Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-10-22 15:34:53 INFO
TEST-RUNNER
Test instance VC0Y3mkmRTSeb3n created
baseUrl
https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h
variant
{
  "client_auth_type": "private_key_jwt",
  "fapi_auth_request_method": "pushed",
  "fapi_jarm_type": "plain_oauth",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "jarm"
}
alias
openid-client-ax9j1UaLqPr1gvLcP8D7h
description
openid-client v5.x FAPI1 Adv. private_key_jwt, PAR, JARM (OAUTH2) RP
planId
2SPX0cbcsQc1G
config
{
  "alias": "openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "description": "openid-client v5.x FAPI1 Adv. private_key_jwt, PAR, JARM (OAUTH2) RP",
  "server": {
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "yoI3KKYPC3nUzNopqCIpQ7x8LlA0BKI9Z1-gHVcGLR3y22dSduP0mAHsxMgUb4VpazmSWpo9wZDLvKbaUFsNLSXAqbbeJvx_X1uSyIFlOYnWp_8I5uqlBVEuLuUSQR0uglpJ-yPs3lyZmpT4R411L1NCgkRK434IE9WSnhwlPcbR-twtYp5uAwF2xlIVvVdLk52CpAdiKHlCa0RelWAaip1oOXVn9B4oXa3MIJSUpSgH3znKVUN7Qzyf8yDrkvoOE_zjxgkhy_NB1Zb2vZE49iGtI9vRD_mWk4EGcS7CGrHNAMEr2mGN2J-v4tFRZVjqKXYNwtowpy6W_wwDV1lJoQ",
          "d": "S-V1qsRhyxlECeqRxjPXZ02S9QCWHk532PBb3-Mnq20YAea9X1Wb7AR8qluaXRmRIuCW22IHVy5fTTrzgz48t_j4NiMVK2NikWiOoJruRxxD2P6aZYD3jACa4HR13PWE4tHX_EnAkq3925ONYbPAgZYgzRWvQ4eOm3Bl3OALjRT1q5cNqeQoJg-fR0lrQ4BQNg4YvNdiRi6qzu-fj3ABOYGRoVVTq2gEBUTfsXg4E2O7UYlup-M2qlG-7nDbHKxIiT7cxmr8ZS55GK7uANMMyoTFEcaDG5ClVPc5Bw_4T4TAiVHsbkYq1QDGRVANpYNeXUK9z2nxITMvQMoXr7Yn6Q",
          "p": "9MtfcxNGWEtkEQqLKVg5I94CAW4cQBgK7LkKgQc4vVF71RW89jbjdHW42lzBuNt3eKpo4gvNG7puGsQR1h1AmJhu22zwkEeLacdexPFU5CMx-rdlnEszcp1IiAzu6IhYa_On3zkdKZMW9-ztCI9a_O6nMhRQpFY7RskYCMau9PM",
          "q": "08dQ8JS9WbZIexx4f31y1NM0VWJb9OBUz1UFyfh4BziPYB81O-4YAF-ur56YVHb_rjCeSw8Dh_qeBXFD-QgrGCneZAMMqEdHR-Yc8VN9P1DzPrTMiaudy6-3Zj_35hWJrUgF_9A0Tvn5alUBSoIO-rXDLHSRwWWlflIUfgmxvBs",
          "dp": "etFCrWjBRXFl3krs8SxrVrx_QxpsoBev-38Hbx8hb5LfT1SdvuZhDkA2I5CgPVAXS_orryX-nWfW8CTpUgTRMP5huEObGrhakRLPUH5IekHSRJkZKOZuBJY3GtNqVk56Fodj9VIheIds4a0Ea-QI4ZgXWL_qidkd2nDwVw7gHtM",
          "dq": "MD0mYqZ-uwCaYfCKQgABOBkjwo81AwJWTyO-vdKrBHoNrodtSMljDjK9R6OIbzTr6HGKnO4-j6q2c-bo5MDHkCl5Tq6jI3GY-vefgBjUXqfBwHbOYE2HE-5iiBfqD664PZA6TZrPT24BMgdK0_3sC497dZTX3oWYvL1VjaAHrCE",
          "qi": "ew2CW60eLFUzmLfVRFSi-B5Fvi-iCvDExVoVm3rnmEWQZ1g02Biw31yXk5AXFjTr-d7rUUm9legAjtzdR-ysjHWofH7Y_1oFrWF-akMNgXxQRLLxzS923up4qM64GcX6YEbppY7Ub-LMLULBVMNmnN4KLrjGmcLdKnSjz3HWxHM",
          "kty": "RSA",
          "kid": "x3HEVAS1MtuJTa5x-MZC1XLVawIzySOKoMq-wyzuEuM",
          "alg": "PS256",
          "use": "sig"
        }
      ]
    }
  },
  "waitTimeoutSeconds": 2,
  "client": {
    "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "scope": "All your base are belong to us",
    "redirect_uri": "https://openid-client.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "vGOkRYRSEC_4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ-RFFL8OyQfwe1g-j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2-s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz-NbuPa-FaVaQvGk_iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT_jEkEKBOso6wsrPs_pNZ4rcJd452CdBceTXNTYK2r-kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ_ZjhCR9Aw",
          "kty": "RSA",
          "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJpyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPWctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnGXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43zGynoOfsZbnrLlMYuiUw\u003d"
          ],
          "x5t": "5nLBbuo5am2oV9TL8PjnZw7x9Co",
          "x5t#S256": "DGuY2p1ly_AdoHWTaQt-QbEIOxB14fh-cNKHTrz6Vng"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E\r\nMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp\r\nIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR\r\nPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0\r\nMk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452\r\nCdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ\r\npyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90\r\nvwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW\r\nctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX\r\n4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG\r\nXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z\r\nGynoOfsZbnrLlMYuiUw\u003d\r\n-----END CERTIFICATE-----\r\n"
  },
  "client2": {
    "client_id": "client2-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "scope": "All your base are belong to us",
    "redirect_uri": "https://openid-client2.local/cb",
    "jwks": {
      "keys": [
        {
          "e": "AQAB",
          "n": "1CC4_tjNo_Z7ttNU1MeDo-HtW5cAS-Q-KUsfY7Y4k-_Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9_IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt-_Jla9p78WE9lAnGnajG07M0hsgzxIO_NuXbpvVSZifgAxqZQyZFL3y69pNf_6qb4mIu_T_pDgQ_7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu-uRioqADCHvMwQZT8iFK0_wFrfrSwPEcWrr8wgqNyXx8xPqQ",
          "kty": "RSA",
          "kid": "ngikCNiocbRDiCFtax7qqvF5vEMJBHxzez_VlkRDZzk",
          "use": "sig",
          "x5c": [
            "MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+HtW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxSeK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6TwoV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNSSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsqiPhbR+umi5i4QFjJPTY\u003d"
          ],
          "x5t": "P-mEzEIqvOMhvo3bvdggloU2aac",
          "x5t#S256": "aQdjBjzwKDPqsXcQrPtMHNF1PJeI54DFqQ7k0RLvBhM"
        },
        {
          "e": "AQAB",
          "n": "rLjkjLMba95llDbG__GPj19TeZqoOVyFa6nReuh-3bW31IBfZkQBNwDvsWYnqToaHRfcMcHTxgI7rT9g2DpxSBLoKIBdHSxvhU14Ek3OsWE0xeIm6qUBHYHh9SCBORL63Lcny9-TsEPD3VSJ1ZYSGGY0DZiyetnRbooptJRowW0gf50Sn5ivZZUPYAyZuXzUcrJYXsGX5cL1zW-KWtji4KYSMGFQDqnVX57zQE0VjVwrtLLIwsPtKmLI0vBtfFHDhdUUAG1OKu5zncHe1eSsSX2_pfPwClsqWr1Do-qRtxpYbOMKB0wzKaFlFgqQOL2XfEIyMPJ9mb4OZYcrKkX3aw",
          "kty": "RSA",
          "kid": "C7Y7F33pwZfQtE_DZ7kj2OJJEaFR8eiXZV8n45a1v_g",
          "alg": "RSA-OAEP-256",
          "use": "enc"
        }
      ]
    },
    "id_token_encrypted_response_alg": "RSA-OAEP-256",
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\r\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\r\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\r\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\r\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\r\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+Ht\r\nW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPsp\r\nJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuD\r\nCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL\r\n3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2Bk\r\nSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQID\r\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\r\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxS\r\neK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6Tw\r\noV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718\r\noYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+\r\nsLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNS\r\nSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsq\r\niPhbR+umi5i4QFjJPTY\u003d\r\n-----END CERTIFICATE-----\r\n"
  }
}
testName
fapi1-advanced-final-client-test
2021-10-22 15:34:54 SUCCESS
GenerateServerConfigurationMTLS
Created server configuration
server
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/userinfo"
}
issuer
https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/
discoveryUrl
https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/.well-known/openid-configuration
2021-10-22 15:34:54 SUCCESS
LoadServerJWKs
Parsed public and private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "9MtfcxNGWEtkEQqLKVg5I94CAW4cQBgK7LkKgQc4vVF71RW89jbjdHW42lzBuNt3eKpo4gvNG7puGsQR1h1AmJhu22zwkEeLacdexPFU5CMx-rdlnEszcp1IiAzu6IhYa_On3zkdKZMW9-ztCI9a_O6nMhRQpFY7RskYCMau9PM",
      "kty": "RSA",
      "q": "08dQ8JS9WbZIexx4f31y1NM0VWJb9OBUz1UFyfh4BziPYB81O-4YAF-ur56YVHb_rjCeSw8Dh_qeBXFD-QgrGCneZAMMqEdHR-Yc8VN9P1DzPrTMiaudy6-3Zj_35hWJrUgF_9A0Tvn5alUBSoIO-rXDLHSRwWWlflIUfgmxvBs",
      "d": "S-V1qsRhyxlECeqRxjPXZ02S9QCWHk532PBb3-Mnq20YAea9X1Wb7AR8qluaXRmRIuCW22IHVy5fTTrzgz48t_j4NiMVK2NikWiOoJruRxxD2P6aZYD3jACa4HR13PWE4tHX_EnAkq3925ONYbPAgZYgzRWvQ4eOm3Bl3OALjRT1q5cNqeQoJg-fR0lrQ4BQNg4YvNdiRi6qzu-fj3ABOYGRoVVTq2gEBUTfsXg4E2O7UYlup-M2qlG-7nDbHKxIiT7cxmr8ZS55GK7uANMMyoTFEcaDG5ClVPc5Bw_4T4TAiVHsbkYq1QDGRVANpYNeXUK9z2nxITMvQMoXr7Yn6Q",
      "e": "AQAB",
      "use": "sig",
      "kid": "x3HEVAS1MtuJTa5x-MZC1XLVawIzySOKoMq-wyzuEuM",
      "qi": "ew2CW60eLFUzmLfVRFSi-B5Fvi-iCvDExVoVm3rnmEWQZ1g02Biw31yXk5AXFjTr-d7rUUm9legAjtzdR-ysjHWofH7Y_1oFrWF-akMNgXxQRLLxzS923up4qM64GcX6YEbppY7Ub-LMLULBVMNmnN4KLrjGmcLdKnSjz3HWxHM",
      "dp": "etFCrWjBRXFl3krs8SxrVrx_QxpsoBev-38Hbx8hb5LfT1SdvuZhDkA2I5CgPVAXS_orryX-nWfW8CTpUgTRMP5huEObGrhakRLPUH5IekHSRJkZKOZuBJY3GtNqVk56Fodj9VIheIds4a0Ea-QI4ZgXWL_qidkd2nDwVw7gHtM",
      "alg": "PS256",
      "dq": "MD0mYqZ-uwCaYfCKQgABOBkjwo81AwJWTyO-vdKrBHoNrodtSMljDjK9R6OIbzTr6HGKnO4-j6q2c-bo5MDHkCl5Tq6jI3GY-vefgBjUXqfBwHbOYE2HE-5iiBfqD664PZA6TZrPT24BMgdK0_3sC497dZTX3oWYvL1VjaAHrCE",
      "n": "yoI3KKYPC3nUzNopqCIpQ7x8LlA0BKI9Z1-gHVcGLR3y22dSduP0mAHsxMgUb4VpazmSWpo9wZDLvKbaUFsNLSXAqbbeJvx_X1uSyIFlOYnWp_8I5uqlBVEuLuUSQR0uglpJ-yPs3lyZmpT4R411L1NCgkRK434IE9WSnhwlPcbR-twtYp5uAwF2xlIVvVdLk52CpAdiKHlCa0RelWAaip1oOXVn9B4oXa3MIJSUpSgH3znKVUN7Qzyf8yDrkvoOE_zjxgkhy_NB1Zb2vZE49iGtI9vRD_mWk4EGcS7CGrHNAMEr2mGN2J-v4tFRZVjqKXYNwtowpy6W_wwDV1lJoQ"
    }
  ]
}
server_encryption_keys
{}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "x3HEVAS1MtuJTa5x-MZC1XLVawIzySOKoMq-wyzuEuM",
      "alg": "PS256",
      "n": "yoI3KKYPC3nUzNopqCIpQ7x8LlA0BKI9Z1-gHVcGLR3y22dSduP0mAHsxMgUb4VpazmSWpo9wZDLvKbaUFsNLSXAqbbeJvx_X1uSyIFlOYnWp_8I5uqlBVEuLuUSQR0uglpJ-yPs3lyZmpT4R411L1NCgkRK434IE9WSnhwlPcbR-twtYp5uAwF2xlIVvVdLk52CpAdiKHlCa0RelWAaip1oOXVn9B4oXa3MIJSUpSgH3znKVUN7Qzyf8yDrkvoOE_zjxgkhy_NB1Zb2vZE49iGtI9vRD_mWk4EGcS7CGrHNAMEr2mGN2J-v4tFRZVjqKXYNwtowpy6W_wwDV1lJoQ"
    }
  ]
}
2021-10-22 15:34:54 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:34:54 SUCCESS
ExtractServerSigningAlg
Successfully extracted algorithm
signing_algorithm
PS256
2021-10-22 15:34:54
SetTokenEndpointAuthMethodsSupportedToPrivateKeyJWTOnly
Changed token_endpoint_auth_methods_supported to private_key_jwt only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/userinfo",
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ]
}
2021-10-22 15:34:54
AddPushedAuthorizationRequestEndpointToServerConfig
Added pushed_authorization_request_endpoint to server configuration
endpoint
https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/par
2021-10-22 15:34:54
AddRequirePushedAuthorizationRequestsToServerConfig
Added require_pushed_authorization_requests to server configuration
value
true
2021-10-22 15:34:54 SUCCESS
AddResponseTypeCodeToServerConfiguration
Added code as response type supported
response_types_supported
[
  "code"
]
2021-10-22 15:34:54 SUCCESS
AddJARMResponseModeToServerConfiguration
Added jwt as response_modes_supported
response_modes_supported
[
  "jwt"
]
2021-10-22 15:34:54 SUCCESS
AddAuthorizationSigningAlgValuesSupportedToServerConfiguration
Added authorization_signing_alg_values_supported to server configuration
alg_values
[
  "PS256"
]
2021-10-22 15:34:54 SUCCESS
FAPIAddTokenEndpointAuthSigningAlgValuesSupportedToServer
Set token_endpoint_auth_signing_alg_values_supported
values
[
  "PS256",
  "ES256"
]
2021-10-22 15:34:54 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-10-22 15:34:54 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "p": "9MtfcxNGWEtkEQqLKVg5I94CAW4cQBgK7LkKgQc4vVF71RW89jbjdHW42lzBuNt3eKpo4gvNG7puGsQR1h1AmJhu22zwkEeLacdexPFU5CMx-rdlnEszcp1IiAzu6IhYa_On3zkdKZMW9-ztCI9a_O6nMhRQpFY7RskYCMau9PM",
      "kty": "RSA",
      "q": "08dQ8JS9WbZIexx4f31y1NM0VWJb9OBUz1UFyfh4BziPYB81O-4YAF-ur56YVHb_rjCeSw8Dh_qeBXFD-QgrGCneZAMMqEdHR-Yc8VN9P1DzPrTMiaudy6-3Zj_35hWJrUgF_9A0Tvn5alUBSoIO-rXDLHSRwWWlflIUfgmxvBs",
      "d": "S-V1qsRhyxlECeqRxjPXZ02S9QCWHk532PBb3-Mnq20YAea9X1Wb7AR8qluaXRmRIuCW22IHVy5fTTrzgz48t_j4NiMVK2NikWiOoJruRxxD2P6aZYD3jACa4HR13PWE4tHX_EnAkq3925ONYbPAgZYgzRWvQ4eOm3Bl3OALjRT1q5cNqeQoJg-fR0lrQ4BQNg4YvNdiRi6qzu-fj3ABOYGRoVVTq2gEBUTfsXg4E2O7UYlup-M2qlG-7nDbHKxIiT7cxmr8ZS55GK7uANMMyoTFEcaDG5ClVPc5Bw_4T4TAiVHsbkYq1QDGRVANpYNeXUK9z2nxITMvQMoXr7Yn6Q",
      "e": "AQAB",
      "use": "sig",
      "kid": "x3HEVAS1MtuJTa5x-MZC1XLVawIzySOKoMq-wyzuEuM",
      "qi": "ew2CW60eLFUzmLfVRFSi-B5Fvi-iCvDExVoVm3rnmEWQZ1g02Biw31yXk5AXFjTr-d7rUUm9legAjtzdR-ysjHWofH7Y_1oFrWF-akMNgXxQRLLxzS923up4qM64GcX6YEbppY7Ub-LMLULBVMNmnN4KLrjGmcLdKnSjz3HWxHM",
      "dp": "etFCrWjBRXFl3krs8SxrVrx_QxpsoBev-38Hbx8hb5LfT1SdvuZhDkA2I5CgPVAXS_orryX-nWfW8CTpUgTRMP5huEObGrhakRLPUH5IekHSRJkZKOZuBJY3GtNqVk56Fodj9VIheIds4a0Ea-QI4ZgXWL_qidkd2nDwVw7gHtM",
      "alg": "PS256",
      "dq": "MD0mYqZ-uwCaYfCKQgABOBkjwo81AwJWTyO-vdKrBHoNrodtSMljDjK9R6OIbzTr6HGKnO4-j6q2c-bo5MDHkCl5Tq6jI3GY-vefgBjUXqfBwHbOYE2HE-5iiBfqD664PZA6TZrPT24BMgdK0_3sC497dZTX3oWYvL1VjaAHrCE",
      "n": "yoI3KKYPC3nUzNopqCIpQ7x8LlA0BKI9Z1-gHVcGLR3y22dSduP0mAHsxMgUb4VpazmSWpo9wZDLvKbaUFsNLSXAqbbeJvx_X1uSyIFlOYnWp_8I5uqlBVEuLuUSQR0uglpJ-yPs3lyZmpT4R411L1NCgkRK434IE9WSnhwlPcbR-twtYp5uAwF2xlIVvVdLk52CpAdiKHlCa0RelWAaip1oOXVn9B4oXa3MIJSUpSgH3znKVUN7Qzyf8yDrkvoOE_zjxgkhy_NB1Zb2vZE49iGtI9vRD_mWk4EGcS7CGrHNAMEr2mGN2J-v4tFRZVjqKXYNwtowpy6W_wwDV1lJoQ"
    }
  ]
}
2021-10-22 15:34:54 SUCCESS
LoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "email": "user@example.com",
  "email_verified": false
}
Verify configuration of first client
2021-10-22 15:34:54 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h
scope
All your base are belong to us
redirect_uri
https://openid-client.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "vGOkRYRSEC_4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ-RFFL8OyQfwe1g-j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2-s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz-NbuPa-FaVaQvGk_iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT_jEkEKBOso6wsrPs_pNZ4rcJd452CdBceTXNTYK2r-kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ_ZjhCR9Aw",
      "kty": "RSA",
      "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJpyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPWctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnGXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43zGynoOfsZbnrLlMYuiUw\u003d"
      ],
      "x5t": "5nLBbuo5am2oV9TL8PjnZw7x9Co",
      "x5t#S256": "DGuY2p1ly_AdoHWTaQt-QbEIOxB14fh-cNKHTrz6Vng"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E
MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp
IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR
PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0
Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452
CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ
pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90
vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW
ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX
4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG
XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z
GynoOfsZbnrLlMYuiUw=
-----END CERTIFICATE-----
2021-10-22 15:34:54 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:34:54 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "vGOkRYRSEC_4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ-RFFL8OyQfwe1g-j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2-s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz-NbuPa-FaVaQvGk_iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT_jEkEKBOso6wsrPs_pNZ4rcJd452CdBceTXNTYK2r-kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ_ZjhCR9Aw",
      "kty": "RSA",
      "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJpyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPWctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnGXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43zGynoOfsZbnrLlMYuiUw\u003d"
      ],
      "x5t": "5nLBbuo5am2oV9TL8PjnZw7x9Co",
      "x5t#S256": "DGuY2p1ly_AdoHWTaQt-QbEIOxB14fh-cNKHTrz6Vng"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "DGuY2p1ly_AdoHWTaQt-QbEIOxB14fh-cNKHTrz6Vng",
      "e": "AQAB",
      "x5t": "5nLBbuo5am2oV9TL8PjnZw7x9Co",
      "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJpyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPWctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnGXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43zGynoOfsZbnrLlMYuiUw\u003d"
      ],
      "n": "vGOkRYRSEC_4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ-RFFL8OyQfwe1g-j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2-s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz-NbuPa-FaVaQvGk_iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT_jEkEKBOso6wsrPs_pNZ4rcJd452CdBceTXNTYK2r-kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ_ZjhCR9Aw"
    }
  ]
}
2021-10-22 15:34:54 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:34:54 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:34:54 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "vGOkRYRSEC_4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ-RFFL8OyQfwe1g-j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2-s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz-NbuPa-FaVaQvGk_iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT_jEkEKBOso6wsrPs_pNZ4rcJd452CdBceTXNTYK2r-kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ_ZjhCR9Aw",
      "kty": "RSA",
      "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78EMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkpIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYRPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJpyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPWctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnGXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43zGynoOfsZbnrLlMYuiUw\u003d"
      ],
      "x5t": "5nLBbuo5am2oV9TL8PjnZw7x9Co",
      "x5t#S256": "DGuY2p1ly_AdoHWTaQt-QbEIOxB14fh-cNKHTrz6Vng"
    }
  ]
}
Verify configuration of second client
2021-10-22 15:34:54 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
client2-id-openid-client-ax9j1UaLqPr1gvLcP8D7h
scope
All your base are belong to us
redirect_uri
https://openid-client2.local/cb
jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1CC4_tjNo_Z7ttNU1MeDo-HtW5cAS-Q-KUsfY7Y4k-_Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9_IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt-_Jla9p78WE9lAnGnajG07M0hsgzxIO_NuXbpvVSZifgAxqZQyZFL3y69pNf_6qb4mIu_T_pDgQ_7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu-uRioqADCHvMwQZT8iFK0_wFrfrSwPEcWrr8wgqNyXx8xPqQ",
      "kty": "RSA",
      "kid": "ngikCNiocbRDiCFtax7qqvF5vEMJBHxzez_VlkRDZzk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+HtW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxSeK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6TwoV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNSSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsqiPhbR+umi5i4QFjJPTY\u003d"
      ],
      "x5t": "P-mEzEIqvOMhvo3bvdggloU2aac",
      "x5t#S256": "aQdjBjzwKDPqsXcQrPtMHNF1PJeI54DFqQ7k0RLvBhM"
    },
    {
      "e": "AQAB",
      "n": "rLjkjLMba95llDbG__GPj19TeZqoOVyFa6nReuh-3bW31IBfZkQBNwDvsWYnqToaHRfcMcHTxgI7rT9g2DpxSBLoKIBdHSxvhU14Ek3OsWE0xeIm6qUBHYHh9SCBORL63Lcny9-TsEPD3VSJ1ZYSGGY0DZiyetnRbooptJRowW0gf50Sn5ivZZUPYAyZuXzUcrJYXsGX5cL1zW-KWtji4KYSMGFQDqnVX57zQE0VjVwrtLLIwsPtKmLI0vBtfFHDhdUUAG1OKu5zncHe1eSsSX2_pfPwClsqWr1Do-qRtxpYbOMKB0wzKaFlFgqQOL2XfEIyMPJ9mb4OZYcrKkX3aw",
      "kty": "RSA",
      "kid": "C7Y7F33pwZfQtE_DZ7kj2OJJEaFR8eiXZV8n45a1v_g",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
id_token_encrypted_response_alg
RSA-OAEP-256
certificate
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+Ht
W5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPsp
JVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuD
CoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL
3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2Bk
SSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxS
eK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6Tw
oV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718
oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+
sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNS
SeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsq
iPhbR+umi5i4QFjJPTY=
-----END CERTIFICATE-----
2021-10-22 15:34:54 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-10-22 15:34:54 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1CC4_tjNo_Z7ttNU1MeDo-HtW5cAS-Q-KUsfY7Y4k-_Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9_IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt-_Jla9p78WE9lAnGnajG07M0hsgzxIO_NuXbpvVSZifgAxqZQyZFL3y69pNf_6qb4mIu_T_pDgQ_7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu-uRioqADCHvMwQZT8iFK0_wFrfrSwPEcWrr8wgqNyXx8xPqQ",
      "kty": "RSA",
      "kid": "ngikCNiocbRDiCFtax7qqvF5vEMJBHxzez_VlkRDZzk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+HtW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxSeK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6TwoV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNSSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsqiPhbR+umi5i4QFjJPTY\u003d"
      ],
      "x5t": "P-mEzEIqvOMhvo3bvdggloU2aac",
      "x5t#S256": "aQdjBjzwKDPqsXcQrPtMHNF1PJeI54DFqQ7k0RLvBhM"
    },
    {
      "e": "AQAB",
      "n": "rLjkjLMba95llDbG__GPj19TeZqoOVyFa6nReuh-3bW31IBfZkQBNwDvsWYnqToaHRfcMcHTxgI7rT9g2DpxSBLoKIBdHSxvhU14Ek3OsWE0xeIm6qUBHYHh9SCBORL63Lcny9-TsEPD3VSJ1ZYSGGY0DZiyetnRbooptJRowW0gf50Sn5ivZZUPYAyZuXzUcrJYXsGX5cL1zW-KWtji4KYSMGFQDqnVX57zQE0VjVwrtLLIwsPtKmLI0vBtfFHDhdUUAG1OKu5zncHe1eSsSX2_pfPwClsqWr1Do-qRtxpYbOMKB0wzKaFlFgqQOL2XfEIyMPJ9mb4OZYcrKkX3aw",
      "kty": "RSA",
      "kid": "C7Y7F33pwZfQtE_DZ7kj2OJJEaFR8eiXZV8n45a1v_g",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "x5t#S256": "aQdjBjzwKDPqsXcQrPtMHNF1PJeI54DFqQ7k0RLvBhM",
      "e": "AQAB",
      "use": "sig",
      "x5t": "P-mEzEIqvOMhvo3bvdggloU2aac",
      "kid": "ngikCNiocbRDiCFtax7qqvF5vEMJBHxzez_VlkRDZzk",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+HtW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxSeK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6TwoV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNSSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsqiPhbR+umi5i4QFjJPTY\u003d"
      ],
      "n": "1CC4_tjNo_Z7ttNU1MeDo-HtW5cAS-Q-KUsfY7Y4k-_Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9_IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt-_Jla9p78WE9lAnGnajG07M0hsgzxIO_NuXbpvVSZifgAxqZQyZFL3y69pNf_6qb4mIu_T_pDgQ_7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu-uRioqADCHvMwQZT8iFK0_wFrfrSwPEcWrr8wgqNyXx8xPqQ"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "C7Y7F33pwZfQtE_DZ7kj2OJJEaFR8eiXZV8n45a1v_g",
      "alg": "RSA-OAEP-256",
      "n": "rLjkjLMba95llDbG__GPj19TeZqoOVyFa6nReuh-3bW31IBfZkQBNwDvsWYnqToaHRfcMcHTxgI7rT9g2DpxSBLoKIBdHSxvhU14Ek3OsWE0xeIm6qUBHYHh9SCBORL63Lcny9-TsEPD3VSJ1ZYSGGY0DZiyetnRbooptJRowW0gf50Sn5ivZZUPYAyZuXzUcrJYXsGX5cL1zW-KWtji4KYSMGFQDqnVX57zQE0VjVwrtLLIwsPtKmLI0vBtfFHDhdUUAG1OKu5zncHe1eSsSX2_pfPwClsqWr1Do-qRtxpYbOMKB0wzKaFlFgqQOL2XfEIyMPJ9mb4OZYcrKkX3aw"
    }
  ]
}
2021-10-22 15:34:54 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-10-22 15:34:54 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-10-22 15:34:54 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "e": "AQAB",
      "n": "1CC4_tjNo_Z7ttNU1MeDo-HtW5cAS-Q-KUsfY7Y4k-_Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9_IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt-_Jla9p78WE9lAnGnajG07M0hsgzxIO_NuXbpvVSZifgAxqZQyZFL3y69pNf_6qb4mIu_T_pDgQ_7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu-uRioqADCHvMwQZT8iFK0_wFrfrSwPEcWrr8wgqNyXx8xPqQ",
      "kty": "RSA",
      "kid": "ngikCNiocbRDiCFtax7qqvF5vEMJBHxzez_VlkRDZzk",
      "use": "sig",
      "x5c": [
        "MIIDmjCCAoKgAwIBAgIJLnji+h3mnOs6MA0GCSqGSIb3DQEBBQUAMGkxFDASBgNVBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRlc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtleGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CC4/tjNo/Z7ttNU1MeDo+HtW5cAS+Q+KUsfY7Y4k+/Iefm3SsjAwEN1roVxoycz37xe68TmkEBms9/IDKUcfPspJVfLhg8h2hOakr7igu8FsOSpKYH08JWRmUa9mWDBWNEjyhkAMLDdI0HULd6W9xuDCoAvaw21Jzt+/Jla9p78WE9lAnGnajG07M0hsgzxIO/NuXbpvVSZifgAxqZQyZFL3y69pNf/6qb4mIu/T/pDgQ/7JeH8thq1vBwf47x9AqH23aNk8QSSvAikfuL6V2BkSSXnPidSjhtNTu+uRioqADCHvMwQZT8iFK0/wFrfrSwPEcWrr8wgqNyXx8xPqQIDAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhtodHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBALxSeK/7qftUFNdSg2NSg7OCNXg85pyukVdwfQR085jm60VnmPkX7bwqOfIgwllut6TwoV/L2ixVVEsxNr580iilksZjn/evla1bZHlf8lVFbBG4UhLceXL/4dDyuK/1g718oYep8BiDtdrKe/DYUUK9ezaMj4VZslkeRI41f5HCru8S/pFhInmlwTLGfxjGV0c+sLnaDvy075LCjUJvRSWS8PAGq+SnSX3J7UvxqaLfKTShOiVnsh79agKI8lAPkBNSSeZJt7QGhit6gKUtSAl7mzAcLLEDCJ5kD+o0mwvUuoBMd/YFVjfE3HA7MyQIHzsqiPhbR+umi5i4QFjJPTY\u003d"
      ],
      "x5t": "P-mEzEIqvOMhvo3bvdggloU2aac",
      "x5t#S256": "aQdjBjzwKDPqsXcQrPtMHNF1PJeI54DFqQ7k0RLvBhM"
    },
    {
      "e": "AQAB",
      "n": "rLjkjLMba95llDbG__GPj19TeZqoOVyFa6nReuh-3bW31IBfZkQBNwDvsWYnqToaHRfcMcHTxgI7rT9g2DpxSBLoKIBdHSxvhU14Ek3OsWE0xeIm6qUBHYHh9SCBORL63Lcny9-TsEPD3VSJ1ZYSGGY0DZiyetnRbooptJRowW0gf50Sn5ivZZUPYAyZuXzUcrJYXsGX5cL1zW-KWtji4KYSMGFQDqnVX57zQE0VjVwrtLLIwsPtKmLI0vBtfFHDhdUUAG1OKu5zncHe1eSsSX2_pfPwClsqWr1Do-qRtxpYbOMKB0wzKaFlFgqQOL2XfEIyMPJ9mb4OZYcrKkX3aw",
      "kty": "RSA",
      "kid": "C7Y7F33pwZfQtE_DZ7kj2OJJEaFR8eiXZV8n45a1v_g",
      "alg": "RSA-OAEP-256",
      "use": "enc"
    }
  ]
}
2021-10-22 15:34:54
fapi1-advanced-final-client-test
Setup Done
2021-10-22 15:34:54 INCOMING
fapi1-advanced-final-client-test
Incoming HTTP request to test instance VC0Y3mkmRTSeb3n
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:34:54 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:34:54 OUTGOING
fapi1-advanced-final-client-test
Response to HTTP request to test instance VC0Y3mkmRTSeb3n
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/userinfo",
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "jwt"
  ],
  "authorization_signing_alg_values_supported": [
    "PS256"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256",
    "ES256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-10-22 15:34:55 INCOMING
fapi1-advanced-final-client-test
Incoming HTTP request to test instance VC0Y3mkmRTSeb3n
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "content-length": "2336",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
par
incoming_body_form_params
{
  "request": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiIwVWQwNHpXZG0xS0JiYUZ4NjNwV2VaN3pNY2NCTVRlWElIZDVyNzhvVHZnIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6IkFsbCB5b3VyIGJhc2UgYXJlIGJlbG9uZyB0byB1cyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJWUlowNjZXeUdnVDkwQ3ZNUml5M2h0NmdwWlVTWlp4NFFTUmtaZExvMkEwIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiMXJUOXcxMDFmTzVzMVYyanRMckFfX3VycldlUEFTSXo1MDBBV0xTcHhhOCIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6Imh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2Evb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2gvIiwiY2xpZW50X2lkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoIiwianRpIjoiS2ppbWlBdlpTQnZnZjB5YmQ1c0xFU0pwXzhaUjlNT3ZlajNFOWdES2c5byIsImlhdCI6MTYzNDkxNjg5NCwiZXhwIjoxNjM0OTE3MTk0LCJuYmYiOjE2MzQ5MTY4OTR9.boMtpgzsx7WpOmS4c209DGegacMuhMJTIH_4vrtEVkl6YH0nJIKe_fvZLU1rquS09YqXryZCqrZnjEtWiqZb42L7XCr8jWlqO5HmeR615fZf78TtdW0RKXB-ziWlmQ1whwvvFgIPjTjFXoPXtkSBcSkLHppXdDjoOsLbddIG1XyiiPjxAniIU4elocAhtTXzJV66KGrgC5Sxsa8sqs5sNvU5cEBRSn7OiB07pkv_S72OXSQWNUSzdMGKBBnokG3V_6dJflhoMdFo4KwZn94Ih2VOk5gwt3HzcatmI33iD8KLB60ZFyIUBMFH8Uy_lsdqA5Wt_WfoHTio7ntBDOIVfw",
  "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "client_assertion": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY4OTQsImV4cCI6MTYzNDkxNjk1NCwianRpIjoiN2V2dGowVEJQN1B0N3pkWlA1R0NDRXNMaUJsak01enVUNW9lRWdaUTctQSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.oZRcXOYY37Jzp-0WuO0XQkS29O31DjlLBK7VuzLTkMhhe_1SMBkp6kNwJiT4JVNMxx1QPv7BcK1bfXBUl6GptCCw_IWFVTFYXv0PYPZtWjXXe8V5tbnZWxGTW5EMKXyb3_csOgmU3nCdIamfOqp4OmfO3YyAHq75GbEhZibixInX8RMgcZKl7pj0eHJIKUoXT5VHol6sPD-N206Enbi41sHk1Trgmk85Mf8K-uhIX8Z1Y1_m2hqVAlpRMPY4h3mxz4zbZ912CVYEuUS1vkwU9jC7xwRak_3YyAPWf2W2ySvXYqc7sCm4FmR_8kfW0C-0-hHmlk0Y6O9khxCGB90cBg",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
request=eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiIwVWQwNHpXZG0xS0JiYUZ4NjNwV2VaN3pNY2NCTVRlWElIZDVyNzhvVHZnIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6IkFsbCB5b3VyIGJhc2UgYXJlIGJlbG9uZyB0byB1cyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJWUlowNjZXeUdnVDkwQ3ZNUml5M2h0NmdwWlVTWlp4NFFTUmtaZExvMkEwIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiMXJUOXcxMDFmTzVzMVYyanRMckFfX3VycldlUEFTSXo1MDBBV0xTcHhhOCIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6Imh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2Evb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2gvIiwiY2xpZW50X2lkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoIiwianRpIjoiS2ppbWlBdlpTQnZnZjB5YmQ1c0xFU0pwXzhaUjlNT3ZlajNFOWdES2c5byIsImlhdCI6MTYzNDkxNjg5NCwiZXhwIjoxNjM0OTE3MTk0LCJuYmYiOjE2MzQ5MTY4OTR9.boMtpgzsx7WpOmS4c209DGegacMuhMJTIH_4vrtEVkl6YH0nJIKe_fvZLU1rquS09YqXryZCqrZnjEtWiqZb42L7XCr8jWlqO5HmeR615fZf78TtdW0RKXB-ziWlmQ1whwvvFgIPjTjFXoPXtkSBcSkLHppXdDjoOsLbddIG1XyiiPjxAniIU4elocAhtTXzJV66KGrgC5Sxsa8sqs5sNvU5cEBRSn7OiB07pkv_S72OXSQWNUSzdMGKBBnokG3V_6dJflhoMdFo4KwZn94Ih2VOk5gwt3HzcatmI33iD8KLB60ZFyIUBMFH8Uy_lsdqA5Wt_WfoHTio7ntBDOIVfw&client_id=client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h&client_assertion=eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY4OTQsImV4cCI6MTYzNDkxNjk1NCwianRpIjoiN2V2dGowVEJQN1B0N3pkWlA1R0NDRXNMaUJsak01enVUNW9lRWdaUTctQSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.oZRcXOYY37Jzp-0WuO0XQkS29O31DjlLBK7VuzLTkMhhe_1SMBkp6kNwJiT4JVNMxx1QPv7BcK1bfXBUl6GptCCw_IWFVTFYXv0PYPZtWjXXe8V5tbnZWxGTW5EMKXyb3_csOgmU3nCdIamfOqp4OmfO3YyAHq75GbEhZibixInX8RMgcZKl7pj0eHJIKUoXT5VHol6sPD-N206Enbi41sHk1Trgmk85Mf8K-uhIX8Z1Y1_m2hqVAlpRMPY4h3mxz4zbZ912CVYEuUS1vkwU9jC7xwRak_3YyAPWf2W2ySvXYqc7sCm4FmR_8kfW0C-0-hHmlk0Y6O9khxCGB90cBg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2021-10-22 15:34:55 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
PAR endpoint
2021-10-22 15:34:55 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E\nMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp\nIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR\nPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0\nMk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452\nCdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ\npyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90\nvwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW\nctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX\n4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG\nXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z\nGynoOfsZbnrLlMYuiUw\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:34:55 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:34:55 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E
MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp
IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR
PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0
Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452
CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ
pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90
vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW
ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX
4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG
XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z
GynoOfsZbnrLlMYuiUw=
-----END CERTIFICATE-----
2021-10-22 15:34:55 SUCCESS
ExtractClientAssertion
Parsed client assertion
client_assertion
{
  "value": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY4OTQsImV4cCI6MTYzNDkxNjk1NCwianRpIjoiN2V2dGowVEJQN1B0N3pkWlA1R0NDRXNMaUJsak01enVUNW9lRWdaUTctQSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.oZRcXOYY37Jzp-0WuO0XQkS29O31DjlLBK7VuzLTkMhhe_1SMBkp6kNwJiT4JVNMxx1QPv7BcK1bfXBUl6GptCCw_IWFVTFYXv0PYPZtWjXXe8V5tbnZWxGTW5EMKXyb3_csOgmU3nCdIamfOqp4OmfO3YyAHq75GbEhZibixInX8RMgcZKl7pj0eHJIKUoXT5VHol6sPD-N206Enbi41sHk1Trgmk85Mf8K-uhIX8Z1Y1_m2hqVAlpRMPY4h3mxz4zbZ912CVYEuUS1vkwU9jC7xwRak_3YyAPWf2W2ySvXYqc7sCm4FmR_8kfW0C-0-hHmlk0Y6O9khxCGB90cBg",
  "header": {
    "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
    "alg": "PS256"
  },
  "claims": {
    "sub": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "aud": [
      "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
      "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/token"
    ],
    "iss": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "exp": 1634916954,
    "iat": 1634916894,
    "jti": "7evtj0TBP7Pt7zdZP5GCCEsLiBljM5zuT5oeEgZQ7-A"
  }
}
2021-10-22 15:34:55
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
2021-10-22 15:34:55 SUCCESS
ValidateClientAssertionSignature
client_assertion signature validated
client_assertion
eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY4OTQsImV4cCI6MTYzNDkxNjk1NCwianRpIjoiN2V2dGowVEJQN1B0N3pkWlA1R0NDRXNMaUJsak01enVUNW9lRWdaUTctQSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.oZRcXOYY37Jzp-0WuO0XQkS29O31DjlLBK7VuzLTkMhhe_1SMBkp6kNwJiT4JVNMxx1QPv7BcK1bfXBUl6GptCCw_IWFVTFYXv0PYPZtWjXXe8V5tbnZWxGTW5EMKXyb3_csOgmU3nCdIamfOqp4OmfO3YyAHq75GbEhZibixInX8RMgcZKl7pj0eHJIKUoXT5VHol6sPD-N206Enbi41sHk1Trgmk85Mf8K-uhIX8Z1Y1_m2hqVAlpRMPY4h3mxz4zbZ912CVYEuUS1vkwU9jC7xwRak_3YyAPWf2W2ySvXYqc7sCm4FmR_8kfW0C-0-hHmlk0Y6O9khxCGB90cBg
2021-10-22 15:34:55 SUCCESS
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
assertion type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-10-22 15:34:55 SUCCESS
ValidateClientAssertionClaimsForPAREndpoint
Client Assertion passed all validation checks
2021-10-22 15:34:55 SUCCESS
ExtractRequestObjectFromPAREndpointRequest
Parsed request object
request_object
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiIwVWQwNHpXZG0xS0JiYUZ4NjNwV2VaN3pNY2NCTVRlWElIZDVyNzhvVHZnIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6IkFsbCB5b3VyIGJhc2UgYXJlIGJlbG9uZyB0byB1cyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJWUlowNjZXeUdnVDkwQ3ZNUml5M2h0NmdwWlVTWlp4NFFTUmtaZExvMkEwIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiMXJUOXcxMDFmTzVzMVYyanRMckFfX3VycldlUEFTSXo1MDBBV0xTcHhhOCIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6Imh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2Evb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2gvIiwiY2xpZW50X2lkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoIiwianRpIjoiS2ppbWlBdlpTQnZnZjB5YmQ1c0xFU0pwXzhaUjlNT3ZlajNFOWdES2c5byIsImlhdCI6MTYzNDkxNjg5NCwiZXhwIjoxNjM0OTE3MTk0LCJuYmYiOjE2MzQ5MTY4OTR9.boMtpgzsx7WpOmS4c209DGegacMuhMJTIH_4vrtEVkl6YH0nJIKe_fvZLU1rquS09YqXryZCqrZnjEtWiqZb42L7XCr8jWlqO5HmeR615fZf78TtdW0RKXB-ziWlmQ1whwvvFgIPjTjFXoPXtkSBcSkLHppXdDjoOsLbddIG1XyiiPjxAniIU4elocAhtTXzJV66KGrgC5Sxsa8sqs5sNvU5cEBRSn7OiB07pkv_S72OXSQWNUSzdMGKBBnokG3V_6dJflhoMdFo4KwZn94Ih2VOk5gwt3HzcatmI33iD8KLB60ZFyIUBMFH8Uy_lsdqA5Wt_WfoHTio7ntBDOIVfw",
  "header": {
    "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
    "typ": "oauth-authz-req+jwt",
    "alg": "PS256"
  },
  "claims": {
    "iss": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "response_type": "code",
    "code_challenge_method": "S256",
    "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "aud": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
    "nbf": 1634916894,
    "scope": "All your base are belong to us",
    "redirect_uri": "https://openid-client.local/cb",
    "state": "VRZ066WyGgT90CvMRiy3ht6gpZUSZZx4QSRkZdLo2A0",
    "exp": 1634917194,
    "iat": 1634916894,
    "code_challenge": "1rT9w101fO5s1V2jtLrA__urrWePASIz500AWLSpxa8",
    "jti": "KjimiAvZSBvgf0ybd5sLESJp_8ZR9MOvej3E9gDKg9o"
  }
}
2021-10-22 15:34:55 SUCCESS
EnsurePAREndpointRequestDoesNotContainRequestUriParameter
PAR endpoint request does not contain a request_uri parameter
2021-10-22 15:34:55 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:34:55 SUCCESS
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
alg
PS256
2021-10-22 15:34:55 SUCCESS
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
exp
"Oct 22, 2021, 3:39:54 PM"
2021-10-22 15:34:55 SUCCESS
FAPI1AdvancedValidateRequestObjectNBFClaim
nbf claim is valid
nbf
"Oct 22, 2021, 3:34:54 PM"
now
"Oct 22, 2021, 3:34:55 PM"
2021-10-22 15:34:55
ValidateRequestObjectClaims
Request object does not contain a max_age claim
2021-10-22 15:34:55 SUCCESS
ValidateRequestObjectClaims
Request object claims passed all validation checks
2021-10-22 15:34:55 SUCCESS
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
numeric_claims
[
  "max_age"
]
2021-10-22 15:34:55 SUCCESS
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
2021-10-22 15:34:55 SUCCESS
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
2021-10-22 15:34:55 SUCCESS
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
request_object
eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiIwVWQwNHpXZG0xS0JiYUZ4NjNwV2VaN3pNY2NCTVRlWElIZDVyNzhvVHZnIn0.eyJyZWRpcmVjdF91cmkiOiJodHRwczovL29wZW5pZC1jbGllbnQubG9jYWwvY2IiLCJzY29wZSI6IkFsbCB5b3VyIGJhc2UgYXJlIGJlbG9uZyB0byB1cyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwic3RhdGUiOiJWUlowNjZXeUdnVDkwQ3ZNUml5M2h0NmdwWlVTWlp4NFFTUmtaZExvMkEwIiwiY29kZV9jaGFsbGVuZ2VfbWV0aG9kIjoiUzI1NiIsImNvZGVfY2hhbGxlbmdlIjoiMXJUOXcxMDFmTzVzMVYyanRMckFfX3VycldlUEFTSXo1MDBBV0xTcHhhOCIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6Imh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2Evb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2gvIiwiY2xpZW50X2lkIjoiY2xpZW50LWlkLW9wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoIiwianRpIjoiS2ppbWlBdlpTQnZnZjB5YmQ1c0xFU0pwXzhaUjlNT3ZlajNFOWdES2c5byIsImlhdCI6MTYzNDkxNjg5NCwiZXhwIjoxNjM0OTE3MTk0LCJuYmYiOjE2MzQ5MTY4OTR9.boMtpgzsx7WpOmS4c209DGegacMuhMJTIH_4vrtEVkl6YH0nJIKe_fvZLU1rquS09YqXryZCqrZnjEtWiqZb42L7XCr8jWlqO5HmeR615fZf78TtdW0RKXB-ziWlmQ1whwvvFgIPjTjFXoPXtkSBcSkLHppXdDjoOsLbddIG1XyiiPjxAniIU4elocAhtTXzJV66KGrgC5Sxsa8sqs5sNvU5cEBRSn7OiB07pkv_S72OXSQWNUSzdMGKBBnokG3V_6dJflhoMdFo4KwZn94Ih2VOk5gwt3HzcatmI33iD8KLB60ZFyIUBMFH8Uy_lsdqA5Wt_WfoHTio7ntBDOIVfw
request_object_signing_alg
PS256
jwk
Sun RSA public key, 2048 bits
  params: null
  modulus: 23781936480151064420323636556803051267074122341211119491889277884569883362304245507177549481607500226402393834769197357718639058227262788526250775776366305202850356592742949333977635909700451720997760019645229423572313154961958458341721395659261305408814766700258499337142406474823508854171059290362436010793367601191973822016838508028609988075359889849950795632030382172536620648509466708388654860412651213247685219469616835444746199995168236174427050591069840815816030382024213999179935139646793138234752643217699288909252920925508286240511926906731848781047556480317645915628370682812264193075417771353633624194307
  public exponent: 65537
2021-10-22 15:34:55 SUCCESS
EnsureMatchingRedirectUriInRequestObject
Redirect URI matched
actual
https://openid-client.local/cb
2021-10-22 15:34:55 SUCCESS
EnsureRequestObjectContainsCodeChallengeWhenUsingPAR
Found required PKCE parameters in request
code_challenge_method
S256
code_challenge
1rT9w101fO5s1V2jtLrA__urrWePASIz500AWLSpxa8
2021-10-22 15:34:55 SUCCESS
CreatePAREndpointResponse
Created PAR endpoint response
request_uri
urn:ietf:params:oauth:request_uri:52cb1f83-d3dd-4d72-8d72-5c4845343911
expires_in
600
2021-10-22 15:34:55 OUTGOING
fapi1-advanced-final-client-test
Response to HTTP request to test instance VC0Y3mkmRTSeb3n
outgoing_status_code
201
outgoing_headers
{}
outgoing_body
{
  "request_uri": "urn:ietf:params:oauth:request_uri:52cb1f83-d3dd-4d72-8d72-5c4845343911",
  "expires_in": 600
}
outgoing_path
par
2021-10-22 15:34:56 INCOMING
fapi1-advanced-final-client-test
Incoming HTTP request to test instance VC0Y3mkmRTSeb3n
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "got (https://github.com/sindresorhus/got)",
  "accept-encoding": "gzip, deflate, br",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "scope": "openid",
  "response_type": "code",
  "redirect_uri": "https://openid-client.local/cb",
  "request_uri": "urn:ietf:params:oauth:request_uri:52cb1f83-d3dd-4d72-8d72-5c4845343911"
}
incoming_body
2021-10-22 15:34:56 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Authorization endpoint
2021-10-22 15:34:56 SUCCESS
EnsureAuthorizationRequestDoesNotContainRequestWhenUsingPAR
Request does not contain a request parameter
2021-10-22 15:34:56 INFO
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
path
jwe_header
mapped
object
authorization_request_object
2021-10-22 15:34:56 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "scope": "All your base are belong to us",
  "response_type": "code",
  "redirect_uri": "https://openid-client.local/cb",
  "iss": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "code_challenge_method": "S256",
  "aud": "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
  "nbf": 1634916894,
  "state": "VRZ066WyGgT90CvMRiy3ht6gpZUSZZx4QSRkZdLo2A0",
  "exp": 1634917194,
  "iat": 1634916894,
  "code_challenge": "1rT9w101fO5s1V2jtLrA__urrWePASIz500AWLSpxa8",
  "jti": "KjimiAvZSBvgf0ybd5sLESJp_8ZR9MOvej3E9gDKg9o"
}
2021-10-22 15:34:56 SUCCESS
EnsureClientIdInAuthorizationRequestParametersMatchRequestObject
client_id http request parameter value matches client_id in request object
2021-10-22 15:34:56 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
All your base are belong to us
2021-10-22 15:34:56 SUCCESS
EnsureRequestedScopeIsEqualToConfiguredScope
Requested scopes match configured scopes
scope
All your base are belong to us
2021-10-22 15:34:56 SUCCESS
EnsureResponseTypeIsCode
Response type is expected value
expected
code
2021-10-22 15:34:56 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h
2021-10-22 15:34:56 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
Vs2sJD5XVziVB20kSuH4v0dD4fD9xlOa
2021-10-22 15:34:56 SUCCESS
EnsureAuthorizationRequestContainsStateParameter
Found state parameter
state
VRZ066WyGgT90CvMRiy3ht6gpZUSZZx4QSRkZdLo2A0
2021-10-22 15:34:56 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://openid-client.local/cb",
  "state": "VRZ066WyGgT90CvMRiy3ht6gpZUSZZx4QSRkZdLo2A0"
}
2021-10-22 15:34:56 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://openid-client.local/cb",
  "state": "VRZ066WyGgT90CvMRiy3ht6gpZUSZZx4QSRkZdLo2A0",
  "code": "Vs2sJD5XVziVB20kSuH4v0dD4fD9xlOa"
}
2021-10-22 15:34:56
GenerateJARMResponseClaims
Created JARM response claims
iss
https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/
aud
client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h
code
Vs2sJD5XVziVB20kSuH4v0dD4fD9xlOa
state
VRZ066WyGgT90CvMRiy3ht6gpZUSZZx4QSRkZdLo2A0
exp
1634917496
2021-10-22 15:34:56 SUCCESS
SignJARMResponse
Signed the JARM response
jarm_response
eyJraWQiOiJ4M0hFVkFTMU10dUpUYTV4LU1aQzFYTFZhd0l6eVNPS29NcS13eXp1RXVNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2giLCJjb2RlIjoiVnMyc0pENVhWemlWQjIwa1N1SDR2MGRENGZEOXhsT2EiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2hcLyIsInN0YXRlIjoiVlJaMDY2V3lHZ1Q5MEN2TVJpeTNodDZncFpVU1paeDRRU1JrWmRMbzJBMCIsImV4cCI6MTYzNDkxNzQ5Nn0.ApOHVixHq7_y4EXk89HeDyMBRh8sZS1rKySFKIK_pA5jtzaZyvXsEO0fdXDDR4Dq5AkX8M-J_2tR9eij49_NxkRfIVFSP-ihnWJY7g88TSHnHlb9PfHhghUIY4n2n5enDGYpmnS8TlrruX15B1EmSTkqlldHMJTdGK_1FDvaHzcmg3YeL9QdpiHgs4QqgvrSQ-pM9dm_3-YrH7ifF56xLFhqPvG3_S8e-Bhl3OtTMU3ymgEENl-tV3vyCxtuXZ-Vj9HPqpaJjR8zU1WNQ0fkbQ48pT_MfK39FnxFvoCgVMbosYftSx0tb273ipbJk1Rc366dAhpxERVcqPr9J6WghA
2021-10-22 15:34:56 INFO
EncryptJARMResponse
Skipped evaluation due to missing required element: client authorization_encrypted_response_alg
path
authorization_encrypted_response_alg
mapped
object
client
2021-10-22 15:34:56
SendJARMResponseWitResponseModeQuery
Redirecting back to client
uri
https://openid-client.local/cb?response=eyJraWQiOiJ4M0hFVkFTMU10dUpUYTV4LU1aQzFYTFZhd0l6eVNPS29NcS13eXp1RXVNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2giLCJjb2RlIjoiVnMyc0pENVhWemlWQjIwa1N1SDR2MGRENGZEOXhsT2EiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2hcLyIsInN0YXRlIjoiVlJaMDY2V3lHZ1Q5MEN2TVJpeTNodDZncFpVU1paeDRRU1JrWmRMbzJBMCIsImV4cCI6MTYzNDkxNzQ5Nn0.ApOHVixHq7_y4EXk89HeDyMBRh8sZS1rKySFKIK_pA5jtzaZyvXsEO0fdXDDR4Dq5AkX8M-J_2tR9eij49_NxkRfIVFSP-ihnWJY7g88TSHnHlb9PfHhghUIY4n2n5enDGYpmnS8TlrruX15B1EmSTkqlldHMJTdGK_1FDvaHzcmg3YeL9QdpiHgs4QqgvrSQ-pM9dm_3-YrH7ifF56xLFhqPvG3_S8e-Bhl3OtTMU3ymgEENl-tV3vyCxtuXZ-Vj9HPqpaJjR8zU1WNQ0fkbQ48pT_MfK39FnxFvoCgVMbosYftSx0tb273ipbJk1Rc366dAhpxERVcqPr9J6WghA
2021-10-22 15:34:56 OUTGOING
fapi1-advanced-final-client-test
Response to HTTP request to test instance VC0Y3mkmRTSeb3n
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://openid-client.local/cb?response=eyJraWQiOiJ4M0hFVkFTMU10dUpUYTV4LU1aQzFYTFZhd0l6eVNPS29NcS13eXp1RXVNIiwiYWxnIjoiUFMyNTYifQ.eyJhdWQiOiJjbGllbnQtaWQtb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2giLCJjb2RlIjoiVnMyc0pENVhWemlWQjIwa1N1SDR2MGRENGZEOXhsT2EiLCJpc3MiOiJodHRwczpcL1wvd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldFwvdGVzdFwvYVwvb3BlbmlkLWNsaWVudC1heDlqMVVhTHFQcjFndkxjUDhEN2hcLyIsInN0YXRlIjoiVlJaMDY2V3lHZ1Q5MEN2TVJpeTNodDZncFpVU1paeDRRU1JrWmRMbzJBMCIsImV4cCI6MTYzNDkxNzQ5Nn0.ApOHVixHq7_y4EXk89HeDyMBRh8sZS1rKySFKIK_pA5jtzaZyvXsEO0fdXDDR4Dq5AkX8M-J_2tR9eij49_NxkRfIVFSP-ihnWJY7g88TSHnHlb9PfHhghUIY4n2n5enDGYpmnS8TlrruX15B1EmSTkqlldHMJTdGK_1FDvaHzcmg3YeL9QdpiHgs4QqgvrSQ-pM9dm_3-YrH7ifF56xLFhqPvG3_S8e-Bhl3OtTMU3ymgEENl-tV3vyCxtuXZ-Vj9HPqpaJjR8zU1WNQ0fkbQ48pT_MfK39FnxFvoCgVMbosYftSx0tb273ipbJk1Rc366dAhpxERVcqPr9J6WghA]
outgoing_path
authorize
2021-10-22 15:34:56 INCOMING
fapi1-advanced-final-client-test
Incoming HTTP request to test instance VC0Y3mkmRTSeb3n
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:34:56 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-10-22 15:34:56 OUTGOING
fapi1-advanced-final-client-test
Response to HTTP request to test instance VC0Y3mkmRTSeb3n
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "x3HEVAS1MtuJTa5x-MZC1XLVawIzySOKoMq-wyzuEuM",
      "alg": "PS256",
      "n": "yoI3KKYPC3nUzNopqCIpQ7x8LlA0BKI9Z1-gHVcGLR3y22dSduP0mAHsxMgUb4VpazmSWpo9wZDLvKbaUFsNLSXAqbbeJvx_X1uSyIFlOYnWp_8I5uqlBVEuLuUSQR0uglpJ-yPs3lyZmpT4R411L1NCgkRK434IE9WSnhwlPcbR-twtYp5uAwF2xlIVvVdLk52CpAdiKHlCa0RelWAaip1oOXVn9B4oXa3MIJSUpSgH3znKVUN7Qzyf8yDrkvoOE_zjxgkhy_NB1Zb2vZE49iGtI9vRD_mWk4EGcS7CGrHNAMEr2mGN2J-v4tFRZVjqKXYNwtowpy6W_wwDV1lJoQ"
    }
  ]
}
outgoing_path
jwks
2021-10-22 15:34:57 INCOMING
fapi1-advanced-final-client-test
Incoming HTTP request to test instance VC0Y3mkmRTSeb3n
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "content-type": "application/x-www-form-urlencoded",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "content-length": "1278",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "code": "Vs2sJD5XVziVB20kSuH4v0dD4fD9xlOa",
  "redirect_uri": "https://openid-client.local/cb",
  "code_verifier": "h1R98n1GAba99pNDBAS76BCsSHxpwQz2pvCEqMDB1-c",
  "client_id": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
  "client_assertion": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY4OTYsImV4cCI6MTYzNDkxNjk1NiwianRpIjoiVS16MDczNjVOSHk0NDl5dWctSVpQcmpxY3lsc1FBZ0dOaEJZRHk5Uzg5TSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.jP79uawbaNIADBubg2fE_xy0Xap63XYeI19Cze7zoMPAR1nEM4UrvxbbPrvXtcJzR3q7gI4r2wNHQr5VKbcRAQ2KhQHwHh18rLVAeUkgspmp-hdiA9bcjlJXrACi4gZSFNccSeyJNQc9AbjL2IIaU-oE1QiV12XdTF6o1x715ndj5NNSSHlzRj9E1hao5mms3W2npt0wvifFWcSfG4Fh-cxEUI3ntFVfXolpFyCt01N_IB7Pt41W2JJiVcNO2Gvhtu70Hm79d1bqU1z3tIoVEV4GDGybERQVIxHz2q0HAK76DGUIWaSJpb6y-aZieVS98y9Z5bNu6IJo8NJd-kOQuw",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&code=Vs2sJD5XVziVB20kSuH4v0dD4fD9xlOa&redirect_uri=https%3A%2F%2Fopenid-client.local%2Fcb&code_verifier=h1R98n1GAba99pNDBAS76BCsSHxpwQz2pvCEqMDB1-c&client_id=client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h&client_assertion=eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY4OTYsImV4cCI6MTYzNDkxNjk1NiwianRpIjoiVS16MDczNjVOSHk0NDl5dWctSVpQcmpxY3lsc1FBZ0dOaEJZRHk5Uzg5TSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.jP79uawbaNIADBubg2fE_xy0Xap63XYeI19Cze7zoMPAR1nEM4UrvxbbPrvXtcJzR3q7gI4r2wNHQr5VKbcRAQ2KhQHwHh18rLVAeUkgspmp-hdiA9bcjlJXrACi4gZSFNccSeyJNQc9AbjL2IIaU-oE1QiV12XdTF6o1x715ndj5NNSSHlzRj9E1hao5mms3W2npt0wvifFWcSfG4Fh-cxEUI3ntFVfXolpFyCt01N_IB7Pt41W2JJiVcNO2Gvhtu70Hm79d1bqU1z3tIoVEV4GDGybERQVIxHz2q0HAK76DGUIWaSJpb6y-aZieVS98y9Z5bNu6IJo8NJd-kOQuw&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2021-10-22 15:34:57 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Token endpoint
2021-10-22 15:34:57 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E\nMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp\nIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR\nPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0\nMk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452\nCdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ\npyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90\nvwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW\nctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX\n4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG\nXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z\nGynoOfsZbnrLlMYuiUw\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:34:57 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:34:57 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E
MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp
IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR
PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0
Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452
CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ
pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90
vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW
ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX
4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG
XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z
GynoOfsZbnrLlMYuiUw=
-----END CERTIFICATE-----
2021-10-22 15:34:57 SUCCESS
ExtractClientAssertion
Parsed client assertion
client_assertion
{
  "value": "eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY4OTYsImV4cCI6MTYzNDkxNjk1NiwianRpIjoiVS16MDczNjVOSHk0NDl5dWctSVpQcmpxY3lsc1FBZ0dOaEJZRHk5Uzg5TSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.jP79uawbaNIADBubg2fE_xy0Xap63XYeI19Cze7zoMPAR1nEM4UrvxbbPrvXtcJzR3q7gI4r2wNHQr5VKbcRAQ2KhQHwHh18rLVAeUkgspmp-hdiA9bcjlJXrACi4gZSFNccSeyJNQc9AbjL2IIaU-oE1QiV12XdTF6o1x715ndj5NNSSHlzRj9E1hao5mms3W2npt0wvifFWcSfG4Fh-cxEUI3ntFVfXolpFyCt01N_IB7Pt41W2JJiVcNO2Gvhtu70Hm79d1bqU1z3tIoVEV4GDGybERQVIxHz2q0HAK76DGUIWaSJpb6y-aZieVS98y9Z5bNu6IJo8NJd-kOQuw",
  "header": {
    "kid": "0Ud04zWdm1KBbaFx63pWeZ7zMccBMTeXIHd5r78oTvg",
    "alg": "PS256"
  },
  "claims": {
    "sub": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "aud": [
      "https://www.certification.openid.net/test/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/",
      "https://www.certification.openid.net/test-mtls/a/openid-client-ax9j1UaLqPr1gvLcP8D7h/token"
    ],
    "iss": "client-id-openid-client-ax9j1UaLqPr1gvLcP8D7h",
    "exp": 1634916956,
    "iat": 1634916896,
    "jti": "U-z07365NHy449yug-IZPrjqcylsQAgGNhBYDy9S89M"
  }
}
2021-10-22 15:34:57
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
2021-10-22 15:34:57 SUCCESS
ValidateClientAssertionSignature
client_assertion signature validated
client_assertion
eyJhbGciOiJQUzI1NiIsImtpZCI6IjBVZDA0eldkbTFLQmJhRng2M3BXZVo3ek1jY0JNVGVYSUhkNXI3OG9UdmcifQ.eyJpYXQiOjE2MzQ5MTY4OTYsImV4cCI6MTYzNDkxNjk1NiwianRpIjoiVS16MDczNjVOSHk0NDl5dWctSVpQcmpxY3lsc1FBZ0dOaEJZRHk5Uzg5TSIsImlzcyI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsInN1YiI6ImNsaWVudC1pZC1vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aCIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL29wZW5pZC1jbGllbnQtYXg5ajFVYUxxUHIxZ3ZMY1A4RDdoLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0LW10bHMvYS9vcGVuaWQtY2xpZW50LWF4OWoxVWFMcVByMWd2TGNQOEQ3aC90b2tlbiJdfQ.jP79uawbaNIADBubg2fE_xy0Xap63XYeI19Cze7zoMPAR1nEM4UrvxbbPrvXtcJzR3q7gI4r2wNHQr5VKbcRAQ2KhQHwHh18rLVAeUkgspmp-hdiA9bcjlJXrACi4gZSFNccSeyJNQc9AbjL2IIaU-oE1QiV12XdTF6o1x715ndj5NNSSHlzRj9E1hao5mms3W2npt0wvifFWcSfG4Fh-cxEUI3ntFVfXolpFyCt01N_IB7Pt41W2JJiVcNO2Gvhtu70Hm79d1bqU1z3tIoVEV4GDGybERQVIxHz2q0HAK76DGUIWaSJpb6y-aZieVS98y9Z5bNu6IJo8NJd-kOQuw
2021-10-22 15:34:57 SUCCESS
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
assertion type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-10-22 15:34:57 SUCCESS
ValidateClientAssertionClaims
Client Assertion passed all validation checks
2021-10-22 15:34:57 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
Vs2sJD5XVziVB20kSuH4v0dD4fD9xlOa
2021-10-22 15:34:57 SUCCESS
ValidateRedirectUri
Found redirect uri
redirect_uri
https://openid-client.local/cb
2021-10-22 15:34:57 SUCCESS
ValidateCodeVerifierWithS256
Validated code_verifier successfully
code_challenge_method
S256
code_verifier
h1R98n1GAba99pNDBAS76BCsSHxpwQz2pvCEqMDB1-c
code_challenge
1rT9w101fO5s1V2jtLrA__urrWePASIz500AWLSpxa8
2021-10-22 15:34:57 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
YKvX0a7u09hueaB0LVEiMhqWX6QhaYR8z15dprQ6P82mo4Idmj
2021-10-22 15:34:57 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
mxdMhKSvw6SVzhiYiuLhNA
2021-10-22 15:34:57
CreateRefreshToken
Created refresh token
refresh_token
gLLqwyaQcCjbZYhEHhWGsLLCUcCpgTvTeBQqdbTVnJzArgkLAk8411318567&*\/=
2021-10-22 15:34:57 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
YKvX0a7u09hueaB0LVEiMhqWX6QhaYR8z15dprQ6P82mo4Idmj
token_type
Bearer
refresh_token
gLLqwyaQcCjbZYhEHhWGsLLCUcCpgTvTeBQqdbTVnJzArgkLAk8411318567&*\/=
scope
All your base are belong to us
2021-10-22 15:34:57 OUTGOING
fapi1-advanced-final-client-test
Response to HTTP request to test instance VC0Y3mkmRTSeb3n
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "YKvX0a7u09hueaB0LVEiMhqWX6QhaYR8z15dprQ6P82mo4Idmj",
  "token_type": "Bearer",
  "refresh_token": "gLLqwyaQcCjbZYhEHhWGsLLCUcCpgTvTeBQqdbTVnJzArgkLAk8411318567\u0026*\\/\u003d",
  "scope": "All your base are belong to us"
}
outgoing_path
token
2021-10-22 15:34:58 INCOMING
fapi1-advanced-final-client-test
Incoming HTTP request to test instance VC0Y3mkmRTSeb3n
incoming_headers
{
  "host": "www.certification.openid.net",
  "authorization": "Bearer YKvX0a7u09hueaB0LVEiMhqWX6QhaYR8z15dprQ6P82mo4Idmj",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-ssl-cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "x-ssl-verify": "FAILED:self signed certificate",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
open-banking/v1.1/accounts
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-10-22 15:34:58 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Accounts endpoint
2021-10-22 15:34:58 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0 Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452 CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90 vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX 4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z GynoOfsZbnrLlMYuiUw\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV\nBAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx\nEzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl\nc3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl\neGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD\nVQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E\nMaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp\nIysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR\nPgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0\nMk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452\nCdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID\nAQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto\ndHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ\npyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90\nvwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW\nctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX\n4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG\nXARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z\nGynoOfsZbnrLlMYuiUw\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "OU\u003dTest,O\u003dTest,L\u003dBlacksburg,ST\u003dVirginia,C\u003dUS,CN\u003dexample.org"
  },
  "sanDnsNames": [],
  "sanUris": [
    "http://example.org/webid#me"
  ],
  "sanIPs": [],
  "sanEmails": []
}
2021-10-22 15:34:58 SUCCESS
CheckForClientCertificate
Found client certificate
2021-10-22 15:34:58 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIJN5kwnMx3VYwcMA0GCSqGSIb3DQEBBQUAMGkxFDASBgNV
BAMTC2V4YW1wbGUub3JnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWEx
EzARBgNVBAcTCkJsYWNrc2J1cmcxDTALBgNVBAoTBFRlc3QxDTALBgNVBAsTBFRl
c3QwHhcNMjExMDIyMTUzNDQ5WhcNMjIxMDIyMTUzNDQ5WjBpMRQwEgYDVQQDEwtl
eGFtcGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYD
VQQHEwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGOkRYRSEC/4WURdnzNgc78E
MaNBdvmYasIfuSodGO0fg2Q4oAQ+RFFL8OyQfwe1g+j1khQwvv1E88KfAhJGmnkp
IysOu0BQXcwgh1KEj6QJLh4bWiGQ0wSqRHkMZkv2+s6MR5R9SFvI8fmKTs5o2rYR
PgDd28vPe5DdfGP6G3Ko6CV5FQjmjU9nivW0awz+NbuPa+FaVaQvGk/iM4qVwZe0
Mk6tf7BxizBiFCncJZ80kwo7yIAkieFSCXIT/jEkEKBOso6wsrPs/pNZ4rcJd452
CdBceTXNTYK2r+kb8b5AKegCemMINgnDGnBWI9KcQTGRzglSLgVlJ/ZjhCR9AwID
AQABo0UwQzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DAmBgNVHREEHzAdhhto
dHRwOi8vZXhhbXBsZS5vcmcvd2ViaWQjbWUwDQYJKoZIhvcNAQEFBQADggEBAJWJ
pyMkLOsb6MCyXJ3s4Qa3x+g1LIkDBwv2ut3EzHZauKSmTQyj8BnwgNcBODl+uT90
vwjvJG75e54ZlVNethpTpSBVi3wdr9DzXfFE6WZ96UyylTHh+YXoRQYkY4PmPAPW
ctaohaqD0GXJohECLLJkkkcF0Zj2yTDw8jQFKJYnlm+5Vl5z6iLDWeHzPCyQnyWX
4p0a/vuVk1SfnGMq9YfmpIxVNbTif9wegKB6hLM7eyMsyWSY9YlOp3UMDk2/GAnG
XARlf3WuXL/WtXPkkk30JulsXZLULYrdBgWHlinSm3YsQt8s491chi3CJbKZD43z
GynoOfsZbnrLlMYuiUw=
-----END CERTIFICATE-----
2021-10-22 15:34:58 SUCCESS
EnsureBearerAccessTokenNotInParams
Client correctly did not send access token in query parameters or form body
2021-10-22 15:34:58 SUCCESS
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
access_token
YKvX0a7u09hueaB0LVEiMhqWX6QhaYR8z15dprQ6P82mo4Idmj
2021-10-22 15:34:58 SUCCESS
RequireBearerAccessToken
Found access token in request
actual
YKvX0a7u09hueaB0LVEiMhqWX6QhaYR8z15dprQ6P82mo4Idmj
2021-10-22 15:34:58 INFO
ExtractFapiDateHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-auth-date
path
headers.x-fapi-auth-date
mapped
object
incoming_request
2021-10-22 15:34:58 INFO
ExtractFapiIpAddressHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-customer-ip-address
path
headers.x-fapi-customer-ip-address
mapped
object
incoming_request
2021-10-22 15:34:58 INFO
ExtractFapiInteractionIdHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-interaction-id
path
headers.x-fapi-interaction-id
mapped
object
incoming_request
2021-10-22 15:34:58 SUCCESS
CreateFapiInteractionIdIfNeeded
Created new FAPI interaction ID
fapi_interaction_id
9552e4cc-6627-4361-9054-fa952cf73c82
2021-10-22 15:34:58 SUCCESS
CreateFAPIAccountEndpointResponse
Created account response object
accounts_endpoint_response
{
  "conformance-test-finished": "true"
}
accounts_endpoint_response_headers
{
  "x-fapi-interaction-id": "9552e4cc-6627-4361-9054-fa952cf73c82",
  "content-type": "application/json; charset\u003dUTF-8"
}
2021-10-22 15:34:58
ClearAccessTokenFromRequest
Condition ran but did not log anything
2021-10-22 15:34:58 OUTGOING
fapi1-advanced-final-client-test
Response to HTTP request to test instance VC0Y3mkmRTSeb3n
outgoing_status_code
200
outgoing_headers
{
  "x-fapi-interaction-id": [
    "9552e4cc-6627-4361-9054-fa952cf73c82"
  ],
  "content-type": [
    "application/json; charset\u003dUTF-8"
  ]
}
outgoing_body
{
  "conformance-test-finished": "true"
}
outgoing_path
open-banking/v1.1/accounts
2021-10-22 15:34:58 FINISHED
fapi1-advanced-final-client-test
Test has run to completion
testmodule_result
PASSED
2021-10-22 15:34:58
TEST-RUNNER
Alias has now been claimed by another test
alias
openid-client-ax9j1UaLqPr1gvLcP8D7h
new_test_id
XvRpdRhOvkPkgl9
Test Results