Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-10-22 15:34:59 INFO
TEST-RUNNER
Test instance KTmAxsuycnbGhvI created
baseUrl
https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi
variant
{
  "client_auth_type": "mtls",
  "fapi_auth_request_method": "pushed",
  "fapi_jarm_type": "oidc",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "plain_response"
}
alias
openid-client-19x_eSCK1zeMp5IBU8EXi
description
openid-client v5.x FAPI1 Adv. MTLS, PAR RP
planId
E1lVQvBJBSVet
config
{
  "alias": "openid-client-19x_eSCK1zeMp5IBU8EXi",
  "description": "openid-client v5.x FAPI1 Adv. MTLS, PAR RP",
  "server": {
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "wlkAv4Ub0vsZF0x5oaTCuZSO5h0SiMtjLGjpQhh_aYzav3-W46SiBicNknvaKOWrSvBszc4o1whOkqP-0ryAcrK5YJVei3GrtYUygeH0eCXFOnCZo8njKgrrXIa6PzhfhR692SJrI2hDTTdpOM6dninOfAdTHCeB1pESVUyaY6TUXeeFf7cNKAFG3TfH-ZPvQIylc_olmBKX4nUk8HcTJudTfUJ9NFd0DBLroC5cWgz1Q9LR7kJsuZ5aN-tfaZENQ7mUItW16cjgHHS3ChwFyuwY0AB3-2Ei1EW40DfhjDxEZpTAO9pDsWJUAbs9mb4rL8piYDGNDgWy82NXxXZr4w",
          "d": "qixWvFxoTagygzUid8iV_Pu42INyXDeDIjrGrGpY_moojG_DBpd8i9icSLyL_S2FfHvjOZ4gIpGSg1J36bzG2CforEp-W6lvyeTUoefhMWcZOJ-p2EIJ2CFxjzYlVQAem6icYcmCeKFt9OnlB6nbV8eRlwau3kM1rFSg8fG-aio67yByb-rsJQp8kA6gjyijRsbX3-J7-eMWB3J7fEZ7zZGLLWop1NQuV8q29yWwdp94P0fV1K46AUGf1O2niLIuCgargdF0psWVoD8F2B0gKvcuxCGsldAJ_QqqD4ztlMxAsMe8pHlWoSqbO2vYLcHmSHQgKoLxPqKXinY8-1t8GQ",
          "p": "_vbs_b5I30x9tVMrvLezYFNHjppgJo4JPmqwZZa5uMYyY0iTNYtuzcwtS-8ZUI1MzvvlIjikzh6EP_8MFs-SaBlsQ_Fgq5HT2zzdYQyyag7GK_MUZ8Jw_7PZrjjtyYjuZfj05KKyPjs2uOdnWY5JVmv3q4MSZEQLNlSUGwn-v2c",
          "q": "wyMOhuEsh4RJq3Jl3q7aGeWlNINXFt-JDsKMMKL-1k1kpgyXXy7l0yRIU54FgDunWve2j2LxQfE5nqNupvl2pBNosW31cAUWNA8l48tNGcYd_FZNV-IfUG7k7qHgK0AYpVN3leo9xe7vhIC361YBYdmYjDsN16pz31gbSbvV7iU",
          "dp": "BujKI1Y0w1hfT7qhRMv1oHahScwFLwZKWdaqURZ0kf1NAEPHOXw91HXkBFrGZNhvbGyHGRZP4QYSr2lJ-pRFc2y88lpoND4Pb7GGjkq5ywX7eNVtiCJMzaEiFQaV6xA65aiJemiuS-Fu6jPbKSIh-qWSYKN8rBrr8tz35oOu06E",
          "dq": "HsdLxkiD_ogGGq27lakcq5MGQMcqmGf_tT1IYW-EJIcmhe5cfd3m0Cvb4Jx_H5_JINcLi4g-p3kF7pi2nk2gwfZxv_KpENcsjl-JSWnKqnMOTbvLDT6UU9p5743GzuuYN5N3vESrI6oxS0QGPm9dXnK01gGGiGrRRfweqb2f26U",
          "qi": "FwLnMc8OOUA_OKV5sGLdcIbWrWzYg6L5Qz0cNMI4ifuXdOU9meSVIx0hk_vFdkMRCVVN5hWJgScDSwGAq6_fTWQB44j3AsSoizu74aMkrQplm3uWJswEDHkCtzVmI2RxDJ1XjkWwzETbKuSaLTT_qlPkt_pHkIzUmIB6940vDbk",
          "kty": "RSA",
          "kid": "8JhwzHIHy0b7khZhteCdMypvWERx3s9emYsXmPBgmCQ",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    }
  },
  "waitTimeoutSeconds": 2,
  "client": {
    "client_id": "client-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
    "scope": "openid",
    "redirect_uri": "https://openid-client.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "7OvMThFjpNroR-Ec8a_b9jvfZy2qfZa-pz8uKmdRKTp8EjMm_nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl-Izgd_SDR8nfqY_MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI-pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus_95rvi7dC7SJ46WS2NjL83_Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGw",
          "kty": "RSA",
          "kid": "jIODs9qk6MnlyOLp_kZZyLewyRT5fcuYd6Pys0eRlsw",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvfZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIeCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwko4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIVwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3uQ+250YJ4f7wDTgvK1Y\u003d"
          ],
          "x5t": "2FzncZ0KUeSLhxcHMA9gFdtbCGQ",
          "x5t#S256": "yrwtej1ilpOSQRBiEHIKZhLJTgz0m6fBAA_4ykKC2G8"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvf\r\nZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88w\r\nCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPo\r\nT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyN\r\nL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VH\r\ngY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2\r\nboMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIe\r\nCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwk\r\no4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIV\r\nwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt\r\n0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3\r\nuQ+250YJ4f7wDTgvK1Y\u003d\r\n-----END CERTIFICATE-----\r\n"
  },
  "client2": {
    "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
    "scope": "openid",
    "redirect_uri": "https://openid-client2.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "1_YcRpQa9LgXhb3E7Fy0M_2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3_4tI7YFqRb5Jlhw7au4cs47NY4qkQ-aZQ_sBhvwdDFyMwKbGPQFV-5A_kWdB2TqPSiSui99IL-9EvFrq_HgN34KO70-kSQjXMkYBw-VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf_SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX_NOgbi8fiB_s-fkn21TNE8Rf0pWsAV-MlUszJ2VTT0SJHdBpRwMDByPxJzr-xJRw",
          "kty": "RSA",
          "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
          "use": "sig",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/NOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNyYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4Ia2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIhIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAdwinxMEcYkV0E840v9E0\u003d"
          ],
          "x5t": "cWa8bD4VQXYYlMSfEJWqLmRdM0I",
          "x5t#S256": "lBDh5y9jfhCArwzI6P_XEWuxVaPFT2XAM9zjhWx4uZU"
        },
        {
          "e": "AQAB",
          "n": "s7VUd-v9_RSLaiLo_c22-Lb39wS9dmpAC_EE2XAnzHaBNoiA6K32QbcUDy8FghRPrJ-TIWN9IgLIO1rfGxp30PGQjcBc5x7yRcuOM0PlLiRH6gUCPitVZq2kvIf4B30Mxl6t320aWM2FHe1Tv8in4LjqBP6MrXzzCwqnDC3Zpgj652kCfOBFRXrurTezHaA23r54T2iInW-XfOD5bjKeFx6OWy9eBTibB3kqf4d_bxmB5qLMY_9A6G0px000icguFRqAUjOLUFKwaGep8qOOLCwXDq3_vft3ZiNGwTgQGUn28IAfjoHcc5gZGO176JnvsygDCzZuvkh32_6o4H-_jw",
          "kty": "RSA",
          "kid": "OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4",
          "alg": "RSA-OAEP-256",
          "use": "enc"
        }
      ]
    },
    "id_token_encrypted_response_alg": "RSA-OAEP-256",
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z\r\nlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs\r\nW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A\r\n/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8\r\nsusKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N\r\nOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy\r\nYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I\r\na2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh\r\nIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON\r\n+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+\r\nxyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd\r\nwinxMEcYkV0E840v9E0\u003d\r\n-----END CERTIFICATE-----\r\n"
  }
}
testName
fapi1-advanced-final-client-test-encrypted-idtoken
2021-10-22 15:34:59 SUCCESS
GenerateServerConfigurationMTLS
Created server configuration
server
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-19x_eSCK1zeMp5IBU8EXi/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/userinfo"
}
issuer
https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/
discoveryUrl
https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/.well-known/openid-configuration
2021-10-22 15:34:59 SUCCESS
LoadServerJWKs
Parsed public and private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "_vbs_b5I30x9tVMrvLezYFNHjppgJo4JPmqwZZa5uMYyY0iTNYtuzcwtS-8ZUI1MzvvlIjikzh6EP_8MFs-SaBlsQ_Fgq5HT2zzdYQyyag7GK_MUZ8Jw_7PZrjjtyYjuZfj05KKyPjs2uOdnWY5JVmv3q4MSZEQLNlSUGwn-v2c",
      "kty": "RSA",
      "q": "wyMOhuEsh4RJq3Jl3q7aGeWlNINXFt-JDsKMMKL-1k1kpgyXXy7l0yRIU54FgDunWve2j2LxQfE5nqNupvl2pBNosW31cAUWNA8l48tNGcYd_FZNV-IfUG7k7qHgK0AYpVN3leo9xe7vhIC361YBYdmYjDsN16pz31gbSbvV7iU",
      "d": "qixWvFxoTagygzUid8iV_Pu42INyXDeDIjrGrGpY_moojG_DBpd8i9icSLyL_S2FfHvjOZ4gIpGSg1J36bzG2CforEp-W6lvyeTUoefhMWcZOJ-p2EIJ2CFxjzYlVQAem6icYcmCeKFt9OnlB6nbV8eRlwau3kM1rFSg8fG-aio67yByb-rsJQp8kA6gjyijRsbX3-J7-eMWB3J7fEZ7zZGLLWop1NQuV8q29yWwdp94P0fV1K46AUGf1O2niLIuCgargdF0psWVoD8F2B0gKvcuxCGsldAJ_QqqD4ztlMxAsMe8pHlWoSqbO2vYLcHmSHQgKoLxPqKXinY8-1t8GQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "8JhwzHIHy0b7khZhteCdMypvWERx3s9emYsXmPBgmCQ",
      "qi": "FwLnMc8OOUA_OKV5sGLdcIbWrWzYg6L5Qz0cNMI4ifuXdOU9meSVIx0hk_vFdkMRCVVN5hWJgScDSwGAq6_fTWQB44j3AsSoizu74aMkrQplm3uWJswEDHkCtzVmI2RxDJ1XjkWwzETbKuSaLTT_qlPkt_pHkIzUmIB6940vDbk",
      "dp": "BujKI1Y0w1hfT7qhRMv1oHahScwFLwZKWdaqURZ0kf1NAEPHOXw91HXkBFrGZNhvbGyHGRZP4QYSr2lJ-pRFc2y88lpoND4Pb7GGjkq5ywX7eNVtiCJMzaEiFQaV6xA65aiJemiuS-Fu6jPbKSIh-qWSYKN8rBrr8tz35oOu06E",
      "alg": "PS256",
      "dq": "HsdLxkiD_ogGGq27lakcq5MGQMcqmGf_tT1IYW-EJIcmhe5cfd3m0Cvb4Jx_H5_JINcLi4g-p3kF7pi2nk2gwfZxv_KpENcsjl-JSWnKqnMOTbvLDT6UU9p5743GzuuYN5N3vESrI6oxS0QGPm9dXnK01gGGiGrRRfweqb2f26U",
      "n": "wlkAv4Ub0vsZF0x5oaTCuZSO5h0SiMtjLGjpQhh_aYzav3-W46SiBicNknvaKOWrSvBszc4o1whOkqP-0ryAcrK5YJVei3GrtYUygeH0eCXFOnCZo8njKgrrXIa6PzhfhR692SJrI2hDTTdpOM6dninOfAdTHCeB1pESVUyaY6TUXeeFf7cNKAFG3TfH-ZPvQIylc_olmBKX4nUk8HcTJudTfUJ9NFd0DBLroC5cWgz1Q9LR7kJsuZ5aN-tfaZENQ7mUItW16cjgHHS3ChwFyuwY0AB3-2Ei1EW40DfhjDxEZpTAO9pDsWJUAbs9mb4rL8piYDGNDgWy82NXxXZr4w"
    }
  ]
}
server_encryption_keys
{}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "8JhwzHIHy0b7khZhteCdMypvWERx3s9emYsXmPBgmCQ",
      "alg": "PS256",
      "n": "wlkAv4Ub0vsZF0x5oaTCuZSO5h0SiMtjLGjpQhh_aYzav3-W46SiBicNknvaKOWrSvBszc4o1whOkqP-0ryAcrK5YJVei3GrtYUygeH0eCXFOnCZo8njKgrrXIa6PzhfhR692SJrI2hDTTdpOM6dninOfAdTHCeB1pESVUyaY6TUXeeFf7cNKAFG3TfH-ZPvQIylc_olmBKX4nUk8HcTJudTfUJ9NFd0DBLroC5cWgz1Q9LR7kJsuZ5aN-tfaZENQ7mUItW16cjgHHS3ChwFyuwY0AB3-2Ei1EW40DfhjDxEZpTAO9pDsWJUAbs9mb4rL8piYDGNDgWy82NXxXZr4w"
    }
  ]
}
2021-10-22 15:34:59 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:34:59 SUCCESS
ExtractServerSigningAlg
Successfully extracted algorithm
signing_algorithm
PS256
2021-10-22 15:34:59 SUCCESS
AddTLSClientAuthToServerConfiguration
Added tls_client_auth for token_endpoint_auth_methods_supported
2021-10-22 15:34:59
AddPushedAuthorizationRequestEndpointToServerConfig
Added pushed_authorization_request_endpoint to server configuration
endpoint
https://www.certification.openid.net/test-mtls/a/openid-client-19x_eSCK1zeMp5IBU8EXi/par
2021-10-22 15:34:59
AddRequirePushedAuthorizationRequestsToServerConfig
Added require_pushed_authorization_requests to server configuration
value
true
2021-10-22 15:34:59 SUCCESS
AddResponseTypeCodeIdTokenToServerConfiguration
Added code id_token as response type supported
response_types_supported
[
  "code id_token"
]
2021-10-22 15:34:59 SUCCESS
FAPIAddTokenEndpointAuthSigningAlgValuesSupportedToServer
Set token_endpoint_auth_signing_alg_values_supported
values
[
  "PS256",
  "ES256"
]
2021-10-22 15:34:59 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-10-22 15:34:59 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "p": "_vbs_b5I30x9tVMrvLezYFNHjppgJo4JPmqwZZa5uMYyY0iTNYtuzcwtS-8ZUI1MzvvlIjikzh6EP_8MFs-SaBlsQ_Fgq5HT2zzdYQyyag7GK_MUZ8Jw_7PZrjjtyYjuZfj05KKyPjs2uOdnWY5JVmv3q4MSZEQLNlSUGwn-v2c",
      "kty": "RSA",
      "q": "wyMOhuEsh4RJq3Jl3q7aGeWlNINXFt-JDsKMMKL-1k1kpgyXXy7l0yRIU54FgDunWve2j2LxQfE5nqNupvl2pBNosW31cAUWNA8l48tNGcYd_FZNV-IfUG7k7qHgK0AYpVN3leo9xe7vhIC361YBYdmYjDsN16pz31gbSbvV7iU",
      "d": "qixWvFxoTagygzUid8iV_Pu42INyXDeDIjrGrGpY_moojG_DBpd8i9icSLyL_S2FfHvjOZ4gIpGSg1J36bzG2CforEp-W6lvyeTUoefhMWcZOJ-p2EIJ2CFxjzYlVQAem6icYcmCeKFt9OnlB6nbV8eRlwau3kM1rFSg8fG-aio67yByb-rsJQp8kA6gjyijRsbX3-J7-eMWB3J7fEZ7zZGLLWop1NQuV8q29yWwdp94P0fV1K46AUGf1O2niLIuCgargdF0psWVoD8F2B0gKvcuxCGsldAJ_QqqD4ztlMxAsMe8pHlWoSqbO2vYLcHmSHQgKoLxPqKXinY8-1t8GQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "8JhwzHIHy0b7khZhteCdMypvWERx3s9emYsXmPBgmCQ",
      "qi": "FwLnMc8OOUA_OKV5sGLdcIbWrWzYg6L5Qz0cNMI4ifuXdOU9meSVIx0hk_vFdkMRCVVN5hWJgScDSwGAq6_fTWQB44j3AsSoizu74aMkrQplm3uWJswEDHkCtzVmI2RxDJ1XjkWwzETbKuSaLTT_qlPkt_pHkIzUmIB6940vDbk",
      "dp": "BujKI1Y0w1hfT7qhRMv1oHahScwFLwZKWdaqURZ0kf1NAEPHOXw91HXkBFrGZNhvbGyHGRZP4QYSr2lJ-pRFc2y88lpoND4Pb7GGjkq5ywX7eNVtiCJMzaEiFQaV6xA65aiJemiuS-Fu6jPbKSIh-qWSYKN8rBrr8tz35oOu06E",
      "alg": "PS256",
      "dq": "HsdLxkiD_ogGGq27lakcq5MGQMcqmGf_tT1IYW-EJIcmhe5cfd3m0Cvb4Jx_H5_JINcLi4g-p3kF7pi2nk2gwfZxv_KpENcsjl-JSWnKqnMOTbvLDT6UU9p5743GzuuYN5N3vESrI6oxS0QGPm9dXnK01gGGiGrRRfweqb2f26U",
      "n": "wlkAv4Ub0vsZF0x5oaTCuZSO5h0SiMtjLGjpQhh_aYzav3-W46SiBicNknvaKOWrSvBszc4o1whOkqP-0ryAcrK5YJVei3GrtYUygeH0eCXFOnCZo8njKgrrXIa6PzhfhR692SJrI2hDTTdpOM6dninOfAdTHCeB1pESVUyaY6TUXeeFf7cNKAFG3TfH-ZPvQIylc_olmBKX4nUk8HcTJudTfUJ9NFd0DBLroC5cWgz1Q9LR7kJsuZ5aN-tfaZENQ7mUItW16cjgHHS3ChwFyuwY0AB3-2Ei1EW40DfhjDxEZpTAO9pDsWJUAbs9mb4rL8piYDGNDgWy82NXxXZr4w"
    }
  ]
}
2021-10-22 15:34:59 SUCCESS
LoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "email": "user@example.com",
  "email_verified": false
}
Verify configuration of first client
2021-10-22 15:34:59 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
client-id-openid-client-19x_eSCK1zeMp5IBU8EXi
scope
openid
redirect_uri
https://openid-client.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "7OvMThFjpNroR-Ec8a_b9jvfZy2qfZa-pz8uKmdRKTp8EjMm_nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl-Izgd_SDR8nfqY_MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI-pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus_95rvi7dC7SJ46WS2NjL83_Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGw",
      "kty": "RSA",
      "kid": "jIODs9qk6MnlyOLp_kZZyLewyRT5fcuYd6Pys0eRlsw",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvfZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIeCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwko4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIVwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3uQ+250YJ4f7wDTgvK1Y\u003d"
      ],
      "x5t": "2FzncZ0KUeSLhxcHMA9gFdtbCGQ",
      "x5t#S256": "yrwtej1ilpOSQRBiEHIKZhLJTgz0m6fBAA_4ykKC2G8"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvf
Zy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88w
Ct79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPo
T1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyN
L78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VH
gY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2
boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIe
CuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwk
o4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIV
wA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt
0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3
uQ+250YJ4f7wDTgvK1Y=
-----END CERTIFICATE-----
2021-10-22 15:34:59 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:34:59 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "7OvMThFjpNroR-Ec8a_b9jvfZy2qfZa-pz8uKmdRKTp8EjMm_nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl-Izgd_SDR8nfqY_MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI-pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus_95rvi7dC7SJ46WS2NjL83_Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGw",
      "kty": "RSA",
      "kid": "jIODs9qk6MnlyOLp_kZZyLewyRT5fcuYd6Pys0eRlsw",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvfZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIeCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwko4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIVwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3uQ+250YJ4f7wDTgvK1Y\u003d"
      ],
      "x5t": "2FzncZ0KUeSLhxcHMA9gFdtbCGQ",
      "x5t#S256": "yrwtej1ilpOSQRBiEHIKZhLJTgz0m6fBAA_4ykKC2G8"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "yrwtej1ilpOSQRBiEHIKZhLJTgz0m6fBAA_4ykKC2G8",
      "e": "AQAB",
      "x5t": "2FzncZ0KUeSLhxcHMA9gFdtbCGQ",
      "kid": "jIODs9qk6MnlyOLp_kZZyLewyRT5fcuYd6Pys0eRlsw",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvfZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIeCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwko4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIVwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3uQ+250YJ4f7wDTgvK1Y\u003d"
      ],
      "n": "7OvMThFjpNroR-Ec8a_b9jvfZy2qfZa-pz8uKmdRKTp8EjMm_nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl-Izgd_SDR8nfqY_MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI-pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus_95rvi7dC7SJ46WS2NjL83_Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGw"
    }
  ]
}
2021-10-22 15:34:59 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:34:59 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:34:59 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "7OvMThFjpNroR-Ec8a_b9jvfZy2qfZa-pz8uKmdRKTp8EjMm_nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl-Izgd_SDR8nfqY_MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI-pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus_95rvi7dC7SJ46WS2NjL83_Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGw",
      "kty": "RSA",
      "kid": "jIODs9qk6MnlyOLp_kZZyLewyRT5fcuYd6Pys0eRlsw",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLrVLoLdKhCyuMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7OvMThFjpNroR+Ec8a/b9jvfZy2qfZa+pz8uKmdRKTp8EjMm/nvMHbmP6WCGZBtOidYcV8ooZmJsSwee7NFIj88wCt79qL4C4Rl+Izgd/SDR8nfqY/MiiNK5eUU2sylQTwt5sbFg9qvXofPWMbrynOPoT1xgbN1OBSmhxPZw3xlkalbVZli7HNio55VOg5aghxTI+pvfzOVt2cGOQzw1ZKyNL78AR7omMpsnovn33orRfCtxQqerS9urcus/95rvi7dC7SJ46WS2NjL83/Fcy3VHgY1wAEXMFgrR69ULJwPCoL5v0vtblm2qtK6PWRkgwENigjP96scs3hswYu3XGwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAM/2boMRuw4hWFcC2SHpPO4zEUkGg7aRlKajstg1nEB4KlxhrmIdn5egIxbWOIKvyVIeCuYfLif8R4mVqWOkNta7wal1slK2Dq0FPW37wkE3RuBD0uqTYke1ahwcx7xThTwko4XjgP5TDtogsROj2yweJBS9cCW4ZUmAmiHHIAqPAWBPHwJzFHy3D8Ha8UX/yBIVwA2NtxO56c+DK29ibWLtXcKPPB637tKHoKfJYCMvwoPhuKbaU+KJh1ra9LCXVkxt0RBlRDXmLnXliS1hOeLYJrmA69mYwJX+LUZXv9Ty6PmREZkcnXwFOefMut23iBr3uQ+250YJ4f7wDTgvK1Y\u003d"
      ],
      "x5t": "2FzncZ0KUeSLhxcHMA9gFdtbCGQ",
      "x5t#S256": "yrwtej1ilpOSQRBiEHIKZhLJTgz0m6fBAA_4ykKC2G8"
    }
  ]
}
Verify configuration of second client
2021-10-22 15:34:59 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi
scope
openid
redirect_uri
https://openid-client2.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1_YcRpQa9LgXhb3E7Fy0M_2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3_4tI7YFqRb5Jlhw7au4cs47NY4qkQ-aZQ_sBhvwdDFyMwKbGPQFV-5A_kWdB2TqPSiSui99IL-9EvFrq_HgN34KO70-kSQjXMkYBw-VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf_SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX_NOgbi8fiB_s-fkn21TNE8Rf0pWsAV-MlUszJ2VTT0SJHdBpRwMDByPxJzr-xJRw",
      "kty": "RSA",
      "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/NOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNyYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4Ia2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIhIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAdwinxMEcYkV0E840v9E0\u003d"
      ],
      "x5t": "cWa8bD4VQXYYlMSfEJWqLmRdM0I",
      "x5t#S256": "lBDh5y9jfhCArwzI6P_XEWuxVaPFT2XAM9zjhWx4uZU"
    },
    {
      "e": "AQAB",
      "n": "s7VUd-v9_RSLaiLo_c22-Lb39wS9dmpAC_EE2XAnzHaBNoiA6K32QbcUDy8FghRPrJ-TIWN9IgLIO1rfGxp30PGQjcBc5x7yRcuOM0PlLiRH6gUCPitVZq2kvIf4B30Mxl6t320aWM2FHe1Tv8in4LjqBP6MrXzzCwqnDC3Zpgj652kCfOBFRXrurTezHaA23r54T2iInW-XfOD5bjKeFx6OWy9eBTibB3kqf4d_bxmB5qLMY_9A6G0px000icguFRqAUjOLUFKwaGep8qOOLCwXDq3_vft3ZiNGwTgQGUn28IAfjoHcc5gZGO176JnvsygDCzZuvkh32_6o4H-_jw",
      "kty": "RSA",
      "kid": "OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
id_token_encrypted_response_alg
RSA-OAEP-256
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z
lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs
W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A
/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8
susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N
Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy
YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I
a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh
IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON
+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+
xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd
winxMEcYkV0E840v9E0=
-----END CERTIFICATE-----
2021-10-22 15:34:59 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:34:59 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1_YcRpQa9LgXhb3E7Fy0M_2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3_4tI7YFqRb5Jlhw7au4cs47NY4qkQ-aZQ_sBhvwdDFyMwKbGPQFV-5A_kWdB2TqPSiSui99IL-9EvFrq_HgN34KO70-kSQjXMkYBw-VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf_SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX_NOgbi8fiB_s-fkn21TNE8Rf0pWsAV-MlUszJ2VTT0SJHdBpRwMDByPxJzr-xJRw",
      "kty": "RSA",
      "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/NOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNyYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4Ia2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIhIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAdwinxMEcYkV0E840v9E0\u003d"
      ],
      "x5t": "cWa8bD4VQXYYlMSfEJWqLmRdM0I",
      "x5t#S256": "lBDh5y9jfhCArwzI6P_XEWuxVaPFT2XAM9zjhWx4uZU"
    },
    {
      "e": "AQAB",
      "n": "s7VUd-v9_RSLaiLo_c22-Lb39wS9dmpAC_EE2XAnzHaBNoiA6K32QbcUDy8FghRPrJ-TIWN9IgLIO1rfGxp30PGQjcBc5x7yRcuOM0PlLiRH6gUCPitVZq2kvIf4B30Mxl6t320aWM2FHe1Tv8in4LjqBP6MrXzzCwqnDC3Zpgj652kCfOBFRXrurTezHaA23r54T2iInW-XfOD5bjKeFx6OWy9eBTibB3kqf4d_bxmB5qLMY_9A6G0px000icguFRqAUjOLUFKwaGep8qOOLCwXDq3_vft3ZiNGwTgQGUn28IAfjoHcc5gZGO176JnvsygDCzZuvkh32_6o4H-_jw",
      "kty": "RSA",
      "kid": "OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "lBDh5y9jfhCArwzI6P_XEWuxVaPFT2XAM9zjhWx4uZU",
      "e": "AQAB",
      "use": "sig",
      "x5t": "cWa8bD4VQXYYlMSfEJWqLmRdM0I",
      "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/NOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNyYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4Ia2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIhIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAdwinxMEcYkV0E840v9E0\u003d"
      ],
      "n": "1_YcRpQa9LgXhb3E7Fy0M_2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3_4tI7YFqRb5Jlhw7au4cs47NY4qkQ-aZQ_sBhvwdDFyMwKbGPQFV-5A_kWdB2TqPSiSui99IL-9EvFrq_HgN34KO70-kSQjXMkYBw-VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf_SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX_NOgbi8fiB_s-fkn21TNE8Rf0pWsAV-MlUszJ2VTT0SJHdBpRwMDByPxJzr-xJRw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4",
      "alg": "RSA-OAEP-256",
      "n": "s7VUd-v9_RSLaiLo_c22-Lb39wS9dmpAC_EE2XAnzHaBNoiA6K32QbcUDy8FghRPrJ-TIWN9IgLIO1rfGxp30PGQjcBc5x7yRcuOM0PlLiRH6gUCPitVZq2kvIf4B30Mxl6t320aWM2FHe1Tv8in4LjqBP6MrXzzCwqnDC3Zpgj652kCfOBFRXrurTezHaA23r54T2iInW-XfOD5bjKeFx6OWy9eBTibB3kqf4d_bxmB5qLMY_9A6G0px000icguFRqAUjOLUFKwaGep8qOOLCwXDq3_vft3ZiNGwTgQGUn28IAfjoHcc5gZGO176JnvsygDCzZuvkh32_6o4H-_jw"
    }
  ]
}
2021-10-22 15:34:59 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:34:59 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:34:59 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1_YcRpQa9LgXhb3E7Fy0M_2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3_4tI7YFqRb5Jlhw7au4cs47NY4qkQ-aZQ_sBhvwdDFyMwKbGPQFV-5A_kWdB2TqPSiSui99IL-9EvFrq_HgN34KO70-kSQjXMkYBw-VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf_SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX_NOgbi8fiB_s-fkn21TNE8Rf0pWsAV-MlUszJ2VTT0SJHdBpRwMDByPxJzr-xJRw",
      "kty": "RSA",
      "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2ZlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIsW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/NOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNyYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4Ia2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIhIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAdwinxMEcYkV0E840v9E0\u003d"
      ],
      "x5t": "cWa8bD4VQXYYlMSfEJWqLmRdM0I",
      "x5t#S256": "lBDh5y9jfhCArwzI6P_XEWuxVaPFT2XAM9zjhWx4uZU"
    },
    {
      "e": "AQAB",
      "n": "s7VUd-v9_RSLaiLo_c22-Lb39wS9dmpAC_EE2XAnzHaBNoiA6K32QbcUDy8FghRPrJ-TIWN9IgLIO1rfGxp30PGQjcBc5x7yRcuOM0PlLiRH6gUCPitVZq2kvIf4B30Mxl6t320aWM2FHe1Tv8in4LjqBP6MrXzzCwqnDC3Zpgj652kCfOBFRXrurTezHaA23r54T2iInW-XfOD5bjKeFx6OWy9eBTibB3kqf4d_bxmB5qLMY_9A6G0px000icguFRqAUjOLUFKwaGep8qOOLCwXDq3_vft3ZiNGwTgQGUn28IAfjoHcc5gZGO176JnvsygDCzZuvkh32_6o4H-_jw",
      "kty": "RSA",
      "kid": "OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
2021-10-22 15:34:59 SUCCESS
EnsureIdTokenEncryptedResponseAlgIsNotRSA1_5
Id token encryption algorithm is not RSA1_5
alg
RSA-OAEP-256
2021-10-22 15:34:59 SUCCESS
FAPIEnsureClientJwksContainsAnEncryptionKey
Found an encryption key in client jwks
kid
OfS9_GtnbSk-T4Bi3vRr3D-ktAHHXGzDa-x-ZUWPst4
algorithm
RSA-OAEP-256
2021-10-22 15:34:59 SUCCESS
EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet
id_token_encrypted_response_alg is set
id_token_encrypted_response_alg
RSA-OAEP-256
id_token_encrypted_response_enc
A128CBC-HS256
2021-10-22 15:34:59
fapi1-advanced-final-client-test-encrypted-idtoken
Setup Done
2021-10-22 15:35:00 INCOMING
fapi1-advanced-final-client-test-encrypted-idtoken
Incoming HTTP request to test instance KTmAxsuycnbGhvI
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:35:00 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:35:00 OUTGOING
fapi1-advanced-final-client-test-encrypted-idtoken
Response to HTTP request to test instance KTmAxsuycnbGhvI
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-19x_eSCK1zeMp5IBU8EXi/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/userinfo",
  "token_endpoint_auth_methods_supported": [
    "tls_client_auth"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-19x_eSCK1zeMp5IBU8EXi/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code id_token"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256",
    "ES256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-10-22 15:35:00 INCOMING
fapi1-advanced-final-client-test-encrypted-idtoken
Incoming HTTP request to test instance KTmAxsuycnbGhvI
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A /kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8 susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON +S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+ xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd winxMEcYkV0E840v9E0\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "content-length": "1499",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
par
incoming_body_form_params
{
  "request": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJJWGlFUFVsVlVtQTV5S1JIUkRKQkg2NFJqVDNVM2xGckQ0ZEh2SkRKZ0JrIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQyLmxvY2FsL2NiIiwic2NvcGUiOiJvcGVuaWQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInN0YXRlIjoiRlV1Nk1zLTlSY2hUN1pfRERwajNPbTI4cjFucElYM2FEZHhNemQ2T3FYRSIsIm5vbmNlIjoiV0ttM1Q4UnlUbjNfRWhkVDd3QW5xX1NJdTdRMlRPZDZ1ZmpodV93YUpaZyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsiZXNzZW50aWFsIjp0cnVlLCJ2YWx1ZXMiOlsidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwidXJuOm9wZW5iYW5raW5nOnBzZDI6Y2EiXX19fSwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoic3lGemE4eHVIY3FWLUpYbDNpVFNRSThPSnhGUVZrbVlubHdoVUlvTThORSIsImlzcyI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtMTl4X2VTQ0sxemVNcDVJQlU4RVhpLyIsImNsaWVudF9pZCI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJqdGkiOiIzY3RteGtxa1BJSDlnbWM5aEUtS2NsaHdpMUJLWnJhWUdaSXRnQVRQeG5BIiwiaWF0IjoxNjM0OTE2OTAwLCJleHAiOjE2MzQ5MTcyMDAsIm5iZiI6MTYzNDkxNjkwMH0.AEw85M1jXYYbBebSPh-uIYUeEBzYOeZ__BAbhvFx8DjR-K3NY9lJgBbhh2vxchHOj6lKiejrlx_W-L7qFnpOBUytpvxCRx1tM069oZBH1TImmX-6Vu_BUx584KcbvmhadAXwrrsoz5sWTDwFnt3El2GgSYbjfiWEg2rk3-gMjKXtJGFsy3oeZcs19LFaDZSCoLayYhRQFFppn3DXtk3SZI6p0YnNnIILwptdcqBNpmKPmeh456oNWhuMf00uTrcVa-QBw3oH3V8CM-CUoUxi4hErozANbuMWnOx5ekgomsPQwf0yu7ur-P0jFSBR51tn7fMUjoHnbXvz6vo3Tvg8UQ",
  "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
request=eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJJWGlFUFVsVlVtQTV5S1JIUkRKQkg2NFJqVDNVM2xGckQ0ZEh2SkRKZ0JrIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQyLmxvY2FsL2NiIiwic2NvcGUiOiJvcGVuaWQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInN0YXRlIjoiRlV1Nk1zLTlSY2hUN1pfRERwajNPbTI4cjFucElYM2FEZHhNemQ2T3FYRSIsIm5vbmNlIjoiV0ttM1Q4UnlUbjNfRWhkVDd3QW5xX1NJdTdRMlRPZDZ1ZmpodV93YUpaZyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsiZXNzZW50aWFsIjp0cnVlLCJ2YWx1ZXMiOlsidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwidXJuOm9wZW5iYW5raW5nOnBzZDI6Y2EiXX19fSwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoic3lGemE4eHVIY3FWLUpYbDNpVFNRSThPSnhGUVZrbVlubHdoVUlvTThORSIsImlzcyI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtMTl4X2VTQ0sxemVNcDVJQlU4RVhpLyIsImNsaWVudF9pZCI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJqdGkiOiIzY3RteGtxa1BJSDlnbWM5aEUtS2NsaHdpMUJLWnJhWUdaSXRnQVRQeG5BIiwiaWF0IjoxNjM0OTE2OTAwLCJleHAiOjE2MzQ5MTcyMDAsIm5iZiI6MTYzNDkxNjkwMH0.AEw85M1jXYYbBebSPh-uIYUeEBzYOeZ__BAbhvFx8DjR-K3NY9lJgBbhh2vxchHOj6lKiejrlx_W-L7qFnpOBUytpvxCRx1tM069oZBH1TImmX-6Vu_BUx584KcbvmhadAXwrrsoz5sWTDwFnt3El2GgSYbjfiWEg2rk3-gMjKXtJGFsy3oeZcs19LFaDZSCoLayYhRQFFppn3DXtk3SZI6p0YnNnIILwptdcqBNpmKPmeh456oNWhuMf00uTrcVa-QBw3oH3V8CM-CUoUxi4hErozANbuMWnOx5ekgomsPQwf0yu7ur-P0jFSBR51tn7fMUjoHnbXvz6vo3Tvg8UQ&client_id=client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi
2021-10-22 15:35:00 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
PAR endpoint
2021-10-22 15:35:00 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A /kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8 susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON +S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+ xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd winxMEcYkV0E840v9E0\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z\nlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs\nW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A\n/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8\nsusKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N\nOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy\nYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I\na2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh\nIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON\n+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+\nxyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd\nwinxMEcYkV0E840v9E0\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:35:00 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:35:00 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z
lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs
W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A
/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8
susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N
Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy
YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I
a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh
IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON
+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+
xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd
winxMEcYkV0E840v9E0=
-----END CERTIFICATE-----
2021-10-22 15:35:00 SUCCESS
EnsureNoClientAssertionSentToTokenEndpoint
Client did not send a client_assertion to token endpoint
2021-10-22 15:35:00 SUCCESS
ExtractRequestObjectFromPAREndpointRequest
Parsed request object
request_object
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJJWGlFUFVsVlVtQTV5S1JIUkRKQkg2NFJqVDNVM2xGckQ0ZEh2SkRKZ0JrIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQyLmxvY2FsL2NiIiwic2NvcGUiOiJvcGVuaWQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInN0YXRlIjoiRlV1Nk1zLTlSY2hUN1pfRERwajNPbTI4cjFucElYM2FEZHhNemQ2T3FYRSIsIm5vbmNlIjoiV0ttM1Q4UnlUbjNfRWhkVDd3QW5xX1NJdTdRMlRPZDZ1ZmpodV93YUpaZyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsiZXNzZW50aWFsIjp0cnVlLCJ2YWx1ZXMiOlsidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwidXJuOm9wZW5iYW5raW5nOnBzZDI6Y2EiXX19fSwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoic3lGemE4eHVIY3FWLUpYbDNpVFNRSThPSnhGUVZrbVlubHdoVUlvTThORSIsImlzcyI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtMTl4X2VTQ0sxemVNcDVJQlU4RVhpLyIsImNsaWVudF9pZCI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJqdGkiOiIzY3RteGtxa1BJSDlnbWM5aEUtS2NsaHdpMUJLWnJhWUdaSXRnQVRQeG5BIiwiaWF0IjoxNjM0OTE2OTAwLCJleHAiOjE2MzQ5MTcyMDAsIm5iZiI6MTYzNDkxNjkwMH0.AEw85M1jXYYbBebSPh-uIYUeEBzYOeZ__BAbhvFx8DjR-K3NY9lJgBbhh2vxchHOj6lKiejrlx_W-L7qFnpOBUytpvxCRx1tM069oZBH1TImmX-6Vu_BUx584KcbvmhadAXwrrsoz5sWTDwFnt3El2GgSYbjfiWEg2rk3-gMjKXtJGFsy3oeZcs19LFaDZSCoLayYhRQFFppn3DXtk3SZI6p0YnNnIILwptdcqBNpmKPmeh456oNWhuMf00uTrcVa-QBw3oH3V8CM-CUoUxi4hErozANbuMWnOx5ekgomsPQwf0yu7ur-P0jFSBR51tn7fMUjoHnbXvz6vo3Tvg8UQ",
  "header": {
    "kid": "IXiEPUlVUmA5yKRHRDJBH64RjT3U3lFrD4dHvJDJgBk",
    "typ": "oauth-authz-req+jwt",
    "alg": "PS256"
  },
  "claims": {
    "iss": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
    "response_type": "code id_token",
    "code_challenge_method": "S256",
    "nonce": "WKm3T8RyTn3_EhdT7wAnq_SIu7Q2TOd6ufjhu_waJZg",
    "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
    "aud": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
    "nbf": 1634916900,
    "scope": "openid",
    "claims": {
      "id_token": {
        "acr": {
          "values": [
            "urn:openbanking:psd2:sca",
            "urn:openbanking:psd2:ca"
          ],
          "essential": true
        }
      }
    },
    "redirect_uri": "https://openid-client2.local/cb",
    "state": "FUu6Ms-9RchT7Z_DDpj3Om28r1npIX3aDdxMzd6OqXE",
    "exp": 1634917200,
    "iat": 1634916900,
    "code_challenge": "syFza8xuHcqV-JXl3iTSQI8OJxFQVkmYnlwhUIoM8NE",
    "jti": "3ctmxkqkPIH9gmc9hE-Kclhwi1BKZraYGZItgATPxnA"
  }
}
2021-10-22 15:35:00 SUCCESS
EnsurePAREndpointRequestDoesNotContainRequestUriParameter
PAR endpoint request does not contain a request_uri parameter
2021-10-22 15:35:00 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:35:00 SUCCESS
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
alg
PS256
2021-10-22 15:35:00 SUCCESS
FAPIValidateRequestObjectIdTokenACRClaims
Acr value in request object is as expected
received
[
  "urn:openbanking:psd2:sca",
  "urn:openbanking:psd2:ca"
]
2021-10-22 15:35:00 SUCCESS
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
exp
"Oct 22, 2021, 3:40:00 PM"
2021-10-22 15:35:00 SUCCESS
FAPI1AdvancedValidateRequestObjectNBFClaim
nbf claim is valid
nbf
"Oct 22, 2021, 3:35:00 PM"
now
"Oct 22, 2021, 3:35:00 PM"
2021-10-22 15:35:00
ValidateRequestObjectClaims
Request object does not contain a max_age claim
2021-10-22 15:35:00 SUCCESS
ValidateRequestObjectClaims
Request object claims passed all validation checks
2021-10-22 15:35:00 SUCCESS
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
numeric_claims
[
  "max_age"
]
2021-10-22 15:35:00 SUCCESS
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
2021-10-22 15:35:00 SUCCESS
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
2021-10-22 15:35:00 SUCCESS
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
request_object
eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiJJWGlFUFVsVlVtQTV5S1JIUkRKQkg2NFJqVDNVM2xGckQ0ZEh2SkRKZ0JrIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQyLmxvY2FsL2NiIiwic2NvcGUiOiJvcGVuaWQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInN0YXRlIjoiRlV1Nk1zLTlSY2hUN1pfRERwajNPbTI4cjFucElYM2FEZHhNemQ2T3FYRSIsIm5vbmNlIjoiV0ttM1Q4UnlUbjNfRWhkVDd3QW5xX1NJdTdRMlRPZDZ1ZmpodV93YUpaZyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsiZXNzZW50aWFsIjp0cnVlLCJ2YWx1ZXMiOlsidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwidXJuOm9wZW5iYW5raW5nOnBzZDI6Y2EiXX19fSwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoic3lGemE4eHVIY3FWLUpYbDNpVFNRSThPSnhGUVZrbVlubHdoVUlvTThORSIsImlzcyI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtMTl4X2VTQ0sxemVNcDVJQlU4RVhpLyIsImNsaWVudF9pZCI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJqdGkiOiIzY3RteGtxa1BJSDlnbWM5aEUtS2NsaHdpMUJLWnJhWUdaSXRnQVRQeG5BIiwiaWF0IjoxNjM0OTE2OTAwLCJleHAiOjE2MzQ5MTcyMDAsIm5iZiI6MTYzNDkxNjkwMH0.AEw85M1jXYYbBebSPh-uIYUeEBzYOeZ__BAbhvFx8DjR-K3NY9lJgBbhh2vxchHOj6lKiejrlx_W-L7qFnpOBUytpvxCRx1tM069oZBH1TImmX-6Vu_BUx584KcbvmhadAXwrrsoz5sWTDwFnt3El2GgSYbjfiWEg2rk3-gMjKXtJGFsy3oeZcs19LFaDZSCoLayYhRQFFppn3DXtk3SZI6p0YnNnIILwptdcqBNpmKPmeh456oNWhuMf00uTrcVa-QBw3oH3V8CM-CUoUxi4hErozANbuMWnOx5ekgomsPQwf0yu7ur-P0jFSBR51tn7fMUjoHnbXvz6vo3Tvg8UQ
request_object_signing_alg
PS256
jwk
Sun RSA public key, 2048 bits
  params: null
  modulus: 27262597154763989305055148815711488269157481743720755702240380843367797319870798189527908197243336359983630974065803071153487768932551258551950042469026189824307749998085354643295033515047035174967001629550505655094917380571522302455920218031655592404236843639102849057608963971356125362772698646367564181391388595189588459839262327403830357952158890465842995647639008047535976439759573164077601685521718065777840262201742407472930266003592124839170802923787978992169646750032689255276252558129832339759175311876194099675409734888361574980482164660350660340919239422570653089937131562421726778179414553698438581340487
  public exponent: 65537
2021-10-22 15:35:00 SUCCESS
EnsureMatchingRedirectUriInRequestObject
Redirect URI matched
actual
https://openid-client2.local/cb
2021-10-22 15:35:00 SUCCESS
EnsureRequestObjectContainsCodeChallengeWhenUsingPAR
Found required PKCE parameters in request
code_challenge_method
S256
code_challenge
syFza8xuHcqV-JXl3iTSQI8OJxFQVkmYnlwhUIoM8NE
2021-10-22 15:35:00 SUCCESS
CreatePAREndpointResponse
Created PAR endpoint response
request_uri
urn:ietf:params:oauth:request_uri:e9457888-6189-473a-8fda-97d124998084
expires_in
600
2021-10-22 15:35:00 OUTGOING
fapi1-advanced-final-client-test-encrypted-idtoken
Response to HTTP request to test instance KTmAxsuycnbGhvI
outgoing_status_code
201
outgoing_headers
{}
outgoing_body
{
  "request_uri": "urn:ietf:params:oauth:request_uri:e9457888-6189-473a-8fda-97d124998084",
  "expires_in": 600
}
outgoing_path
par
2021-10-22 15:35:01 INCOMING
fapi1-advanced-final-client-test-encrypted-idtoken
Incoming HTTP request to test instance KTmAxsuycnbGhvI
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "got (https://github.com/sindresorhus/got)",
  "accept-encoding": "gzip, deflate, br",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "scope": "openid",
  "response_type": "code id_token",
  "redirect_uri": "https://openid-client2.local/cb",
  "request_uri": "urn:ietf:params:oauth:request_uri:e9457888-6189-473a-8fda-97d124998084"
}
incoming_body
2021-10-22 15:35:01 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Authorization endpoint
2021-10-22 15:35:01 SUCCESS
EnsureAuthorizationRequestDoesNotContainRequestWhenUsingPAR
Request does not contain a request parameter
2021-10-22 15:35:01 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:35:01 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "scope": "openid",
  "response_type": "code id_token",
  "redirect_uri": "https://openid-client2.local/cb",
  "iss": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "code_challenge_method": "S256",
  "nonce": "WKm3T8RyTn3_EhdT7wAnq_SIu7Q2TOd6ufjhu_waJZg",
  "aud": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "nbf": 1634916900,
  "claims": {
    "id_token": {
      "acr": {
        "values": [
          "urn:openbanking:psd2:sca",
          "urn:openbanking:psd2:ca"
        ],
        "essential": true
      }
    }
  },
  "state": "FUu6Ms-9RchT7Z_DDpj3Om28r1npIX3aDdxMzd6OqXE",
  "exp": 1634917200,
  "iat": 1634916900,
  "code_challenge": "syFza8xuHcqV-JXl3iTSQI8OJxFQVkmYnlwhUIoM8NE",
  "jti": "3ctmxkqkPIH9gmc9hE-Kclhwi1BKZraYGZItgATPxnA"
}
2021-10-22 15:35:01 SUCCESS
EnsureClientIdInAuthorizationRequestParametersMatchRequestObject
client_id http request parameter value matches client_id in request object
2021-10-22 15:35:01 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid
2021-10-22 15:35:01 SUCCESS
EnsureRequestedScopeIsEqualToConfiguredScope
Requested scopes match configured scopes
scope
openid
2021-10-22 15:35:01 SUCCESS
EnsureResponseTypeIsCodeIdToken
Response type is expected value
expected
code id_token
2021-10-22 15:35:01 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid"
]
expected
openid
2021-10-22 15:35:01 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi
2021-10-22 15:35:01 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
TWfTByDYfQouyaeQt7CTue78RKjEQoXt
2021-10-22 15:35:01 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
WKm3T8RyTn3_EhdT7wAnq_SIu7Q2TOd6ufjhu_waJZg
2021-10-22 15:35:01 SUCCESS
CalculateCHash
Successful c_hash encoding
c_hash
osVe3m9gqSsHTlcSOZRFTg
2021-10-22 15:35:01 SUCCESS
CalculateSHash
Successful s_hash encoding
s_hash
-Ucu9OZpIZD7_HZ_-O62rg
2021-10-22 15:35:01 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/
sub
user-subject-1234531
aud
client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi
nonce
WKm3T8RyTn3_EhdT7wAnq_SIu7Q2TOd6ufjhu_waJZg
iat
1634916901
exp
1634917201
2021-10-22 15:35:01 SUCCESS
AddCHashToIdTokenClaims
Added c_hash to ID token claims
c_hash
osVe3m9gqSsHTlcSOZRFTg
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "sub": "user-subject-1234531",
  "aud": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "nonce": "WKm3T8RyTn3_EhdT7wAnq_SIu7Q2TOd6ufjhu_waJZg",
  "iat": 1634916901,
  "exp": 1634917201,
  "c_hash": "osVe3m9gqSsHTlcSOZRFTg"
}
2021-10-22 15:35:01 SUCCESS
AddSHashToIdTokenClaims
Added s_hash to ID token claims
s_hash
-Ucu9OZpIZD7_HZ_-O62rg
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "sub": "user-subject-1234531",
  "aud": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "nonce": "WKm3T8RyTn3_EhdT7wAnq_SIu7Q2TOd6ufjhu_waJZg",
  "iat": 1634916901,
  "exp": 1634917201,
  "c_hash": "osVe3m9gqSsHTlcSOZRFTg",
  "s_hash": "-Ucu9OZpIZD7_HZ_-O62rg"
}
2021-10-22 15:35:01 INFO
AddAtHashToIdTokenClaims
Skipped evaluation due to missing required string: at_hash
expected
at_hash
2021-10-22 15:35:01 SUCCESS
AddACRClaimToIdTokenClaims
Added acr value to id_token_claims
acr_value
urn:openbanking:psd2:sca
claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "sub": "user-subject-1234531",
  "aud": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "nonce": "WKm3T8RyTn3_EhdT7wAnq_SIu7Q2TOd6ufjhu_waJZg",
  "iat": 1634916901,
  "exp": 1634917201,
  "c_hash": "osVe3m9gqSsHTlcSOZRFTg",
  "s_hash": "-Ucu9OZpIZD7_HZ_-O62rg",
  "acr": "urn:openbanking:psd2:sca"
}
2021-10-22 15:35:01 SUCCESS
SignIdToken
Signed the ID token
id_token
eyJraWQiOiI4Smh3ekhJSHkwYjdraFpodGVDZE15cHZXRVJ4M3M5ZW1Zc1htUEJnbUNRIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJ1c2VyLXN1YmplY3QtMTIzNDUzMSIsImF1ZCI6ImNsaWVudDItaWQtb3BlbmlkLWNsaWVudC0xOXhfZVNDSzF6ZU1wNUlCVThFWGkiLCJjX2hhc2giOiJvc1ZlM205Z3FTc0hUbGNTT1pSRlRnIiwiYWNyIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwic19oYXNoIjoiLVVjdTlPWnBJWkQ3X0haXy1PNjJyZyIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9vcGVuaWQtY2xpZW50LTE5eF9lU0NLMXplTXA1SUJVOEVYaVwvIiwiZXhwIjoxNjM0OTE3MjAxLCJub25jZSI6IldLbTNUOFJ5VG4zX0VoZFQ3d0FucV9TSXU3UTJUT2Q2dWZqaHVfd2FKWmciLCJpYXQiOjE2MzQ5MTY5MDF9.rwA9bK-8WlioDHsG05MaJx5symLeFhWJHqbGzZfZRenQlKOq10tbS0fBwmO5MfhXXCxD5Cydn3WHjicmlheR474tH437Jn3s8m-Vweyc1xJ-7Duic6wMM5Yk41vhM7JTnWdkUS_OmpdXz35LIsyhUP3AFXdh_CrodtXKuBDjGF14_3hOqhRo_mFOweDEXmSJRu-v4_Trws89FVhUeiIVflxsnt3CnaAJ96EvCmq1ti8N5UP6hZw8ezYzTOSu3NXQumiXc7TBY5nvfdT534I6PrgQ5RfgrQYzuif5bf0F99NQcg0O3oxjC72C0oTezy8Qt3Fk437jvqWm73tG3WvvXg
2021-10-22 15:35:01
EncryptIdToken
Encrypted the id token
id_token_encrypted_response_alg
RSA-OAEP-256
id_token_encrypted_response_enc
id_token
eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQS1PQUVQLTI1NiJ9.p6cjkzS6z4iZibkhiOiPFMfEDQ16_fmnhInJhlcpqASn2VPwD69ltbjPfgihoT_ws9V4Li8wHY-jeXuTGxp-WHcWwdsuSTAlMevGogZJMRBlLgmXYcZu6uz2XyLCRrhSFgdwdiqExlcA_CvwQ-kOI_LbTGIKc00BClkekGYxxlLcJRo4_d5MeISgabueJxy_OEJc3mzV6RKo983onsube6Apyx8fT9TUu6DJeqGlMzu5VQPe1RovGbBM0ASoDEsORPDieYZqlLZEMWURT9NddNWZCoaUt7TX8N6z6RP-G3wk-I184CrBYNWtxuWq_iorm07AaxooyB7z19y8GBoR6Q.WTxH7aKbmVuL4ZoDKpdHJA.d3qn_HXkEBZXcr0HElwfU2b4uxFFGd4Y18X3tG4nXzvGg1xPIyQpnXz8kHwua9nfMJ9__AFIimuLjG2m6HJoJCSR0DV10JyWIzS0lATVfIXzmpbE8JtkBfulfc4E9UMB2QwYDtVKNkEfKvf_4pOtJSOgs4d8ba0Afv4HGvt4kf2oH779eqaVTBs_lnd9dPw_COtjHSxSqBYUcSLiCa0G_-yn1dtSpzZRflbAWezfSVjYnx-pQDFBEws0ZGAdxX9Se2PF-zO6Gn_EW8COiy6vT1mxnF9Qyu5XZUeVi2PDCJHVVCm-XcZzBeGcQmgoWPlyXKk9WjP-wDePr79kzzd33uAEgNw4vKJUqosIfYNMgLkidytc8iWtXuJJ9DmBlU4JN8OJcQ4IK3C0lICFtglbFQzBP2mgNljiVwX8Fxp6JwvRXagoEyKjjSZvD7vdheapgZUXY61HBv30I7PcSzqrSH-k9r3haBKG30ikacic3DDAfOl93vdjZcat1cqpRjbYWiTAeTbQQKSYwSTYvAGYpEFj--nVoyHqySm8iIld9hVLaa24Z2R5fGIV-Z1Yhr67vsPPeStyNZC08zJca4wZ4kosFoLatknzJ7cYB_bNRR6BNxAQnE41TD0rvWyMOJeGzDu0wVsqCL00EDc3GOYaReqIH4tr5wwW6i_bq_tsvIdkgrAeiUaKSU5i_jcPvkseImjiacOvPfxUJmV344VP24pqO4bWtiBIEG5nosYZeUAzBOGL8GDa7PULPVkQg-ReCTf185wdVNHDrRCa2kgX0mYrL1geryrzu-m8Dr8dEGqee1ey_Ikh1dwUpC9LqMJINVUAZ30slrDJORW2_vwZSETqCrNUgFOPAzXCnWVKtSZYOAUkNRcKhZhxvQqeqc7boHIcH6v6y3d1frS8LlS8TGGu3Rl_oAs0vikQ4FiA8dkmq5EydhNN_LQgAOWDpFXmJn6ZuK7qR2I-500osR0cJmKgeE4tlTojc8oOVy2SHt5kGUTrBHr6IxpFp5g5tclg7eVuG4I6PaLLKn7LOoDqihzkT1UEbjqUDn2Rs6Y0jDoDuEJeJi88xciwB8C7OZVzITvWdReMWjoS_wVS7Ohkx7WhQSfK8K9y8O6HYiPRzQQIvvsJK8LXo0NsQXdzfMCHzVCpxSD-G7rleVJ2FCweaB3T3ZJrjeWuRGDc11V28dJShZvcyzXHfZrXXdNrHAwaevUxk4vt_84KTf-n3MUtUA.fh6I8ojSL9AzB_RLTkktXw
2021-10-22 15:35:01 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://openid-client2.local/cb",
  "state": "FUu6Ms-9RchT7Z_DDpj3Om28r1npIX3aDdxMzd6OqXE"
}
2021-10-22 15:35:01 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://openid-client2.local/cb",
  "state": "FUu6Ms-9RchT7Z_DDpj3Om28r1npIX3aDdxMzd6OqXE",
  "code": "TWfTByDYfQouyaeQt7CTue78RKjEQoXt"
}
2021-10-22 15:35:01 SUCCESS
AddIdTokenToAuthorizationEndpointResponseParams
Added id_token to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://openid-client2.local/cb",
  "state": "FUu6Ms-9RchT7Z_DDpj3Om28r1npIX3aDdxMzd6OqXE",
  "code": "TWfTByDYfQouyaeQt7CTue78RKjEQoXt",
  "id_token": "eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQS1PQUVQLTI1NiJ9.p6cjkzS6z4iZibkhiOiPFMfEDQ16_fmnhInJhlcpqASn2VPwD69ltbjPfgihoT_ws9V4Li8wHY-jeXuTGxp-WHcWwdsuSTAlMevGogZJMRBlLgmXYcZu6uz2XyLCRrhSFgdwdiqExlcA_CvwQ-kOI_LbTGIKc00BClkekGYxxlLcJRo4_d5MeISgabueJxy_OEJc3mzV6RKo983onsube6Apyx8fT9TUu6DJeqGlMzu5VQPe1RovGbBM0ASoDEsORPDieYZqlLZEMWURT9NddNWZCoaUt7TX8N6z6RP-G3wk-I184CrBYNWtxuWq_iorm07AaxooyB7z19y8GBoR6Q.WTxH7aKbmVuL4ZoDKpdHJA.d3qn_HXkEBZXcr0HElwfU2b4uxFFGd4Y18X3tG4nXzvGg1xPIyQpnXz8kHwua9nfMJ9__AFIimuLjG2m6HJoJCSR0DV10JyWIzS0lATVfIXzmpbE8JtkBfulfc4E9UMB2QwYDtVKNkEfKvf_4pOtJSOgs4d8ba0Afv4HGvt4kf2oH779eqaVTBs_lnd9dPw_COtjHSxSqBYUcSLiCa0G_-yn1dtSpzZRflbAWezfSVjYnx-pQDFBEws0ZGAdxX9Se2PF-zO6Gn_EW8COiy6vT1mxnF9Qyu5XZUeVi2PDCJHVVCm-XcZzBeGcQmgoWPlyXKk9WjP-wDePr79kzzd33uAEgNw4vKJUqosIfYNMgLkidytc8iWtXuJJ9DmBlU4JN8OJcQ4IK3C0lICFtglbFQzBP2mgNljiVwX8Fxp6JwvRXagoEyKjjSZvD7vdheapgZUXY61HBv30I7PcSzqrSH-k9r3haBKG30ikacic3DDAfOl93vdjZcat1cqpRjbYWiTAeTbQQKSYwSTYvAGYpEFj--nVoyHqySm8iIld9hVLaa24Z2R5fGIV-Z1Yhr67vsPPeStyNZC08zJca4wZ4kosFoLatknzJ7cYB_bNRR6BNxAQnE41TD0rvWyMOJeGzDu0wVsqCL00EDc3GOYaReqIH4tr5wwW6i_bq_tsvIdkgrAeiUaKSU5i_jcPvkseImjiacOvPfxUJmV344VP24pqO4bWtiBIEG5nosYZeUAzBOGL8GDa7PULPVkQg-ReCTf185wdVNHDrRCa2kgX0mYrL1geryrzu-m8Dr8dEGqee1ey_Ikh1dwUpC9LqMJINVUAZ30slrDJORW2_vwZSETqCrNUgFOPAzXCnWVKtSZYOAUkNRcKhZhxvQqeqc7boHIcH6v6y3d1frS8LlS8TGGu3Rl_oAs0vikQ4FiA8dkmq5EydhNN_LQgAOWDpFXmJn6ZuK7qR2I-500osR0cJmKgeE4tlTojc8oOVy2SHt5kGUTrBHr6IxpFp5g5tclg7eVuG4I6PaLLKn7LOoDqihzkT1UEbjqUDn2Rs6Y0jDoDuEJeJi88xciwB8C7OZVzITvWdReMWjoS_wVS7Ohkx7WhQSfK8K9y8O6HYiPRzQQIvvsJK8LXo0NsQXdzfMCHzVCpxSD-G7rleVJ2FCweaB3T3ZJrjeWuRGDc11V28dJShZvcyzXHfZrXXdNrHAwaevUxk4vt_84KTf-n3MUtUA.fh6I8ojSL9AzB_RLTkktXw"
}
2021-10-22 15:35:01
SendAuthorizationResponseWithResponseModeFragment
Redirecting back to client
uri
https://openid-client2.local/cb#state=FUu6Ms-9RchT7Z_DDpj3Om28r1npIX3aDdxMzd6OqXE&code=TWfTByDYfQouyaeQt7CTue78RKjEQoXt&id_token=eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQS1PQUVQLTI1NiJ9.p6cjkzS6z4iZibkhiOiPFMfEDQ16_fmnhInJhlcpqASn2VPwD69ltbjPfgihoT_ws9V4Li8wHY-jeXuTGxp-WHcWwdsuSTAlMevGogZJMRBlLgmXYcZu6uz2XyLCRrhSFgdwdiqExlcA_CvwQ-kOI_LbTGIKc00BClkekGYxxlLcJRo4_d5MeISgabueJxy_OEJc3mzV6RKo983onsube6Apyx8fT9TUu6DJeqGlMzu5VQPe1RovGbBM0ASoDEsORPDieYZqlLZEMWURT9NddNWZCoaUt7TX8N6z6RP-G3wk-I184CrBYNWtxuWq_iorm07AaxooyB7z19y8GBoR6Q.WTxH7aKbmVuL4ZoDKpdHJA.d3qn_HXkEBZXcr0HElwfU2b4uxFFGd4Y18X3tG4nXzvGg1xPIyQpnXz8kHwua9nfMJ9__AFIimuLjG2m6HJoJCSR0DV10JyWIzS0lATVfIXzmpbE8JtkBfulfc4E9UMB2QwYDtVKNkEfKvf_4pOtJSOgs4d8ba0Afv4HGvt4kf2oH779eqaVTBs_lnd9dPw_COtjHSxSqBYUcSLiCa0G_-yn1dtSpzZRflbAWezfSVjYnx-pQDFBEws0ZGAdxX9Se2PF-zO6Gn_EW8COiy6vT1mxnF9Qyu5XZUeVi2PDCJHVVCm-XcZzBeGcQmgoWPlyXKk9WjP-wDePr79kzzd33uAEgNw4vKJUqosIfYNMgLkidytc8iWtXuJJ9DmBlU4JN8OJcQ4IK3C0lICFtglbFQzBP2mgNljiVwX8Fxp6JwvRXagoEyKjjSZvD7vdheapgZUXY61HBv30I7PcSzqrSH-k9r3haBKG30ikacic3DDAfOl93vdjZcat1cqpRjbYWiTAeTbQQKSYwSTYvAGYpEFj--nVoyHqySm8iIld9hVLaa24Z2R5fGIV-Z1Yhr67vsPPeStyNZC08zJca4wZ4kosFoLatknzJ7cYB_bNRR6BNxAQnE41TD0rvWyMOJeGzDu0wVsqCL00EDc3GOYaReqIH4tr5wwW6i_bq_tsvIdkgrAeiUaKSU5i_jcPvkseImjiacOvPfxUJmV344VP24pqO4bWtiBIEG5nosYZeUAzBOGL8GDa7PULPVkQg-ReCTf185wdVNHDrRCa2kgX0mYrL1geryrzu-m8Dr8dEGqee1ey_Ikh1dwUpC9LqMJINVUAZ30slrDJORW2_vwZSETqCrNUgFOPAzXCnWVKtSZYOAUkNRcKhZhxvQqeqc7boHIcH6v6y3d1frS8LlS8TGGu3Rl_oAs0vikQ4FiA8dkmq5EydhNN_LQgAOWDpFXmJn6ZuK7qR2I-500osR0cJmKgeE4tlTojc8oOVy2SHt5kGUTrBHr6IxpFp5g5tclg7eVuG4I6PaLLKn7LOoDqihzkT1UEbjqUDn2Rs6Y0jDoDuEJeJi88xciwB8C7OZVzITvWdReMWjoS_wVS7Ohkx7WhQSfK8K9y8O6HYiPRzQQIvvsJK8LXo0NsQXdzfMCHzVCpxSD-G7rleVJ2FCweaB3T3ZJrjeWuRGDc11V28dJShZvcyzXHfZrXXdNrHAwaevUxk4vt_84KTf-n3MUtUA.fh6I8ojSL9AzB_RLTkktXw
2021-10-22 15:35:01 OUTGOING
fapi1-advanced-final-client-test-encrypted-idtoken
Response to HTTP request to test instance KTmAxsuycnbGhvI
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://openid-client2.local/cb#state=FUu6Ms-9RchT7Z_DDpj3Om28r1npIX3aDdxMzd6OqXE&code=TWfTByDYfQouyaeQt7CTue78RKjEQoXt&id_token=eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQS1PQUVQLTI1NiJ9.p6cjkzS6z4iZibkhiOiPFMfEDQ16_fmnhInJhlcpqASn2VPwD69ltbjPfgihoT_ws9V4Li8wHY-jeXuTGxp-WHcWwdsuSTAlMevGogZJMRBlLgmXYcZu6uz2XyLCRrhSFgdwdiqExlcA_CvwQ-kOI_LbTGIKc00BClkekGYxxlLcJRo4_d5MeISgabueJxy_OEJc3mzV6RKo983onsube6Apyx8fT9TUu6DJeqGlMzu5VQPe1RovGbBM0ASoDEsORPDieYZqlLZEMWURT9NddNWZCoaUt7TX8N6z6RP-G3wk-I184CrBYNWtxuWq_iorm07AaxooyB7z19y8GBoR6Q.WTxH7aKbmVuL4ZoDKpdHJA.d3qn_HXkEBZXcr0HElwfU2b4uxFFGd4Y18X3tG4nXzvGg1xPIyQpnXz8kHwua9nfMJ9__AFIimuLjG2m6HJoJCSR0DV10JyWIzS0lATVfIXzmpbE8JtkBfulfc4E9UMB2QwYDtVKNkEfKvf_4pOtJSOgs4d8ba0Afv4HGvt4kf2oH779eqaVTBs_lnd9dPw_COtjHSxSqBYUcSLiCa0G_-yn1dtSpzZRflbAWezfSVjYnx-pQDFBEws0ZGAdxX9Se2PF-zO6Gn_EW8COiy6vT1mxnF9Qyu5XZUeVi2PDCJHVVCm-XcZzBeGcQmgoWPlyXKk9WjP-wDePr79kzzd33uAEgNw4vKJUqosIfYNMgLkidytc8iWtXuJJ9DmBlU4JN8OJcQ4IK3C0lICFtglbFQzBP2mgNljiVwX8Fxp6JwvRXagoEyKjjSZvD7vdheapgZUXY61HBv30I7PcSzqrSH-k9r3haBKG30ikacic3DDAfOl93vdjZcat1cqpRjbYWiTAeTbQQKSYwSTYvAGYpEFj--nVoyHqySm8iIld9hVLaa24Z2R5fGIV-Z1Yhr67vsPPeStyNZC08zJca4wZ4kosFoLatknzJ7cYB_bNRR6BNxAQnE41TD0rvWyMOJeGzDu0wVsqCL00EDc3GOYaReqIH4tr5wwW6i_bq_tsvIdkgrAeiUaKSU5i_jcPvkseImjiacOvPfxUJmV344VP24pqO4bWtiBIEG5nosYZeUAzBOGL8GDa7PULPVkQg-ReCTf185wdVNHDrRCa2kgX0mYrL1geryrzu-m8Dr8dEGqee1ey_Ikh1dwUpC9LqMJINVUAZ30slrDJORW2_vwZSETqCrNUgFOPAzXCnWVKtSZYOAUkNRcKhZhxvQqeqc7boHIcH6v6y3d1frS8LlS8TGGu3Rl_oAs0vikQ4FiA8dkmq5EydhNN_LQgAOWDpFXmJn6ZuK7qR2I-500osR0cJmKgeE4tlTojc8oOVy2SHt5kGUTrBHr6IxpFp5g5tclg7eVuG4I6PaLLKn7LOoDqihzkT1UEbjqUDn2Rs6Y0jDoDuEJeJi88xciwB8C7OZVzITvWdReMWjoS_wVS7Ohkx7WhQSfK8K9y8O6HYiPRzQQIvvsJK8LXo0NsQXdzfMCHzVCpxSD-G7rleVJ2FCweaB3T3ZJrjeWuRGDc11V28dJShZvcyzXHfZrXXdNrHAwaevUxk4vt_84KTf-n3MUtUA.fh6I8ojSL9AzB_RLTkktXw]
outgoing_path
authorize
2021-10-22 15:35:01 INCOMING
fapi1-advanced-final-client-test-encrypted-idtoken
Incoming HTTP request to test instance KTmAxsuycnbGhvI
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:35:01 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:35:01 OUTGOING
fapi1-advanced-final-client-test-encrypted-idtoken
Response to HTTP request to test instance KTmAxsuycnbGhvI
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "8JhwzHIHy0b7khZhteCdMypvWERx3s9emYsXmPBgmCQ",
      "alg": "PS256",
      "n": "wlkAv4Ub0vsZF0x5oaTCuZSO5h0SiMtjLGjpQhh_aYzav3-W46SiBicNknvaKOWrSvBszc4o1whOkqP-0ryAcrK5YJVei3GrtYUygeH0eCXFOnCZo8njKgrrXIa6PzhfhR692SJrI2hDTTdpOM6dninOfAdTHCeB1pESVUyaY6TUXeeFf7cNKAFG3TfH-ZPvQIylc_olmBKX4nUk8HcTJudTfUJ9NFd0DBLroC5cWgz1Q9LR7kJsuZ5aN-tfaZENQ7mUItW16cjgHHS3ChwFyuwY0AB3-2Ei1EW40DfhjDxEZpTAO9pDsWJUAbs9mb4rL8piYDGNDgWy82NXxXZr4w"
    }
  ]
}
outgoing_path
jwks
2021-10-22 15:35:02 INCOMING
fapi1-advanced-final-client-test-encrypted-idtoken
Incoming HTTP request to test instance KTmAxsuycnbGhvI
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A /kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8 susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON +S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+ xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd winxMEcYkV0E840v9E0\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "content-length": "235",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "code": "TWfTByDYfQouyaeQt7CTue78RKjEQoXt",
  "redirect_uri": "https://openid-client2.local/cb",
  "code_verifier": "t3y60lvGlkTC4_zYsANLPFuN4d5xFvJh6CgMefq1mgg",
  "client_id": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&code=TWfTByDYfQouyaeQt7CTue78RKjEQoXt&redirect_uri=https%3A%2F%2Fopenid-client2.local%2Fcb&code_verifier=t3y60lvGlkTC4_zYsANLPFuN4d5xFvJh6CgMefq1mgg&client_id=client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi
2021-10-22 15:35:02 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Token endpoint
2021-10-22 15:35:02 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A /kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8 susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON +S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+ xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd winxMEcYkV0E840v9E0\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z\nlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs\nW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A\n/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8\nsusKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N\nOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy\nYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I\na2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh\nIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON\n+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+\nxyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd\nwinxMEcYkV0E840v9E0\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:35:02 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:35:02 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z
lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs
W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A
/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8
susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N
Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy
YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I
a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh
IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON
+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+
xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd
winxMEcYkV0E840v9E0=
-----END CERTIFICATE-----
2021-10-22 15:35:02 SUCCESS
EnsureNoClientAssertionSentToTokenEndpoint
Client did not send a client_assertion to token endpoint
2021-10-22 15:35:02 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
TWfTByDYfQouyaeQt7CTue78RKjEQoXt
2021-10-22 15:35:02 SUCCESS
ValidateRedirectUri
Found redirect uri
redirect_uri
https://openid-client2.local/cb
2021-10-22 15:35:02 SUCCESS
ValidateCodeVerifierWithS256
Validated code_verifier successfully
code_challenge_method
S256
code_verifier
t3y60lvGlkTC4_zYsANLPFuN4d5xFvJh6CgMefq1mgg
code_challenge
syFza8xuHcqV-JXl3iTSQI8OJxFQVkmYnlwhUIoM8NE
2021-10-22 15:35:02 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
NKUL9ZFcsCYmga5RxamNrBtsUIqkwnk653RkFI3OuW7vBiwOtZ
2021-10-22 15:35:02 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
etM1hj6-BO1ow00YXJQq8g
2021-10-22 15:35:02
CreateRefreshToken
Created refresh token
refresh_token
KIPTTkTZjKPYLVIiHdhiPDUvVQKuIyTEmFZBtdSxxdodErxCqR1467464521*]}#~
2021-10-22 15:35:02 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/
sub
user-subject-1234531
aud
client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi
nonce
WKm3T8RyTn3_EhdT7wAnq_SIu7Q2TOd6ufjhu_waJZg
iat
1634916902
exp
1634917202
2021-10-22 15:35:02 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
etM1hj6-BO1ow00YXJQq8g
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "sub": "user-subject-1234531",
  "aud": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "nonce": "WKm3T8RyTn3_EhdT7wAnq_SIu7Q2TOd6ufjhu_waJZg",
  "iat": 1634916902,
  "exp": 1634917202,
  "at_hash": "etM1hj6-BO1ow00YXJQq8g"
}
2021-10-22 15:35:02 SUCCESS
AddACRClaimToIdTokenClaims
Added acr value to id_token_claims
acr_value
urn:openbanking:psd2:sca
claims
{
  "iss": "https://www.certification.openid.net/test/a/openid-client-19x_eSCK1zeMp5IBU8EXi/",
  "sub": "user-subject-1234531",
  "aud": "client2-id-openid-client-19x_eSCK1zeMp5IBU8EXi",
  "nonce": "WKm3T8RyTn3_EhdT7wAnq_SIu7Q2TOd6ufjhu_waJZg",
  "iat": 1634916902,
  "exp": 1634917202,
  "at_hash": "etM1hj6-BO1ow00YXJQq8g",
  "acr": "urn:openbanking:psd2:sca"
}
2021-10-22 15:35:02 SUCCESS
SignIdToken
Signed the ID token
id_token
eyJraWQiOiI4Smh3ekhJSHkwYjdraFpodGVDZE15cHZXRVJ4M3M5ZW1Zc1htUEJnbUNRIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiZXRNMWhqNi1CTzFvdzAwWVhKUXE4ZyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50Mi1pZC1vcGVuaWQtY2xpZW50LTE5eF9lU0NLMXplTXA1SUJVOEVYaSIsImFjciI6InVybjpvcGVuYmFua2luZzpwc2QyOnNjYSIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9vcGVuaWQtY2xpZW50LTE5eF9lU0NLMXplTXA1SUJVOEVYaVwvIiwiZXhwIjoxNjM0OTE3MjAyLCJub25jZSI6IldLbTNUOFJ5VG4zX0VoZFQ3d0FucV9TSXU3UTJUT2Q2dWZqaHVfd2FKWmciLCJpYXQiOjE2MzQ5MTY5MDJ9.AaSUUsx3zakTDY2nPXLTOM-THAeIUHps9CC9UqbLkRKkW6aAs8ht3KyiXc0qrsNo0z7bUSbJ4NRDlxB4xljGBH136JHPkUE6wjbsYlfNknQJM2Wq0-dBj0xLCH7_OtxCMph6TYBArDBFEQYfQQGk40PdZIFf-UdqyRgkdB8NxmtHLyT8AdQXDZ-7mip41-O_VjOm8aiHRlRQO9jRRKnyxgeKwycwQiyPstZqdHd3dF6ZiFNTe8K3DaCXrIsvDceyyaaOzubqzaT8wA8__nAAsPQ71i_-dDoAAEtBzOsJFJS5Gewl1t0d1JTAQLfurLtRxFlhi7nCn3sFtLejcrS8nQ
2021-10-22 15:35:02
EncryptIdToken
Encrypted the id token
id_token_encrypted_response_alg
RSA-OAEP-256
id_token_encrypted_response_enc
id_token
eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQS1PQUVQLTI1NiJ9.Cjs0r7TlrtlPVCadwOFvYtfNSiZ4QaQ5VjRiPQV22JPlsd0XKDkN9EBBH7Cv5uTtr_V9hf78a6Sy2gGhgdV8PiNw9D0TcKi3gSAcB8xzUO9ZiDZATMzG0hBFFrieAzKp6_u7rgPcnrbJs8skuRY1aklBZwBX5WhIuIymkLURDz23edglzROT6q4_0sevxBmMwRchQfjTkC3eVItjmtPilJ0DTOg9UEWetslOHwAmFlbBhfvXT4NrZ9IHXEr1UhuYssrtgI57J2-4DoIq95KifoGIs02vDuY33da5nVBTaOWPXAXFmNvLYIyOpkpAQqyHCZ-fi_BP6WOkX-ZnSMnScQ.dXRLNo0GAgFbdTsWAQfFAg.FTM1pquqIeaBvq7p8cSVQPTjKzE99btvzyPsN5nfHZFQuJGEYi1QUsdNQcXv93p6qduCWNuc9kfwJ7BnkHkxfvx8jy21Mkt8Xg1fhiDyB6tpJhZ9Mj4f3cUw7So9LfnIXcMmL8zsYdsUBO37V-o6zWJOINyU4hpu5g2I0EuUqhloXmB3jrtpMZbtMpm-9OLf0UTp3Pv6F3X9jEieosvLdrIZq4XS4g7g7y0OQiitVVPKxhF8IoWHFcm6skBT9vhv4JQhD1mREUbJ9pWhIQF0CanicewAkFeFWqnqNtbDxKuHkTTPW8dehgONu7QsDMomv7SkrSIzGvjI5gYfuiTR1rCem-eZidmGj4AgN2A9YzWeM5WRTpcekvFNMCwhX50uVM0Pd4DwfftUpwS1TLtN97J7XP3vVQODm1GRWXZ-6LdIPuelQgfEGbJB-5TeRFseTGiYw5Gey8X0puXx5D-E-LYLVya-5W9D9zeyaF8SZkJY8Cby67YwhBbwooNZv-U9L1HPw5kB7lFgklmpgR5NahDN46Pk9E99MN921zmIyIGHc09lhE0ADmCjp635GSNqJU4oveKoIgng2oK0w8oc1K-fgzhaEWBAG2saBnUqt9K0lLvF5gwFfKSotDpoIFbXP62UmtVn9JRxhn8zQdqC96PtMX8iP2vL4cIw0Op0LN_UOKkO5Mpwtk6EWhLLewjRNCiqipufv_HoSAXbEBpkTOMwukHg5kmjouPEOF1dT1GBhoeR4DgbK3qdJvGyDVYRSvgGGtcFvmGZv3FzvHbwFQZDuxdoGfQZ7-ehvdCdstBw1kOTP3RD0Sh1ERGQRDbDylK49v6OAXmqxr3bBzAEQ7fXiphSxZbsxGFozgsXIdKr3hRqrxkXIfX1H-SZVbOzc04V9OcLIyylV2UKZP2NAW0n25BiyJ1oizG4MlY40603NmsGOWo8w5gnaMNDKzxHazZAZcAvYmXnPURHQPuaoYqN0El4Eq-ym9rCJk8mDpSOg1l9bnpYiYURp1-D8j64rFYBWzBPCh9ZKJ0ufAwsfEluPhDWW4wA2kCRibzURn_Y-RmfOjZIO72NFsYX8YMSVmTKF7YWciSstYsNUJXSoY6-JOK8NK4nFyyIU1w4X0oK-J9YTYqjDfapU7bV5yzNbyiVhoEJBL2x2E8y6TRzNFMYAOMNfsuTolq3URfWy7s.oPUB8IHAliRNEVsLi_Vo9A
2021-10-22 15:35:02 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
NKUL9ZFcsCYmga5RxamNrBtsUIqkwnk653RkFI3OuW7vBiwOtZ
token_type
Bearer
id_token
eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQS1PQUVQLTI1NiJ9.Cjs0r7TlrtlPVCadwOFvYtfNSiZ4QaQ5VjRiPQV22JPlsd0XKDkN9EBBH7Cv5uTtr_V9hf78a6Sy2gGhgdV8PiNw9D0TcKi3gSAcB8xzUO9ZiDZATMzG0hBFFrieAzKp6_u7rgPcnrbJs8skuRY1aklBZwBX5WhIuIymkLURDz23edglzROT6q4_0sevxBmMwRchQfjTkC3eVItjmtPilJ0DTOg9UEWetslOHwAmFlbBhfvXT4NrZ9IHXEr1UhuYssrtgI57J2-4DoIq95KifoGIs02vDuY33da5nVBTaOWPXAXFmNvLYIyOpkpAQqyHCZ-fi_BP6WOkX-ZnSMnScQ.dXRLNo0GAgFbdTsWAQfFAg.FTM1pquqIeaBvq7p8cSVQPTjKzE99btvzyPsN5nfHZFQuJGEYi1QUsdNQcXv93p6qduCWNuc9kfwJ7BnkHkxfvx8jy21Mkt8Xg1fhiDyB6tpJhZ9Mj4f3cUw7So9LfnIXcMmL8zsYdsUBO37V-o6zWJOINyU4hpu5g2I0EuUqhloXmB3jrtpMZbtMpm-9OLf0UTp3Pv6F3X9jEieosvLdrIZq4XS4g7g7y0OQiitVVPKxhF8IoWHFcm6skBT9vhv4JQhD1mREUbJ9pWhIQF0CanicewAkFeFWqnqNtbDxKuHkTTPW8dehgONu7QsDMomv7SkrSIzGvjI5gYfuiTR1rCem-eZidmGj4AgN2A9YzWeM5WRTpcekvFNMCwhX50uVM0Pd4DwfftUpwS1TLtN97J7XP3vVQODm1GRWXZ-6LdIPuelQgfEGbJB-5TeRFseTGiYw5Gey8X0puXx5D-E-LYLVya-5W9D9zeyaF8SZkJY8Cby67YwhBbwooNZv-U9L1HPw5kB7lFgklmpgR5NahDN46Pk9E99MN921zmIyIGHc09lhE0ADmCjp635GSNqJU4oveKoIgng2oK0w8oc1K-fgzhaEWBAG2saBnUqt9K0lLvF5gwFfKSotDpoIFbXP62UmtVn9JRxhn8zQdqC96PtMX8iP2vL4cIw0Op0LN_UOKkO5Mpwtk6EWhLLewjRNCiqipufv_HoSAXbEBpkTOMwukHg5kmjouPEOF1dT1GBhoeR4DgbK3qdJvGyDVYRSvgGGtcFvmGZv3FzvHbwFQZDuxdoGfQZ7-ehvdCdstBw1kOTP3RD0Sh1ERGQRDbDylK49v6OAXmqxr3bBzAEQ7fXiphSxZbsxGFozgsXIdKr3hRqrxkXIfX1H-SZVbOzc04V9OcLIyylV2UKZP2NAW0n25BiyJ1oizG4MlY40603NmsGOWo8w5gnaMNDKzxHazZAZcAvYmXnPURHQPuaoYqN0El4Eq-ym9rCJk8mDpSOg1l9bnpYiYURp1-D8j64rFYBWzBPCh9ZKJ0ufAwsfEluPhDWW4wA2kCRibzURn_Y-RmfOjZIO72NFsYX8YMSVmTKF7YWciSstYsNUJXSoY6-JOK8NK4nFyyIU1w4X0oK-J9YTYqjDfapU7bV5yzNbyiVhoEJBL2x2E8y6TRzNFMYAOMNfsuTolq3URfWy7s.oPUB8IHAliRNEVsLi_Vo9A
refresh_token
KIPTTkTZjKPYLVIiHdhiPDUvVQKuIyTEmFZBtdSxxdodErxCqR1467464521*]}#~
scope
openid
2021-10-22 15:35:02 OUTGOING
fapi1-advanced-final-client-test-encrypted-idtoken
Response to HTTP request to test instance KTmAxsuycnbGhvI
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "NKUL9ZFcsCYmga5RxamNrBtsUIqkwnk653RkFI3OuW7vBiwOtZ",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiJPZlM5X0d0bmJTay1UNEJpM3ZScjNELWt0QUhIWEd6RGEteC1aVVdQc3Q0IiwiY3R5IjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6IlJTQS1PQUVQLTI1NiJ9.Cjs0r7TlrtlPVCadwOFvYtfNSiZ4QaQ5VjRiPQV22JPlsd0XKDkN9EBBH7Cv5uTtr_V9hf78a6Sy2gGhgdV8PiNw9D0TcKi3gSAcB8xzUO9ZiDZATMzG0hBFFrieAzKp6_u7rgPcnrbJs8skuRY1aklBZwBX5WhIuIymkLURDz23edglzROT6q4_0sevxBmMwRchQfjTkC3eVItjmtPilJ0DTOg9UEWetslOHwAmFlbBhfvXT4NrZ9IHXEr1UhuYssrtgI57J2-4DoIq95KifoGIs02vDuY33da5nVBTaOWPXAXFmNvLYIyOpkpAQqyHCZ-fi_BP6WOkX-ZnSMnScQ.dXRLNo0GAgFbdTsWAQfFAg.FTM1pquqIeaBvq7p8cSVQPTjKzE99btvzyPsN5nfHZFQuJGEYi1QUsdNQcXv93p6qduCWNuc9kfwJ7BnkHkxfvx8jy21Mkt8Xg1fhiDyB6tpJhZ9Mj4f3cUw7So9LfnIXcMmL8zsYdsUBO37V-o6zWJOINyU4hpu5g2I0EuUqhloXmB3jrtpMZbtMpm-9OLf0UTp3Pv6F3X9jEieosvLdrIZq4XS4g7g7y0OQiitVVPKxhF8IoWHFcm6skBT9vhv4JQhD1mREUbJ9pWhIQF0CanicewAkFeFWqnqNtbDxKuHkTTPW8dehgONu7QsDMomv7SkrSIzGvjI5gYfuiTR1rCem-eZidmGj4AgN2A9YzWeM5WRTpcekvFNMCwhX50uVM0Pd4DwfftUpwS1TLtN97J7XP3vVQODm1GRWXZ-6LdIPuelQgfEGbJB-5TeRFseTGiYw5Gey8X0puXx5D-E-LYLVya-5W9D9zeyaF8SZkJY8Cby67YwhBbwooNZv-U9L1HPw5kB7lFgklmpgR5NahDN46Pk9E99MN921zmIyIGHc09lhE0ADmCjp635GSNqJU4oveKoIgng2oK0w8oc1K-fgzhaEWBAG2saBnUqt9K0lLvF5gwFfKSotDpoIFbXP62UmtVn9JRxhn8zQdqC96PtMX8iP2vL4cIw0Op0LN_UOKkO5Mpwtk6EWhLLewjRNCiqipufv_HoSAXbEBpkTOMwukHg5kmjouPEOF1dT1GBhoeR4DgbK3qdJvGyDVYRSvgGGtcFvmGZv3FzvHbwFQZDuxdoGfQZ7-ehvdCdstBw1kOTP3RD0Sh1ERGQRDbDylK49v6OAXmqxr3bBzAEQ7fXiphSxZbsxGFozgsXIdKr3hRqrxkXIfX1H-SZVbOzc04V9OcLIyylV2UKZP2NAW0n25BiyJ1oizG4MlY40603NmsGOWo8w5gnaMNDKzxHazZAZcAvYmXnPURHQPuaoYqN0El4Eq-ym9rCJk8mDpSOg1l9bnpYiYURp1-D8j64rFYBWzBPCh9ZKJ0ufAwsfEluPhDWW4wA2kCRibzURn_Y-RmfOjZIO72NFsYX8YMSVmTKF7YWciSstYsNUJXSoY6-JOK8NK4nFyyIU1w4X0oK-J9YTYqjDfapU7bV5yzNbyiVhoEJBL2x2E8y6TRzNFMYAOMNfsuTolq3URfWy7s.oPUB8IHAliRNEVsLi_Vo9A",
  "refresh_token": "KIPTTkTZjKPYLVIiHdhiPDUvVQKuIyTEmFZBtdSxxdodErxCqR1467464521*]}#~",
  "scope": "openid"
}
outgoing_path
token
2021-10-22 15:35:03 INCOMING
fapi1-advanced-final-client-test-encrypted-idtoken
Incoming HTTP request to test instance KTmAxsuycnbGhvI
incoming_headers
{
  "host": "www.certification.openid.net",
  "authorization": "Bearer NKUL9ZFcsCYmga5RxamNrBtsUIqkwnk653RkFI3OuW7vBiwOtZ",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A /kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8 susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON +S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+ xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd winxMEcYkV0E840v9E0\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
open-banking/v1.1/accounts
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:35:03 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Accounts endpoint
2021-10-22 15:35:03 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A /kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8 susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON +S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+ xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd winxMEcYkV0E840v9E0\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z\nlX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs\nW2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A\n/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8\nsusKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N\nOgbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy\nYEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I\na2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh\nIOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON\n+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+\nxyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd\nwinxMEcYkV0E840v9E0\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:35:03 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:35:03 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJBCkhWUrbep95MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDUwWhcNMjIxMDIyMTUzNDUwWjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/YcRpQa9LgXhb3E7Fy0M/2Z
lX8lrtDfL5kJwDxnjLP1OcoULPC9D7sD12zZdrbQdFn9J5MyCByZ6KNfsXwdnKIs
W2XACTvY3/4tI7YFqRb5Jlhw7au4cs47NY4qkQ+aZQ/sBhvwdDFyMwKbGPQFV+5A
/kWdB2TqPSiSui99IL+9EvFrq/HgN34KO70+kSQjXMkYBw+VDuUdQvGwB7ss9wn8
susKyjmilOukvUR2vHtGf/SE3oiRYM25EKJhC9OglCSyEhNV6BnXZY6FqdfQcX/N
Ogbi8fiB/s+fkn21TNE8Rf0pWsAV+MlUszJ2VTT0SJHdBpRwMDByPxJzr+xJRwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAMNy
YEuBlNW2R/qld0sjEdPNi0x19B1TyUQw/Ql1h+4FMcGAcQCo/KEtAKWWSq/c8H4I
a2CAztytWQLI+X/02npEjrBdJTEgTPROBSqL2ORXHw6rpmuJq1GBQH9HuyYFmAIh
IOoef1ee7V+3YkeivvS5/jHipd0hR7E3gH+o535gstv563kyoqTGFOUiXYkuBEON
+S7sEdf5nLeYiSZNtHlCUpWz2TxAuYMG7HJdmP37dexIR8DmhMKYxr6WbNdsD6y+
xyVbM4+TExaNAwtPXWbGamJ5kM5/fnUj6Dyl7T+f3AxtRK5eof5hq/0JvAb81nAd
winxMEcYkV0E840v9E0=
-----END CERTIFICATE-----
2021-10-22 15:35:03 SUCCESS
EnsureBearerAccessTokenNotInParams
Client correctly did not send access token in query parameters or form body
2021-10-22 15:35:03 SUCCESS
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
access_token
NKUL9ZFcsCYmga5RxamNrBtsUIqkwnk653RkFI3OuW7vBiwOtZ
2021-10-22 15:35:03 SUCCESS
RequireBearerAccessToken
Found access token in request
actual
NKUL9ZFcsCYmga5RxamNrBtsUIqkwnk653RkFI3OuW7vBiwOtZ
2021-10-22 15:35:03 INFO
ExtractFapiDateHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-auth-date
path
headers.x-fapi-auth-date
mapped
object
incoming_request
2021-10-22 15:35:03 INFO
ExtractFapiIpAddressHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-customer-ip-address
path
headers.x-fapi-customer-ip-address
mapped
object
incoming_request
2021-10-22 15:35:03 INFO
ExtractFapiInteractionIdHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-interaction-id
path
headers.x-fapi-interaction-id
mapped
object
incoming_request
2021-10-22 15:35:03 SUCCESS
CreateFapiInteractionIdIfNeeded
Created new FAPI interaction ID
fapi_interaction_id
4a5e58be-38b2-4aab-9b9e-bed6086c6768
2021-10-22 15:35:03 SUCCESS
CreateFAPIAccountEndpointResponse
Created account response object
accounts_endpoint_response
{
  "conformance-test-finished": "true"
}
accounts_endpoint_response_headers
{
  "x-fapi-interaction-id": "4a5e58be-38b2-4aab-9b9e-bed6086c6768",
  "content-type": "application/json; charset\u003dUTF-8"
}
2021-10-22 15:35:03
ClearAccessTokenFromRequest
Condition ran but did not log anything
2021-10-22 15:35:03 OUTGOING
fapi1-advanced-final-client-test-encrypted-idtoken
Response to HTTP request to test instance KTmAxsuycnbGhvI
outgoing_status_code
200
outgoing_headers
{
  "x-fapi-interaction-id": [
    "4a5e58be-38b2-4aab-9b9e-bed6086c6768"
  ],
  "content-type": [
    "application/json; charset\u003dUTF-8"
  ]
}
outgoing_body
{
  "conformance-test-finished": "true"
}
outgoing_path
open-banking/v1.1/accounts
2021-10-22 15:35:03 FINISHED
fapi1-advanced-final-client-test-encrypted-idtoken
Test has run to completion
testmodule_result
PASSED
2021-10-22 15:35:04
TEST-RUNNER
Alias has now been claimed by another test
alias
openid-client-19x_eSCK1zeMp5IBU8EXi
new_test_id
WU3OjM6vDfQBAvr
Test Results