Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-06-01 19:09:41 INFO
TEST-RUNNER
Test instance mjU48bMvkO348XL created
baseUrl
https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1
variant
{
  "client_auth_type": "private_key_jwt",
  "fapi_profile": "plain_fapi"
}
alias
Intuit_pauth_fapi_plain_private_key_plan_1
description
Test plan for for Plain FAPI with private key
planId
qVUXeEfcuZWlp
config
{
  "alias": "Intuit_pauth_fapi_plain_private_key_plan_1",
  "description": "Test plan for for Plain FAPI with private key",
  "client": {
    "client_secret_jwt_alg": "RS256",
    "client_id": "12345678-fapi-plain-private-key-clientid",
    "client_secret": "1f17e98300ad792c9b4416e656aa582b0c89b03e",
    "redirect_uri": "https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback",
    "scope": "openid accounts",
    "jwks": {
      "keys": [
        {
          "kty": "RSA",
          "e": "AQAB",
          "use": "sig",
          "kid": "keyid-to-fapi-plain-pauth",
          "alg": "PS256",
          "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIFTTCCBDWgAwIBAgIQWSl/rqAik/ZS2bkCLQ7ZGzANBgkqhkiG9w0BAQsFADCB\nsDELMAkGA1UEBhMCQVUxNzA1BgNVBAoTLkF1c3RyYWxpYW4gQ29tcGV0aXRpb24g\nYW5kIENvbnN1bWVyIENvbW1pc3Npb24xHDAaBgNVBAsTE0NvbnN1bWVyIERhdGEg\nUmlnaHQxHzAdBgNVBAsTFkZvciBURVNUIFB1cnBvc2VzIE9OTFkxKTAnBgNVBAMT\nIENEUiBURVNUIEJhbmtpbmcgSW50ZXJtZWRpYXRlIENBMB4XDTIwMTExOTAwMDAw\nMFoXDTIxMTExOTIzNTk1OVowgZQxHDAaBgNVBAsME0NvbnN1bWVyIERhdGEgUmln\naHQxHzAdBgNVBAsMFkZvciBURVNUIFB1cnBvc2VzIE9OTFkxJTAjBgNVBAoMHElu\ndHVpdCBBdXN0cmFsaWEgUHR5IExpbWl0ZWQxLDAqBgNVBAMMI3BhcnRuZXJhdXRo\nLWUyZS5wbGF0Zm9ybS5pbnR1aXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAwkTTIUXBivenAAstBtWlNK/WJh62pQhVvmV5v/s30fTtp9Yaos8F\nQyP2kJUy0h/L5asdC0IIDonrLBDwi7zVCm/VsNr4Gx0DPng5yYSLRdNaxPk4S8ax\nPY8wwYYjeJuaV/DrvYneu40DZiJWTE8N3SpKZ+OSfxJlFtda2ejkfhNk0a0amIMr\nQ2YfanI/nVwk7/WWDfwqc2jMuI3WPZHt165+TDPb1qG1cXm5PoPJpD3srITvfJue\ns6nfI14wtGZu0IVlT9go7bJcMRNBb/C4EpDyfl3v3MExsqMe0TI5e7kTMgy5rjDG\n4s75GVaHpiWRw956sda8obv5Kb9gflpeYwIDAQABo4IBezCCAXcwDAYDVR0TAQH/\nBAIwADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0O\nBBYEFHVsct+KfWyMwdYa3jLcQw7NplPwMC4GCmCGSAGG+EUBEAMEIDAeBhNghkgB\nhvhFARABAwEEAYL4tIwYFgcxMTMwMjIwMDkGCmCGSAGG+EUBEAUEKzApAgEAFiRh\nSFIwY0hNNkx5OXdhMmt0Y21FdWMzbHRZWFYwYUM1amIyMD0wXQYDVR0fBFYwVDBS\noFCgToZMaHR0cDovL3BraS1jcmwuc3ltYXV0aC5jb20vY2FfZGY1ZDQ5M2Q1YjQ3\nODQ5MjZjZGZlNmFkZTllMDAzZmMvTGF0ZXN0Q1JMLmNybDA4BggrBgEFBQcBAQQs\nMCowKAYIKwYBBQUHMAGGHGh0dHA6Ly9wa2ktb2NzcC5kaWdpY2VydC5jb20wHwYD\nVR0jBBgwFoAUSTaRAgiZKmzkKWCekX67k63mXkswDQYJKoZIhvcNAQELBQADggEB\nAEnEvI5UJ2txz4oYJCqMCMNoHvapyW3dG7K+Lrjh+V+pwwASbGpX8KiyO7J+iWp/\n/ceQDMdTP0UFM1j5L8EePQ0hWOkJvWsVmo6GgS7zYPu+6id73P3cgLwqAWRrLBSk\nsNfdUQPY4lVaSiMDf3VzzqjMzdTGbNAzZmeJEszKI5fUEt+T47mtu2jFcMq9o1vw\ndxLjJ7BP1MIWsPNCzYazma2+Nfe3v/CzvsroyLiNywwaZn4D4r5VOofNrVM8UXpr\nRhn5pCEvDbbgr8Rd3k5zFq6LTbP1H6K47rs9MY+Edb/Uel/qhlx3RQBCy4ryR8Q6\nofDMEAPI9RcppT6elKQQ69M\u003d\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFtzCCA5+gAwIBAgIQGhoSP4DqnQoUsNkehM6x2TANBgkqhkiG9w0BAQsFADCB\noDELMAkGA1UEBhMCQVUxNzA1BgNVBAoTLkF1c3RyYWxpYW4gQ29tcGV0aXRpb24g\nYW5kIENvbnN1bWVyIENvbW1pc3Npb24xHDAaBgNVBAsTE0NvbnN1bWVyIERhdGEg\nUmlnaHQxHzAdBgNVBAsTFkZvciBURVNUIFB1cnBvc2VzIE9OTFkxGTAXBgNVBAMT\nEENEUiBURVNUIFJvb3QgQ0EwHhcNMTkxMDE3MDAwMDAwWhcNMzQxMDE2MjM1OTU5\nWjCBsDELMAkGA1UEBhMCQVUxNzA1BgNVBAoTLkF1c3RyYWxpYW4gQ29tcGV0aXRp\nb24gYW5kIENvbnN1bWVyIENvbW1pc3Npb24xHDAaBgNVBAsTE0NvbnN1bWVyIERh\ndGEgUmlnaHQxHzAdBgNVBAsTFkZvciBURVNUIFB1cnBvc2VzIE9OTFkxKTAnBgNV\nBAMTIENEUiBURVNUIEJhbmtpbmcgSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6+NlPtZ4TPJrMRbvj7HkXBkEStfc1s+L8qd\nFX8BRnt/H9Ca+9BTLEiKj+jJ6J74yTLrK9g4y+hhaQZFFperMF0TUy+fU3nby6D8\njo6fMLr0O/W8MZ2LTk/6n1+FiZqUH8st3Nle9f4DdLY6BAR8HjCnikNYaxutBTYt\nGjkxOqogGFdwG+X0S0spKGDTq5UAp3Wc7D/fZRSeAfdTYO5FV9zhdTT6sbnrosQi\nobBuwqwLqZeeju6V5fogkhMu4tVE3GmiK/T5mGrBqqO2DIfI4t+1D/SBo4jZP2V/\nEl2CSRgKrlVMcWoOE3h9Aa20vliLsJgv/Zf9gH/5UhHV5KlegQIDAQABo4HaMIHX\nMCgGA1UdEQQhMB+kHTAbMRkwFwYDVQQDExBEaWdpQ2VydFBLSS0zLTY5MB0GA1Ud\nDgQWBBRJNpECCJkqbOQpYJ6RfruTreZeSzASBgNVHRMBAf8ECDAGAQH/AgEAMEcG\nA1UdHwRAMD4wPKA6oDiGNmh0dHA6Ly9jcmwuYXUuZGlnaWNlcnQuY29tL0NBL0FD\nQ0NfQ0RSX1RFU1RfUm9vdENBLmNybDAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgw\nFoAU/shndz73CkDs3XVqioe1JoHU24wwDQYJKoZIhvcNAQELBQADggIBADQAYy6W\nKMFMyyOkW23kFMLu/ki66DfvusaNR++4tXUs4j6TSipEJ4weyKpMNcro+InGCaY3\n0X2fIzTa/L0PJlpo/cLuuGRpnx41I5dPjnltmwmZSXEJEYlIn0aQNy1luHfR76s+\nA44/DiquHVlI4t4fLcsuDUtVHcTlN59qY40GuWL/00y4IGWNbrXSSDLkRqWdeBF4\nA8XRoTLMmNuw4Mcm9Zpggc2K40GtFxCbxsDaw6NVZgGODnnSdmw5/gExWH1RIjYU\nJ7whYsnIIPxy8HmogGOhrvB36EtvS/BOeNwSyBNVoSTDoVLDeMxgO/9shH0Ytaew\nzsXAnfW5wUZiiAyqZOqN7gUZpo+aaZrC8sBo36B1RdLzEszs0GY3ohl/rUixr5jY\nnbC4mYTte4DNA6HSadBnHAmnyLX5oQvK+pE9eSaZVNvg09pDSPjRkuhYxPO5tHkr\nzrjAk3PNXKDddnSdMSXILbkPAEssBuC4vax1kd5o8grSFvidUQMr61paT5o17lxh\nY7z1Fav5bW65JFid1oR6OiEn+o3DNaYf22eaYJsZRcJ7Fio8CPoJnSq5NJC57KHq\nNYHMCwMdJkob2NNXJSmKA3FRxX2zhj6iehQT9p+N5HEngGJMGAv90MhIIWZcHuK5\nm/Egr0D/nA9GtlPyS0m2GkCkNqzyD2cyOilg\n-----END CERTIFICATE-----"
  },
  "server": {
    "jwks": {
      "keys": [
        {
          "p": "2y4rva7PqZKTwP3WacfCT3fg3rwLlQqsu_D3oJ0AYdVGHT_7GdBKDP-Mwq6W0mFK1oPgdr4qOPgTdwEEwJrx4Khp5QqcEDthMOgeDjIHoRUUjPaE1L6rOGzy8zwdwWnMQFJbRr40-IG5oKY2ZxX7jmJg9z_6b-69IvyPcMV69wU",
          "kty": "RSA",
          "q": "mqr8XOj0WVwv3JmN0l2rKxrO01FzdnBRRVedAkWUZNBTCJ9oPaUTSMdIUE4i9DZJtleuDkADqEknz0ZA7oHsJMq9ThD-jHqURzy_7VM4Fsu46-QrVC_gfLrMMSbVQTYLpF6ZBklf6ssxCiXn9K9jRrQqp9crpRCjXWJCDoWu23M",
          "d": "VkInnwrajdzG3NkC317NRB1-ZC6R0Z_knWlbHIsqZObeJusahufdwyjskMgYuzkMaRn4PXLK_K1BdbgXeJt-n3sme4sPxHo1Aa4-rcXVejoqawfUkfRuG8er2Y-EmFRs2xjr2gHPb_6kRt29KT3L2ijIKz6O0GblEKCFuiSJuVOS5zHkgts9GT_2D1e6Z5cKh6HTmBOvUeuH-NinlDL9K1WMEHyAtQodUFb2unPTDitYszri1F557zV9wHllNKyK9D11aDjV3yuk6_7hqF0sXcz0ZwLk3uluiYdyYxa4CDUCcFsatw-SWtck4LqFg7tBPQlTnHgH5Ghg9asNMbhdkQ",
          "e": "AQAB",
          "use": "sig",
          "kid": "keyid-to-fapi-plain-pauth",
          "qi": "NmUZlz_tHZEI1yB7l8eqtpjdS6aPF3_GzVxRsG5dBu1p9Pc9pmnz-xiAOYzIxBG-skzgwNdV0FJlnyC-BPiHWSbu409lgSZhl8FzZD1G_-ugGqIEFV42wpAZHOUQgq3rMYhyIZ3v1dsdLMq-obbKBQ1kT5TGQWNFHu3pEekjPBc",
          "dp": "iBDgrK_SURYizcOHkUGmmkj0e7HHiu4Gj-InCDmPXCzXix8GFl9dKTaYPt-917r4h7V06qJhed5fzxf9yEgocmx62Oq-OcFzM7ZVukBKxjBdAqmjiqMXjj7skB245zJzz1aRPZilL8Tw5Q9qZJKcCSd_xN6d7VELb6XUspCWJrU",
          "alg": "PS256",
          "dq": "Q7Q1ZDZVQAiqqtZMzplSJDxH7Rjqgh4IdWI0yJnMq5TFxDCDYPixyFnzvbN2eZCKE9etyW8cKr5bPtBx-_XDeReGZnXp93RxE_3zxd933gKvoBLxJJkQm4jpeVqWX0VZM0p1kdrsscrgXKDbOLDNtFWJlo8J--ecm3Q3lkPOlyE",
          "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
        }
      ]
    }
  }
}
testName
fapi-rw-id2-client-test-invalid-signature
2021-06-01 19:09:41 SUCCESS
GenerateServerConfigurationMTLS
Created server configuration
server
{
  "issuer": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/Intuit_pauth_fapi_plain_private_key_plan_1/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/userinfo"
}
issuer
https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/
discoveryUrl
https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/.well-known/openid-configuration
2021-06-01 19:09:41
SetTokenEndpointAuthMethodsSupportedToPrivateKeyJWTOnly
Changed token_endpoint_auth_methods_supported to private_key_jwt only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/authorize",
  "token_endpoint": "https://www.certification.openid.net/test-mtls/a/Intuit_pauth_fapi_plain_private_key_plan_1/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/userinfo",
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ]
}
2021-06-01 19:09:41 SUCCESS
AddResponseTypeCodeIdTokenToServerConfiguration
Added code id_token as response type supported
response_types_supported
[
  "code id_token"
]
2021-06-01 19:09:41 SUCCESS
AddTokenEndpointSigningAlg
Set 'PS256' for token_endpoint_auth_signing_alg
2021-06-01 19:09:41 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-06-01 19:09:41 SUCCESS
LoadServerJWKs
Parsed public and private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "2y4rva7PqZKTwP3WacfCT3fg3rwLlQqsu_D3oJ0AYdVGHT_7GdBKDP-Mwq6W0mFK1oPgdr4qOPgTdwEEwJrx4Khp5QqcEDthMOgeDjIHoRUUjPaE1L6rOGzy8zwdwWnMQFJbRr40-IG5oKY2ZxX7jmJg9z_6b-69IvyPcMV69wU",
      "kty": "RSA",
      "q": "mqr8XOj0WVwv3JmN0l2rKxrO01FzdnBRRVedAkWUZNBTCJ9oPaUTSMdIUE4i9DZJtleuDkADqEknz0ZA7oHsJMq9ThD-jHqURzy_7VM4Fsu46-QrVC_gfLrMMSbVQTYLpF6ZBklf6ssxCiXn9K9jRrQqp9crpRCjXWJCDoWu23M",
      "d": "VkInnwrajdzG3NkC317NRB1-ZC6R0Z_knWlbHIsqZObeJusahufdwyjskMgYuzkMaRn4PXLK_K1BdbgXeJt-n3sme4sPxHo1Aa4-rcXVejoqawfUkfRuG8er2Y-EmFRs2xjr2gHPb_6kRt29KT3L2ijIKz6O0GblEKCFuiSJuVOS5zHkgts9GT_2D1e6Z5cKh6HTmBOvUeuH-NinlDL9K1WMEHyAtQodUFb2unPTDitYszri1F557zV9wHllNKyK9D11aDjV3yuk6_7hqF0sXcz0ZwLk3uluiYdyYxa4CDUCcFsatw-SWtck4LqFg7tBPQlTnHgH5Ghg9asNMbhdkQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "keyid-to-fapi-plain-pauth",
      "qi": "NmUZlz_tHZEI1yB7l8eqtpjdS6aPF3_GzVxRsG5dBu1p9Pc9pmnz-xiAOYzIxBG-skzgwNdV0FJlnyC-BPiHWSbu409lgSZhl8FzZD1G_-ugGqIEFV42wpAZHOUQgq3rMYhyIZ3v1dsdLMq-obbKBQ1kT5TGQWNFHu3pEekjPBc",
      "dp": "iBDgrK_SURYizcOHkUGmmkj0e7HHiu4Gj-InCDmPXCzXix8GFl9dKTaYPt-917r4h7V06qJhed5fzxf9yEgocmx62Oq-OcFzM7ZVukBKxjBdAqmjiqMXjj7skB245zJzz1aRPZilL8Tw5Q9qZJKcCSd_xN6d7VELb6XUspCWJrU",
      "alg": "PS256",
      "dq": "Q7Q1ZDZVQAiqqtZMzplSJDxH7Rjqgh4IdWI0yJnMq5TFxDCDYPixyFnzvbN2eZCKE9etyW8cKr5bPtBx-_XDeReGZnXp93RxE_3zxd933gKvoBLxJJkQm4jpeVqWX0VZM0p1kdrsscrgXKDbOLDNtFWJlo8J--ecm3Q3lkPOlyE",
      "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
    }
  ]
}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "keyid-to-fapi-plain-pauth",
      "alg": "PS256",
      "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
    }
  ]
}
2021-06-01 19:09:41 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-06-01 19:09:41 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "p": "2y4rva7PqZKTwP3WacfCT3fg3rwLlQqsu_D3oJ0AYdVGHT_7GdBKDP-Mwq6W0mFK1oPgdr4qOPgTdwEEwJrx4Khp5QqcEDthMOgeDjIHoRUUjPaE1L6rOGzy8zwdwWnMQFJbRr40-IG5oKY2ZxX7jmJg9z_6b-69IvyPcMV69wU",
      "kty": "RSA",
      "q": "mqr8XOj0WVwv3JmN0l2rKxrO01FzdnBRRVedAkWUZNBTCJ9oPaUTSMdIUE4i9DZJtleuDkADqEknz0ZA7oHsJMq9ThD-jHqURzy_7VM4Fsu46-QrVC_gfLrMMSbVQTYLpF6ZBklf6ssxCiXn9K9jRrQqp9crpRCjXWJCDoWu23M",
      "d": "VkInnwrajdzG3NkC317NRB1-ZC6R0Z_knWlbHIsqZObeJusahufdwyjskMgYuzkMaRn4PXLK_K1BdbgXeJt-n3sme4sPxHo1Aa4-rcXVejoqawfUkfRuG8er2Y-EmFRs2xjr2gHPb_6kRt29KT3L2ijIKz6O0GblEKCFuiSJuVOS5zHkgts9GT_2D1e6Z5cKh6HTmBOvUeuH-NinlDL9K1WMEHyAtQodUFb2unPTDitYszri1F557zV9wHllNKyK9D11aDjV3yuk6_7hqF0sXcz0ZwLk3uluiYdyYxa4CDUCcFsatw-SWtck4LqFg7tBPQlTnHgH5Ghg9asNMbhdkQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "keyid-to-fapi-plain-pauth",
      "qi": "NmUZlz_tHZEI1yB7l8eqtpjdS6aPF3_GzVxRsG5dBu1p9Pc9pmnz-xiAOYzIxBG-skzgwNdV0FJlnyC-BPiHWSbu409lgSZhl8FzZD1G_-ugGqIEFV42wpAZHOUQgq3rMYhyIZ3v1dsdLMq-obbKBQ1kT5TGQWNFHu3pEekjPBc",
      "dp": "iBDgrK_SURYizcOHkUGmmkj0e7HHiu4Gj-InCDmPXCzXix8GFl9dKTaYPt-917r4h7V06qJhed5fzxf9yEgocmx62Oq-OcFzM7ZVukBKxjBdAqmjiqMXjj7skB245zJzz1aRPZilL8Tw5Q9qZJKcCSd_xN6d7VELb6XUspCWJrU",
      "alg": "PS256",
      "dq": "Q7Q1ZDZVQAiqqtZMzplSJDxH7Rjqgh4IdWI0yJnMq5TFxDCDYPixyFnzvbN2eZCKE9etyW8cKr5bPtBx-_XDeReGZnXp93RxE_3zxd933gKvoBLxJJkQm4jpeVqWX0VZM0p1kdrsscrgXKDbOLDNtFWJlo8J--ecm3Q3lkPOlyE",
      "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
    }
  ]
}
2021-06-01 19:09:41 SUCCESS
LoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "email": "user@example.com",
  "email_verified": false
}
2021-06-01 19:09:41 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_secret_jwt_alg
RS256
client_id
12345678-fapi-plain-private-key-clientid
client_secret
1f17e98300ad792c9b4416e656aa582b0c89b03e
redirect_uri
https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback
scope
openid accounts
jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "keyid-to-fapi-plain-pauth",
      "alg": "PS256",
      "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgIQWSl/rqAik/ZS2bkCLQ7ZGzANBgkqhkiG9w0BAQsFADCB
sDELMAkGA1UEBhMCQVUxNzA1BgNVBAoTLkF1c3RyYWxpYW4gQ29tcGV0aXRpb24g
YW5kIENvbnN1bWVyIENvbW1pc3Npb24xHDAaBgNVBAsTE0NvbnN1bWVyIERhdGEg
UmlnaHQxHzAdBgNVBAsTFkZvciBURVNUIFB1cnBvc2VzIE9OTFkxKTAnBgNVBAMT
IENEUiBURVNUIEJhbmtpbmcgSW50ZXJtZWRpYXRlIENBMB4XDTIwMTExOTAwMDAw
MFoXDTIxMTExOTIzNTk1OVowgZQxHDAaBgNVBAsME0NvbnN1bWVyIERhdGEgUmln
aHQxHzAdBgNVBAsMFkZvciBURVNUIFB1cnBvc2VzIE9OTFkxJTAjBgNVBAoMHElu
dHVpdCBBdXN0cmFsaWEgUHR5IExpbWl0ZWQxLDAqBgNVBAMMI3BhcnRuZXJhdXRo
LWUyZS5wbGF0Zm9ybS5pbnR1aXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwkTTIUXBivenAAstBtWlNK/WJh62pQhVvmV5v/s30fTtp9Yaos8F
QyP2kJUy0h/L5asdC0IIDonrLBDwi7zVCm/VsNr4Gx0DPng5yYSLRdNaxPk4S8ax
PY8wwYYjeJuaV/DrvYneu40DZiJWTE8N3SpKZ+OSfxJlFtda2ejkfhNk0a0amIMr
Q2YfanI/nVwk7/WWDfwqc2jMuI3WPZHt165+TDPb1qG1cXm5PoPJpD3srITvfJue
s6nfI14wtGZu0IVlT9go7bJcMRNBb/C4EpDyfl3v3MExsqMe0TI5e7kTMgy5rjDG
4s75GVaHpiWRw956sda8obv5Kb9gflpeYwIDAQABo4IBezCCAXcwDAYDVR0TAQH/
BAIwADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0O
BBYEFHVsct+KfWyMwdYa3jLcQw7NplPwMC4GCmCGSAGG+EUBEAMEIDAeBhNghkgB
hvhFARABAwEEAYL4tIwYFgcxMTMwMjIwMDkGCmCGSAGG+EUBEAUEKzApAgEAFiRh
SFIwY0hNNkx5OXdhMmt0Y21FdWMzbHRZWFYwYUM1amIyMD0wXQYDVR0fBFYwVDBS
oFCgToZMaHR0cDovL3BraS1jcmwuc3ltYXV0aC5jb20vY2FfZGY1ZDQ5M2Q1YjQ3
ODQ5MjZjZGZlNmFkZTllMDAzZmMvTGF0ZXN0Q1JMLmNybDA4BggrBgEFBQcBAQQs
MCowKAYIKwYBBQUHMAGGHGh0dHA6Ly9wa2ktb2NzcC5kaWdpY2VydC5jb20wHwYD
VR0jBBgwFoAUSTaRAgiZKmzkKWCekX67k63mXkswDQYJKoZIhvcNAQELBQADggEB
AEnEvI5UJ2txz4oYJCqMCMNoHvapyW3dG7K+Lrjh+V+pwwASbGpX8KiyO7J+iWp/
/ceQDMdTP0UFM1j5L8EePQ0hWOkJvWsVmo6GgS7zYPu+6id73P3cgLwqAWRrLBSk
sNfdUQPY4lVaSiMDf3VzzqjMzdTGbNAzZmeJEszKI5fUEt+T47mtu2jFcMq9o1vw
dxLjJ7BP1MIWsPNCzYazma2+Nfe3v/CzvsroyLiNywwaZn4D4r5VOofNrVM8UXpr
Rhn5pCEvDbbgr8Rd3k5zFq6LTbP1H6K47rs9MY+Edb/Uel/qhlx3RQBCy4ryR8Q6
ofDMEAPI9RcppT6elKQQ69M=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFtzCCA5+gAwIBAgIQGhoSP4DqnQoUsNkehM6x2TANBgkqhkiG9w0BAQsFADCB
oDELMAkGA1UEBhMCQVUxNzA1BgNVBAoTLkF1c3RyYWxpYW4gQ29tcGV0aXRpb24g
YW5kIENvbnN1bWVyIENvbW1pc3Npb24xHDAaBgNVBAsTE0NvbnN1bWVyIERhdGEg
UmlnaHQxHzAdBgNVBAsTFkZvciBURVNUIFB1cnBvc2VzIE9OTFkxGTAXBgNVBAMT
EENEUiBURVNUIFJvb3QgQ0EwHhcNMTkxMDE3MDAwMDAwWhcNMzQxMDE2MjM1OTU5
WjCBsDELMAkGA1UEBhMCQVUxNzA1BgNVBAoTLkF1c3RyYWxpYW4gQ29tcGV0aXRp
b24gYW5kIENvbnN1bWVyIENvbW1pc3Npb24xHDAaBgNVBAsTE0NvbnN1bWVyIERh
dGEgUmlnaHQxHzAdBgNVBAsTFkZvciBURVNUIFB1cnBvc2VzIE9OTFkxKTAnBgNV
BAMTIENEUiBURVNUIEJhbmtpbmcgSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6+NlPtZ4TPJrMRbvj7HkXBkEStfc1s+L8qd
FX8BRnt/H9Ca+9BTLEiKj+jJ6J74yTLrK9g4y+hhaQZFFperMF0TUy+fU3nby6D8
jo6fMLr0O/W8MZ2LTk/6n1+FiZqUH8st3Nle9f4DdLY6BAR8HjCnikNYaxutBTYt
GjkxOqogGFdwG+X0S0spKGDTq5UAp3Wc7D/fZRSeAfdTYO5FV9zhdTT6sbnrosQi
obBuwqwLqZeeju6V5fogkhMu4tVE3GmiK/T5mGrBqqO2DIfI4t+1D/SBo4jZP2V/
El2CSRgKrlVMcWoOE3h9Aa20vliLsJgv/Zf9gH/5UhHV5KlegQIDAQABo4HaMIHX
MCgGA1UdEQQhMB+kHTAbMRkwFwYDVQQDExBEaWdpQ2VydFBLSS0zLTY5MB0GA1Ud
DgQWBBRJNpECCJkqbOQpYJ6RfruTreZeSzASBgNVHRMBAf8ECDAGAQH/AgEAMEcG
A1UdHwRAMD4wPKA6oDiGNmh0dHA6Ly9jcmwuYXUuZGlnaWNlcnQuY29tL0NBL0FD
Q0NfQ0RSX1RFU1RfUm9vdENBLmNybDAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgw
FoAU/shndz73CkDs3XVqioe1JoHU24wwDQYJKoZIhvcNAQELBQADggIBADQAYy6W
KMFMyyOkW23kFMLu/ki66DfvusaNR++4tXUs4j6TSipEJ4weyKpMNcro+InGCaY3
0X2fIzTa/L0PJlpo/cLuuGRpnx41I5dPjnltmwmZSXEJEYlIn0aQNy1luHfR76s+
A44/DiquHVlI4t4fLcsuDUtVHcTlN59qY40GuWL/00y4IGWNbrXSSDLkRqWdeBF4
A8XRoTLMmNuw4Mcm9Zpggc2K40GtFxCbxsDaw6NVZgGODnnSdmw5/gExWH1RIjYU
J7whYsnIIPxy8HmogGOhrvB36EtvS/BOeNwSyBNVoSTDoVLDeMxgO/9shH0Ytaew
zsXAnfW5wUZiiAyqZOqN7gUZpo+aaZrC8sBo36B1RdLzEszs0GY3ohl/rUixr5jY
nbC4mYTte4DNA6HSadBnHAmnyLX5oQvK+pE9eSaZVNvg09pDSPjRkuhYxPO5tHkr
zrjAk3PNXKDddnSdMSXILbkPAEssBuC4vax1kd5o8grSFvidUQMr61paT5o17lxh
Y7z1Fav5bW65JFid1oR6OiEn+o3DNaYf22eaYJsZRcJ7Fio8CPoJnSq5NJC57KHq
NYHMCwMdJkob2NNXJSmKA3FRxX2zhj6iehQT9p+N5HEngGJMGAv90MhIIWZcHuK5
m/Egr0D/nA9GtlPyS0m2GkCkNqzyD2cyOilg
-----END CERTIFICATE-----
2021-06-01 19:09:41 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-06-01 19:09:41 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "keyid-to-fapi-plain-pauth",
      "alg": "PS256",
      "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "keyid-to-fapi-plain-pauth",
      "alg": "PS256",
      "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
    }
  ]
}
2021-06-01 19:09:41 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-06-01 19:09:41 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-06-01 19:09:41 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "keyid-to-fapi-plain-pauth",
      "alg": "PS256",
      "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
    }
  ]
}
2021-06-01 19:09:41
fapi-rw-id2-client-test-invalid-signature
Setup Done
2021-06-01 19:09:54 INCOMING
fapi-rw-id2-client-test-invalid-signature
Incoming HTTP request to test instance mjU48bMvkO348XL
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "none",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\" Not A;Brand\";v\u003d\"99\", \"Chromium\";v\u003d\"90\", \"Google Chrome\";v\u003d\"90\"",
  "sec-ch-ua-mobile": "?0",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9,hi;q\u003d0.8",
  "cookie": "__utmz\u003d201319536.1621283291.13.3.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); __utma\u003d201319536.30309185.1617009267.1621283291.1621288066.14; JSESSIONID\u003dE7A32EB398AE093ACED8739960FE3CEA",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
authorize
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "scope": "openid accounts",
  "response_type": "code id_token",
  "redirect_uri": "https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback",
  "client_id": "12345678-fapi-plain-private-key-clientid",
  "request": "eyJraWQiOiJrZXlpZC10by1mYXBpLXBsYWluLXBhdXRoIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJmYmEyNmU5Mi1mNzUzLTRjYTQtYmM2ZC0xOTAxYzUxNzk1OTUiLCJpc3MiOiIxMjM0NTY3OC1mYXBpLXBsYWluLXByaXZhdGUta2V5LWNsaWVudGlkIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJub25jZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJjbGllbnRfaWQiOiIxMjM0NTY3OC1mYXBpLXBsYWluLXByaXZhdGUta2V5LWNsaWVudGlkIiwiYXVkIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL0ludHVpdF9wYXV0aF9mYXBpX3BsYWluX3ByaXZhdGVfa2V5X3BsYW5fMVwvIiwic2NvcGUiOiJvcGVuaWQgYWNjb3VudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiZXNzZW50aWFsIjp0cnVlfX0sInVzZXJpbmZvIjp7fX0sInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC9wYXJ0bmVyYXV0aC1lMmUucGxhdGZvcm0uaW50dWl0LmNvbVwvZXh0ZXJuYWxfcGFydG5lclwvb3BlbmlkX2ZhcGlfY2VydGlmaWNhdGlvblwvY2FsbGJhY2siLCJzdGF0ZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJleHAiOjE2MjI1NzUxOTQsImlhdCI6MTYyMjU3NDU5NCwianRpIjoiNmFjYTRjMGQtNTM3MC00NDA0LTgxMzItODQzNzc3Yzc1MTM2In0.MmD4Xibw_kBtIVVdBknvXA8YTAUOZk321J4dk56RfNaJ3jAbjcCroYEJN2gkg7tKJ5SRVph7mf1pkEJCEo_tHrEIAWrQ71SWzJe2qR1FStyJj7KwcWx-ABQKZ8s2PP-opgTX5ANaeUiU-EVqwEv3eXd4L-p7nV8G5kzNq4_5R7tqpqheT5zutB_hDiTUPU1ukL8l93Qz31tvB2-ECW9qPGw0UbuQFS5VVccdSzmZTju38LxKF8RrIev6a2uFEy92TWU6lAM4sSdxMjnR6IxmoeLlIe5x_2vJW8EoUbjWIZdsdGNUmuF-_3xa0detddqM_Ruz8hH-6rudXSaJuRA8rA",
  "state": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055"
}
incoming_body
2021-06-01 19:09:54 SUCCESS
EnsureIncomingTls12
Found TLS 1.2 connection
2021-06-01 19:09:54 SUCCESS
EnsureIncomingTlsSecureCipher
TLS cipher is allowed
actual
ECDHE-RSA-AES128-GCM-SHA256
expected
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Authorization endpoint
2021-06-01 19:09:54 SUCCESS
ExtractRequestObject
Parsed request object
request_object
{
  "value": "eyJraWQiOiJrZXlpZC10by1mYXBpLXBsYWluLXBhdXRoIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJmYmEyNmU5Mi1mNzUzLTRjYTQtYmM2ZC0xOTAxYzUxNzk1OTUiLCJpc3MiOiIxMjM0NTY3OC1mYXBpLXBsYWluLXByaXZhdGUta2V5LWNsaWVudGlkIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJub25jZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJjbGllbnRfaWQiOiIxMjM0NTY3OC1mYXBpLXBsYWluLXByaXZhdGUta2V5LWNsaWVudGlkIiwiYXVkIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL0ludHVpdF9wYXV0aF9mYXBpX3BsYWluX3ByaXZhdGVfa2V5X3BsYW5fMVwvIiwic2NvcGUiOiJvcGVuaWQgYWNjb3VudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiZXNzZW50aWFsIjp0cnVlfX0sInVzZXJpbmZvIjp7fX0sInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC9wYXJ0bmVyYXV0aC1lMmUucGxhdGZvcm0uaW50dWl0LmNvbVwvZXh0ZXJuYWxfcGFydG5lclwvb3BlbmlkX2ZhcGlfY2VydGlmaWNhdGlvblwvY2FsbGJhY2siLCJzdGF0ZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJleHAiOjE2MjI1NzUxOTQsImlhdCI6MTYyMjU3NDU5NCwianRpIjoiNmFjYTRjMGQtNTM3MC00NDA0LTgxMzItODQzNzc3Yzc1MTM2In0.MmD4Xibw_kBtIVVdBknvXA8YTAUOZk321J4dk56RfNaJ3jAbjcCroYEJN2gkg7tKJ5SRVph7mf1pkEJCEo_tHrEIAWrQ71SWzJe2qR1FStyJj7KwcWx-ABQKZ8s2PP-opgTX5ANaeUiU-EVqwEv3eXd4L-p7nV8G5kzNq4_5R7tqpqheT5zutB_hDiTUPU1ukL8l93Qz31tvB2-ECW9qPGw0UbuQFS5VVccdSzmZTju38LxKF8RrIev6a2uFEy92TWU6lAM4sSdxMjnR6IxmoeLlIe5x_2vJW8EoUbjWIZdsdGNUmuF-_3xa0detddqM_Ruz8hH-6rudXSaJuRA8rA",
  "header": {
    "kid": "keyid-to-fapi-plain-pauth",
    "alg": "PS256"
  },
  "claims": {
    "sub": "fba26e92-f753-4ca4-bc6d-1901c5179595",
    "iss": "12345678-fapi-plain-private-key-clientid",
    "response_type": "code id_token",
    "nonce": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055",
    "client_id": "12345678-fapi-plain-private-key-clientid",
    "aud": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/",
    "scope": "openid accounts",
    "claims": {
      "id_token": {
        "acr": {
          "value": "urn:openbanking:psd2:sca",
          "essential": true
        }
      },
      "userinfo": {}
    },
    "redirect_uri": "https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback",
    "state": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055",
    "exp": 1622575194,
    "iat": 1622574594,
    "jti": "6aca4c0d-5370-4404-8132-843777c75136"
  }
}
2021-06-01 19:09:54 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "scope": "openid accounts",
  "response_type": "code id_token",
  "redirect_uri": "https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback",
  "client_id": "12345678-fapi-plain-private-key-clientid",
  "request": "eyJraWQiOiJrZXlpZC10by1mYXBpLXBsYWluLXBhdXRoIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJmYmEyNmU5Mi1mNzUzLTRjYTQtYmM2ZC0xOTAxYzUxNzk1OTUiLCJpc3MiOiIxMjM0NTY3OC1mYXBpLXBsYWluLXByaXZhdGUta2V5LWNsaWVudGlkIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJub25jZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJjbGllbnRfaWQiOiIxMjM0NTY3OC1mYXBpLXBsYWluLXByaXZhdGUta2V5LWNsaWVudGlkIiwiYXVkIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL0ludHVpdF9wYXV0aF9mYXBpX3BsYWluX3ByaXZhdGVfa2V5X3BsYW5fMVwvIiwic2NvcGUiOiJvcGVuaWQgYWNjb3VudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiZXNzZW50aWFsIjp0cnVlfX0sInVzZXJpbmZvIjp7fX0sInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC9wYXJ0bmVyYXV0aC1lMmUucGxhdGZvcm0uaW50dWl0LmNvbVwvZXh0ZXJuYWxfcGFydG5lclwvb3BlbmlkX2ZhcGlfY2VydGlmaWNhdGlvblwvY2FsbGJhY2siLCJzdGF0ZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJleHAiOjE2MjI1NzUxOTQsImlhdCI6MTYyMjU3NDU5NCwianRpIjoiNmFjYTRjMGQtNTM3MC00NDA0LTgxMzItODQzNzc3Yzc1MTM2In0.MmD4Xibw_kBtIVVdBknvXA8YTAUOZk321J4dk56RfNaJ3jAbjcCroYEJN2gkg7tKJ5SRVph7mf1pkEJCEo_tHrEIAWrQ71SWzJe2qR1FStyJj7KwcWx-ABQKZ8s2PP-opgTX5ANaeUiU-EVqwEv3eXd4L-p7nV8G5kzNq4_5R7tqpqheT5zutB_hDiTUPU1ukL8l93Qz31tvB2-ECW9qPGw0UbuQFS5VVccdSzmZTju38LxKF8RrIev6a2uFEy92TWU6lAM4sSdxMjnR6IxmoeLlIe5x_2vJW8EoUbjWIZdsdGNUmuF-_3xa0detddqM_Ruz8hH-6rudXSaJuRA8rA",
  "state": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055",
  "sub": "fba26e92-f753-4ca4-bc6d-1901c5179595",
  "iss": "12345678-fapi-plain-private-key-clientid",
  "nonce": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055",
  "aud": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:openbanking:psd2:sca",
        "essential": true
      }
    },
    "userinfo": {}
  },
  "exp": 1622575194,
  "iat": 1622574594,
  "jti": "6aca4c0d-5370-4404-8132-843777c75136"
}
2021-06-01 19:09:54 SUCCESS
EnsureAuthorizationParametersMatchRequestObject
All claims in the query parameters exist in the request object
claims
[
  "scope",
  "response_type",
  "redirect_uri",
  "client_id",
  "request",
  "state"
]
2021-06-01 19:09:54 SUCCESS
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
alg
PS256
2021-06-01 19:09:54 SUCCESS
FAPIValidateRequestObjectIdTokenACRClaims
Acr value in request object is as expected
received
[
  "urn:openbanking:psd2:sca"
]
2021-06-01 19:09:54 SUCCESS
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
exp
"Jun 1, 2021, 7:19:54 PM"
2021-06-01 19:09:54
ValidateRequestObjectClaims
Request object does not contain a max_age claim
2021-06-01 19:09:54 SUCCESS
ValidateRequestObjectClaims
Request object claims passed all validation checks
2021-06-01 19:09:54 SUCCESS
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
numeric_claims
[
  "max_age"
]
2021-06-01 19:09:54 SUCCESS
EnsureMatchingRedirectUriInRequestObject
Redirect URI matched
actual
https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback
2021-06-01 19:09:54 SUCCESS
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
2021-06-01 19:09:54 SUCCESS
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
2021-06-01 19:09:54 SUCCESS
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
request_object
eyJraWQiOiJrZXlpZC10by1mYXBpLXBsYWluLXBhdXRoIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJmYmEyNmU5Mi1mNzUzLTRjYTQtYmM2ZC0xOTAxYzUxNzk1OTUiLCJpc3MiOiIxMjM0NTY3OC1mYXBpLXBsYWluLXByaXZhdGUta2V5LWNsaWVudGlkIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJub25jZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJjbGllbnRfaWQiOiIxMjM0NTY3OC1mYXBpLXBsYWluLXByaXZhdGUta2V5LWNsaWVudGlkIiwiYXVkIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL0ludHVpdF9wYXV0aF9mYXBpX3BsYWluX3ByaXZhdGVfa2V5X3BsYW5fMVwvIiwic2NvcGUiOiJvcGVuaWQgYWNjb3VudHMiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsiYWNyIjp7InZhbHVlIjoidXJuOm9wZW5iYW5raW5nOnBzZDI6c2NhIiwiZXNzZW50aWFsIjp0cnVlfX0sInVzZXJpbmZvIjp7fX0sInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC9wYXJ0bmVyYXV0aC1lMmUucGxhdGZvcm0uaW50dWl0LmNvbVwvZXh0ZXJuYWxfcGFydG5lclwvb3BlbmlkX2ZhcGlfY2VydGlmaWNhdGlvblwvY2FsbGJhY2siLCJzdGF0ZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJleHAiOjE2MjI1NzUxOTQsImlhdCI6MTYyMjU3NDU5NCwianRpIjoiNmFjYTRjMGQtNTM3MC00NDA0LTgxMzItODQzNzc3Yzc1MTM2In0.MmD4Xibw_kBtIVVdBknvXA8YTAUOZk321J4dk56RfNaJ3jAbjcCroYEJN2gkg7tKJ5SRVph7mf1pkEJCEo_tHrEIAWrQ71SWzJe2qR1FStyJj7KwcWx-ABQKZ8s2PP-opgTX5ANaeUiU-EVqwEv3eXd4L-p7nV8G5kzNq4_5R7tqpqheT5zutB_hDiTUPU1ukL8l93Qz31tvB2-ECW9qPGw0UbuQFS5VVccdSzmZTju38LxKF8RrIev6a2uFEy92TWU6lAM4sSdxMjnR6IxmoeLlIe5x_2vJW8EoUbjWIZdsdGNUmuF-_3xa0detddqM_Ruz8hH-6rudXSaJuRA8rA
request_object_signing_alg
PS256
jwk
Sun RSA public key, 2048 bits
  params: null
  modulus: 16716795945272259726741252200688114656087078176102138054137165886226728286443256639304870638167057439277445250863009785550856647690673040747467038387372633830019387591841242317742272461976681562265477800728776009134444267156797911244562461102789381353553938085004925922084425096075880239230924709372740012550684840057338350897086721142972813961048945045929364949947438110161638658049699566941939229294605787535022255836057202168962317872945857907492994769199685053136164628062562853693312896696328330755807964685711565035640340714785121950708213302996120007842018248678050324768639318938233392498807524430283516689983
  public exponent: 65537
2021-06-01 19:09:54 SUCCESS
EnsureResponseTypeIsCodeIdToken
Response type is expected value
expected
code id_token
2021-06-01 19:09:54 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
12345678-fapi-plain-private-key-clientid
2021-06-01 19:09:54 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid accounts
2021-06-01 19:09:54 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid",
  "accounts"
]
expected
openid
2021-06-01 19:09:54 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055
2021-06-01 19:09:54 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
jfF9QTaqzR
2021-06-01 19:09:54 SUCCESS
ExtractServerSigningAlg
Successfully extracted algorithm
signing_algorithm
PS256
2021-06-01 19:09:54 SUCCESS
CalculateCHash
Successful c_hash encoding
c_hash
E8xnisfXC-17l6qhj8Q_gQ
2021-06-01 19:09:54 SUCCESS
CalculateSHash
Successful s_hash encoding
s_hash
JqjlWtduCA7A0xLWi_gc4g
2021-06-01 19:09:54 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
A7mgXnfFRBc8NT0t3Z7lP2GHuT2Wi3iLtmfglC6T9ToM58U2uP
2021-06-01 19:09:54 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
KLleClSXs2mm3h2TcilYGQ
2021-06-01 19:09:54 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/
sub
user-subject-1234531
aud
12345678-fapi-plain-private-key-clientid
nonce
awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055
iat
1622574594
exp
1622574894
2021-06-01 19:09:54 SUCCESS
AddCHashToIdTokenClaims
Added c_hash to ID token claims
c_hash
E8xnisfXC-17l6qhj8Q_gQ
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/",
  "sub": "user-subject-1234531",
  "aud": "12345678-fapi-plain-private-key-clientid",
  "nonce": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055",
  "iat": 1622574594,
  "exp": 1622574894,
  "c_hash": "E8xnisfXC-17l6qhj8Q_gQ"
}
2021-06-01 19:09:54 SUCCESS
AddSHashToIdTokenClaims
Added s_hash to ID token claims
s_hash
JqjlWtduCA7A0xLWi_gc4g
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/",
  "sub": "user-subject-1234531",
  "aud": "12345678-fapi-plain-private-key-clientid",
  "nonce": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055",
  "iat": 1622574594,
  "exp": 1622574894,
  "c_hash": "E8xnisfXC-17l6qhj8Q_gQ",
  "s_hash": "JqjlWtduCA7A0xLWi_gc4g"
}
2021-06-01 19:09:54 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
KLleClSXs2mm3h2TcilYGQ
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/",
  "sub": "user-subject-1234531",
  "aud": "12345678-fapi-plain-private-key-clientid",
  "nonce": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055",
  "iat": 1622574594,
  "exp": 1622574894,
  "c_hash": "E8xnisfXC-17l6qhj8Q_gQ",
  "s_hash": "JqjlWtduCA7A0xLWi_gc4g",
  "at_hash": "KLleClSXs2mm3h2TcilYGQ"
}
2021-06-01 19:09:54 SUCCESS
AddACRClaimToIdTokenClaims
Added acr value to id_token_claims
acr_value
urn:openbanking:psd2:sca
claims
{
  "iss": "https://www.certification.openid.net/test/a/Intuit_pauth_fapi_plain_private_key_plan_1/",
  "sub": "user-subject-1234531",
  "aud": "12345678-fapi-plain-private-key-clientid",
  "nonce": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055",
  "iat": 1622574594,
  "exp": 1622574894,
  "c_hash": "E8xnisfXC-17l6qhj8Q_gQ",
  "s_hash": "JqjlWtduCA7A0xLWi_gc4g",
  "at_hash": "KLleClSXs2mm3h2TcilYGQ",
  "acr": "urn:openbanking:psd2:sca"
}
2021-06-01 19:09:54 SUCCESS
SignIdToken
Signed the ID token
id_token
eyJraWQiOiJrZXlpZC10by1mYXBpLXBsYWluLXBhdXRoIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiS0xsZUNsU1hzMm1tM2gyVGNpbFlHUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiMTIzNDU2NzgtZmFwaS1wbGFpbi1wcml2YXRlLWtleS1jbGllbnRpZCIsImNfaGFzaCI6IkU4eG5pc2ZYQy0xN2w2cWhqOFFfZ1EiLCJhY3IiOiJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJzX2hhc2giOiJKcWpsV3RkdUNBN0EweExXaV9nYzRnIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL0ludHVpdF9wYXV0aF9mYXBpX3BsYWluX3ByaXZhdGVfa2V5X3BsYW5fMVwvIiwiZXhwIjoxNjIyNTc0ODk0LCJub25jZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJpYXQiOjE2MjI1NzQ1OTR9.cCQI1BWi_ZS1mC4aMMFVXhBb3kLjmkIOu3a2aFHtHKsuhNAEOXny4sTRtQ3dW6IX4tviqztJokpHQthA0DEPnz-7kBjUxQ8gTNmiGXJr_mxLuc9Rm2LfkXhxfTw7zrPV5kC84JqELlKxjkitrPETbPFGC35EEacD3iLPxAdspV1J6BH5lxw86ceTzu6l6AFmC8zvWq0tFj9oqY51zinDA6n4sedm6n5XW3co8M0SfehG_b5ktvD8Uaz1mhTPC8a7ZaN5ZVecx3YWhl9Uvd02yMfE-UTHxZNhrL5Uxg0PBWV0xPHXpM8Otj0JO05wi8UuaDX0QnSfyUrKWB7bjpPGXw
2021-06-01 19:09:54 SUCCESS
SignIdTokenInvalid
Made the id_token signature invalid
id_token
eyJraWQiOiJrZXlpZC10by1mYXBpLXBsYWluLXBhdXRoIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiS0xsZUNsU1hzMm1tM2gyVGNpbFlHUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiMTIzNDU2NzgtZmFwaS1wbGFpbi1wcml2YXRlLWtleS1jbGllbnRpZCIsImNfaGFzaCI6IkU4eG5pc2ZYQy0xN2w2cWhqOFFfZ1EiLCJhY3IiOiJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJzX2hhc2giOiJKcWpsV3RkdUNBN0EweExXaV9nYzRnIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL0ludHVpdF9wYXV0aF9mYXBpX3BsYWluX3ByaXZhdGVfa2V5X3BsYW5fMVwvIiwiZXhwIjoxNjIyNTc0ODk0LCJub25jZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJpYXQiOjE2MjI1NzQ1OTR9.Kn5Sjk_4p87vwnRAapsPBEoBhBi5wBhU4SzsMgu3RvF03opeYyOouJ6L71eHAfhNuIG48WET-BAdGIIaimtVxWXhykKOn1V6FoP4QygxpDYR45ULwTiFyyIrJ2ZhlOmPvBrmusDedAjr1BL39qtJNqscUSQeS_1ZhHiVnl02_wcTskujzUZms53JlLT_sls8UZa1APd3TGUy89QvlHOZWfOi6708sCQNAS1yqpdIJ7Icp-Q-7KqmC_avwE6VUZzhP_kjPw3GnSxM3AUO54dskp2eox6dn8k79uQOnFdVXz8unquN_pVU7GdTYRQq0Z90Mm-uGC7FkxCQAkSB1MmcBQ
2021-06-01 19:09:54 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback",
  "state": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055"
}
2021-06-01 19:09:54 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback",
  "state": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055",
  "code": "jfF9QTaqzR"
}
2021-06-01 19:09:54 SUCCESS
AddIdTokenToAuthorizationEndpointResponseParams
Added id_token to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback",
  "state": "awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055",
  "code": "jfF9QTaqzR",
  "id_token": "eyJraWQiOiJrZXlpZC10by1mYXBpLXBsYWluLXBhdXRoIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiS0xsZUNsU1hzMm1tM2gyVGNpbFlHUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiMTIzNDU2NzgtZmFwaS1wbGFpbi1wcml2YXRlLWtleS1jbGllbnRpZCIsImNfaGFzaCI6IkU4eG5pc2ZYQy0xN2w2cWhqOFFfZ1EiLCJhY3IiOiJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJzX2hhc2giOiJKcWpsV3RkdUNBN0EweExXaV9nYzRnIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL0ludHVpdF9wYXV0aF9mYXBpX3BsYWluX3ByaXZhdGVfa2V5X3BsYW5fMVwvIiwiZXhwIjoxNjIyNTc0ODk0LCJub25jZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJpYXQiOjE2MjI1NzQ1OTR9.Kn5Sjk_4p87vwnRAapsPBEoBhBi5wBhU4SzsMgu3RvF03opeYyOouJ6L71eHAfhNuIG48WET-BAdGIIaimtVxWXhykKOn1V6FoP4QygxpDYR45ULwTiFyyIrJ2ZhlOmPvBrmusDedAjr1BL39qtJNqscUSQeS_1ZhHiVnl02_wcTskujzUZms53JlLT_sls8UZa1APd3TGUy89QvlHOZWfOi6708sCQNAS1yqpdIJ7Icp-Q-7KqmC_avwE6VUZzhP_kjPw3GnSxM3AUO54dskp2eox6dn8k79uQOnFdVXz8unquN_pVU7GdTYRQq0Z90Mm-uGC7FkxCQAkSB1MmcBQ"
}
2021-06-01 19:09:54
SendAuthorizationResponseWithResponseModeFragment
Redirecting back to client
uri
https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback#state=awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055&code=jfF9QTaqzR&id_token=eyJraWQiOiJrZXlpZC10by1mYXBpLXBsYWluLXBhdXRoIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiS0xsZUNsU1hzMm1tM2gyVGNpbFlHUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiMTIzNDU2NzgtZmFwaS1wbGFpbi1wcml2YXRlLWtleS1jbGllbnRpZCIsImNfaGFzaCI6IkU4eG5pc2ZYQy0xN2w2cWhqOFFfZ1EiLCJhY3IiOiJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJzX2hhc2giOiJKcWpsV3RkdUNBN0EweExXaV9nYzRnIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL0ludHVpdF9wYXV0aF9mYXBpX3BsYWluX3ByaXZhdGVfa2V5X3BsYW5fMVwvIiwiZXhwIjoxNjIyNTc0ODk0LCJub25jZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJpYXQiOjE2MjI1NzQ1OTR9.Kn5Sjk_4p87vwnRAapsPBEoBhBi5wBhU4SzsMgu3RvF03opeYyOouJ6L71eHAfhNuIG48WET-BAdGIIaimtVxWXhykKOn1V6FoP4QygxpDYR45ULwTiFyyIrJ2ZhlOmPvBrmusDedAjr1BL39qtJNqscUSQeS_1ZhHiVnl02_wcTskujzUZms53JlLT_sls8UZa1APd3TGUy89QvlHOZWfOi6708sCQNAS1yqpdIJ7Icp-Q-7KqmC_avwE6VUZzhP_kjPw3GnSxM3AUO54dskp2eox6dn8k79uQOnFdVXz8unquN_pVU7GdTYRQq0Z90Mm-uGC7FkxCQAkSB1MmcBQ
2021-06-01 19:09:54 OUTGOING
fapi-rw-id2-client-test-invalid-signature
Response to HTTP request to test instance mjU48bMvkO348XL
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://partnerauth-e2e.platform.intuit.com/external_partner/openid_fapi_certification/callback#state=awb.1b45ed4b-a825-4454-8ab8-1c200c4c8055&code=jfF9QTaqzR&id_token=eyJraWQiOiJrZXlpZC10by1mYXBpLXBsYWluLXBhdXRoIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiS0xsZUNsU1hzMm1tM2gyVGNpbFlHUSIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiMTIzNDU2NzgtZmFwaS1wbGFpbi1wcml2YXRlLWtleS1jbGllbnRpZCIsImNfaGFzaCI6IkU4eG5pc2ZYQy0xN2w2cWhqOFFfZ1EiLCJhY3IiOiJ1cm46b3BlbmJhbmtpbmc6cHNkMjpzY2EiLCJzX2hhc2giOiJKcWpsV3RkdUNBN0EweExXaV9nYzRnIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL0ludHVpdF9wYXV0aF9mYXBpX3BsYWluX3ByaXZhdGVfa2V5X3BsYW5fMVwvIiwiZXhwIjoxNjIyNTc0ODk0LCJub25jZSI6ImF3Yi4xYjQ1ZWQ0Yi1hODI1LTQ0NTQtOGFiOC0xYzIwMGM0YzgwNTUiLCJpYXQiOjE2MjI1NzQ1OTR9.Kn5Sjk_4p87vwnRAapsPBEoBhBi5wBhU4SzsMgu3RvF03opeYyOouJ6L71eHAfhNuIG48WET-BAdGIIaimtVxWXhykKOn1V6FoP4QygxpDYR45ULwTiFyyIrJ2ZhlOmPvBrmusDedAjr1BL39qtJNqscUSQeS_1ZhHiVnl02_wcTskujzUZms53JlLT_sls8UZa1APd3TGUy89QvlHOZWfOi6708sCQNAS1yqpdIJ7Icp-Q-7KqmC_avwE6VUZzhP_kjPw3GnSxM3AUO54dskp2eox6dn8k79uQOnFdVXz8unquN_pVU7GdTYRQq0Z90Mm-uGC7FkxCQAkSB1MmcBQ]
outgoing_path
authorize
2021-06-01 19:09:58 INCOMING
fapi-rw-id2-client-test-invalid-signature
Incoming HTTP request to test instance mjU48bMvkO348XL
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "Apache-HttpClient/4.5.6 (Java/1.8.0_241)",
  "accept-encoding": "gzip,deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-06-01 19:09:58 SUCCESS
EnsureIncomingTls12
Found TLS 1.2 connection
2021-06-01 19:09:58 SUCCESS
EnsureIncomingTlsSecureCipher
TLS cipher is allowed
actual
ECDHE-RSA-AES256-GCM-SHA384
expected
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-06-01 19:09:58 OUTGOING
fapi-rw-id2-client-test-invalid-signature
Response to HTTP request to test instance mjU48bMvkO348XL
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "keyid-to-fapi-plain-pauth",
      "alg": "PS256",
      "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
    }
  ]
}
outgoing_path
jwks
2021-06-01 19:09:58 INCOMING
fapi-rw-id2-client-test-invalid-signature
Incoming HTTP request to test instance mjU48bMvkO348XL
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "Apache-HttpClient/4.5.6 (Java/1.8.0_241)",
  "accept-encoding": "gzip,deflate",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
jwks
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-06-01 19:09:58 SUCCESS
EnsureIncomingTls12
Found TLS 1.2 connection
2021-06-01 19:09:58 SUCCESS
EnsureIncomingTlsSecureCipher
TLS cipher is allowed
actual
ECDHE-RSA-AES256-GCM-SHA384
expected
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-06-01 19:09:58 OUTGOING
fapi-rw-id2-client-test-invalid-signature
Response to HTTP request to test instance mjU48bMvkO348XL
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "keyid-to-fapi-plain-pauth",
      "alg": "PS256",
      "n": "hGwrCiY4fk-Xw0OziDg0gDPTomKM1AGe3Gc-IBusq4OGwcwsSrWh9zBeLsdEombgpmlJVh59bJog52MDU41WjO7-Oqg9Z1XYkJzHyW7Tr0INP3iFCr15Bu5OtVZIIK0e1Q_os8qpbh_O6GvF8hTTwYSZ-NH-VrLnKKGdHjmdnfSCQQxx-0YUfnbB6lMtwxDtFyTd5nD5EXFq0OnvqQQbd2dfHhTHnk2aDt3ZCAnv3IuDK59Yvp8vCtmOx08e9sldyUS8xEHWVtwm1pvWKxx2QYBtbJ6-pRBQ2Q69-k0WdIFaP0QHGMs9GQrCiyiUDsZgqFErVyrn0ia8u9DIZfQ-Pw"
    }
  ]
}
outgoing_path
jwks
2021-06-01 19:09:59 FINISHED
fapi-rw-id2-client-test-invalid-signature
Test has run to completion
testmodule_result
PASSED
2021-06-01 19:11:36
TEST-RUNNER
Alias has now been claimed by another test
alias
Intuit_pauth_fapi_plain_private_key_plan_1
new_test_id
bM9H7K6uCQJ86tE
Test Results