Test Name | fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response |
---|---|
Variant | client_auth_type=private_key_jwt, fapi_jarm_type=plain_oauth, fapi_auth_request_method=pushed, fapi_profile=plain_fapi, fapi_response_mode=jarm |
Test ID | XvRpdRhOvkPkgl9 https://www.certification.openid.net/log-detail.html?public=true&log=XvRpdRhOvkPkgl9 |
Created | 2021-10-22T15:34:58.846865Z |
Description | openid-client v5.x FAPI1 Adv. private_key_jwt, PAR, JARM (OAUTH2) RP |
Test Version | 4.1.34 |
Test Owner | 117741858675383745996 https://accounts.google.com |
Plan ID | 2SPX0cbcsQc1G https://www.certification.openid.net/plan-detail.html?public=true&plan=2SPX0cbcsQc1G |
Exported From | https://www.certification.openid.net |
Exported By | 117741858675383745996 https://accounts.google.com |
Suite Version | 4.1.34 |
Exported | 2021-10-22 16:43:34 (UTC) |
Status: FINISHED Result: PASSED |
SUCCESS 82 FAILURE 0 WARNING 0 REVIEW 0 INFO 7 |
2021-10-22 15:34:59 |
INFO
|
TEST-RUNNER
Test instance XvRpdRhOvkPkgl9 created
|
||||||||||||||
|
2021-10-22 15:34:59 |
SUCCESS
|
GenerateServerConfigurationMTLS
Created server configuration
|
||||||
|
2021-10-22 15:34:59 |
SUCCESS
|
LoadServerJWKs
Parsed public and private JWK sets
|
||||||
|
2021-10-22 15:34:59 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2021-10-22 15:34:59 |
SUCCESS
|
ExtractServerSigningAlg
Successfully extracted algorithm
|
||
|
2021-10-22 15:34:59 |
|
SetTokenEndpointAuthMethodsSupportedToPrivateKeyJWTOnly
Changed token_endpoint_auth_methods_supported to private_key_jwt only in server configuration
|
||
|
2021-10-22 15:34:59 |
|
AddPushedAuthorizationRequestEndpointToServerConfig
Added pushed_authorization_request_endpoint to server configuration
|
||
|
2021-10-22 15:34:59 |
|
AddRequirePushedAuthorizationRequestsToServerConfig
Added require_pushed_authorization_requests to server configuration
|
||
|
2021-10-22 15:34:59 | SUCCESS |
AddResponseTypeCodeToServerConfiguration
Added code as response type supported
|
||
|
2021-10-22 15:34:59 | SUCCESS |
AddJARMResponseModeToServerConfiguration
Added jwt as response_modes_supported
|
||
|
2021-10-22 15:34:59 | SUCCESS |
AddAuthorizationSigningAlgValuesSupportedToServerConfiguration
Added authorization_signing_alg_values_supported to server configuration
|
||
|
2021-10-22 15:34:59 |
SUCCESS
|
FAPIAddTokenEndpointAuthSigningAlgValuesSupportedToServer
Set token_endpoint_auth_signing_alg_values_supported
|
||
|
2021-10-22 15:34:59 |
SUCCESS
|
CheckServerConfiguration
Found required server configuration keys
|
||
|
2021-10-22 15:34:59 | SUCCESS |
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
|
||
|
2021-10-22 15:34:59 |
SUCCESS
|
LoadUserInfo
Added user information
|
||
|
Verify configuration of first client |
2021-10-22 15:34:59 |
SUCCESS
|
GetStaticClientConfiguration
Found a static client object
|
||||||||||
|
2021-10-22 15:34:59 | SUCCESS |
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2021-10-22 15:34:59 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2021-10-22 15:34:59 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2021-10-22 15:34:59 |
SUCCESS
|
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2021-10-22 15:34:59 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
Verify configuration of second client |
2021-10-22 15:34:59 |
SUCCESS
|
GetStaticClient2Configuration
Found a static second client object
|
||||||||||||
|
2021-10-22 15:34:59 | SUCCESS |
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2021-10-22 15:34:59 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2021-10-22 15:34:59 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2021-10-22 15:34:59 |
SUCCESS
|
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2021-10-22 15:34:59 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2021-10-22 15:34:59 |
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Setup Done
|
|
2021-10-22 15:34:59 |
INCOMING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||||||||
|
2021-10-22 15:34:59 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-10-22 15:34:59 |
OUTGOING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||
|
2021-10-22 15:35:00 |
INCOMING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||||||||
|
2021-10-22 15:35:00 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
PAR endpoint |
2021-10-22 15:35:00 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-10-22 15:35:00 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-10-22 15:35:00 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-10-22 15:35:00 | SUCCESS |
ExtractClientAssertion
Parsed client assertion
|
||
|
2021-10-22 15:35:00 |
|
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
|
|
2021-10-22 15:35:00 | SUCCESS |
ValidateClientAssertionSignature
client_assertion signature validated
|
||
|
2021-10-22 15:35:00 | SUCCESS |
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
|
||
|
2021-10-22 15:35:00 | SUCCESS |
ValidateClientAssertionClaimsForPAREndpoint
Client Assertion passed all validation checks
|
|
2021-10-22 15:35:00 | SUCCESS |
ExtractRequestObjectFromPAREndpointRequest
Parsed request object
|
||
|
2021-10-22 15:35:00 | SUCCESS |
EnsurePAREndpointRequestDoesNotContainRequestUriParameter
PAR endpoint request does not contain a request_uri parameter
|
|
2021-10-22 15:35:00 | INFO |
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
|
||||||
|
2021-10-22 15:35:00 | SUCCESS |
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
|
||
|
2021-10-22 15:35:00 | SUCCESS |
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
|
||
|
2021-10-22 15:35:00 | SUCCESS |
FAPI1AdvancedValidateRequestObjectNBFClaim
nbf claim is valid
|
||||
|
2021-10-22 15:35:00 |
|
ValidateRequestObjectClaims
Request object does not contain a max_age claim
|
|
2021-10-22 15:35:00 |
SUCCESS
|
ValidateRequestObjectClaims
Request object claims passed all validation checks
|
|
2021-10-22 15:35:00 | SUCCESS |
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
|
||
|
2021-10-22 15:35:00 | SUCCESS |
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
|
|
2021-10-22 15:35:00 | SUCCESS |
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
|
|
2021-10-22 15:35:00 | SUCCESS |
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
|
||||||
|
2021-10-22 15:35:00 |
SUCCESS
|
EnsureMatchingRedirectUriInRequestObject
Redirect URI matched
|
||
|
2021-10-22 15:35:00 | SUCCESS |
EnsureRequestObjectContainsCodeChallengeWhenUsingPAR
Found required PKCE parameters in request
|
||||
|
2021-10-22 15:35:00 | SUCCESS |
CreatePAREndpointResponse
Created PAR endpoint response
|
||||
|
2021-10-22 15:35:00 |
OUTGOING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||
|
2021-10-22 15:35:01 |
INCOMING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||||||||
|
2021-10-22 15:35:01 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
Authorization endpoint |
2021-10-22 15:35:01 |
SUCCESS
|
EnsureAuthorizationRequestDoesNotContainRequestWhenUsingPAR
Request does not contain a request parameter
|
|
2021-10-22 15:35:01 | INFO |
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
|
||||||
|
2021-10-22 15:35:01 |
SUCCESS
|
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
|
||
|
2021-10-22 15:35:01 | SUCCESS |
EnsureClientIdInAuthorizationRequestParametersMatchRequestObject
client_id http request parameter value matches client_id in request object
|
|
2021-10-22 15:35:01 |
SUCCESS
|
ExtractRequestedScopes
Requested scopes
|
||
|
2021-10-22 15:35:01 |
SUCCESS
|
EnsureRequestedScopeIsEqualToConfiguredScope
Requested scopes match configured scopes
|
||
|
2021-10-22 15:35:01 | SUCCESS |
EnsureResponseTypeIsCode
Response type is expected value
|
||
|
2021-10-22 15:35:01 | SUCCESS |
EnsureMatchingClientId
Client ID matched
|
||
|
2021-10-22 15:35:01 |
SUCCESS
|
CreateAuthorizationCode
Created authorization code
|
||
|
2021-10-22 15:35:01 | SUCCESS |
EnsureAuthorizationRequestContainsStateParameter
Found state parameter
|
||
|
2021-10-22 15:35:01 |
SUCCESS
|
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
|
||
|
2021-10-22 15:35:01 | SUCCESS |
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
|
||
|
2021-10-22 15:35:01 |
|
GenerateJARMResponseClaims
Created JARM response claims
|
||||||||||
|
2021-10-22 15:35:01 | SUCCESS |
SignJARMResponse
Signed the JARM response
|
||
|
2021-10-22 15:35:01 | INFO |
EncryptJARMResponse
Skipped evaluation due to missing required element: client authorization_encrypted_response_alg
|
||||||
|
2021-10-22 15:35:01 |
|
SendJARMResponseWitResponseModeQuery
Redirecting back to client
|
||
|
2021-10-22 15:35:01 |
OUTGOING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
|
||||
|
2021-10-22 15:35:01 |
INCOMING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||||||||
|
2021-10-22 15:35:01 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
2021-10-22 15:35:01 |
OUTGOING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||
|
2021-10-22 15:35:02 |
INCOMING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||||||||
|
2021-10-22 15:35:02 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
Token endpoint |
2021-10-22 15:35:02 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-10-22 15:35:02 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-10-22 15:35:02 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-10-22 15:35:02 | SUCCESS |
ExtractClientAssertion
Parsed client assertion
|
||
|
2021-10-22 15:35:02 |
|
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
|
|
2021-10-22 15:35:02 | SUCCESS |
ValidateClientAssertionSignature
client_assertion signature validated
|
||
|
2021-10-22 15:35:02 | SUCCESS |
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
|
||
|
2021-10-22 15:35:02 | SUCCESS |
ValidateClientAssertionClaims
Client Assertion passed all validation checks
|
|
2021-10-22 15:35:02 |
SUCCESS
|
ValidateAuthorizationCode
Found authorization code
|
||
|
2021-10-22 15:35:02 |
SUCCESS
|
ValidateRedirectUri
Found redirect uri
|
||
|
2021-10-22 15:35:02 | SUCCESS |
ValidateCodeVerifierWithS256
Validated code_verifier successfully
|
||||||
|
2021-10-22 15:35:02 |
SUCCESS
|
GenerateBearerAccessToken
Generated access token
|
||
|
2021-10-22 15:35:02 | SUCCESS |
CalculateAtHash
Successful at_hash encoding
|
||
|
2021-10-22 15:35:02 |
|
CreateRefreshToken
Created refresh token
|
||
|
2021-10-22 15:35:02 |
SUCCESS
|
CreateTokenEndpointResponse
Created token endpoint response
|
||||||
|
2021-10-22 15:35:02 |
OUTGOING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||
|
2021-10-22 15:35:03 |
INCOMING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Incoming HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||||||||
|
2021-10-22 15:35:03 | SUCCESS |
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
|
||||
|
Accounts endpoint |
2021-10-22 15:35:03 |
SUCCESS
|
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
|
||
|
2021-10-22 15:35:03 | SUCCESS |
CheckForClientCertificate
Found client certificate
|
|
2021-10-22 15:35:03 |
SUCCESS
|
EnsureClientCertificateMatches
Presented certificate matches registered certificate
|
||
|
2021-10-22 15:35:03 | SUCCESS |
EnsureBearerAccessTokenNotInParams
Client correctly did not send access token in query parameters or form body
|
|
2021-10-22 15:35:03 | SUCCESS |
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
|
||
|
2021-10-22 15:35:03 |
SUCCESS
|
RequireBearerAccessToken
Found access token in request
|
||
|
2021-10-22 15:35:03 | INFO |
ExtractFapiDateHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-auth-date
|
||||||
|
2021-10-22 15:35:03 | INFO |
ExtractFapiIpAddressHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-customer-ip-address
|
||||||
|
2021-10-22 15:35:03 | INFO |
ExtractFapiInteractionIdHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-interaction-id
|
||||||
|
2021-10-22 15:35:03 | SUCCESS |
CreateFapiInteractionIdIfNeeded
Created new FAPI interaction ID
|
||
|
2021-10-22 15:35:03 |
SUCCESS
|
CreateFAPIAccountEndpointResponse
Created account response object
|
||||
|
2021-10-22 15:35:03 |
|
ClearAccessTokenFromRequest
Condition ran but did not log anything
|
|
2021-10-22 15:35:03 |
OUTGOING
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Response to HTTP request to test instance XvRpdRhOvkPkgl9
|
||||||||
|
2021-10-22 15:35:03 |
FINISHED
|
fapi1-advanced-final-client-test-no-scope-in-token-endpoint-response
Test has run to completion
|
||
|
2021-10-22 15:35:03 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|