Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-10-22 15:34:59 INFO
TEST-RUNNER
Test instance XvRpdRhOvkPkgl9 created
baseUrl
https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h
variant
{
  "client_auth_type": "private_key_jwt",
  "fapi_auth_request_method": "pushed",
  "fapi_jarm_type": "plain_oauth",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "jarm"
}
alias
openid-client-ax9j1UaLqPr1gvLcP8D7h
description
openid-client v5.x FAPI1 Adv. private_key_jwt, PAR, JARM (OAUTH2) RP
planId
2SPX0cbcsQc1G
config
{
  "alias": "openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "description": "openid-client v5.x FAPI1 Adv. private_key_jwt, PAR, JARM (OAUTH2) RP",
  "server": {
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "yoI3KKYPC3nUzNopqCIpQ7x8LlA0BKI9Z1-gHVcGLR3y22dSduP0mAHsxMgUb4VpazmSWpo9wZDLvKbaUFsNLSXAqbbeJvx_X1uSyIFlOYnWp_8I5uqlBVEuLuUSQR0uglpJ-yPs3lyZmpT4R411L1NCgkRK434IE9WSnhwlPcbR-twtYp5uAwF2xlIVvVdLk52CpAdiKHlCa0RelWAaip1oOXVn9B4oXa3MIJSUpSgH3znKVUN7Qzyf8yDrkvoOE_zjxgkhy_NB1Zb2vZE49iGtI9vRD_mWk4EGcS7CGrHNAMEr2mGN2J-v4tFRZVjqKXYNwtowpy6W_wwDV1lJoQ",
          "d": "S-V1qsRhyxlECeqRxjPXZ02S9QCWHk532PBb3-Mnq20YAea9X1Wb7AR8qluaXRmRIuCW22IHVy5fTTrzgz48t_j4NiMVK2NikWiOoJruRxxD2P6aZYD3jACa4HR13PWE4tHX_EnAkq3925ONYbPAgZYgzRWvQ4eOm3Bl3OALjRT1q5cNqeQoJg-fR0lrQ4BQNg4YvNdiRi6qzu-fj3ABOYGRoVVTq2gEBUTfsXg4E2O7UYlup-M2qlG-7nDbHKxIiT7cxmr8ZS55GK7uANMMyoTFEcaDG5ClVPc5Bw_4T4TAiVHsbkYq1QDGRVANpYNeXUK9z2nxITMvQMoXr7Yn6Q",
          "p": "9MtfcxNGWEtkEQqLKVg5I94CAW4cQBgK7LkKgQc4vVF71RW89jbjdHW42lzBuNt3eKpo4gvNG7puGsQR1h1AmJhu22zwkEeLacdexPFU5CMx-rdlnEszcp1IiAzu6IhYa_On3zkdKZMW9-ztCI9a_O6nMhRQpFY7RskYCMau9PM",
          "q": "08dQ8JS9WbZIexx4f31y1NM0VWJb9OBUz1UFyfh4BziPYB81O-4YAF-ur56YVHb_rjCeSw8Dh_qeBXFD-QgrGCneZAMMqEdHR-Yc8VN9P1DzPrTMiaudy6-3Zj_35hWJrUgF_9A0Tvn5alUBSoIO-rXDLHSRwWWlflIUfgmxvBs",
          "dp": "etFCrWjBRXFl3krs8SxrVrx_QxpsoBev-38Hbx8hb5LfT1SdvuZhDkA2I5CgPVAXS_orryX-nWfW8CTpUgTRMP5huEObGrhakRLPUH5IekHSRJkZKOZuBJY3GtNqVk56Fodj9VIheIds4a0Ea-QI4ZgXWL_qidkd2nDwVw7gHtM",
          "dq": "MD0mYqZ-uwCaYfCKQgABOBkjwo81AwJWTyO-vdKrBHoNrodtSMljDjK9R6OIbzTr6HGKnO4-j6q2c-bo5MDHkCl5Tq6jI3GY-vefgBjUXqfBwHbOYE2HE-5iiBfqD664PZA6TZrPT24BMgdK0_3sC497dZTX3oWYvL1VjaAHrCE",
          "qi": "ew2CW60eLFUzmLfVRFSi-B5Fvi-iCvDExVoVm3rnmEWQZ1g02Biw31yXk5AXFjTr-d7rUUm9legAjtzdR-ysjHWofH7Y_1oFrWF-akMNgXxQRLLxzS923up4qM64GcX6YEbppY7Ub-LMLULBVMNmnN4KLrjGmcLdKnSjz3HWxHM",
          "kty": "RSA",
          "kid": "x3HEVAS1MtuJTa5x-MZC1XLVawIzySOKoMq-wyzuEuM",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    }
  },
  "waitTimeoutSeconds": 2,
  "client": {
    "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "scope": "All your base are belong to us",
    "redirect_uri": "https://openid-client.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "vGOkRYRSEC_4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ-RFFL8OyQfwe1g-j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2-s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz-NbuPa-FaVaQvGk_iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT_jEkEKBOso6wsrPs_pNZ4rcJd452CdBceTXNTYK2r-kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ_ZjhCR9Aw",
          "kty": "RSA",
          "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJpyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPWctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnGXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43zGynoOfsZbnrLlMYuiUw\u003d"
          ],
          "x5t": "5nLBbuo5am2oV9TL8PjnZw7x9Co",
          "x5t#S256": "DGuY2p1ly_AdoHWTaQt-QbEIOxB14fh-cNKHTrz6Vng"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E\r\nMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp\r\nIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR\r\nPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0\r\nMk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452\r\nCdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ\r\npyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90\r\nvwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW\r\nctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX\r\n4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG\r\nXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z\r\nGynoOfsZbnrLlMYuiUw\u003d\r\n-----END CERTIFICATE-----\r\n"
  },
  "client2": {
    "client_id": "client2-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "scope": "All your base are belong to us",
    "redirect_uri": "https://openid-client2.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "1CC4_tjNo_Z7ttNU1MeDo-HtW5cAS-Q-KUsfY7Y4k-_Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9_IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt-_Jla9p78WE9lAnGnajG07M0hsgzxIO_NuXbpvVSZifgAxqZQyZFL3y69pNf_6qb4mIu_T_pDgQ_7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu-uRioqADCHvMwQZT8iFK0_wFrfrSwPEcWrr8wgqNyXx8xPqQ",
          "kty": "RSA",
          "kid": "ngikCNiocbRDiCFtax7qqvF5vEMJBHxzez_VlkRDZzk",
          "use": "sig",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+HtW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxSeK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6TwoV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNSSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsqiPhbR+umi5i4QFjJPTY\u003d"
          ],
          "x5t": "P-mEzEIqvOMhvo3bvdggloU2aac",
          "x5t#S256": "aQdjBjzwKDPqsXcQrPtMHNF1PJeI54DFqQ7k0RLvBhM"
        },
        {
          "e": "AQAB",
          "n": "rLjkjLMba95llDbG__GPj19TeZqoOVyFa6nReuh-3bW31IBfZkQBNwDvsWYnqToaHRfcMcHTxgI7rT9g2DpxSBLoKIBdHSxvhU14Ek3OsWE0xeIm6qUBHYHh9SCBORL63Lcny9-TsEPD3VSJ1ZYSGGY0DZiyetnRbooptJRowW0gf50Sn5ivZZUPYAyZuXzUcrJYXsGX5cL1zW-KWtji4KYSMGFQDqnVX57zQE0VjVwrtLLIwsPtKmLI0vBtfFHDhdUUAG1OKu5zncHe1eSsSX2_pfPwClsqWr1Do-qRtxpYbOMKB0wzKaFlFgqQOL2XfEIyMPJ9mb4OZYcrKkX3aw",
          "kty": "RSA",
          "kid": "C7Y7F33pwZfQtE_DZ7kj2OJJEaFR8eiXZV8n45a1v_g",
          "alg": "RSA-OAEP-256",
          "use": "enc"
        }
      ]
    },
    "id_token_encrypted_response_alg": "RSA-OAEP-256",
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+Ht\r\nW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPsp\r\nJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuD\r\nCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL\r\n3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2Bk\r\nSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxS\r\neK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6Tw\r\noV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718\r\noYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+\r\nsLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNS\r\nSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsq\r\niPhbR+umi5i4QFjJPTY\u003d\r\n-----END CERTIFICATE-----\r\n"
  }
}
testName
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
2021-10-22 15:34:59 SUCCESS
GenerateServerConfigurationMTLS
Created server configuration
server
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/userinfo"
}
issuer
https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/
discoveryUrl
https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/.well-known/openid-configuration
2021-10-22 15:34:59 SUCCESS
LoadServerJWKs
Parsed public and private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "9MtfcxNGWEtkEQqLKVg5I94CAW4cQBgK7LkKgQc4vVF71RW89jbjdHW42lzBuNt3eKpo4gvNG7puGsQR1h1AmJhu22zwkEeLacdexPFU5CMx-rdlnEszcp1IiAzu6IhYa_On3zkdKZMW9-ztCI9a_O6nMhRQpFY7RskYCMau9PM",
      "kty": "RSA",
      "q": "08dQ8JS9WbZIexx4f31y1NM0VWJb9OBUz1UFyfh4BziPYB81O-4YAF-ur56YVHb_rjCeSw8Dh_qeBXFD-QgrGCneZAMMqEdHR-Yc8VN9P1DzPrTMiaudy6-3Zj_35hWJrUgF_9A0Tvn5alUBSoIO-rXDLHSRwWWlflIUfgmxvBs",
      "d": "S-V1qsRhyxlECeqRxjPXZ02S9QCWHk532PBb3-Mnq20YAea9X1Wb7AR8qluaXRmRIuCW22IHVy5fTTrzgz48t_j4NiMVK2NikWiOoJruRxxD2P6aZYD3jACa4HR13PWE4tHX_EnAkq3925ONYbPAgZYgzRWvQ4eOm3Bl3OALjRT1q5cNqeQoJg-fR0lrQ4BQNg4YvNdiRi6qzu-fj3ABOYGRoVVTq2gEBUTfsXg4E2O7UYlup-M2qlG-7nDbHKxIiT7cxmr8ZS55GK7uANMMyoTFEcaDG5ClVPc5Bw_4T4TAiVHsbkYq1QDGRVANpYNeXUK9z2nxITMvQMoXr7Yn6Q",
      "e": "AQAB",
      "use": "sig",
      "kid": "x3HEVAS1MtuJTa5x-MZC1XLVawIzySOKoMq-wyzuEuM",
      "qi": "ew2CW60eLFUzmLfVRFSi-B5Fvi-iCvDExVoVm3rnmEWQZ1g02Biw31yXk5AXFjTr-d7rUUm9legAjtzdR-ysjHWofH7Y_1oFrWF-akMNgXxQRLLxzS923up4qM64GcX6YEbppY7Ub-LMLULBVMNmnN4KLrjGmcLdKnSjz3HWxHM",
      "dp": "etFCrWjBRXFl3krs8SxrVrx_QxpsoBev-38Hbx8hb5LfT1SdvuZhDkA2I5CgPVAXS_orryX-nWfW8CTpUgTRMP5huEObGrhakRLPUH5IekHSRJkZKOZuBJY3GtNqVk56Fodj9VIheIds4a0Ea-QI4ZgXWL_qidkd2nDwVw7gHtM",
      "alg": "PS256",
      "dq": "MD0mYqZ-uwCaYfCKQgABOBkjwo81AwJWTyO-vdKrBHoNrodtSMljDjK9R6OIbzTr6HGKnO4-j6q2c-bo5MDHkCl5Tq6jI3GY-vefgBjUXqfBwHbOYE2HE-5iiBfqD664PZA6TZrPT24BMgdK0_3sC497dZTX3oWYvL1VjaAHrCE",
      "n": "yoI3KKYPC3nUzNopqCIpQ7x8LlA0BKI9Z1-gHVcGLR3y22dSduP0mAHsxMgUb4VpazmSWpo9wZDLvKbaUFsNLSXAqbbeJvx_X1uSyIFlOYnWp_8I5uqlBVEuLuUSQR0uglpJ-yPs3lyZmpT4R411L1NCgkRK434IE9WSnhwlPcbR-twtYp5uAwF2xlIVvVdLk52CpAdiKHlCa0RelWAaip1oOXVn9B4oXa3MIJSUpSgH3znKVUN7Qzyf8yDrkvoOE_zjxgkhy_NB1Zb2vZE49iGtI9vRD_mWk4EGcS7CGrHNAMEr2mGN2J-v4tFRZVjqKXYNwtowpy6W_wwDV1lJoQ"
    }
  ]
}
server_encryption_keys
{}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "x3HEVAS1MtuJTa5x-MZC1XLVawIzySOKoMq-wyzuEuM",
      "alg": "PS256",
      "n": "yoI3KKYPC3nUzNopqCIpQ7x8LlA0BKI9Z1-gHVcGLR3y22dSduP0mAHsxMgUb4VpazmSWpo9wZDLvKbaUFsNLSXAqbbeJvx_X1uSyIFlOYnWp_8I5uqlBVEuLuUSQR0uglpJ-yPs3lyZmpT4R411L1NCgkRK434IE9WSnhwlPcbR-twtYp5uAwF2xlIVvVdLk52CpAdiKHlCa0RelWAaip1oOXVn9B4oXa3MIJSUpSgH3znKVUN7Qzyf8yDrkvoOE_zjxgkhy_NB1Zb2vZE49iGtI9vRD_mWk4EGcS7CGrHNAMEr2mGN2J-v4tFRZVjqKXYNwtowpy6W_wwDV1lJoQ"
    }
  ]
}
2021-10-22 15:34:59 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:34:59 SUCCESS
ExtractServerSigningAlg
Successfully extracted algorithm
signing_algorithm
PS256
2021-10-22 15:34:59
SetTokenEndpointAuthMethodsSupportedToPrivateKeyJWTOnly
Changed token_endpoint_auth_methods_supported to private_key_jwt only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/userinfo",
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ]
}
2021-10-22 15:34:59
AddPushedAuthorizationRequestEndpointToServerConfig
Added pushed_authorization_request_endpoint to server configuration
endpoint
https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/par
2021-10-22 15:34:59
AddRequirePushedAuthorizationRequestsToServerConfig
Added require_pushed_authorization_requests to server configuration
value
true
2021-10-22 15:34:59 SUCCESS
AddResponseTypeCodeToServerConfiguration
Added code as response type supported
response_types_supported
[
  "code"
]
2021-10-22 15:34:59 SUCCESS
AddJARMResponseModeToServerConfiguration
Added jwt as response_modes_supported
response_modes_supported
[
  "jwt"
]
2021-10-22 15:34:59 SUCCESS
AddAuthorizationSigningAlgValuesSupportedToServerConfiguration
Added authorization_signing_alg_values_supported to server configuration
alg_values
[
  "PS256"
]
2021-10-22 15:34:59 SUCCESS
FAPIAddTokenEndpointAuthSigningAlgValuesSupportedToServer
Set token_endpoint_auth_signing_alg_values_supported
values
[
  "PS256",
  "ES256"
]
2021-10-22 15:34:59 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-10-22 15:34:59 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "p": "9MtfcxNGWEtkEQqLKVg5I94CAW4cQBgK7LkKgQc4vVF71RW89jbjdHW42lzBuNt3eKpo4gvNG7puGsQR1h1AmJhu22zwkEeLacdexPFU5CMx-rdlnEszcp1IiAzu6IhYa_On3zkdKZMW9-ztCI9a_O6nMhRQpFY7RskYCMau9PM",
      "kty": "RSA",
      "q": "08dQ8JS9WbZIexx4f31y1NM0VWJb9OBUz1UFyfh4BziPYB81O-4YAF-ur56YVHb_rjCeSw8Dh_qeBXFD-QgrGCneZAMMqEdHR-Yc8VN9P1DzPrTMiaudy6-3Zj_35hWJrUgF_9A0Tvn5alUBSoIO-rXDLHSRwWWlflIUfgmxvBs",
      "d": "S-V1qsRhyxlECeqRxjPXZ02S9QCWHk532PBb3-Mnq20YAea9X1Wb7AR8qluaXRmRIuCW22IHVy5fTTrzgz48t_j4NiMVK2NikWiOoJruRxxD2P6aZYD3jACa4HR13PWE4tHX_EnAkq3925ONYbPAgZYgzRWvQ4eOm3Bl3OALjRT1q5cNqeQoJg-fR0lrQ4BQNg4YvNdiRi6qzu-fj3ABOYGRoVVTq2gEBUTfsXg4E2O7UYlup-M2qlG-7nDbHKxIiT7cxmr8ZS55GK7uANMMyoTFEcaDG5ClVPc5Bw_4T4TAiVHsbkYq1QDGRVANpYNeXUK9z2nxITMvQMoXr7Yn6Q",
      "e": "AQAB",
      "use": "sig",
      "kid": "x3HEVAS1MtuJTa5x-MZC1XLVawIzySOKoMq-wyzuEuM",
      "qi": "ew2CW60eLFUzmLfVRFSi-B5Fvi-iCvDExVoVm3rnmEWQZ1g02Biw31yXk5AXFjTr-d7rUUm9legAjtzdR-ysjHWofH7Y_1oFrWF-akMNgXxQRLLxzS923up4qM64GcX6YEbppY7Ub-LMLULBVMNmnN4KLrjGmcLdKnSjz3HWxHM",
      "dp": "etFCrWjBRXFl3krs8SxrVrx_QxpsoBev-38Hbx8hb5LfT1SdvuZhDkA2I5CgPVAXS_orryX-nWfW8CTpUgTRMP5huEObGrhakRLPUH5IekHSRJkZKOZuBJY3GtNqVk56Fodj9VIheIds4a0Ea-QI4ZgXWL_qidkd2nDwVw7gHtM",
      "alg": "PS256",
      "dq": "MD0mYqZ-uwCaYfCKQgABOBkjwo81AwJWTyO-vdKrBHoNrodtSMljDjK9R6OIbzTr6HGKnO4-j6q2c-bo5MDHkCl5Tq6jI3GY-vefgBjUXqfBwHbOYE2HE-5iiBfqD664PZA6TZrPT24BMgdK0_3sC497dZTX3oWYvL1VjaAHrCE",
      "n": "yoI3KKYPC3nUzNopqCIpQ7x8LlA0BKI9Z1-gHVcGLR3y22dSduP0mAHsxMgUb4VpazmSWpo9wZDLvKbaUFsNLSXAqbbeJvx_X1uSyIFlOYnWp_8I5uqlBVEuLuUSQR0uglpJ-yPs3lyZmpT4R411L1NCgkRK434IE9WSnhwlPcbR-twtYp5uAwF2xlIVvVdLk52CpAdiKHlCa0RelWAaip1oOXVn9B4oXa3MIJSUpSgH3znKVUN7Qzyf8yDrkvoOE_zjxgkhy_NB1Zb2vZE49iGtI9vRD_mWk4EGcS7CGrHNAMEr2mGN2J-v4tFRZVjqKXYNwtowpy6W_wwDV1lJoQ"
    }
  ]
}
2021-10-22 15:34:59 SUCCESS
LoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "email": "user@example.com",
  "email_verified": false
}
Verify configuration of first client
2021-10-22 15:34:59 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h
scope
All your base are belong to us
redirect_uri
https://openid-client.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "vGOkRYRSEC_4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ-RFFL8OyQfwe1g-j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2-s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz-NbuPa-FaVaQvGk_iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT_jEkEKBOso6wsrPs_pNZ4rcJd452CdBceTXNTYK2r-kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ_ZjhCR9Aw",
      "kty": "RSA",
      "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJpyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPWctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnGXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43zGynoOfsZbnrLlMYuiUw\u003d"
      ],
      "x5t": "5nLBbuo5am2oV9TL8PjnZw7x9Co",
      "x5t#S256": "DGuY2p1ly_AdoHWTaQt-QbEIOxB14fh-cNKHTrz6Vng"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E
MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp
IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR
PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0
Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452
CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ
pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90
vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW
ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX
4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG
XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z
GynoOfsZbnrLlMYuiUw=
-----END CERTIFICATE-----
2021-10-22 15:34:59 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:34:59 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "vGOkRYRSEC_4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ-RFFL8OyQfwe1g-j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2-s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz-NbuPa-FaVaQvGk_iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT_jEkEKBOso6wsrPs_pNZ4rcJd452CdBceTXNTYK2r-kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ_ZjhCR9Aw",
      "kty": "RSA",
      "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJpyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPWctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnGXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43zGynoOfsZbnrLlMYuiUw\u003d"
      ],
      "x5t": "5nLBbuo5am2oV9TL8PjnZw7x9Co",
      "x5t#S256": "DGuY2p1ly_AdoHWTaQt-QbEIOxB14fh-cNKHTrz6Vng"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "DGuY2p1ly_AdoHWTaQt-QbEIOxB14fh-cNKHTrz6Vng",
      "e": "AQAB",
      "x5t": "5nLBbuo5am2oV9TL8PjnZw7x9Co",
      "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJpyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPWctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnGXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43zGynoOfsZbnrLlMYuiUw\u003d"
      ],
      "n": "vGOkRYRSEC_4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ-RFFL8OyQfwe1g-j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2-s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz-NbuPa-FaVaQvGk_iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT_jEkEKBOso6wsrPs_pNZ4rcJd452CdBceTXNTYK2r-kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ_ZjhCR9Aw"
    }
  ]
}
2021-10-22 15:34:59 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:34:59 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:34:59 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "vGOkRYRSEC_4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ-RFFL8OyQfwe1g-j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2-s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz-NbuPa-FaVaQvGk_iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT_jEkEKBOso6wsrPs_pNZ4rcJd452CdBceTXNTYK2r-kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ_ZjhCR9Aw",
      "kty": "RSA",
      "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJpyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPWctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnGXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43zGynoOfsZbnrLlMYuiUw\u003d"
      ],
      "x5t": "5nLBbuo5am2oV9TL8PjnZw7x9Co",
      "x5t#S256": "DGuY2p1ly_AdoHWTaQt-QbEIOxB14fh-cNKHTrz6Vng"
    }
  ]
}
Verify configuration of second client
2021-10-22 15:34:59 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
client2-id-openid-client-ax9j1UaLqPr1gvLcP8D7h
scope
All your base are belong to us
redirect_uri
https://openid-client2.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1CC4_tjNo_Z7ttNU1MeDo-HtW5cAS-Q-KUsfY7Y4k-_Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9_IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt-_Jla9p78WE9lAnGnajG07M0hsgzxIO_NuXbpvVSZifgAxqZQyZFL3y69pNf_6qb4mIu_T_pDgQ_7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu-uRioqADCHvMwQZT8iFK0_wFrfrSwPEcWrr8wgqNyXx8xPqQ",
      "kty": "RSA",
      "kid": "ngikCNiocbRDiCFtax7qqvF5vEMJBHxzez_VlkRDZzk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+HtW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxSeK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6TwoV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNSSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsqiPhbR+umi5i4QFjJPTY\u003d"
      ],
      "x5t": "P-mEzEIqvOMhvo3bvdggloU2aac",
      "x5t#S256": "aQdjBjzwKDPqsXcQrPtMHNF1PJeI54DFqQ7k0RLvBhM"
    },
    {
      "e": "AQAB",
      "n": "rLjkjLMba95llDbG__GPj19TeZqoOVyFa6nReuh-3bW31IBfZkQBNwDvsWYnqToaHRfcMcHTxgI7rT9g2DpxSBLoKIBdHSxvhU14Ek3OsWE0xeIm6qUBHYHh9SCBORL63Lcny9-TsEPD3VSJ1ZYSGGY0DZiyetnRbooptJRowW0gf50Sn5ivZZUPYAyZuXzUcrJYXsGX5cL1zW-KWtji4KYSMGFQDqnVX57zQE0VjVwrtLLIwsPtKmLI0vBtfFHDhdUUAG1OKu5zncHe1eSsSX2_pfPwClsqWr1Do-qRtxpYbOMKB0wzKaFlFgqQOL2XfEIyMPJ9mb4OZYcrKkX3aw",
      "kty": "RSA",
      "kid": "C7Y7F33pwZfQtE_DZ7kj2OJJEaFR8eiXZV8n45a1v_g",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
id_token_encrypted_response_alg
RSA-OAEP-256
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+Ht
W5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPsp
JVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuD
CoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL
3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2Bk
SSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxS
eK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6Tw
oV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718
oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+
sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNS
SeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsq
iPhbR+umi5i4QFjJPTY=
-----END CERTIFICATE-----
2021-10-22 15:34:59 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:34:59 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1CC4_tjNo_Z7ttNU1MeDo-HtW5cAS-Q-KUsfY7Y4k-_Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9_IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt-_Jla9p78WE9lAnGnajG07M0hsgzxIO_NuXbpvVSZifgAxqZQyZFL3y69pNf_6qb4mIu_T_pDgQ_7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu-uRioqADCHvMwQZT8iFK0_wFrfrSwPEcWrr8wgqNyXx8xPqQ",
      "kty": "RSA",
      "kid": "ngikCNiocbRDiCFtax7qqvF5vEMJBHxzez_VlkRDZzk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+HtW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxSeK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6TwoV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNSSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsqiPhbR+umi5i4QFjJPTY\u003d"
      ],
      "x5t": "P-mEzEIqvOMhvo3bvdggloU2aac",
      "x5t#S256": "aQdjBjzwKDPqsXcQrPtMHNF1PJeI54DFqQ7k0RLvBhM"
    },
    {
      "e": "AQAB",
      "n": "rLjkjLMba95llDbG__GPj19TeZqoOVyFa6nReuh-3bW31IBfZkQBNwDvsWYnqToaHRfcMcHTxgI7rT9g2DpxSBLoKIBdHSxvhU14Ek3OsWE0xeIm6qUBHYHh9SCBORL63Lcny9-TsEPD3VSJ1ZYSGGY0DZiyetnRbooptJRowW0gf50Sn5ivZZUPYAyZuXzUcrJYXsGX5cL1zW-KWtji4KYSMGFQDqnVX57zQE0VjVwrtLLIwsPtKmLI0vBtfFHDhdUUAG1OKu5zncHe1eSsSX2_pfPwClsqWr1Do-qRtxpYbOMKB0wzKaFlFgqQOL2XfEIyMPJ9mb4OZYcrKkX3aw",
      "kty": "RSA",
      "kid": "C7Y7F33pwZfQtE_DZ7kj2OJJEaFR8eiXZV8n45a1v_g",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "aQdjBjzwKDPqsXcQrPtMHNF1PJeI54DFqQ7k0RLvBhM",
      "e": "AQAB",
      "use": "sig",
      "x5t": "P-mEzEIqvOMhvo3bvdggloU2aac",
      "kid": "ngikCNiocbRDiCFtax7qqvF5vEMJBHxzez_VlkRDZzk",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+HtW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxSeK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6TwoV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNSSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsqiPhbR+umi5i4QFjJPTY\u003d"
      ],
      "n": "1CC4_tjNo_Z7ttNU1MeDo-HtW5cAS-Q-KUsfY7Y4k-_Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9_IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt-_Jla9p78WE9lAnGnajG07M0hsgzxIO_NuXbpvVSZifgAxqZQyZFL3y69pNf_6qb4mIu_T_pDgQ_7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu-uRioqADCHvMwQZT8iFK0_wFrfrSwPEcWrr8wgqNyXx8xPqQ"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "C7Y7F33pwZfQtE_DZ7kj2OJJEaFR8eiXZV8n45a1v_g",
      "alg": "RSA-OAEP-256",
      "n": "rLjkjLMba95llDbG__GPj19TeZqoOVyFa6nReuh-3bW31IBfZkQBNwDvsWYnqToaHRfcMcHTxgI7rT9g2DpxSBLoKIBdHSxvhU14Ek3OsWE0xeIm6qUBHYHh9SCBORL63Lcny9-TsEPD3VSJ1ZYSGGY0DZiyetnRbooptJRowW0gf50Sn5ivZZUPYAyZuXzUcrJYXsGX5cL1zW-KWtji4KYSMGFQDqnVX57zQE0VjVwrtLLIwsPtKmLI0vBtfFHDhdUUAG1OKu5zncHe1eSsSX2_pfPwClsqWr1Do-qRtxpYbOMKB0wzKaFlFgqQOL2XfEIyMPJ9mb4OZYcrKkX3aw"
    }
  ]
}
2021-10-22 15:34:59 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:34:59 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:34:59 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1CC4_tjNo_Z7ttNU1MeDo-HtW5cAS-Q-KUsfY7Y4k-_Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9_IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt-_Jla9p78WE9lAnGnajG07M0hsgzxIO_NuXbpvVSZifgAxqZQyZFL3y69pNf_6qb4mIu_T_pDgQ_7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu-uRioqADCHvMwQZT8iFK0_wFrfrSwPEcWrr8wgqNyXx8xPqQ",
      "kty": "RSA",
      "kid": "ngikCNiocbRDiCFtax7qqvF5vEMJBHxzez_VlkRDZzk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+HtW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxSeK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6TwoV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNSSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsqiPhbR+umi5i4QFjJPTY\u003d"
      ],
      "x5t": "P-mEzEIqvOMhvo3bvdggloU2aac",
      "x5t#S256": "aQdjBjzwKDPqsXcQrPtMHNF1PJeI54DFqQ7k0RLvBhM"
    },
    {
      "e": "AQAB",
      "n": "rLjkjLMba95llDbG__GPj19TeZqoOVyFa6nReuh-3bW31IBfZkQBNwDvsWYnqToaHRfcMcHTxgI7rT9g2DpxSBLoKIBdHSxvhU14Ek3OsWE0xeIm6qUBHYHh9SCBORL63Lcny9-TsEPD3VSJ1ZYSGGY0DZiyetnRbooptJRowW0gf50Sn5ivZZUPYAyZuXzUcrJYXsGX5cL1zW-KWtji4KYSMGFQDqnVX57zQE0VjVwrtLLIwsPtKmLI0vBtfFHDhdUUAG1OKu5zncHe1eSsSX2_pfPwClsqWr1Do-qRtxpYbOMKB0wzKaFlFgqQOL2XfEIyMPJ9mb4OZYcrKkX3aw",
      "kty": "RSA",
      "kid": "C7Y7F33pwZfQtE_DZ7kj2OJJEaFR8eiXZV8n45a1v_g",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
2021-10-22 15:34:59
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Setup Done
2021-10-22 15:34:59 INCOMING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:34:59 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:34:59 OUTGOING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/userinfo",
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "jwt"
  ],
  "authorization_signing_alg_values_supported": [
    "PS256"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256",
    "ES256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-10-22 15:35:00 INCOMING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "content-length": "2336",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
par
incoming_body_form_params
{
  "request": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiIwVWQwNHpXZG0xS0JiYUZ4NjNwV2VaN3pNY2NCTVRlWElIZDVyNzhvVHZnIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6IkFsbCB5b3VyIGJhc2UgYXJlIGJlbG9uZyB0byB1cyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJuLW9XdWtfWW8wMF9fMldUUDRvZlJTa0I3dW5wc1NGMUN4Nkc0Y2FSSjVjIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiZ1V6RHEzM2NYZHBDeDZtaXdjSFNIYW1DMFRKcjF0NU1USkI2dEhjR2hucyIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6Imh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2Evb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2gvIiwiY2xpZW50X2lkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoIiwianRpIjoiU2ptcllqeGNFUXYzR25hU3BwX0lIcUZSN3JxcGx4d3NvVW56ME5EaUktdyIsImlhdCI6MTYzNDkxNjkwMCwiZXhwIjoxNjM0OTE3MjAwLCJuYmYiOjE2MzQ5MTY5MDB9.f15XSTkBWYPoQJIFvitDK84UPKW0chQ6vAltXe1Cjai7T6aVAxCdSck9Mcr8GVGMHMMcF5nAN94j1VEBPVca5uvFVRmAX_H8Sx6F-Pxy-_qyaC25smz5mD9jWN7-0EEfu2RPclkPAXLmqpC_glUou17AvEXIBf5VIoNKjw6RNshihlIljWtHzp1RFB04Jn9EMEq6r15ajbq1s3_RpKTQLVHxXuE_0BQ892LVLgGefuL7K8wTo_-KDZ7u7iuiX4lB7k9e5RAHaMVkOw3vYbcqVtE-3VwNRdqEohWy0lSif-vNC3S3HJlzUBzzYGampQFsOPfS4CrdYtgeCzW6cI-1jQ",
  "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "client_assertion": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY5MDAsImV4cCI6MTYzNDkxNjk2MCwianRpIjoiMExwenZOU0NiSVpqdlR4cGhrUWZ6WjRFbkxKQnBiNktfSUExMVlCUzN1RSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.POWldzI4bMmibuDTsloF4PILnGCx8nFN_Au5DwqDWu5ZDjeUCRebXa3gW7K0ctcLXWRQkVXgilpMVagf4RO5mZVXF4nwpVJtyQ7_9wh1Tbq_8JjRKuXN_5PZZJ0tb7AmeGXgstMEj0pJgEE40Eh8GLy2LTKRznMoG_ocgNguZ3zUgV2Wu9BIlz5y9sTH1nHgIK8zV4bqKfVA_3DosVBbxJhbUR9mykvdXL5qIxNl_DUdxSJ0LFCQosbHC1OueJwEfC_lQOGawZy4cHbPD5lXHt2c3H9J7fZTXUwzc26citYDg89firomvsetJyw83erNsT0JpjVm0kNZSFc8FPNpJQ",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
request=eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiIwVWQwNHpXZG0xS0JiYUZ4NjNwV2VaN3pNY2NCTVRlWElIZDVyNzhvVHZnIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6IkFsbCB5b3VyIGJhc2UgYXJlIGJlbG9uZyB0byB1cyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJuLW9XdWtfWW8wMF9fMldUUDRvZlJTa0I3dW5wc1NGMUN4Nkc0Y2FSSjVjIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiZ1V6RHEzM2NYZHBDeDZtaXdjSFNIYW1DMFRKcjF0NU1USkI2dEhjR2hucyIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6Imh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2Evb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2gvIiwiY2xpZW50X2lkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoIiwianRpIjoiU2ptcllqeGNFUXYzR25hU3BwX0lIcUZSN3JxcGx4d3NvVW56ME5EaUktdyIsImlhdCI6MTYzNDkxNjkwMCwiZXhwIjoxNjM0OTE3MjAwLCJuYmYiOjE2MzQ5MTY5MDB9.f15XSTkBWYPoQJIFvitDK84UPKW0chQ6vAltXe1Cjai7T6aVAxCdSck9Mcr8GVGMHMMcF5nAN94j1VEBPVca5uvFVRmAX_H8Sx6F-Pxy-_qyaC25smz5mD9jWN7-0EEfu2RPclkPAXLmqpC_glUou17AvEXIBf5VIoNKjw6RNshihlIljWtHzp1RFB04Jn9EMEq6r15ajbq1s3_RpKTQLVHxXuE_0BQ892LVLgGefuL7K8wTo_-KDZ7u7iuiX4lB7k9e5RAHaMVkOw3vYbcqVtE-3VwNRdqEohWy0lSif-vNC3S3HJlzUBzzYGampQFsOPfS4CrdYtgeCzW6cI-1jQ&client_id=client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h&client_assertion=eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY5MDAsImV4cCI6MTYzNDkxNjk2MCwianRpIjoiMExwenZOU0NiSVpqdlR4cGhrUWZ6WjRFbkxKQnBiNktfSUExMVlCUzN1RSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.POWldzI4bMmibuDTsloF4PILnGCx8nFN_Au5DwqDWu5ZDjeUCRebXa3gW7K0ctcLXWRQkVXgilpMVagf4RO5mZVXF4nwpVJtyQ7_9wh1Tbq_8JjRKuXN_5PZZJ0tb7AmeGXgstMEj0pJgEE40Eh8GLy2LTKRznMoG_ocgNguZ3zUgV2Wu9BIlz5y9sTH1nHgIK8zV4bqKfVA_3DosVBbxJhbUR9mykvdXL5qIxNl_DUdxSJ0LFCQosbHC1OueJwEfC_lQOGawZy4cHbPD5lXHt2c3H9J7fZTXUwzc26citYDg89firomvsetJyw83erNsT0JpjVm0kNZSFc8FPNpJQ&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2021-10-22 15:35:00 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
PAR endpoint
2021-10-22 15:35:00 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E\nMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp\nIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR\nPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0\nMk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452\nCdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ\npyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90\nvwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW\nctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX\n4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG\nXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z\nGynoOfsZbnrLlMYuiUw\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:35:00 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:35:00 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E
MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp
IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR
PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0
Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452
CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ
pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90
vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW
ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX
4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG
XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z
GynoOfsZbnrLlMYuiUw=
-----END CERTIFICATE-----
2021-10-22 15:35:00 SUCCESS
ExtractClientAssertion
Parsed client assertion
client_assertion
{
  "value": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY5MDAsImV4cCI6MTYzNDkxNjk2MCwianRpIjoiMExwenZOU0NiSVpqdlR4cGhrUWZ6WjRFbkxKQnBiNktfSUExMVlCUzN1RSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.POWldzI4bMmibuDTsloF4PILnGCx8nFN_Au5DwqDWu5ZDjeUCRebXa3gW7K0ctcLXWRQkVXgilpMVagf4RO5mZVXF4nwpVJtyQ7_9wh1Tbq_8JjRKuXN_5PZZJ0tb7AmeGXgstMEj0pJgEE40Eh8GLy2LTKRznMoG_ocgNguZ3zUgV2Wu9BIlz5y9sTH1nHgIK8zV4bqKfVA_3DosVBbxJhbUR9mykvdXL5qIxNl_DUdxSJ0LFCQosbHC1OueJwEfC_lQOGawZy4cHbPD5lXHt2c3H9J7fZTXUwzc26citYDg89firomvsetJyw83erNsT0JpjVm0kNZSFc8FPNpJQ",
  "header": {
    "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
    "alg": "PS256"
  },
  "claims": {
    "sub": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "aud": [
      "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
      "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/token"
    ],
    "iss": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "exp": 1634916960,
    "iat": 1634916900,
    "jti": "0LpzvNSCbIZjvTxphkQfzZ4EnLJBpb6K_IA11YBS3uE"
  }
}
2021-10-22 15:35:00
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
2021-10-22 15:35:00 SUCCESS
ValidateClientAssertionSignature
client_assertion signature validated
client_assertion
eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY5MDAsImV4cCI6MTYzNDkxNjk2MCwianRpIjoiMExwenZOU0NiSVpqdlR4cGhrUWZ6WjRFbkxKQnBiNktfSUExMVlCUzN1RSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.POWldzI4bMmibuDTsloF4PILnGCx8nFN_Au5DwqDWu5ZDjeUCRebXa3gW7K0ctcLXWRQkVXgilpMVagf4RO5mZVXF4nwpVJtyQ7_9wh1Tbq_8JjRKuXN_5PZZJ0tb7AmeGXgstMEj0pJgEE40Eh8GLy2LTKRznMoG_ocgNguZ3zUgV2Wu9BIlz5y9sTH1nHgIK8zV4bqKfVA_3DosVBbxJhbUR9mykvdXL5qIxNl_DUdxSJ0LFCQosbHC1OueJwEfC_lQOGawZy4cHbPD5lXHt2c3H9J7fZTXUwzc26citYDg89firomvsetJyw83erNsT0JpjVm0kNZSFc8FPNpJQ
2021-10-22 15:35:00 SUCCESS
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
assertion type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-10-22 15:35:00 SUCCESS
ValidateClientAssertionClaimsForPAREndpoint
Client Assertion passed all validation checks
2021-10-22 15:35:00 SUCCESS
ExtractRequestObjectFromPAREndpointRequest
Parsed request object
request_object
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiIwVWQwNHpXZG0xS0JiYUZ4NjNwV2VaN3pNY2NCTVRlWElIZDVyNzhvVHZnIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6IkFsbCB5b3VyIGJhc2UgYXJlIGJlbG9uZyB0byB1cyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJuLW9XdWtfWW8wMF9fMldUUDRvZlJTa0I3dW5wc1NGMUN4Nkc0Y2FSSjVjIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiZ1V6RHEzM2NYZHBDeDZtaXdjSFNIYW1DMFRKcjF0NU1USkI2dEhjR2hucyIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6Imh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2Evb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2gvIiwiY2xpZW50X2lkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoIiwianRpIjoiU2ptcllqeGNFUXYzR25hU3BwX0lIcUZSN3JxcGx4d3NvVW56ME5EaUktdyIsImlhdCI6MTYzNDkxNjkwMCwiZXhwIjoxNjM0OTE3MjAwLCJuYmYiOjE2MzQ5MTY5MDB9.f15XSTkBWYPoQJIFvitDK84UPKW0chQ6vAltXe1Cjai7T6aVAxCdSck9Mcr8GVGMHMMcF5nAN94j1VEBPVca5uvFVRmAX_H8Sx6F-Pxy-_qyaC25smz5mD9jWN7-0EEfu2RPclkPAXLmqpC_glUou17AvEXIBf5VIoNKjw6RNshihlIljWtHzp1RFB04Jn9EMEq6r15ajbq1s3_RpKTQLVHxXuE_0BQ892LVLgGefuL7K8wTo_-KDZ7u7iuiX4lB7k9e5RAHaMVkOw3vYbcqVtE-3VwNRdqEohWy0lSif-vNC3S3HJlzUBzzYGampQFsOPfS4CrdYtgeCzW6cI-1jQ",
  "header": {
    "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
    "typ": "oauth-authz-req+jwt",
    "alg": "PS256"
  },
  "claims": {
    "iss": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "response_type": "code",
    "code_challenge_method": "S256",
    "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "aud": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
    "nbf": 1634916900,
    "scope": "All your base are belong to us",
    "redirect_uri": "https://openid-client.local/cb",
    "state": "n-oWuk_Yo00__2WTP4ofRSkB7unpsSF1Cx6G4caRJ5c",
    "exp": 1634917200,
    "iat": 1634916900,
    "code_challenge": "gUzDq33cXdpCx6miwcHSHamC0TJr1t5MTJB6tHcGhns",
    "jti": "SjmrYjxcEQv3GnaSpp_IHqFR7rqplxwsoUnz0NDiI-w"
  }
}
2021-10-22 15:35:00 SUCCESS
EnsurePAREndpointRequestDoesNotContainRequestUriParameter
PAR endpoint request does not contain a request_uri parameter
2021-10-22 15:35:00 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:35:00 SUCCESS
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
alg
PS256
2021-10-22 15:35:00 SUCCESS
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
exp
"Oct 22, 2021, 3:40:00 PM"
2021-10-22 15:35:00 SUCCESS
FAPI1AdvancedValidateRequestObjectNBFClaim
nbf claim is valid
nbf
"Oct 22, 2021, 3:35:00 PM"
now
"Oct 22, 2021, 3:35:00 PM"
2021-10-22 15:35:00
ValidateRequestObjectClaims
Request object does not contain a max_age claim
2021-10-22 15:35:00 SUCCESS
ValidateRequestObjectClaims
Request object claims passed all validation checks
2021-10-22 15:35:00 SUCCESS
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
numeric_claims
[
  "max_age"
]
2021-10-22 15:35:00 SUCCESS
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
2021-10-22 15:35:00 SUCCESS
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
2021-10-22 15:35:00 SUCCESS
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
request_object
eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiIwVWQwNHpXZG0xS0JiYUZ4NjNwV2VaN3pNY2NCTVRlWElIZDVyNzhvVHZnIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6IkFsbCB5b3VyIGJhc2UgYXJlIGJlbG9uZyB0byB1cyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJuLW9XdWtfWW8wMF9fMldUUDRvZlJTa0I3dW5wc1NGMUN4Nkc0Y2FSSjVjIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiZ1V6RHEzM2NYZHBDeDZtaXdjSFNIYW1DMFRKcjF0NU1USkI2dEhjR2hucyIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6Imh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2Evb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2gvIiwiY2xpZW50X2lkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoIiwianRpIjoiU2ptcllqeGNFUXYzR25hU3BwX0lIcUZSN3JxcGx4d3NvVW56ME5EaUktdyIsImlhdCI6MTYzNDkxNjkwMCwiZXhwIjoxNjM0OTE3MjAwLCJuYmYiOjE2MzQ5MTY5MDB9.f15XSTkBWYPoQJIFvitDK84UPKW0chQ6vAltXe1Cjai7T6aVAxCdSck9Mcr8GVGMHMMcF5nAN94j1VEBPVca5uvFVRmAX_H8Sx6F-Pxy-_qyaC25smz5mD9jWN7-0EEfu2RPclkPAXLmqpC_glUou17AvEXIBf5VIoNKjw6RNshihlIljWtHzp1RFB04Jn9EMEq6r15ajbq1s3_RpKTQLVHxXuE_0BQ892LVLgGefuL7K8wTo_-KDZ7u7iuiX4lB7k9e5RAHaMVkOw3vYbcqVtE-3VwNRdqEohWy0lSif-vNC3S3HJlzUBzzYGampQFsOPfS4CrdYtgeCzW6cI-1jQ
request_object_signing_alg
PS256
jwk
Sun RSA public key, 2048 bits
  params: null
  modulus: 23781936480151064420323636556803051267074122341211119491889277884569883362304245507177549481607500226402393834769197357718639058227262788526250775776366305202850356592742949333977635909700451720997760019645229423572313154961958458341721395659261305408814766700258499337142406474823508854171059290362436010793367601191973822016838508028609988075359889849950795632030382172536620648509466708388654860412651213247685219469616835444746199995168236174427050591069840815816030382024213999179935139646793138234752643217699288909252920925508286240511926906731848781047556480317645915628370682812264193075417771353633624194307
  public exponent: 65537
2021-10-22 15:35:00 SUCCESS
EnsureMatchingRedirectUriInRequestObject
Redirect URI matched
actual
https://openid-client.local/cb
2021-10-22 15:35:00 SUCCESS
EnsureRequestObjectContainsCodeChallengeWhenUsingPAR
Found required PKCE parameters in request
code_challenge_method
S256
code_challenge
gUzDq33cXdpCx6miwcHSHamC0TJr1t5MTJB6tHcGhns
2021-10-22 15:35:00 SUCCESS
CreatePAREndpointResponse
Created PAR endpoint response
request_uri
urn:ietf:params:oauth:request_uri:35a7c50b-a98a-4f94-a4c5-c11503edc115
expires_in
600
2021-10-22 15:35:00 OUTGOING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
outgoing_status_code
201
outgoing_headers
{}
outgoing_body
{
  "request_uri": "urn:ietf:params:oauth:request_uri:35a7c50b-a98a-4f94-a4c5-c11503edc115",
  "expires_in": 600
}
outgoing_path
par
2021-10-22 15:35:01 INCOMING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "got (https://github.com/sindresorhus/got)",
  "accept-encoding": "gzip, deflate, br",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "scope": "openid",
  "response_type": "code",
  "redirect_uri": "https://openid-client.local/cb",
  "request_uri": "urn:ietf:params:oauth:request_uri:35a7c50b-a98a-4f94-a4c5-c11503edc115"
}
incoming_body
2021-10-22 15:35:01 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Authorization endpoint
2021-10-22 15:35:01 SUCCESS
EnsureAuthorizationRequestDoesNotContainRequestWhenUsingPAR
Request does not contain a request parameter
2021-10-22 15:35:01 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:35:01 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "scope": "All your base are belong to us",
  "response_type": "code",
  "redirect_uri": "https://openid-client.local/cb",
  "iss": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "code_challenge_method": "S256",
  "aud": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
  "nbf": 1634916900,
  "state": "n-oWuk_Yo00__2WTP4ofRSkB7unpsSF1Cx6G4caRJ5c",
  "exp": 1634917200,
  "iat": 1634916900,
  "code_challenge": "gUzDq33cXdpCx6miwcHSHamC0TJr1t5MTJB6tHcGhns",
  "jti": "SjmrYjxcEQv3GnaSpp_IHqFR7rqplxwsoUnz0NDiI-w"
}
2021-10-22 15:35:01 SUCCESS
EnsureClientIdInAuthorizationRequestParametersMatchRequestObject
client_id http request parameter value matches client_id in request object
2021-10-22 15:35:01 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
All your base are belong to us
2021-10-22 15:35:01 SUCCESS
EnsureRequestedScopeIsEqualToConfiguredScope
Requested scopes match configured scopes
scope
All your base are belong to us
2021-10-22 15:35:01 SUCCESS
EnsureResponseTypeIsCode
Response type is expected value
expected
code
2021-10-22 15:35:01 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h
2021-10-22 15:35:01 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
XuFM8tiY9JvGbLNaCcVIirjovZlffPsm
2021-10-22 15:35:01 SUCCESS
EnsureAuthorizationRequestContainsStateParameter
Found state parameter
state
n-oWuk_Yo00__2WTP4ofRSkB7unpsSF1Cx6G4caRJ5c
2021-10-22 15:35:01 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://openid-client.local/cb",
  "state": "n-oWuk_Yo00__2WTP4ofRSkB7unpsSF1Cx6G4caRJ5c"
}
2021-10-22 15:35:01 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://openid-client.local/cb",
  "state": "n-oWuk_Yo00__2WTP4ofRSkB7unpsSF1Cx6G4caRJ5c",
  "code": "XuFM8tiY9JvGbLNaCcVIirjovZlffPsm"
}
2021-10-22 15:35:01
GenerateJARMResponseClaims
Created JARM response claims
iss
https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/
aud
client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h
code
XuFM8tiY9JvGbLNaCcVIirjovZlffPsm
state
n-oWuk_Yo00__2WTP4ofRSkB7unpsSF1Cx6G4caRJ5c
exp
1634917501
2021-10-22 15:35:01 SUCCESS
SignJARMResponse
Signed the JARM response
jarm_response
eyJraWQiOiJ4M0hFVkFTMU10dUpUYTV4LU1aQzFYTFZhd0l6eVNPS29NcS13eXp1RXVNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2giLCJjb2RlIjoiWHVGTTh0aVk5SnZHYkxOYUNjVklpcmpvdlpsZmZQc20iLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2hcLyIsInN0YXRlIjoibi1vV3VrX1lvMDBfXzJXVFA0b2ZSU2tCN3VucHNTRjFDeDZHNGNhUko1YyIsImV4cCI6MTYzNDkxNzUwMX0.OiDBpIjSyoTo5vUoS0DYhqmF8NpmGFQGODc7svStCMuW9P2bZfRAyyAmxl7PKfQ5xm-rgUmDMx5pvJZvekxYl4V2k_FjoVsqSrrpE39AMn8xDWdF82PYwNeWcNsUGNW6phuPfjtwt8sov4Nn7rG_dPg0jj1Np2m2DEiOq-0JcrsRq_nmmzNJpn9NrkI426Q9k_gBU77yO9vQpFBAdSnf69MIDKBiHUNXmjUDOj6ftXqXNwicAryCfQP8OQEYXn-F_bSTslHVfGVUdXR7m4OYnSgbDkMtCnxtVKESE3tysbSHCgiuw7mzYHoYVAN589aFTYJBvw-NVmpIyyGKW4e8_w
2021-10-22 15:35:01 INFO
EncryptJARMResponse
Skipped evaluation due to missing required element: client authorization_encrypted_response_alg
path
authorization_encrypted_response_alg
mapped
object
client
2021-10-22 15:35:01
SendJARMResponseWitResponseModeQuery
Redirecting back to client
uri
https://openid-client.local/cb?response=eyJraWQiOiJ4M0hFVkFTMU10dUpUYTV4LU1aQzFYTFZhd0l6eVNPS29NcS13eXp1RXVNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2giLCJjb2RlIjoiWHVGTTh0aVk5SnZHYkxOYUNjVklpcmpvdlpsZmZQc20iLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2hcLyIsInN0YXRlIjoibi1vV3VrX1lvMDBfXzJXVFA0b2ZSU2tCN3VucHNTRjFDeDZHNGNhUko1YyIsImV4cCI6MTYzNDkxNzUwMX0.OiDBpIjSyoTo5vUoS0DYhqmF8NpmGFQGODc7svStCMuW9P2bZfRAyyAmxl7PKfQ5xm-rgUmDMx5pvJZvekxYl4V2k_FjoVsqSrrpE39AMn8xDWdF82PYwNeWcNsUGNW6phuPfjtwt8sov4Nn7rG_dPg0jj1Np2m2DEiOq-0JcrsRq_nmmzNJpn9NrkI426Q9k_gBU77yO9vQpFBAdSnf69MIDKBiHUNXmjUDOj6ftXqXNwicAryCfQP8OQEYXn-F_bSTslHVfGVUdXR7m4OYnSgbDkMtCnxtVKESE3tysbSHCgiuw7mzYHoYVAN589aFTYJBvw-NVmpIyyGKW4e8_w
2021-10-22 15:35:01 OUTGOING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://openid-client.local/cb?response=eyJraWQiOiJ4M0hFVkFTMU10dUpUYTV4LU1aQzFYTFZhd0l6eVNPS29NcS13eXp1RXVNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2giLCJjb2RlIjoiWHVGTTh0aVk5SnZHYkxOYUNjVklpcmpvdlpsZmZQc20iLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2hcLyIsInN0YXRlIjoibi1vV3VrX1lvMDBfXzJXVFA0b2ZSU2tCN3VucHNTRjFDeDZHNGNhUko1YyIsImV4cCI6MTYzNDkxNzUwMX0.OiDBpIjSyoTo5vUoS0DYhqmF8NpmGFQGODc7svStCMuW9P2bZfRAyyAmxl7PKfQ5xm-rgUmDMx5pvJZvekxYl4V2k_FjoVsqSrrpE39AMn8xDWdF82PYwNeWcNsUGNW6phuPfjtwt8sov4Nn7rG_dPg0jj1Np2m2DEiOq-0JcrsRq_nmmzNJpn9NrkI426Q9k_gBU77yO9vQpFBAdSnf69MIDKBiHUNXmjUDOj6ftXqXNwicAryCfQP8OQEYXn-F_bSTslHVfGVUdXR7m4OYnSgbDkMtCnxtVKESE3tysbSHCgiuw7mzYHoYVAN589aFTYJBvw-NVmpIyyGKW4e8_w]
outgoing_path
authorize
2021-10-22 15:35:01 INCOMING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:35:01 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:35:01 OUTGOING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "x3HEVAS1MtuJTa5x-MZC1XLVawIzySOKoMq-wyzuEuM",
      "alg": "PS256",
      "n": "yoI3KKYPC3nUzNopqCIpQ7x8LlA0BKI9Z1-gHVcGLR3y22dSduP0mAHsxMgUb4VpazmSWpo9wZDLvKbaUFsNLSXAqbbeJvx_X1uSyIFlOYnWp_8I5uqlBVEuLuUSQR0uglpJ-yPs3lyZmpT4R411L1NCgkRK434IE9WSnhwlPcbR-twtYp5uAwF2xlIVvVdLk52CpAdiKHlCa0RelWAaip1oOXVn9B4oXa3MIJSUpSgH3znKVUN7Qzyf8yDrkvoOE_zjxgkhy_NB1Zb2vZE49iGtI9vRD_mWk4EGcS7CGrHNAMEr2mGN2J-v4tFRZVjqKXYNwtowpy6W_wwDV1lJoQ"
    }
  ]
}
outgoing_path
jwks
2021-10-22 15:35:02 INCOMING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "content-length": "1278",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "code": "XuFM8tiY9JvGbLNaCcVIirjovZlffPsm",
  "redirect_uri": "https://openid-client.local/cb",
  "code_verifier": "iN4wWtvIEAy22z4nAxmQbL6iDkb6T2p78UqRdKMhVfU",
  "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "client_assertion": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY5MDEsImV4cCI6MTYzNDkxNjk2MSwianRpIjoidTU0V3BxLU9YNVgwOVNMQjZkWml0VFB5N3RickdfcXROYzZPclJQbkRGcyIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.tmP6Bgwwur9Te7XckwSClduo_iNnjTUc-7_3dDfjH5xbQWavCO_6iVvXU244Jfj9srD7ttW1lSRYuoKvYfnOnV0dLrkrLveeRmya49VpzzGi-HTOwNWrTNf-EMUTfJyjHgPhK-Gd3CrD7iJ0rXg6H6fKdMFM7XD22nFHVOPHBO0sasDl_KAxxhjk7GPo7TvBXxrDCamEdWaliFdK5UrpFLcZ7vFx9MOiyMEqJhjbF8iay25LO_HehHg5-CeRC-qYNdXVomzgzlgTcOPBEfO77H75iD2RDuoHVPZg5pS2EsDgxvdKtm_hF5nxhiIjvfLAz1YjVwn3TgcEC99OhxsACA",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&code=XuFM8tiY9JvGbLNaCcVIirjovZlffPsm&redirect_uri=https%3A%2F%2Fopenid-client.local%2Fcb&code_verifier=iN4wWtvIEAy22z4nAxmQbL6iDkb6T2p78UqRdKMhVfU&client_id=client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h&client_assertion=eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY5MDEsImV4cCI6MTYzNDkxNjk2MSwianRpIjoidTU0V3BxLU9YNVgwOVNMQjZkWml0VFB5N3RickdfcXROYzZPclJQbkRGcyIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.tmP6Bgwwur9Te7XckwSClduo_iNnjTUc-7_3dDfjH5xbQWavCO_6iVvXU244Jfj9srD7ttW1lSRYuoKvYfnOnV0dLrkrLveeRmya49VpzzGi-HTOwNWrTNf-EMUTfJyjHgPhK-Gd3CrD7iJ0rXg6H6fKdMFM7XD22nFHVOPHBO0sasDl_KAxxhjk7GPo7TvBXxrDCamEdWaliFdK5UrpFLcZ7vFx9MOiyMEqJhjbF8iay25LO_HehHg5-CeRC-qYNdXVomzgzlgTcOPBEfO77H75iD2RDuoHVPZg5pS2EsDgxvdKtm_hF5nxhiIjvfLAz1YjVwn3TgcEC99OhxsACA&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2021-10-22 15:35:02 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Token endpoint
2021-10-22 15:35:02 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E\nMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp\nIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR\nPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0\nMk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452\nCdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ\npyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90\nvwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW\nctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX\n4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG\nXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z\nGynoOfsZbnrLlMYuiUw\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:35:02 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:35:02 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E
MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp
IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR
PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0
Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452
CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ
pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90
vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW
ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX
4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG
XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z
GynoOfsZbnrLlMYuiUw=
-----END CERTIFICATE-----
2021-10-22 15:35:02 SUCCESS
ExtractClientAssertion
Parsed client assertion
client_assertion
{
  "value": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY5MDEsImV4cCI6MTYzNDkxNjk2MSwianRpIjoidTU0V3BxLU9YNVgwOVNMQjZkWml0VFB5N3RickdfcXROYzZPclJQbkRGcyIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.tmP6Bgwwur9Te7XckwSClduo_iNnjTUc-7_3dDfjH5xbQWavCO_6iVvXU244Jfj9srD7ttW1lSRYuoKvYfnOnV0dLrkrLveeRmya49VpzzGi-HTOwNWrTNf-EMUTfJyjHgPhK-Gd3CrD7iJ0rXg6H6fKdMFM7XD22nFHVOPHBO0sasDl_KAxxhjk7GPo7TvBXxrDCamEdWaliFdK5UrpFLcZ7vFx9MOiyMEqJhjbF8iay25LO_HehHg5-CeRC-qYNdXVomzgzlgTcOPBEfO77H75iD2RDuoHVPZg5pS2EsDgxvdKtm_hF5nxhiIjvfLAz1YjVwn3TgcEC99OhxsACA",
  "header": {
    "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
    "alg": "PS256"
  },
  "claims": {
    "sub": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "aud": [
      "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
      "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/token"
    ],
    "iss": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "exp": 1634916961,
    "iat": 1634916901,
    "jti": "u54Wpq-OX5X09SLB6dZitTPy7tbrG_qtNc6OrRPnDFs"
  }
}
2021-10-22 15:35:02
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
2021-10-22 15:35:02 SUCCESS
ValidateClientAssertionSignature
client_assertion signature validated
client_assertion
eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY5MDEsImV4cCI6MTYzNDkxNjk2MSwianRpIjoidTU0V3BxLU9YNVgwOVNMQjZkWml0VFB5N3RickdfcXROYzZPclJQbkRGcyIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.tmP6Bgwwur9Te7XckwSClduo_iNnjTUc-7_3dDfjH5xbQWavCO_6iVvXU244Jfj9srD7ttW1lSRYuoKvYfnOnV0dLrkrLveeRmya49VpzzGi-HTOwNWrTNf-EMUTfJyjHgPhK-Gd3CrD7iJ0rXg6H6fKdMFM7XD22nFHVOPHBO0sasDl_KAxxhjk7GPo7TvBXxrDCamEdWaliFdK5UrpFLcZ7vFx9MOiyMEqJhjbF8iay25LO_HehHg5-CeRC-qYNdXVomzgzlgTcOPBEfO77H75iD2RDuoHVPZg5pS2EsDgxvdKtm_hF5nxhiIjvfLAz1YjVwn3TgcEC99OhxsACA
2021-10-22 15:35:02 SUCCESS
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
assertion type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-10-22 15:35:02 SUCCESS
ValidateClientAssertionClaims
Client Assertion passed all validation checks
2021-10-22 15:35:02 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
XuFM8tiY9JvGbLNaCcVIirjovZlffPsm
2021-10-22 15:35:02 SUCCESS
ValidateRedirectUri
Found redirect uri
redirect_uri
https://openid-client.local/cb
2021-10-22 15:35:02 SUCCESS
ValidateCodeVerifierWithS256
Validated code_verifier successfully
code_challenge_method
S256
code_verifier
iN4wWtvIEAy22z4nAxmQbL6iDkb6T2p78UqRdKMhVfU
code_challenge
gUzDq33cXdpCx6miwcHSHamC0TJr1t5MTJB6tHcGhns
2021-10-22 15:35:02 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
6bSrS2n7AL4qMh1TE9duaVCFx9NH5LeLjhX63uzmpjgLe3M0fR
2021-10-22 15:35:02 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
vOrbzUeH2Z-E23y6zPT8GQ
2021-10-22 15:35:02
CreateRefreshToken
Created refresh token
refresh_token
jzgdSkaIwnYpHZiOoHVFqEQhgZptnRaWtvJHpWPmTrmiQeZFmP4492308771!`;|%
2021-10-22 15:35:02 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
6bSrS2n7AL4qMh1TE9duaVCFx9NH5LeLjhX63uzmpjgLe3M0fR
token_type
Bearer
refresh_token
jzgdSkaIwnYpHZiOoHVFqEQhgZptnRaWtvJHpWPmTrmiQeZFmP4492308771!`;|%
2021-10-22 15:35:02 OUTGOING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "6bSrS2n7AL4qMh1TE9duaVCFx9NH5LeLjhX63uzmpjgLe3M0fR",
  "token_type": "Bearer",
  "refresh_token": "jzgdSkaIwnYpHZiOoHVFqEQhgZptnRaWtvJHpWPmTrmiQeZFmP4492308771!`;|%"
}
outgoing_path
token
2021-10-22 15:35:03 INCOMING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
incoming_headers
{
  "host": "www.certification.openid.net",
  "authorization": "Bearer 6bSrS2n7AL4qMh1TE9duaVCFx9NH5LeLjhX63uzmpjgLe3M0fR",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
open-banking/v1.1/accounts
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:35:03 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Accounts endpoint
2021-10-22 15:35:03 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E\nMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp\nIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR\nPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0\nMk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452\nCdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ\npyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90\nvwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW\nctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX\n4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG\nXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z\nGynoOfsZbnrLlMYuiUw\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:35:03 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:35:03 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E
MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp
IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR
PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0
Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452
CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ
pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90
vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW
ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX
4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG
XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z
GynoOfsZbnrLlMYuiUw=
-----END CERTIFICATE-----
2021-10-22 15:35:03 SUCCESS
EnsureBearerAccessTokenNotInParams
Client correctly did not send access token in query parameters or form body
2021-10-22 15:35:03 SUCCESS
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
access_token
6bSrS2n7AL4qMh1TE9duaVCFx9NH5LeLjhX63uzmpjgLe3M0fR
2021-10-22 15:35:03 SUCCESS
RequireBearerAccessToken
Found access token in request
actual
6bSrS2n7AL4qMh1TE9duaVCFx9NH5LeLjhX63uzmpjgLe3M0fR
2021-10-22 15:35:03 INFO
ExtractFapiDateHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-auth-date
path
headers.x-fapi-auth-date
mapped
object
incoming_request
2021-10-22 15:35:03 INFO
ExtractFapiIpAddressHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-customer-ip-address
path
headers.x-fapi-customer-ip-address
mapped
object
incoming_request
2021-10-22 15:35:03 INFO
ExtractFapiInteractionIdHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-interaction-id
path
headers.x-fapi-interaction-id
mapped
object
incoming_request
2021-10-22 15:35:03 SUCCESS
CreateFapiInteractionIdIfNeeded
Created new FAPI interaction ID
fapi_interaction_id
b9e4cb3d-6e2f-4434-ab84-3b414486d171
2021-10-22 15:35:03 SUCCESS
CreateFAPIAccountEndpointResponse
Created account response object
accounts_endpoint_response
{
  "conformance-test-finished": "true"
}
accounts_endpoint_response_headers
{
  "x-fapi-interaction-id": "b9e4cb3d-6e2f-4434-ab84-3b414486d171",
  "content-type": "application/json; charset\u003dUTF-8"
}
2021-10-22 15:35:03
ClearAccessTokenFromRequest
Condition ran but did not log anything
2021-10-22 15:35:03 OUTGOING
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
outgoing_status_code
200
outgoing_headers
{
  "x-fapi-interaction-id": [
    "b9e4cb3d-6e2f-4434-ab84-3b414486d171"
  ],
  "content-type": [
    "application/json; charset\u003dUTF-8"
  ]
}
outgoing_body
{
  "conformance-test-finished": "true"
}
outgoing_path
open-banking/v1.1/accounts
2021-10-22 15:35:03 FINISHED
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Test has run to completion
testmodule_result
PASSED
2021-10-22 15:35:03
TEST-RUNNER
Alias has now been claimed by another test
alias
openid-client-ax9j1UaLqPr1gvLcP8D7h
new_test_id
Rrk8HzN4MxUHX3g
Test Results