Verify configuration of second client
2021-10-22 15:35:04 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi
scope
openid
redirect_uri
https://openid-client2.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1_YcRpQa9LgXhb3E7Fy0M_2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3_4tI7YFqRb5Jlhw7au4cs47NY4qkQ-aZQ_sBhvwdDFyMwKbGPQFV-5A_kWdB2TqPSiSui99IL-9EvFrq_HgN34KO70-kSQjXMkYBw-VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf_SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX_NOgbi8fiB_s-fkn21TNE8Rf0pWsAV-MlUszJ2VTT0SJHdBpRwMDByPxJzr-xJRw",
      "kty": "RSA",
      "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/NOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNyYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4Ia2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIhIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAdwinxMEcYkV0E840v9E0\u003d"
      ],
      "x5t": "cWa8bD4VQXYYlMSfEJWqLmRdM0I",
      "x5t#S256": "lBDh5y9jfhCArwzI6P_XEWuxVaPFT2XAM9zjhWx4uZU"
    },
    {
      "e": "AQAB",
      "n": "s7VUd-v9_RSLaiLo_c22-Lb39wS9dmpAC_EE2XAnzHaBNoiA6K32QbcUDy8FghRPrJ-TIWN9IgLIO1rfGxp30PGQjcBc5x7yRcuOM0PlLiRH6gUCPitVZq2kvIf4B30Mxl6t320aWM2FHe1Tv8in4LjqBP6MrXzzCwqnDC3Zpgj652kCfOBFRXrurTezHaA23r54T2iInW-XfOD5bjKeFx6OWy9eBTibB3kqf4d_bxmB5qLMY_9A6G0px000icguFRqAUjOLUFKwaGep8qOOLCwXDq3_vft3ZiNGwTgQGUn28IAfjoHcc5gZGO176JnvsygDCzZuvkh32_6o4H-_jw",
      "kty": "RSA",
      "kid": "OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
id_token_encrypted_response_alg
RSA-OAEP-256
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z
lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs
W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A
/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8
susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N
Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy
YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I
a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh
IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON
+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+
xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd
winxMEcYkV0E840v9E0=
-----END CERTIFICATE-----
2021-10-22 15:35:04 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:35:04 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1_YcRpQa9LgXhb3E7Fy0M_2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3_4tI7YFqRb5Jlhw7au4cs47NY4qkQ-aZQ_sBhvwdDFyMwKbGPQFV-5A_kWdB2TqPSiSui99IL-9EvFrq_HgN34KO70-kSQjXMkYBw-VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf_SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX_NOgbi8fiB_s-fkn21TNE8Rf0pWsAV-MlUszJ2VTT0SJHdBpRwMDByPxJzr-xJRw",
      "kty": "RSA",
      "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/NOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNyYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4Ia2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIhIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAdwinxMEcYkV0E840v9E0\u003d"
      ],
      "x5t": "cWa8bD4VQXYYlMSfEJWqLmRdM0I",
      "x5t#S256": "lBDh5y9jfhCArwzI6P_XEWuxVaPFT2XAM9zjhWx4uZU"
    },
    {
      "e": "AQAB",
      "n": "s7VUd-v9_RSLaiLo_c22-Lb39wS9dmpAC_EE2XAnzHaBNoiA6K32QbcUDy8FghRPrJ-TIWN9IgLIO1rfGxp30PGQjcBc5x7yRcuOM0PlLiRH6gUCPitVZq2kvIf4B30Mxl6t320aWM2FHe1Tv8in4LjqBP6MrXzzCwqnDC3Zpgj652kCfOBFRXrurTezHaA23r54T2iInW-XfOD5bjKeFx6OWy9eBTibB3kqf4d_bxmB5qLMY_9A6G0px000icguFRqAUjOLUFKwaGep8qOOLCwXDq3_vft3ZiNGwTgQGUn28IAfjoHcc5gZGO176JnvsygDCzZuvkh32_6o4H-_jw",
      "kty": "RSA",
      "kid": "OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "lBDh5y9jfhCArwzI6P_XEWuxVaPFT2XAM9zjhWx4uZU",
      "e": "AQAB",
      "use": "sig",
      "x5t": "cWa8bD4VQXYYlMSfEJWqLmRdM0I",
      "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/NOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNyYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4Ia2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIhIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAdwinxMEcYkV0E840v9E0\u003d"
      ],
      "n": "1_YcRpQa9LgXhb3E7Fy0M_2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3_4tI7YFqRb5Jlhw7au4cs47NY4qkQ-aZQ_sBhvwdDFyMwKbGPQFV-5A_kWdB2TqPSiSui99IL-9EvFrq_HgN34KO70-kSQjXMkYBw-VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf_SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX_NOgbi8fiB_s-fkn21TNE8Rf0pWsAV-MlUszJ2VTT0SJHdBpRwMDByPxJzr-xJRw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4",
      "alg": "RSA-OAEP-256",
      "n": "s7VUd-v9_RSLaiLo_c22-Lb39wS9dmpAC_EE2XAnzHaBNoiA6K32QbcUDy8FghRPrJ-TIWN9IgLIO1rfGxp30PGQjcBc5x7yRcuOM0PlLiRH6gUCPitVZq2kvIf4B30Mxl6t320aWM2FHe1Tv8in4LjqBP6MrXzzCwqnDC3Zpgj652kCfOBFRXrurTezHaA23r54T2iInW-XfOD5bjKeFx6OWy9eBTibB3kqf4d_bxmB5qLMY_9A6G0px000icguFRqAUjOLUFKwaGep8qOOLCwXDq3_vft3ZiNGwTgQGUn28IAfjoHcc5gZGO176JnvsygDCzZuvkh32_6o4H-_jw"
    }
  ]
}
2021-10-22 15:35:04 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:35:04 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:35:04 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1_YcRpQa9LgXhb3E7Fy0M_2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3_4tI7YFqRb5Jlhw7au4cs47NY4qkQ-aZQ_sBhvwdDFyMwKbGPQFV-5A_kWdB2TqPSiSui99IL-9EvFrq_HgN34KO70-kSQjXMkYBw-VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf_SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX_NOgbi8fiB_s-fkn21TNE8Rf0pWsAV-MlUszJ2VTT0SJHdBpRwMDByPxJzr-xJRw",
      "kty": "RSA",
      "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/NOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNyYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4Ia2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIhIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAdwinxMEcYkV0E840v9E0\u003d"
      ],
      "x5t": "cWa8bD4VQXYYlMSfEJWqLmRdM0I",
      "x5t#S256": "lBDh5y9jfhCArwzI6P_XEWuxVaPFT2XAM9zjhWx4uZU"
    },
    {
      "e": "AQAB",
      "n": "s7VUd-v9_RSLaiLo_c22-Lb39wS9dmpAC_EE2XAnzHaBNoiA6K32QbcUDy8FghRPrJ-TIWN9IgLIO1rfGxp30PGQjcBc5x7yRcuOM0PlLiRH6gUCPitVZq2kvIf4B30Mxl6t320aWM2FHe1Tv8in4LjqBP6MrXzzCwqnDC3Zpgj652kCfOBFRXrurTezHaA23r54T2iInW-XfOD5bjKeFx6OWy9eBTibB3kqf4d_bxmB5qLMY_9A6G0px000icguFRqAUjOLUFKwaGep8qOOLCwXDq3_vft3ZiNGwTgQGUn28IAfjoHcc5gZGO176JnvsygDCzZuvkh32_6o4H-_jw",
      "kty": "RSA",
      "kid": "OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
2021-10-22 15:35:04 SUCCESS
FAPIEnsureClientJwksContainsAnEncryptionKey
Found an encryption key in client jwks
kid
OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4
algorithm
RSA-OAEP-256
2021-10-22 15:35:04
fapi1-advanced-final-client-test-encrypted-idtoken-usingrsa15
Setup Done
2021-10-22 15:35:04 INCOMING
fapi1-advanced-final-client-test-encrypted-idtoken-usingrsa15
Incoming HTTP request to test instance WU3OjM6vDfQBAvr
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:35:04 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:35:04 OUTGOING
fapi1-advanced-final-client-test-encrypted-idtoken-usingrsa15
Response to HTTP request to test instance WU3OjM6vDfQBAvr
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-19x_eSCK1zeMp5IBU8EXi/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/userinfo",
  "token_endpoint_auth_methods_supported": [
    "tls_client_auth"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-19x_eSCK1zeMp5IBU8EXi/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code id_token"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256",
    "ES256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-10-22 15:35:05 INCOMING
fapi1-advanced-final-client-test-encrypted-idtoken-usingrsa15
Incoming HTTP request to test instance WU3OjM6vDfQBAvr
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A /kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8 susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON +S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+ xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd winxMEcYkV0E840v9E0\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "content-length": "1499",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
par
incoming_body_form_params
{
  "request": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJJWGlFUFVsVlVtQTV5S1JIUkRKQkg2NFJqVDNVM2xGckQ0ZEh2SkRKZ0JrIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQyLmxvY2FsL2NiIiwic2NvcGUiOiJvcGVuaWQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInN0YXRlIjoieERjR0RxT01MeFluTmxnSk4zRTd2R1N1d1JxV3NaM2lsNGFjRlFmelBlZyIsIm5vbmNlIjoiWG5zNy1EOGhFNV9UY0xOQW1vQXI5SFBUQjJmYVVjcUxOekp3NWNYemIxYyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsiZXNzZW50aWFsIjp0cnVlLCJ2YWx1ZXMiOlsidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwidXJuOm9wZW5iYW5raW5nOnBzZDI6Y2EiXX19fSwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiOWplbDg5WFVXdTFrR2dmR0VqQU1Ka0hpY2pMeXZLRlRYTUV1UWdYOS1EYyIsImlzcyI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtMTl4X2VTQ0sxemVNcDVJQlU4RVhpLyIsImNsaWVudF9pZCI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJqdGkiOiI4bmdDaTZ3OVplVnBTX1pnejNReTFqUG9qeS13b3htenJFYkNrajRLb184IiwiaWF0IjoxNjM0OTE2OTA1LCJleHAiOjE2MzQ5MTcyMDUsIm5iZiI6MTYzNDkxNjkwNX0.hE15LCUnsgDySaYI-N4VWXPIMQyeVbpqH6e52PAvE79QtUAx9Je42_yZL-bmX8saFnDiIneaUD4oztNwYGYFsECuywmkEgrWCpKXdZnVqqAn5QRGeFfTyIaW9CD9tiDbYt6noImVP6WDePxVFIC6tLHVHBUopk-uDCNTWXklwZ6m0BAhpJy4jDxMYpOCR0OLt4BPYhJwMFIDPjztizv1f1OkysCXGm2ubVvG33YithX4hXs1DpKvIQ5ZU-J47KALjwNwsf5FwkQiIAZKKIcwduV-PALwO6gaGzdi7U2B6tj0E5Wbm2WyCwmZtmhbekuVU1FOTx-Gl5W9m5eI4jDxqA",
  "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
request=eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJJWGlFUFVsVlVtQTV5S1JIUkRKQkg2NFJqVDNVM2xGckQ0ZEh2SkRKZ0JrIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQyLmxvY2FsL2NiIiwic2NvcGUiOiJvcGVuaWQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInN0YXRlIjoieERjR0RxT01MeFluTmxnSk4zRTd2R1N1d1JxV3NaM2lsNGFjRlFmelBlZyIsIm5vbmNlIjoiWG5zNy1EOGhFNV9UY0xOQW1vQXI5SFBUQjJmYVVjcUxOekp3NWNYemIxYyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsiZXNzZW50aWFsIjp0cnVlLCJ2YWx1ZXMiOlsidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwidXJuOm9wZW5iYW5raW5nOnBzZDI6Y2EiXX19fSwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiOWplbDg5WFVXdTFrR2dmR0VqQU1Ka0hpY2pMeXZLRlRYTUV1UWdYOS1EYyIsImlzcyI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtMTl4X2VTQ0sxemVNcDVJQlU4RVhpLyIsImNsaWVudF9pZCI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJqdGkiOiI4bmdDaTZ3OVplVnBTX1pnejNReTFqUG9qeS13b3htenJFYkNrajRLb184IiwiaWF0IjoxNjM0OTE2OTA1LCJleHAiOjE2MzQ5MTcyMDUsIm5iZiI6MTYzNDkxNjkwNX0.hE15LCUnsgDySaYI-N4VWXPIMQyeVbpqH6e52PAvE79QtUAx9Je42_yZL-bmX8saFnDiIneaUD4oztNwYGYFsECuywmkEgrWCpKXdZnVqqAn5QRGeFfTyIaW9CD9tiDbYt6noImVP6WDePxVFIC6tLHVHBUopk-uDCNTWXklwZ6m0BAhpJy4jDxMYpOCR0OLt4BPYhJwMFIDPjztizv1f1OkysCXGm2ubVvG33YithX4hXs1DpKvIQ5ZU-J47KALjwNwsf5FwkQiIAZKKIcwduV-PALwO6gaGzdi7U2B6tj0E5Wbm2WyCwmZtmhbekuVU1FOTx-Gl5W9m5eI4jDxqA&client_id=client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi
2021-10-22 15:35:05 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
PAR endpoint
2021-10-22 15:35:05 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A /kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8 susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON +S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+ xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd winxMEcYkV0E840v9E0\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z\nlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs\nW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A\n/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8\nsusKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N\nOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy\nYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I\na2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh\nIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON\n+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+\nxyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd\nwinxMEcYkV0E840v9E0\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:35:05 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:35:05 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z
lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs
W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A
/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8
susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N
Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy
YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I
a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh
IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON
+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+
xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd
winxMEcYkV0E840v9E0=
-----END CERTIFICATE-----
2021-10-22 15:35:05 SUCCESS
EnsureNoClientAssertionSentToTokenEndpoint
Client did not send a client_assertion to token endpoint
2021-10-22 15:35:05 SUCCESS
ExtractRequestObjectFromPAREndpointRequest
Parsed request object
request_object
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJJWGlFUFVsVlVtQTV5S1JIUkRKQkg2NFJqVDNVM2xGckQ0ZEh2SkRKZ0JrIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQyLmxvY2FsL2NiIiwic2NvcGUiOiJvcGVuaWQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInN0YXRlIjoieERjR0RxT01MeFluTmxnSk4zRTd2R1N1d1JxV3NaM2lsNGFjRlFmelBlZyIsIm5vbmNlIjoiWG5zNy1EOGhFNV9UY0xOQW1vQXI5SFBUQjJmYVVjcUxOekp3NWNYemIxYyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsiZXNzZW50aWFsIjp0cnVlLCJ2YWx1ZXMiOlsidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwidXJuOm9wZW5iYW5raW5nOnBzZDI6Y2EiXX19fSwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiOWplbDg5WFVXdTFrR2dmR0VqQU1Ka0hpY2pMeXZLRlRYTUV1UWdYOS1EYyIsImlzcyI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtMTl4X2VTQ0sxemVNcDVJQlU4RVhpLyIsImNsaWVudF9pZCI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJqdGkiOiI4bmdDaTZ3OVplVnBTX1pnejNReTFqUG9qeS13b3htenJFYkNrajRLb184IiwiaWF0IjoxNjM0OTE2OTA1LCJleHAiOjE2MzQ5MTcyMDUsIm5iZiI6MTYzNDkxNjkwNX0.hE15LCUnsgDySaYI-N4VWXPIMQyeVbpqH6e52PAvE79QtUAx9Je42_yZL-bmX8saFnDiIneaUD4oztNwYGYFsECuywmkEgrWCpKXdZnVqqAn5QRGeFfTyIaW9CD9tiDbYt6noImVP6WDePxVFIC6tLHVHBUopk-uDCNTWXklwZ6m0BAhpJy4jDxMYpOCR0OLt4BPYhJwMFIDPjztizv1f1OkysCXGm2ubVvG33YithX4hXs1DpKvIQ5ZU-J47KALjwNwsf5FwkQiIAZKKIcwduV-PALwO6gaGzdi7U2B6tj0E5Wbm2WyCwmZtmhbekuVU1FOTx-Gl5W9m5eI4jDxqA",
  "header": {
    "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
    "typ": "oauth-authz-req+jwt",
    "alg": "PS256"
  },
  "claims": {
    "iss": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
    "response_type": "code id_token",
    "code_challenge_method": "S256",
    "nonce": "Xns7-D8hE5_TcLNAmoAr9HPTB2faUcqLNzJw5cXzb1c",
    "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
    "aud": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
    "nbf": 1634916905,
    "scope": "openid",
    "claims": {
      "id_token": {
        "acr": {
          "values": [
            "urn:openbanking:psd2:sca",
            "urn:openbanking:psd2:ca"
          ],
          "essential": true
        }
      }
    },
    "redirect_uri": "https://openid-client2.local/cb",
    "state": "xDcGDqOMLxYnNlgJN3E7vGSuwRqWsZ3il4acFQfzPeg",
    "exp": 1634917205,
    "iat": 1634916905,
    "code_challenge": "9jel89XUWu1kGgfGEjAMJkHicjLyvKFTXMEuQgX9-Dc",
    "jti": "8ngCi6w9ZeVpS_Zgz3Qy1jPojy-woxmzrEbCkj4Ko_8"
  }
}
2021-10-22 15:35:05 SUCCESS
EnsurePAREndpointRequestDoesNotContainRequestUriParameter
PAR endpoint request does not contain a request_uri parameter
2021-10-22 15:35:05 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:35:05 SUCCESS
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
alg
PS256
2021-10-22 15:35:05 SUCCESS
FAPIValidateRequestObjectIdTokenACRClaims
Acr value in request object is as expected
received
[
  "urn:openbanking:psd2:sca",
  "urn:openbanking:psd2:ca"
]
2021-10-22 15:35:05 SUCCESS
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
exp
"Oct 22, 2021, 3:40:05 PM"
2021-10-22 15:35:05 SUCCESS
FAPI1AdvancedValidateRequestObjectNBFClaim
nbf claim is valid
nbf
"Oct 22, 2021, 3:35:05 PM"
now
"Oct 22, 2021, 3:35:05 PM"
2021-10-22 15:35:05
ValidateRequestObjectClaims
Request object does not contain a max_age claim
2021-10-22 15:35:05 SUCCESS
ValidateRequestObjectClaims
Request object claims passed all validation checks
2021-10-22 15:35:05 SUCCESS
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
numeric_claims
[
  "max_age"
]
2021-10-22 15:35:05 SUCCESS
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
2021-10-22 15:35:05 SUCCESS
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
2021-10-22 15:35:05 SUCCESS
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
request_object
eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJJWGlFUFVsVlVtQTV5S1JIUkRKQkg2NFJqVDNVM2xGckQ0ZEh2SkRKZ0JrIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQyLmxvY2FsL2NiIiwic2NvcGUiOiJvcGVuaWQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInN0YXRlIjoieERjR0RxT01MeFluTmxnSk4zRTd2R1N1d1JxV3NaM2lsNGFjRlFmelBlZyIsIm5vbmNlIjoiWG5zNy1EOGhFNV9UY0xOQW1vQXI5SFBUQjJmYVVjcUxOekp3NWNYemIxYyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsiZXNzZW50aWFsIjp0cnVlLCJ2YWx1ZXMiOlsidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwidXJuOm9wZW5iYW5raW5nOnBzZDI6Y2EiXX19fSwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiOWplbDg5WFVXdTFrR2dmR0VqQU1Ka0hpY2pMeXZLRlRYTUV1UWdYOS1EYyIsImlzcyI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtMTl4X2VTQ0sxemVNcDVJQlU4RVhpLyIsImNsaWVudF9pZCI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJqdGkiOiI4bmdDaTZ3OVplVnBTX1pnejNReTFqUG9qeS13b3htenJFYkNrajRLb184IiwiaWF0IjoxNjM0OTE2OTA1LCJleHAiOjE2MzQ5MTcyMDUsIm5iZiI6MTYzNDkxNjkwNX0.hE15LCUnsgDySaYI-N4VWXPIMQyeVbpqH6e52PAvE79QtUAx9Je42_yZL-bmX8saFnDiIneaUD4oztNwYGYFsECuywmkEgrWCpKXdZnVqqAn5QRGeFfTyIaW9CD9tiDbYt6noImVP6WDePxVFIC6tLHVHBUopk-uDCNTWXklwZ6m0BAhpJy4jDxMYpOCR0OLt4BPYhJwMFIDPjztizv1f1OkysCXGm2ubVvG33YithX4hXs1DpKvIQ5ZU-J47KALjwNwsf5FwkQiIAZKKIcwduV-PALwO6gaGzdi7U2B6tj0E5Wbm2WyCwmZtmhbekuVU1FOTx-Gl5W9m5eI4jDxqA
request_object_signing_alg
PS256
jwk
Sun RSA public key, 2048 bits
  params: null
  modulus: 27262597154763989305055148815711488269157481743720755702240380843367797319870798189527908197243336359983630974065803071153487768932551258551950042469026189824307749998085354643295033515047035174967001629550505655094917380571522302455920218031655592404236843639102849057608963971356125362772698646367564181391388595189588459839262327403830357952158890465842995647639008047535976439759573164077601685521718065777840262201742407472930266003592124839170802923787978992169646750032689255276252558129832339759175311876194099675409734888361574980482164660350660340919239422570653089937131562421726778179414553698438581340487
  public exponent: 65537
2021-10-22 15:35:05 SUCCESS
EnsureMatchingRedirectUriInRequestObject
Redirect URI matched
actual
https://openid-client2.local/cb
2021-10-22 15:35:05 SUCCESS
EnsureRequestObjectContainsCodeChallengeWhenUsingPAR
Found required PKCE parameters in request
code_challenge_method
S256
code_challenge
9jel89XUWu1kGgfGEjAMJkHicjLyvKFTXMEuQgX9-Dc
2021-10-22 15:35:05 SUCCESS
CreatePAREndpointResponse
Created PAR endpoint response
request_uri
urn:ietf:params:oauth:request_uri:ef410beb-85ba-499e-9e79-e083757bc08a
expires_in
600
2021-10-22 15:35:05 OUTGOING
fapi1-advanced-final-client-test-encrypted-idtoken-usingrsa15
Response to HTTP request to test instance WU3OjM6vDfQBAvr
outgoing_status_code
201
outgoing_headers
{}
outgoing_body
{
  "request_uri": "urn:ietf:params:oauth:request_uri:ef410beb-85ba-499e-9e79-e083757bc08a",
  "expires_in": 600
}
outgoing_path
par
2021-10-22 15:35:06 INCOMING
fapi1-advanced-final-client-test-encrypted-idtoken-usingrsa15
Incoming HTTP request to test instance WU3OjM6vDfQBAvr
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "got (https://github.com/sindresorhus/got)",
  "accept-encoding": "gzip, deflate, br",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "scope": "openid",
  "response_type": "code id_token",
  "redirect_uri": "https://openid-client2.local/cb",
  "request_uri": "urn:ietf:params:oauth:request_uri:ef410beb-85ba-499e-9e79-e083757bc08a"
}
incoming_body
2021-10-22 15:35:06 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Authorization endpoint
2021-10-22 15:35:06 SUCCESS
EnsureAuthorizationRequestDoesNotContainRequestWhenUsingPAR
Request does not contain a request parameter
2021-10-22 15:35:06 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:35:06 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "scope": "openid",
  "response_type": "code id_token",
  "redirect_uri": "https://openid-client2.local/cb",
  "iss": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "code_challenge_method": "S256",
  "nonce": "Xns7-D8hE5_TcLNAmoAr9HPTB2faUcqLNzJw5cXzb1c",
  "aud": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "nbf": 1634916905,
  "claims": {
    "id_token": {
      "acr": {
        "values": [
          "urn:openbanking:psd2:sca",
          "urn:openbanking:psd2:ca"
        ],
        "essential": true
      }
    }
  },
  "state": "xDcGDqOMLxYnNlgJN3E7vGSuwRqWsZ3il4acFQfzPeg",
  "exp": 1634917205,
  "iat": 1634916905,
  "code_challenge": "9jel89XUWu1kGgfGEjAMJkHicjLyvKFTXMEuQgX9-Dc",
  "jti": "8ngCi6w9ZeVpS_Zgz3Qy1jPojy-woxmzrEbCkj4Ko_8"
}
2021-10-22 15:35:06 SUCCESS
EnsureClientIdInAuthorizationRequestParametersMatchRequestObject
client_id http request parameter value matches client_id in request object
2021-10-22 15:35:06 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid
2021-10-22 15:35:06 SUCCESS
EnsureRequestedScopeIsEqualToConfiguredScope
Requested scopes match configured scopes
scope
openid
2021-10-22 15:35:06 SUCCESS
EnsureResponseTypeIsCodeIdToken
Response type is expected value
expected
code id_token
2021-10-22 15:35:06 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid"
]
expected
openid
2021-10-22 15:35:06 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi
2021-10-22 15:35:06 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
f5JlsK5paKRllmBB9mRdmgQmYXt9hzun
2021-10-22 15:35:06 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
Xns7-D8hE5_TcLNAmoAr9HPTB2faUcqLNzJw5cXzb1c
2021-10-22 15:35:06 SUCCESS
CalculateCHash
Successful c_hash encoding
c_hash
PpqPPcGA-1rcNMGiswhD2w
2021-10-22 15:35:06 SUCCESS
CalculateSHash
Successful s_hash encoding
s_hash
k5ep4gKj5uXhrI8PetTfHQ
2021-10-22 15:35:06 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/
sub
user-subject-1234531
aud
client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi
nonce
Xns7-D8hE5_TcLNAmoAr9HPTB2faUcqLNzJw5cXzb1c
iat
1634916906
exp
1634917206
2021-10-22 15:35:06 SUCCESS
AddCHashToIdTokenClaims
Added c_hash to ID token claims
c_hash
PpqPPcGA-1rcNMGiswhD2w
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "sub": "user-subject-1234531",
  "aud": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "nonce": "Xns7-D8hE5_TcLNAmoAr9HPTB2faUcqLNzJw5cXzb1c",
  "iat": 1634916906,
  "exp": 1634917206,
  "c_hash": "PpqPPcGA-1rcNMGiswhD2w"
}
2021-10-22 15:35:06 SUCCESS
AddSHashToIdTokenClaims
Added s_hash to ID token claims
s_hash
k5ep4gKj5uXhrI8PetTfHQ
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "sub": "user-subject-1234531",
  "aud": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "nonce": "Xns7-D8hE5_TcLNAmoAr9HPTB2faUcqLNzJw5cXzb1c",
  "iat": 1634916906,
  "exp": 1634917206,
  "c_hash": "PpqPPcGA-1rcNMGiswhD2w",
  "s_hash": "k5ep4gKj5uXhrI8PetTfHQ"
}
2021-10-22 15:35:06 INFO
AddAtHashToIdTokenClaims
Skipped evaluation due to missing required string: at_hash
expected
at_hash
2021-10-22 15:35:06 SUCCESS
AddACRClaimToIdTokenClaims
Added acr value to id_token_claims
acr_value
urn:openbanking:psd2:sca
claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "sub": "user-subject-1234531",
  "aud": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "nonce": "Xns7-D8hE5_TcLNAmoAr9HPTB2faUcqLNzJw5cXzb1c",
  "iat": 1634916906,
  "exp": 1634917206,
  "c_hash": "PpqPPcGA-1rcNMGiswhD2w",
  "s_hash": "k5ep4gKj5uXhrI8PetTfHQ",
  "acr": "urn:openbanking:psd2:sca"
}
2021-10-22 15:35:06 SUCCESS
SignIdToken
Signed the ID token
id_token
eyJraWQiOiI4Smh3ekhJSHkwYjdraFpodGVDZE15cHZXRVJ4M3M5ZW1Zc1htUEJnbUNRIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJ1c2VyLXN1YmplY3QtMTIzNDUzMSIsImF1ZCI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJjX2hhc2giOiJQcHFQUGNHQS0xcmNOTUdpc3doRDJ3IiwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwic19oYXNoIjoiazVlcDRnS2o1dVhockk4UGV0VGZIUSIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9vcGVuaWQtY2xpZW50LTE5eF9lU0NLMXplTXA1SUJVOEVYaVwvIiwiZXhwIjoxNjM0OTE3MjA2LCJub25jZSI6IlhuczctRDhoRTVfVGNMTkFtb0FyOUhQVEIyZmFVY3FMTnpKdzVjWHpiMWMiLCJpYXQiOjE2MzQ5MTY5MDZ9.WdPMzAhfmGj4j4V0xsEP8qjFwD3the8upGr4iAbSyaJpzC4SquvZXPwTbS2EMvLVgX7rftNufgVf9KwTmpB1qQUpsR-zCaPU-WXA8EViNffqvOZTQII96ErKjCpxIi0oATOcyS-0z0E54Ib7T2m0DtdnG2SMGe4GEnZ4YdRcT5QDB9HtRvRFzf5ynAqGciOt3Ofz1Y7_fvK9li39Dt3QW4Bz4x9PYblEcdOSWUdyE7C6v6lmNPoOuYmIUjVPHdWYAmDLZG0azMkfrl0lxoXMTMhWq1A-lZyJiLx6-CV6w4_wDRdSDoXNR_ljwZ3MPe8vQx_-z8cLOvBWgL_3hoG9qg
2021-10-22 15:35:06
ChangeIdTokenEncryptedResponseAlgToRSA15
Changed id_token_encrypted_response_alg to RSA1_5
2021-10-22 15:35:06
EncryptIdToken
Encrypted the id token
id_token_encrypted_response_alg
RSA1_5
id_token_encrypted_response_enc
id_token
eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQTFfNSJ9.bS6CQN-vQbRDpHWyGUmP-nWMg_jTzDhHdWw55N3tNf_D5gNPTsUiUOEYtoJmNFhyInMPVOWTIef6sAMrgOuJDHxJJZ1ucsM3QNjSCaHyCAb1qapfi3YP1ALBq3ObB5hetzIJ56Km-IcJ6Igl0NwuCUwEMYKy_yRchiug5o0_sdBDemQUs_Rk5VRrkJpntn-LEPgafnxnwGRtPoLi-P5vX3T63UrqW-h2t3NVuDUN5ieW3vE67nzhyuKJ69GyXBVf90-r4Vdv04g0wuFileABmpnY-uEgm3RBsQcNJqhlpZgUrlka6ZCaaEmTFxN10XM-le6byXkHcJ3afClDhAPikg.YscZNZtGeTiSZh1ZAHjqWg.RVpB_PwXAA4J5h-qRqSx4rs8zu3FYBDWtdeULs5eBZGG0jluUIx7cLYQJD2kA4fNt0c1hzemEXdWZ-oF1MD28m2pvisIYlr2f2GgxWGr3cl4c3mumPvX4Mn1nEhen2R3d2xtS4D_cnXe_1Rl3ugNVJlCWCELJv8OYNZBBTc6FqOlTHftf1wPHbT3ypz2CYIjIXL61lAnqsiGdLlhg2oFvSsX7cxKJFUMY-Cwqz4w-FHjVfURXV0G3MILMKFpHdo2TWUkb46WnBgTw2dYpdgU8FYrCcm0N_1bcleCjghfOEiWw5XjVN9PiJir3SdDWrsZ7b3l9bOHl4tHjXv_L4vXyc7IKP919zU7E1s330g8yK5gybvRpRQDYetGxt31muxSAZoXpj8_0QAa9DcMihmfJroy93Bo1WYMb4Pxfzxs9fUmbD3yA7M4D6lcGdmeOUq6K5z8TJ8zgUGPERYax8bAbgA5z0oyZNVJGf0k2cJ-oAIAu46Qn2dT5j5YXcrcV3caRB83v2gr_Bc03fxPSxr3KYLdzSUBi-XXVGRZMKIFuMJZsDtBd_0ThFlSBNsIa8ZqcQOOeidImkK6wXWHbnKZfyOo8CT71wuU7FpmEVULgd9NGuUGPDNHpqws7YGBb9i3AvVL4CcLt4sMJL-s5np9mBfl_i7tdpQwEOgSPb9dODeZ_B64TcQZid82EfHfh8miPx2m5l6uojEql2O5s0lFetIfLkVI6ppbwlaUDZAFYKuOYCWxc3zfc47P5ej-Iwd_q-i2jbgxiCb6DQr9rtjNFNGilo15llOTvSWiOTgC5JP_V4M5slw89f9PWTS1akQu_t5GELFPolzRPBQXa7ZOWgDrBdwwbLz43lAg04MGmeou9Fh6aPcwJpAQt4tX-G69yYPuLMlIXFZWUhssGiixG6ibCnRVE3hgOMWpQs7F4Fa5sV7Y9DnWLgdHhH0cPNVhjW342zWjbZ1TwAiqJRahdMYR51B_yH0gsHxwEmGlSIMyYI0vYkHGm08WaMyaAMRmMsF0rrwUsfGFq34ZNp7_UPbZ_6H_QMhNh_44kObc0alwfn9SSQRp_Ma87CuU33Z4nuDziWbonAxnO4Qo8VqGMdBq0Rj09Fe-K5KZhLRW1WQtsxD8WPWrkT01yhajjUavMwKF0Gnke88BMZ023HP37bFphHY9TRiyXQ8KvLogbWYjtBMBatu9_5cGNFmf50GObsOyTytPR_VmqeYoxpwNyg.xBA7vPwgbq1nJWCAhengOA
2021-10-22 15:35:06 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://openid-client2.local/cb",
  "state": "xDcGDqOMLxYnNlgJN3E7vGSuwRqWsZ3il4acFQfzPeg"
}
2021-10-22 15:35:06 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://openid-client2.local/cb",
  "state": "xDcGDqOMLxYnNlgJN3E7vGSuwRqWsZ3il4acFQfzPeg",
  "code": "f5JlsK5paKRllmBB9mRdmgQmYXt9hzun"
}
2021-10-22 15:35:06 SUCCESS
AddIdTokenToAuthorizationEndpointResponseParams
Added id_token to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://openid-client2.local/cb",
  "state": "xDcGDqOMLxYnNlgJN3E7vGSuwRqWsZ3il4acFQfzPeg",
  "code": "f5JlsK5paKRllmBB9mRdmgQmYXt9hzun",
  "id_token": "eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQTFfNSJ9.bS6CQN-vQbRDpHWyGUmP-nWMg_jTzDhHdWw55N3tNf_D5gNPTsUiUOEYtoJmNFhyInMPVOWTIef6sAMrgOuJDHxJJZ1ucsM3QNjSCaHyCAb1qapfi3YP1ALBq3ObB5hetzIJ56Km-IcJ6Igl0NwuCUwEMYKy_yRchiug5o0_sdBDemQUs_Rk5VRrkJpntn-LEPgafnxnwGRtPoLi-P5vX3T63UrqW-h2t3NVuDUN5ieW3vE67nzhyuKJ69GyXBVf90-r4Vdv04g0wuFileABmpnY-uEgm3RBsQcNJqhlpZgUrlka6ZCaaEmTFxN10XM-le6byXkHcJ3afClDhAPikg.YscZNZtGeTiSZh1ZAHjqWg.RVpB_PwXAA4J5h-qRqSx4rs8zu3FYBDWtdeULs5eBZGG0jluUIx7cLYQJD2kA4fNt0c1hzemEXdWZ-oF1MD28m2pvisIYlr2f2GgxWGr3cl4c3mumPvX4Mn1nEhen2R3d2xtS4D_cnXe_1Rl3ugNVJlCWCELJv8OYNZBBTc6FqOlTHftf1wPHbT3ypz2CYIjIXL61lAnqsiGdLlhg2oFvSsX7cxKJFUMY-Cwqz4w-FHjVfURXV0G3MILMKFpHdo2TWUkb46WnBgTw2dYpdgU8FYrCcm0N_1bcleCjghfOEiWw5XjVN9PiJir3SdDWrsZ7b3l9bOHl4tHjXv_L4vXyc7IKP919zU7E1s330g8yK5gybvRpRQDYetGxt31muxSAZoXpj8_0QAa9DcMihmfJroy93Bo1WYMb4Pxfzxs9fUmbD3yA7M4D6lcGdmeOUq6K5z8TJ8zgUGPERYax8bAbgA5z0oyZNVJGf0k2cJ-oAIAu46Qn2dT5j5YXcrcV3caRB83v2gr_Bc03fxPSxr3KYLdzSUBi-XXVGRZMKIFuMJZsDtBd_0ThFlSBNsIa8ZqcQOOeidImkK6wXWHbnKZfyOo8CT71wuU7FpmEVULgd9NGuUGPDNHpqws7YGBb9i3AvVL4CcLt4sMJL-s5np9mBfl_i7tdpQwEOgSPb9dODeZ_B64TcQZid82EfHfh8miPx2m5l6uojEql2O5s0lFetIfLkVI6ppbwlaUDZAFYKuOYCWxc3zfc47P5ej-Iwd_q-i2jbgxiCb6DQr9rtjNFNGilo15llOTvSWiOTgC5JP_V4M5slw89f9PWTS1akQu_t5GELFPolzRPBQXa7ZOWgDrBdwwbLz43lAg04MGmeou9Fh6aPcwJpAQt4tX-G69yYPuLMlIXFZWUhssGiixG6ibCnRVE3hgOMWpQs7F4Fa5sV7Y9DnWLgdHhH0cPNVhjW342zWjbZ1TwAiqJRahdMYR51B_yH0gsHxwEmGlSIMyYI0vYkHGm08WaMyaAMRmMsF0rrwUsfGFq34ZNp7_UPbZ_6H_QMhNh_44kObc0alwfn9SSQRp_Ma87CuU33Z4nuDziWbonAxnO4Qo8VqGMdBq0Rj09Fe-K5KZhLRW1WQtsxD8WPWrkT01yhajjUavMwKF0Gnke88BMZ023HP37bFphHY9TRiyXQ8KvLogbWYjtBMBatu9_5cGNFmf50GObsOyTytPR_VmqeYoxpwNyg.xBA7vPwgbq1nJWCAhengOA"
}
2021-10-22 15:35:06
SendAuthorizationResponseWithResponseModeFragment
Redirecting back to client
uri
https://openid-client2.local/cb#state=xDcGDqOMLxYnNlgJN3E7vGSuwRqWsZ3il4acFQfzPeg&code=f5JlsK5paKRllmBB9mRdmgQmYXt9hzun&id_token=eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQTFfNSJ9.bS6CQN-vQbRDpHWyGUmP-nWMg_jTzDhHdWw55N3tNf_D5gNPTsUiUOEYtoJmNFhyInMPVOWTIef6sAMrgOuJDHxJJZ1ucsM3QNjSCaHyCAb1qapfi3YP1ALBq3ObB5hetzIJ56Km-IcJ6Igl0NwuCUwEMYKy_yRchiug5o0_sdBDemQUs_Rk5VRrkJpntn-LEPgafnxnwGRtPoLi-P5vX3T63UrqW-h2t3NVuDUN5ieW3vE67nzhyuKJ69GyXBVf90-r4Vdv04g0wuFileABmpnY-uEgm3RBsQcNJqhlpZgUrlka6ZCaaEmTFxN10XM-le6byXkHcJ3afClDhAPikg.YscZNZtGeTiSZh1ZAHjqWg.RVpB_PwXAA4J5h-qRqSx4rs8zu3FYBDWtdeULs5eBZGG0jluUIx7cLYQJD2kA4fNt0c1hzemEXdWZ-oF1MD28m2pvisIYlr2f2GgxWGr3cl4c3mumPvX4Mn1nEhen2R3d2xtS4D_cnXe_1Rl3ugNVJlCWCELJv8OYNZBBTc6FqOlTHftf1wPHbT3ypz2CYIjIXL61lAnqsiGdLlhg2oFvSsX7cxKJFUMY-Cwqz4w-FHjVfURXV0G3MILMKFpHdo2TWUkb46WnBgTw2dYpdgU8FYrCcm0N_1bcleCjghfOEiWw5XjVN9PiJir3SdDWrsZ7b3l9bOHl4tHjXv_L4vXyc7IKP919zU7E1s330g8yK5gybvRpRQDYetGxt31muxSAZoXpj8_0QAa9DcMihmfJroy93Bo1WYMb4Pxfzxs9fUmbD3yA7M4D6lcGdmeOUq6K5z8TJ8zgUGPERYax8bAbgA5z0oyZNVJGf0k2cJ-oAIAu46Qn2dT5j5YXcrcV3caRB83v2gr_Bc03fxPSxr3KYLdzSUBi-XXVGRZMKIFuMJZsDtBd_0ThFlSBNsIa8ZqcQOOeidImkK6wXWHbnKZfyOo8CT71wuU7FpmEVULgd9NGuUGPDNHpqws7YGBb9i3AvVL4CcLt4sMJL-s5np9mBfl_i7tdpQwEOgSPb9dODeZ_B64TcQZid82EfHfh8miPx2m5l6uojEql2O5s0lFetIfLkVI6ppbwlaUDZAFYKuOYCWxc3zfc47P5ej-Iwd_q-i2jbgxiCb6DQr9rtjNFNGilo15llOTvSWiOTgC5JP_V4M5slw89f9PWTS1akQu_t5GELFPolzRPBQXa7ZOWgDrBdwwbLz43lAg04MGmeou9Fh6aPcwJpAQt4tX-G69yYPuLMlIXFZWUhssGiixG6ibCnRVE3hgOMWpQs7F4Fa5sV7Y9DnWLgdHhH0cPNVhjW342zWjbZ1TwAiqJRahdMYR51B_yH0gsHxwEmGlSIMyYI0vYkHGm08WaMyaAMRmMsF0rrwUsfGFq34ZNp7_UPbZ_6H_QMhNh_44kObc0alwfn9SSQRp_Ma87CuU33Z4nuDziWbonAxnO4Qo8VqGMdBq0Rj09Fe-K5KZhLRW1WQtsxD8WPWrkT01yhajjUavMwKF0Gnke88BMZ023HP37bFphHY9TRiyXQ8KvLogbWYjtBMBatu9_5cGNFmf50GObsOyTytPR_VmqeYoxpwNyg.xBA7vPwgbq1nJWCAhengOA
2021-10-22 15:35:06 OUTGOING
fapi1-advanced-final-client-test-encrypted-idtoken-usingrsa15
Response to HTTP request to test instance WU3OjM6vDfQBAvr
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://openid-client2.local/cb#state=xDcGDqOMLxYnNlgJN3E7vGSuwRqWsZ3il4acFQfzPeg&code=f5JlsK5paKRllmBB9mRdmgQmYXt9hzun&id_token=eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQTFfNSJ9.bS6CQN-vQbRDpHWyGUmP-nWMg_jTzDhHdWw55N3tNf_D5gNPTsUiUOEYtoJmNFhyInMPVOWTIef6sAMrgOuJDHxJJZ1ucsM3QNjSCaHyCAb1qapfi3YP1ALBq3ObB5hetzIJ56Km-IcJ6Igl0NwuCUwEMYKy_yRchiug5o0_sdBDemQUs_Rk5VRrkJpntn-LEPgafnxnwGRtPoLi-P5vX3T63UrqW-h2t3NVuDUN5ieW3vE67nzhyuKJ69GyXBVf90-r4Vdv04g0wuFileABmpnY-uEgm3RBsQcNJqhlpZgUrlka6ZCaaEmTFxN10XM-le6byXkHcJ3afClDhAPikg.YscZNZtGeTiSZh1ZAHjqWg.RVpB_PwXAA4J5h-qRqSx4rs8zu3FYBDWtdeULs5eBZGG0jluUIx7cLYQJD2kA4fNt0c1hzemEXdWZ-oF1MD28m2pvisIYlr2f2GgxWGr3cl4c3mumPvX4Mn1nEhen2R3d2xtS4D_cnXe_1Rl3ugNVJlCWCELJv8OYNZBBTc6FqOlTHftf1wPHbT3ypz2CYIjIXL61lAnqsiGdLlhg2oFvSsX7cxKJFUMY-Cwqz4w-FHjVfURXV0G3MILMKFpHdo2TWUkb46WnBgTw2dYpdgU8FYrCcm0N_1bcleCjghfOEiWw5XjVN9PiJir3SdDWrsZ7b3l9bOHl4tHjXv_L4vXyc7IKP919zU7E1s330g8yK5gybvRpRQDYetGxt31muxSAZoXpj8_0QAa9DcMihmfJroy93Bo1WYMb4Pxfzxs9fUmbD3yA7M4D6lcGdmeOUq6K5z8TJ8zgUGPERYax8bAbgA5z0oyZNVJGf0k2cJ-oAIAu46Qn2dT5j5YXcrcV3caRB83v2gr_Bc03fxPSxr3KYLdzSUBi-XXVGRZMKIFuMJZsDtBd_0ThFlSBNsIa8ZqcQOOeidImkK6wXWHbnKZfyOo8CT71wuU7FpmEVULgd9NGuUGPDNHpqws7YGBb9i3AvVL4CcLt4sMJL-s5np9mBfl_i7tdpQwEOgSPb9dODeZ_B64TcQZid82EfHfh8miPx2m5l6uojEql2O5s0lFetIfLkVI6ppbwlaUDZAFYKuOYCWxc3zfc47P5ej-Iwd_q-i2jbgxiCb6DQr9rtjNFNGilo15llOTvSWiOTgC5JP_V4M5slw89f9PWTS1akQu_t5GELFPolzRPBQXa7ZOWgDrBdwwbLz43lAg04MGmeou9Fh6aPcwJpAQt4tX-G69yYPuLMlIXFZWUhssGiixG6ibCnRVE3hgOMWpQs7F4Fa5sV7Y9DnWLgdHhH0cPNVhjW342zWjbZ1TwAiqJRahdMYR51B_yH0gsHxwEmGlSIMyYI0vYkHGm08WaMyaAMRmMsF0rrwUsfGFq34ZNp7_UPbZ_6H_QMhNh_44kObc0alwfn9SSQRp_Ma87CuU33Z4nuDziWbonAxnO4Qo8VqGMdBq0Rj09Fe-K5KZhLRW1WQtsxD8WPWrkT01yhajjUavMwKF0Gnke88BMZ023HP37bFphHY9TRiyXQ8KvLogbWYjtBMBatu9_5cGNFmf50GObsOyTytPR_VmqeYoxpwNyg.xBA7vPwgbq1nJWCAhengOA]
outgoing_path
authorize
2021-10-22 15:35:11 FINISHED
fapi1-advanced-final-client-test-encrypted-idtoken-usingrsa15
Test has run to completion
testmodule_result
PASSED
2021-10-22 15:35:12
TEST-RUNNER
Alias has now been claimed by another test
alias
openid-client-19x_eSCK1zeMp5IBU8EXi
new_test_id
5CfpzSCPArG7ftv
Test Results